Release 2.6.0.

[catacomb] / debian / changelog

catacomb (2.6.0) experimental; urgency=medium

  * catacomb: Introduce Mike Hamburg's `STROBE' syymetric encryption
    framework, based on Keccak.
  * catacomb: Fix KCDSA prime generation so that it makes primes of
    exactly the right length.  I think this is the last of the prime-
    generation algorthms that needs fixing.
  * catacomb: Inttroduce low-level key-file functions to accommodate
    Python 3 bindings.
  * catacomb: Support `tag:', `id:' and `type:' prefixes in `bytag' key
    queries.
  * catacomb-bin: Be consistent about metasyntax used to denote hash
    function names.
  * catacomb: Introduce fast SIMD multiplication for ARM32 and ARM64
    platforms.  I think this finally means that X86 and ARM have similar
    levels of optimization.
  * catacomb: Check SIMD feature bit on ARM64 before using the optimized
    code.  I don't know of any ARM64 implementations which lack SIMD
    instructions, but the bit must be there for a reason, so I might as
    well use it.
  * catacomb-dev: Allow reading the current number of passes from a
    `dsarand' object.
  * catacomb: Prefer X84 `rdseed' instruction for quick entropy over
    `rdrand' if it's available.

 -- Mark Wooding <mdw@distorted.org.uk>  Sat, 09 May 2020 17:38:45 +0100

catacomb (2.5.2) experimental; urgency=medium

  * Merge changes from 2.4.5.
  * catacomb-dev: Fix ARM32 FP/SIMD register dumping.

 -- Mark Wooding <mdw@distorted.org.uk>  Sat, 09 May 2020 20:50:57 +0100

catacomb (2.5.1) experimental; urgency=medium

  * Merge changes from 2.4.4.

 -- Mark Wooding <mdw@distorted.org.uk>  Sun, 29 Sep 2019 17:50:59 +0100

catacomb (2.5.0) experimental; urgency=medium

  * catacomb: MACs based on blockciphers: PMAC1 and CMAC (also known as
    OMAC).
  * catacomb: Authenticated Encryption with Additional Data (AEAD)
    schemes.  Some based on blockciphers: CCM, EAX, GCM (with CPU-specific
    acceleration), OCB1 and OCB3 (OCB2 is broken).  Also Salsa20 and
    ChaCha20 with Poly1305: the RFC7539 scheme, and the NaCl `secret_box'
    transform.
  * catacomb: Implement Grantham's Frobenius test.  Combine it with
    Rabin--Miller, as Baillie--PSW, for testing given primes.
  * catacomb-bin (catcrypt): Support AEAD schemes for bulk crypto.
  * catacomb-bin (perftest): Options for batching; report cycle counts
    where available.
  * Many internal improvements: better documentation, debugging, testing,
    etc.

 -- Mark Wooding <mdw@distorted.org.uk>  Sat, 21 Sep 2019 21:26:44 +0100

catacomb (2.4.5) experimental; urgency=medium

  * catacomb: Fix memory leak in key-file error handling.
  * catacomb: Don't leak internal `exptime' symbol into the global
    namespace.
  * catacomb: Check that the X86 `rdrand' instruction actually works
    before leaning on it.  This is in response to the well-publicized AMD
    bug which always returns all-bits-set with the carry /set/ (indicating
    success).
  * catacomb: Mix in the random pool key during `rand_gate' and
    `rand_stretch' operations.
  * catacomb: Fix by-tag key lookups: if the query string looks like a hex
    number, it's treated as a search by id; but if no such id is found,
    the search wouldn't continue to look for a key by type or tag.
  * catacomb: Fix reference leak in `key_split'.
  * catacomb: Fix bug which completely broke `key_copydata'.
  * catacomb: Fix segfault from `pgen', if it fails before setting up the
    prime tester.
  * catacomb: Propagate failure from `pgen' during Lim--Lee prime
    generation, rather than immediately retrying.
  * catacomb: Fix memory leak of factor vector from failed Lim--Lee prime
    generation.
  * catacomb: Fix segfault when multiplying the identity elliptic-curve
    point.
  * catacomb: Fix the `lcrand' descriptor, so that it's not advertised as
    being cryptographically strong, and to fix a bias in its output.
  * catacomb: Fix a memory leak in the error case of KCDSA prime
    generation.
  * catacomb-bin: Fix segfault from `pixie', if given an empty passphrase
    to remember.
  * catacomb: Check SIMD feature bit on ARM64 before using the optimized
    code.  I don't know of any ARM64 implementations which lack SIMD
    instructions, but the bit must be there for a reason, so I might as
    well use it.
  * catacomb: Support parsing binary-group descriptions.  This is a long-
    standing lacuna that I've only recently noticed.

