1          Fixed the weak key values which were wrong :-(
2          Defining SIGACTION causes sigaction() to be used instead of signal().
3          SIGUSR1/SIGUSR2 are no longer mapped in the read tty stuff because it
4          can cause problems.  This should hopefully not affect normal
5          applications.
6
7Version 4.04
8          Fixed a few tests in destest.  Also added x86 assember for
9          des_ncbc_encrypt() which is the standard cbc mode function.
10          This makes a very very large performace difference.
11          Ariel Glenn ariel@columbia.edu reports that the terminal
12          'turn echo off' can return (errno == EINVAL) under solaris
13          when redirection is used.  So I now catch that as well as ENOTTY.
14
15
16Version 4.03
17          Left a static out of enc_write.c, which caused to buffer to be
18          continiously malloc()ed.  Does anyone use these functions?  I keep
19          on feeling like removing them since I only had these in there
20          for a version of kerberised login.  Anyway, this was pointed out
21          by Theo de Raadt <deraadt@cvs.openbsd.org>
22          The 'n' bit ofb code was wrong, it was not shifting the shift
23          register. It worked correctly for n == 64.  Thanks to
24          Gigi Ankeny <Gigi.Ankeny@Eng.Sun.COM> for pointing this one out.
25
26Version 4.02
27          I was doing 'if (memcmp(weak_keys[i],key,sizeof(key)) == 0)'
28          when checking for weak keys which is wrong :-(, pointed out by
29          Markus F.X.J. Oberhumer <markus.oberhumer@jk.uni-linz.ac.at>.
30
31Version 4.01
32          Even faster inner loop in the DES assembler for x86 and a modification
33          for IP/FP which is faster on x86.  Both of these changes are
34          from Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>.  His
35          changes make the assembler run %40 faster on a pentium.  This is just
36          a case of getting the instruction sequence 'just right'.
37          All credit to 'Svend' :-)
38          Quite a few special x86 'make' targets.
39          A libdes-l (lite) distribution.
40
41Version 4.00
42          After a bit of a pause, I'll up the major version number since this
43          is mostly a performace release.  I've added x86 assembler and
44          added more options for performance.  A %28 speedup for gcc
45          on a pentium and the assembler is a %50 speedup.
46          MIPS CPU's, sparc and Alpha are the main CPU's with speedups.
47          Run des_opts to work out which options should be used.
48          DES_RISC1/DES_RISC2 use alternative inner loops which use
49          more registers but should give speedups on any CPU that does
50          dual issue (pentium).  DES_UNROLL unrolls the inner loop,
51          which costs in code size.
52
53Version 3.26
54          I've finally removed one of the shifts in D_ENCRYPT.  This
55          meant I've changed the des_SPtrans table (spr.h), the set_key()
56          function and some things in des_enc.c.  This has definitly
57          made things faster :-).  I've known about this one for some
58          time but I've been too lazy to follow it up :-).
59          Noticed that in the D_ENCRYPT() macro, we can just do L^=(..)^(..)^..
60          instead of L^=((..)|(..)|(..)..  This should save a register at
61          least.
62          Assember for x86.  The file to replace is des_enc.c, which is replaced
63          by one of the assembler files found in asm.  Look at des/asm/readme
64          for more info.
65
66          /* Modification to fcrypt so it can be compiled to support
67          HPUX 10.x's long password format, define -DLONGCRYPT to use this.
68          Thanks to Jens Kupferschmidt <bt1cu@hpboot.rz.uni-leipzig.de>. */
69
70          SIGWINCH case put in des_read_passwd() so the function does not
71          'exit' if this function is recieved.
72
73Version 3.25 17/07/96
74          Modified read_pwd.c so that stdin can be read if not a tty.
75          Thanks to Jeff Barber <jeffb@issl.atl.hp.com> for the patches.
76          des_init_random_number_generator() shortened due to VMS linker
77          limits.
78          Added RSA's DESX cbc mode.  It is a form of cbc encryption, with 2
79          8 byte quantites xored before and after encryption.
80          des_xcbc_encryption() - the name is funny to preserve the des_
81          prefix on all functions.
82
83Version 3.24 20/04/96
84          The DES_PTR macro option checked and used by SSLeay configuration
85
86Version 3.23 11/04/96
87          Added DES_LONG.  If defined to 'unsigned int' on the DEC Alpha,
88          it gives a %20 speedup :-)
89          Fixed the problem with des.pl under perl5.  The patches were
90          sent by Ed Kubaitis (ejk@uiuc.edu).
