1## 0.28 2 3* Add hash constant time capability 4* Prevent possible overflow during hashing by hashing in 4GB chunks 5 6## 0.27 7 8* Optimise AES GCM and CCM 9* Optimise P256R1 implementation 10* Various AES-NI building improvements 11* Add better ECDSA support 12* Add XSalsa derive 13* Implement square roots for ECC binary curve 14* Various tests and benchmarks 15 16## 0.26 17 18* Add Rabin cryptosystem (and variants) 19* Add bcrypt_pbkdf key derivation function 20* Optimize Blowfish implementation 21* Add KMAC (Keccak Message Authentication Code) 22* Add ECDSA sign/verify digest APIs 23* Hash algorithms with runtime output length 24* Update blake2 to latest upstream version 25* RSA-PSS with arbitrary key size 26* SHAKE with output length not divisible by 8 27* Add Read and Data instances for Digest type 28* Improve P256 scalar primitives 29* Fix hash truncation bug in DSA 30* Fix cost parsing for bcrypt 31* Fix ECC failures on arm64 32* Correction to PKCS#1 v1.5 padding 33* Use powModSecInteger when available 34* Drop GHC 7.8 and GHC 7.10 support, refer to pkg-guidelines 35* Optimise GCM mode 36* Add little endian serialization of integer 37 38## 0.25 39 40* Improve digest binary conversion efficiency 41* AES CCM support 42* Add MonadFailure instance for CryptoFailable 43* Various misc improvements on documentation 44* Edwards25519 lowlevel arithmetic support 45* P256 add point negation 46* Improvement in ECC (benchmark, better normalization) 47* Blake2 improvements to context size 48* Use gauge instead of criterion 49* Use haskell-ci for CI scripts 50* Improve Digest memory representation to be 2 less Ints and one less boxing 51 moving from `UArray` to `Block` 52 53## 0.24 54 55* Ed25519: generateSecret & Documentation updates 56* Repair tutorial 57* RSA: Allow signing digest directly 58* IV add: fix overflow behavior 59* P256: validate point when decoding 60* Compilation fix with deepseq disabled 61* Improve Curve448 and use decaf for Ed448 62* Compilation flag blake2 sse merged in sse support 63* Process unaligned data better in hashes and AES, on architecture needing alignment 64* Drop support for ghc 7.6 65* Add ability to create random generator Seed from binary data and 66 loosen constraint on ChaChaDRG seed from ByteArray to ByteArrayAccess. 67* Add 3 associated types with the HashAlgorithm class, to get 68 access to the constant for BlockSize, DigestSize and ContextSize at the type level. 69 the related function that this replaced will be deprecated in later release, and 70 eventually removed. 71 72API CHANGES: 73 74* Improve ECDH safety to return failure for bad inputs (e.g. public point in small order subgroup). 75 To go back to previous behavior you can replace `ecdh` by `ecdhRaw`. It's recommended to 76 use `ecdh` and handle the error appropriately. 77* Users defining their own HashAlgorithm needs to define the 78 HashBlockSize, HashDigest, HashInternalContextSize associated types 79 80## 0.23 81 82* Digest memory usage improvement by using unpinned memory 83* Fix generateBetween to generate within the right bounds 84* Add pure Twofish implementation 85* Fix memory allocation in P256 when using a temp point 86* Consolidate hash benchmark code 87* Add Nat-length Blake2 support (GHC > 8.0) 88* Update tutorial 89 90## 0.22 91 92* Add Argon2 (Password Hashing Competition winner) hash function 93* Update blake2 to latest upstream version 94* Add extra blake2 hashing size 95* Add faster PBKDF2 functions for SHA1/SHA256/SHA512 96* Add SHAKE128 and SHAKE256 97* Cleanup prime generation, and add tests 98* Add Time-based One Time Password (TOTP) and HMAC-based One Time Password (HOTP) 99* Rename Ed448 module name to Curve448, old module name still valid for now 100 101## 0.21 102 103* Drop automated tests with GHC 7.0, GHC 7.4, GHC 7.6. support dropped, but probably still working. 104* Improve non-aligned support in C sources, ChaCha and SHA3 now probably work on arch without support for unaligned access. not complete or tested. 105* Add another ECC framework that is more flexible, allowing different implementations to work instead of 106 the existing Pure haskell NIST implementation. 