 -- Mark Wooding <mdw@distorted.org.uk>  Sat, 09 May 2020 17:46:24 +0100

catacomb (2.4.4) experimental; urgency=medium

  * debian: Bump to Debhelper 10.
  * debian: Ship a shared-library `symbols' file for more precise
    dependencies.

 -- Mark Wooding <mdw@distorted.org.uk>  Sun, 29 Sep 2019 15:58:26 +0100

catacomb (2.4.3) experimental; urgency=medium

  * catacomb (idea): Fix key-length descriptor.
  * catacomb (xchachaNN): Fix nonce-size descriptor.
  * catacomb (key-management): Fix incorrect handling of keyring
    modifiability.
  * catacomb-dev: Configure `pkg-config' correctly for static linking.
  * catacomb, catacomb-bin (cookie, dsig): Fix hash-function length
    padding on very long messages, and handling of large datestamps.
  * catacomb-bin (catsign): Don't open temporary files unnecessarily.
  * catacomb-bin (catcrypt): Fix key-attribute parsing.
  * catacomb-bin (perftest): Add missing help-string text for `-n' used
    with `enc' and `hash'

 -- Mark Wooding <mdw@distorted.org.uk>  Sat, 21 Sep 2019 17:43:59 +0100

catacomb (2.4.2) experimental; urgency=medium

  * catacomb2: Support multi-arch at last.
  * catacomb2: Fix mangled key-size data for HMAC.
  * rspit: Support generating large files.
  * pixie: Improve error-handling around dropping privilege.
  * ed25519, ed448: Very minor performance improvement.
  * salsa20, chacha: Fix crash if nonce is none, as it is when invoked by
    `rspit'.
  * salsa20, chacha: Fix declaration of cipher classes to prevent them
    ending up as (useless) common symbols in client code.
  * limlee: Improve the prime size heuristics.
  * sha, sha256, sha512: Restructure compression function to improve
    performance and use less memory.
  * rijndael: Include enough round constants to make very tiny keys work
    correctly.

 -- Mark Wooding <mdw@distorted.org.uk>  Tue, 12 Jun 2018 01:15:59 +0100

catacomb (2.4.1) experimental; urgency=low

  * catacomb2: Two's-complement fix from 2.3.x release branch.

 -- Mark Wooding <mdw@distorted.org.uk>  Thu, 22 Jun 2017 09:37:40 +0100

catacomb (2.4.0.1) experimental; urgency=low

  * Fix build failure with later ARM assemblers.

 -- Mark Wooding <mdw@distorted.org.uk>  Sun, 14 May 2017 21:05:35 +0100

catacomb (2.4.0) experimental; urgency=low

  * catacomb2: Implemented Bernstein's Poly1305 message-authentication
    code.
  * catacomb2: Support RFC7539's different nonce/counter split in ChaCha
    and Salsa20.
  * catacomb2: Implement Bernstein's X25519.
  * catacomb2: Implement Hamburg's X448 (RFC7748).
  * catacomb2: Implement Bernstein, Duif, Lange, Schwabe, Yang's Ed25519,
    as defined in RFC8032.
  * catacomb2: Implement Ed448, based on Hamburg's curve, as defined in
    RFC8032.
  * catacomb2: Implement Keccak-p[1600, n] as defined in FIPS202.
  * catacomb2: Implement SHA3, SHAKE, as defined in FIPS202.
  * catacomb2: Implement cSHAKE, KMAC, as defined in SP800-185.
  * catacomb2: Allow RSA key generation with chosen public exponent.
  * catacomb2: Optimize RSA public-key operations with common public
    exponents.
  * catacomb-bin: Support new algorithms in the provided tools.
  * catacomb-bin: Allow parameters keys for all key types.

 -- Mark Wooding <mdw@distorted.org.uk>  Sun, 14 May 2017 16:07:00 +0100

catacomb (2.3.2) experimental; urgency=low

  * catacomb2: Fix bignum loading and storing in two's complement form.