91          if fcrypt.c, changed values to handle illegal salt values the way
92          normal crypt() implementations do.  Some programs apparently use
93          them :-(. The patch was sent by Bjorn Gronvall <bg@sics.se>
94
95Version 3.22 29/11/95
96          Bug in des(1), an error with the uuencoding stuff when the
97          'data' is small, thanks to Geoff Keating <keagchon@mehta.anu.edu.au>
98          for the patch.
99
100Version 3.21 22/11/95
101          After some emailing back and forth with
102          Colin Plumb <colin@nyx10.cs.du.edu>, I've tweaked a few things
103          and in a future version I will probably put in some of the
104          optimisation he suggested for use with the DES_USE_PTR option.
105          Extra routines from Mark Murray <mark@grondar.za> for use in
106          freeBSD.  They mostly involve random number generation for use
107          with kerberos.  They involve evil machine specific system calls
108          etc so I would normally suggest pushing this stuff into the
109          application and/or using RAND_seed()/RAND_bytes() if you are
110          using this DES library as part of SSLeay.
111          Redone the read_pw() function so that it is cleaner and
112          supports termios, thanks to Sameer Parekh <sameer@c2.org>
113          for the initial patches for this.
114          Renamed 3ecb_encrypt() to ecb3_encrypt().  This has been
115           done just to make things more consistent.
116          I have also now added triple DES versions of cfb and ofb.
117
118Version 3.20
119          Damn, Damn, Damn, as pointed out by Mike_Spreitzer.PARC@xerox.com,
120          my des_random_seed() function was only copying 4 bytes of the
121          passed seed into the init structure.  It is now fixed to copy 8.
122          My own suggestion is to used something like MD5 :-)
123
124Version 3.19
125          While looking at my code one day, I though, why do I keep on
126          calling des_encrypt(in,out,ks,enc) when every function that
127          calls it has in and out the same.  So I dropped the 'out'
128          parameter, people should not be using this function.
129
130Version 3.18 30/08/95
131          Fixed a few bit with the distribution and the filenames.
132          3.17 had been munged via a move to DOS and back again.
133          NO CODE CHANGES
134
135Version 3.17 14/07/95
136          Fixed ede3 cbc which I had broken in 3.16.  I have also
137          removed some unneeded variables in 7-8 of the routines.
138
139Version 3.16 26/06/95
140          Added des_encrypt2() which does not use IP/FP, used by triple
141          des routines.  Tweaked things a bit elsewhere. %13 speedup on
142          sparc and %6 on a R4400 for ede3 cbc mode.
143
144Version 3.15 06/06/95
145          Added des_ncbc_encrypt(), it is des_cbc mode except that it is
146          'normal' and copies the new iv value back over the top of the
147          passed parameter.
148          CHANGED des_ede3_cbc_encrypt() so that it too now overwrites
149          the iv.  THIS WILL BREAK EXISTING CODE, but since this function
150          only new, I feel I can change it, not so with des_cbc_encrypt :-(.
151          I need to update the documentation.
152
153Version 3.14 31/05/95
154          New release upon the world, as part of my SSL implementation.
155          New copyright and usage stuff.  Basically free for all to use
156          as long as you say it came from me :-)
157
158Version 3.13 31/05/95
159          A fix in speed.c, if HZ is not defined, I set it to 100.0
160          which is reasonable for most unixes except SunOS 4.x.
161          I now have a #ifdef sun but timing for SunOS 4.x looked very
162          good :-(.  At my last job where I used SunOS 4.x, it was
163          defined to be 60.0 (look at the old INSTALL documentation), at
164          the last release had it changed to 100.0 since I now work with
165          Solaris2 and SVR4 boxes.
166          Thanks to  Rory Chisholm <rchishol@math.ethz.ch> for pointing this
167          one out.
168
169Version 3.12 08/05/95
170          As pointed out by The Crypt Keeper <tck@bend.UCSD.EDU>,
171          my D_ENCRYPT macro in crypt() had an un-necessary variable.
172          It has been removed.
173
174Version 3.11 03/05/95
175          Added des_ede3_cbc_encrypt() which is cbc mode des with 3 keys
176          and one iv.  It is a standard and I needed it for my SSL code.
177          It makes more sense to use this for triple DES than
178          3cbc_encrypt().  I have also added (or should I say tested :-)
179          cfb64_encrypt() which is cfb64 but it will encrypt a partial
180          number of bytes - 3 bytes in 3 bytes out.  Again this is for
181          my SSL library, as a form of encryption to use with SSL
182          telnet.
183
184Version 3.10 22/03/95
185          Fixed a bug in 3cbc_encrypt() :-(.  When making repeated calls
186          to cbc3_encrypt, the 2 iv values that were being returned to
187          be used in the next call were reversed :-(.
188          Many thanks to Bill Wade <wade@Stoner.COM> for pointing out
189          this error.