107* Add ECIES basic primitives 108* Add XSalsa20 stream cipher 109* Process partial buffer correctly with Poly1305 110 111## 0.20 112 113* Fixed hash truncation used in ECDSA signature & verification (Olivier Chéron) 114* Fix ECDH when scalar and coordinate bit sizes differ (Olivier Chéron) 115* Speed up ECDSA verification using Shamir's trick (Olivier Chéron) 116* Fix rdrand on windows 117 118## 0.19 119 120* Add tutorial (Yann Esposito) 121* Derive Show instance for better interaction with Show pretty printer (Eric Mertens) 122 123## 0.18 124 125* Re-used standard rdrand instructions instead of bytedump of rdrand instruction 126* Improvement to F2m, including lots of tests (Andrew Lelechenko) 127* Add error check on salt length in bcrypt 128 129## 0.17 130 131* Add Miyaguchi-Preneel construction (Kei Hibino) 132* Fix buffer length in scrypt (Luke Taylor) 133* build fixes for i686 and arm related to rdrand 134 135## 0.16 136 137* Fix basepoint for Ed448 138 139* Enable 64-bit Curve25519 implementation 140 141## 0.15 142 143* Fix serialization of DH and ECDH 144 145## 0.14 146 147* Reduce size of SHA3 context instead of allocating all-size fit memory. save 148 up to 72 bytes of memory per context for SHA3-512. 149* Add a Seed capability to the main DRG, to be able to debug/reproduce randomized program 150 where you would want to disable the randomness. 151* Add support for Cipher-based Message Authentication Code (CMAC) (Kei Hibino) 152* *CHANGE* Change the `SharedKey` for `Crypto.PubKey.DH` and `Crypto.PubKey.ECC.DH`, 153 from an Integer newtype to a ScrubbedBytes newtype. Prevent mistake where the 154 bytes representation is generated without the right padding (when needed). 155* *CHANGE* Keep The field size in bits, in the `Params` in `Crypto.PubKey.DH`, 156 moving from 2 elements to 3 elements in the structure. 157 158## 0.13 159 160* *SECURITY* Fix buffer overflow issue in SHA384, copying 16 extra bytes from 161 the SHA512 context to the destination memory pointer leading to memory 162 corruption, segfault. (Mikael Bung) 163 164## 0.12 165 166* Fix compilation issue with Ed448 on 32 bits machine. 167 168## 0.11 169 170* Truncate hashing correctly for DSA 171* Add support for HKDF (RFC 5869) 172* Add support for Ed448 173* Extends support for Blake2s to 224 bits version. 174* Compilation workaround for old distribution (RHEL 4.1) 175* Compilation fix for AIX 176* Compilation fix with AESNI and ghci compiling C source in a weird order. 177* Fix example compilation, typo, and warning 178 179## 0.10 180 181* Add reference implementation of blake2 for non-SSE2 platform 182* Add support\_blake2\_sse flag 183 184## 0.9 185 186* Quiet down unused module imports 187* Move Curve25519 over to Crypto.Error instead of using Either String. 188* Add documentation for ChaChaPoly1305 189* Add missing documentation for various modules 190* Add a way to create Poly1305 Auth tag. 191* Added support for the BLAKE2 family of hash algorithms 192* Fix endianness of incrementNonce function for ChaChaPoly1305 193 194## 0.8 195 196* Add support for ChaChaPoly1305 Nonce Increment (John Galt) 197* Move repository to the haskell-crypto organisation 198 199## 0.7 200 201* Add PKCS5 / PKCS7 padding and unpadding methods 202* Fix ChaChaPoly1305 Decryption 203* Add support for BCrypt (Luke Taylor) 204 205## 0.6 206 207* Add ChaChaPoly1305 AE cipher 208* Add instructions in README for building on old OSX 209* Fix blocking /dev/random Andrey Sverdlichenko 210 211## 0.5 212 213* Fix all strays exports to all be under the cryptonite prefix. 214 215## 0.4 216 217* Add a System DRG that represent a referentially transparent of evaluated bytes 218 while using lazy evaluation for future entropy values. 219 220## 0.3 221 222* Allow drgNew to run in any MonadRandom, providing cascading initialization 223* Remove Crypto.PubKey.HashDescr in favor of just having the algorithm 224 specified in PKCS15 RSA function. 225* Fix documentation in cipher sub section (Luke Taylor) 226* Cleanup AES dead functions (Luke Taylor) 227* Fix Show instance of Digest to display without quotes similar to cryptohash 228* Use scrubbed bytes instead of bytes for P256 scalar 229 230## 0.2 231 232* Fix P256 compilation and exactness, + add tests 233* Add a raw memory number serialization capability (i2osp, os2ip) 234* Improve tests for number serialization 235* Improve tests for ECC arithmetics 236* Add Ord instance for Digest (Nicolas Di Prima) 237* Fix entropy compilation on windows 64 bits. 238 239## 0.1 240 241* Initial release 242