 -- Mark Wooding <mdw@distorted.org.uk>  Thu, 22 Jun 2017 09:34:59 +0100

catacomb (2.3.1) experimental; urgency=low

  * catacomb2: Fix memory corruption when allocating `salsa20' and
    `chacha'-based RNGs.
  * catacomb2: Fix segfault when opening read-only keyring with no
    associated file.
  * catacomb2: Return the correct stream offset in `chacha_tell*'.
  * catacomb2: Produce correct keyring files when they contain empty
    keys.
  * catacomb2: Fix cross-compilation-unit type incompatibility in prime
    and binary group implementations.
  * catacomb-dev: Add missing licence notices to `salsa20.h'.
  * catacomb-bin: Fix assertion failure in RSA-PSS signing.
  * catacomb-bin: Fix uninitialized structure slot in RSA-PSS signing and
    verifying.
  * catacomb-bin: Compare MAC tags in constant time.
  * catacomb2: Fix a (minor) source of bias in BBS and RSA key generation.

 -- Mark Wooding <mdw@distorted.org.uk>  Sun, 14 May 2017 04:05:00 +0100

catacomb (2.3.0.1) experimental; urgency=low

  * catacomb2: Actually make the stack non-executable rather than just
    pretending.

 -- Mark Wooding <mdw@distorted.org.uk>  Wed, 05 Apr 2017 09:00:55 +0100

catacomb (2.3.0) experimental; urgency=low

  * catacomb2: Use the correct Oakley 2048 group.  For a long time, this
    was a duplicate of the Oakley 1536 group.  There's a compatibility
    break here, but it's for the best.
  * catacomb2: Include `.note.GNU-stack' sections in the assembler code,
    so that the process stack doesn't get marked executable.
  * catacomb2: New SSE2-based multipliers for i386 and AMD64.
  * catacomb2: Lots of other improvements to the assembler code.

 -- Mark Wooding <mdw@distorted.org.uk>  Mon, 03 Apr 2017 10:24:17 +0100

catacomb (2.2.5) experimental; urgency=low

  * catacomb2 (ARM AES): Fix crash from `rijndael*_init' when key material
    is unaligned.
  * build: Use less obsolete macro names in configure script.

 -- Mark Wooding <mdw@distorted.org.uk>  Tue, 12 Jul 2016 10:27:05 +0100

catacomb (2.2.4) experimental; urgency=low

  * build: Fix build failures on post-wheezy Debian versions.
  * catacomb2: Use ARM AES instructions if available.  (But they can't be
    assembled using wheezy's version of gas, so this doesn't work in the
    binary package.)
  * catacomb2: Fix poor performance (and wrong answers for very small
    numbers) in prime generation.
  * catacomb2: Return numbers of exactly the requested length in prime and
    public-key generation.  The `strongprime' and `limlee' algorithms have
    changed as a result; previously verifiable parameters generated using
    this algorithm won't be verifiable any more.
  * catacomb-dev: Deprecate the old `dsa' functions.  Use `gdsa' instead.

 -- Mark Wooding <mdw@distorted.org.uk>  Sun, 26 Jun 2016 14:18:14 +0100

catacomb (2.2.3) experimental; urgency=low

  * rand: Make the main generator resiliant in the face of fork(2).
  * rand: Introduce `rand_quick', which may also mix in CPU-level
    randomness sources.
  * rand: Use higher-resolution timer in the quick-win noise source.
  * debian: Pick up correct `catacomb-dev' Depends entry from 2.2.1.1
    which got lost down the side of the sofas.

 -- Mark Wooding <mdw@distorted.org.uk>  Mon, 13 Jun 2016 22:22:33 +0100

catacomb (2.2.2) experimental; urgency=low

  * build: Cope with newer Autotools and related equipment.
  * Miscellaneous small fixes for Cygwin.
  * catacomb2 (mp_testbit): Fix overread on reading one-bit-past-the-end;
    particularly, this causes a segfault reading bit zero of a zero-length
    integer.

 -- Mark Wooding <mdw@distorted.org.uk>  Sat, 04 Jun 2016 01:12:01 +0100

catacomb (2.2.1.1) experimental; urgency=low

  * Arrange that catacomb-dev Depends on correct version of mlib-dev.  It
    really won't work well without it.

 -- Mark Wooding <mdw@distorted.org.uk>  Fri, 19 Feb 2016 09:04:50 +0000

catacomb (2.2.1) experimental; urgency=low

  * Some internal improvements.
  * Debian packaging cleanups (fix build-depends, update mLib dependency).

