Skip to content

Releases: xavierleroy/cryptokit

Cryptokit version 1.20

07 Jul 17:07
Compare
Choose a tag to compare
  • Name space depollution: make C implementations of ciphers local to the OCaml/C stub code, so that they do not conflict with other C libraries implementing crypto functions with the same names (#35, #36)

Cryptokit version 1.19

15 Dec 13:35
Compare
Choose a tag to compare
  • Fix missing root registration in some Chacha20, Blake2, and Blake3 functions (#34)

Cryptokit version 1.18

18 Dec 17:52
Compare
Choose a tag to compare
  • Add BLAKE3 hash and MAC functions.
  • Fix compile-time error "SSE4.1 instruction set not enabled" (#32, #33).

Cryptokit version 1.17

02 May 07:23
Compare
Choose a tag to compare
  • Add interfaces for authenticated encryption (AEAD) and two implementations: AES-GCM and Chacha20-Poly1305.
  • Use getentropy() for system_rng when available (Linux, macOS, BSD).
  • Removed support for EGD (the Entropy Gathering Daemon).
  • Added compile-time alerts on uses of broken or weak ciphers and hashes. (Can be silenced with "-alert -crypto".)
  • Add the hmac_sha384 MAC (#8).
  • Add the SipHash MAC.
  • Set file descriptor to close-on-exec in device_rng (#27).
  • Improve compatibility with OCaml 5.0 (#28).
  • Make sure CryptokitBignum is installed like before the switch to Dune (#31).

Cryptokit version 1.16.1

14 Oct 16:20
Compare
Choose a tag to compare
  • Make the tests faster and more robust
  • Update dependencies and documentation.

Cryptokit version 1.16

13 Oct 16:31
Compare
Choose a tag to compare
  • Use dune as the build system (contributed by Andrey Mokhov, PR #24)
  • Add BLAKE2b and BLAKE2s hash and MAC functions.

Cryptokit version 1.15

27 Dec 18:04
Compare
Choose a tag to compare
  • Added constant-time string_equal and bytes_equal comparison functions (execution time depends on the lengths of the strings but not on their contents) (issue #13, PR #14)
  • Caml FFI: use caml_ long names and CAML_NAME_SPACE; get rid of Begin_roots
  • OASIS files regenerated in dynamic mode for OCaml 4.09 compatibility. For this reason, OASIS is now a build dependency.

Cryptokit version 1.14

29 Oct 18:37
Compare
Choose a tag to compare
  • Ensure compatibility with OCaml 4.09 and up.
  • Detect early AMD Ryzen 3000 bug where the RDRAND instruction always generates 0xFF...FF, and, in this case, report the hardware RNG as unavailable.
  • Fix formatting of documentation comments (issue #3, PR #5)
  • Optional argument to control whether the zlib transform expects a zlib header (PR #12).
  • Fix issue with zlib >= 1.2.9 where internal sanity check is affected by the stream data block being moved by OCaml's GC (issue #7, PR #17).
  • DH.new_parameters: update documentation to suggest at least 2048 bits (PR #18).
  • DH.derive_key: use SHA256 instead of SHA1 (PR #19).

Cryptokit version 1.13

30 Jul 16:49
Compare
Choose a tag to compare
  • Add the Chacha20 stream cipher.
  • Add the AES-CMAC (a.k.a. AES-OMAC1) message authentication code.
  • Pseudo-random number generator: replace the old AES-CBC-Fibonacci generator
    with a faster, simpler generator based on Chacha20.
  • Add an alternate pseudo-random number generator based on AES in CTR mode.
  • Documentation: warn about known cryptographic weaknesses in Triple DES,
    Blowfish, and ARCfour.
  • Documentation: warn about problems with variable-length messages in
    MACs based on block ciphers in CBC mode.

Cryptokit version 1.12

25 Jul 12:47
Compare
Choose a tag to compare
  • Fix x86-32 compilation error and improve detection of AES-NI for x86 processors (Jeremie Dimino, Etienne Millon)
    (Closes: #1646)
  • AES-NI: align key_schedule on a 16 byte boundary (Etienne Millon)
    (Closes: #1709)
  • Add original Keccak submission to SHA-3 (Yoichi Hirai)