 -- Mark Wooding <mdw@distorted.org.uk>  Thu, 18 Feb 2016 16:43:09 +0000

catacomb (2.2.0) experimental; urgency=low

  * catacomb2: Fix rsa_recover crash on even modulus.
  * catacomb-bin: Report error taking factorial of negative input.
  * catacomb2: Fix EC_FIND and EC_NEG on 2-torsion points of prime curves.
  * catacomb-dev: Support multiple flavours of EC point compression.
  * catacomb2: Fix theoretical rsa_recover crash if factoring loop runs
    out of prime numbers.
  * catacomb2: Overhaul crypto primitives used in true-random generator.
  * catacomb-bin: Improve rspit: high-resolution timing, and 64-bit size
    support.
  * catacomb-dev: New conversions between MP integers and C integer types.
  * catacomb2: Change gcipher for Seal incompatibly.  The IV is now
    big-endian bytes (rather than `uint32'), and the `block size' is 4.
  * catacomb2: Mix a constant string into DSA nonce generation to improve
    resistance to protocol interference.
  * catacomb2: Fix the freewheel random source, which hasn't been enabled
    for ages due to a configure-script bug.
  * catacomb-bin: The key tool can now read and write multiple
    presentations for key fingerprints.
  * catacomb2, catacomb-dev: Support Daniel Bernstein's Salsa20 and ChaCha
    stream ciphers.

 -- Mark Wooding <mdw@distorted.org.uk>  Mon, 20 Jul 2015 14:15:31 +0100

catacomb (2.1.7) experimental; urgency=low

  * A number of entropy-source fixes.
  * Internal tidying.
  * Add more elliptic curves, from Brainpool and BADA55.
  * hashsum: Fix hash file verification.

 -- Mark Wooding <mdw@distorted.org.uk>  Wed, 16 Jul 2014 10:21:23 +0100

catacomb (2.1.6.1) experimental; urgency=low

  * Fix building from source tarball.
  * Fix building with Python 2.5.

 -- Mark Wooding <mdw@distorted.org.uk>  Sat, 28 Dec 2013 14:21:36 +0000

catacomb (2.1.6) experimental; urgency=low

  * mpreduce: Extend domain to all positive integers.
  * gfreduce: Fix out-of-bounds memory access.
  * gcd: Don't clobber signs of `constants' when GCD calculation is trivial.
  * pixie: Don't replace existing pixie unless explicitly requested.

 -- Mark Wooding <mdw@distorted.org.uk>  Fri, 27 Dec 2013 14:28:57 +0000

catacomb (2.1.5) experimental; urgency=low

  * New build system.

 -- Mark Wooding <mdw@distorted.org.uk>  Mon, 29 Jun 2013 00:38:58 +0100

catacomb (2.1.4) experimental; urgency=low

  * Constant-time operations.
  * Some minor fixes to header files.

 -- Mark Wooding <mdw@distorted.org.uk>  Mon, 27 May 2013 22:34:23 +0100

catacomb (2.1.3) experimental; urgency=low

  * Fibonacci sequence computation: mp_fibonacci function and fibonacci(1)
    example program.
  * Upper bounds on phrase entropy in mkphrase(1).
  * Don't make the Pixie setuid-root by default.  Make the documentation
    less scary.

 -- Mark Wooding <mdw@distorted.org.uk>  Thu, 11 Apr 2013 12:06:28 +0100

catacomb (2.1.2.1) experimental; urgency=low

  * hashsum: Document `--progress' option in `--help' output.

 -- Mark Wooding <mdw@distorted.org.uk>  Thu, 28 Feb 2013 17:35:49 +0000

catacomb (2.1.2) experimental; urgency=low

  * hashsum: Correct return code when running in `-c' mode.
  * dsig: Fix core dump on large-ish outputs.
  * dsig: Fix repeat-close bug.
  * dsig: Accept precomputed hashes when making signatures.
  * Utilities: New `-p' option for progress bars.
  * dsig, hashsum: New `-j' option checks for files not covered by
    manifest.
  * Various library improvements.

 -- Mark Wooding <mdw@distorted.org.uk>  Wed, 09 Jan 2013 03:26:44 +0000

catacomb (2.1.1) experimental; urgency=low

  * Do configuration through pkgconfig.

 -- Mark Wooding <mdw@distorted.org.uk>  Mon, 17 Mar 2008 18:36:30 +0000

catacomb (2.1.0) experimental; urgency=low

  * Added support for elliptic curves, on both prime and binary fields
    (polynomial basis only).  No actual crypto, but there's enough already
    to do ECDH and stuff on well-known curves  Testing is currently a bit
    patchy.

 -- Mark Wooding <mdw@nsict.org>  Sun, 21 Mar 2004 22:47:56 +0000

catacomb (2.0.1) experimental; urgency=low

  * Debianization!
  * (pixie): Don't report uninteresting errors when accepting connections.

 -- Mark Wooding <mdw@nsict.org>  Thu, 11 Dec 2003 10:47:59 +0000