190
191Version 3.09 01/02/95
192          Fixed des_random_key to far more random, it was rather feeble
193          with regards to picking the initial seed.  The problem was
194          pointed out by Olaf Kirch <okir@monad.swb.de>.
195
196Version 3.08 14/12/94
197          Added Makefile.PL so libdes can be built into perl5.
198          Changed des_locl.h so RAND is always defined.
199
200Version 3.07 05/12/94
201          Added GNUmake and stuff so the library can be build with
202          glibc.
203
204Version 3.06 30/08/94
205          Added rpc_enc.c which contains _des_crypt.  This is for use in
206          secure_rpc v 4.0
207          Finally fixed the cfb_enc problems.
208          Fixed a few parameter parsing bugs in des (-3 and -b), thanks
209          to Rob McMillan <R.McMillan@its.gu.edu.au>
210
211Version 3.05 21/04/94
212          for unsigned long l; gcc does not produce ((l>>34) == 0)
213          This causes bugs in cfb_enc.
214          Thanks to Hadmut Danisch <danisch@ira.uka.de>
215
216Version 3.04 20/04/94
217          Added a version number to des.c and libdes.a
218
219Version 3.03 12/01/94
220          Fixed a bug in non zero iv in 3cbc_enc.
221
222Version 3.02 29/10/93
223          I now work in a place where there are 6+ architectures and 14+
224          OS versions :-).
225          Fixed TERMIO definition so the most sys V boxes will work :-)
226
227Release upon comp.sources.misc
228Version 3.01 08/10/93
229          Added des_3cbc_encrypt()
230
231Version 3.00 07/10/93
232          Fixed up documentation.
233          quad_cksum definitely compatible with MIT's now.
234
235Version 2.30 24/08/93
236          Triple DES now defaults to triple cbc but can do triple ecb
237           with the -b flag.
238          Fixed some MSDOS uuen/uudecoding problems, thanks to
239          Added prototypes.
240
241Version 2.22 29/06/93
242          Fixed a bug in des_is_weak_key() which stopped it working :-(
243          thanks to engineering@MorningStar.Com.
244
245Version 2.21 03/06/93
246          des(1) with no arguments gives quite a bit of help.
247          Added -c (generate ckecksum) flag to des(1).
248          Added -3 (triple DES) flag to des(1).
249          Added cfb and ofb routines to the library.
250
251Version 2.20 11/03/93
252          Added -u (uuencode) flag to des(1).
253          I have been playing with byte order in quad_cksum to make it
254           compatible with MIT's version.  All I can say is avid this
255           function if possible since MIT's output is endian dependent.
256
257Version 2.12 14/10/92
258          Added MSDOS specific macro in ecb_encrypt which gives a %70
259           speed up when the code is compiled with turbo C.
260
261Version 2.11 12/10/92
262          Speedup in set_key (recoding of PC-1)
263           I now do it in 47 simple operations, down from 60.
264           Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov)
265           for motivating me to look for a faster system :-)
266           The speedup is probably less that 1% but it is still 13
267           instructions less :-).
268
269Version 2.10 06/10/92
270          The code now works on the 64bit ETA10 and CRAY without modifications or
271           #defines.  I believe the code should work on any machine that
272           defines long, int or short to be 8 bytes long.
273          Thanks to Shabbir J. Safdar (shabby@mentor.cc.purdue.edu)
274           for helping me fix the code to run on 64bit machines (he had
275           access to an ETA10).
276          Thanks also to John Fletcher <john_fletcher@lccmail.ocf.llnl.gov>
277           for testing the routines on a CRAY.
278          read_password.c has been renamed to read_passwd.c
279          string_to_key.c has been renamed to string2key.c
280
281Version 2.00 14/09/92
282          Made mods so that the library should work on 64bit CPU's.
283          Removed all my uchar and ulong defs.  To many different
284           versions of unix define them in their header files in too many
285           different combinations :-)
286          IRIX - Sillicon Graphics mods (mostly in read_password.c).
287           Thanks to Andrew Daviel (advax@erich.triumf.ca)
288
289Version 1.99 26/08/92
290          Fixed a bug or 2 in enc_read.c
291          Fixed a bug in enc_write.c
292          Fixed a pseudo bug in fcrypt.c (very obscure).
293
294Version 1.98 31/07/92
295          Support for the ETA10.  This is a strange machine that defines
296          longs and ints as 8 bytes and shorts as 4 bytes.
297          Since I do evil things with long * that assume that they are 4
298          bytes.  Look in the Makefile for the option to compile for
299          this machine.  quad_cksum appears to have problems but I
300          will don't have the time to fix it right now, and this is not
301          a function that uses DES and so will not effect the main uses
302          of the library.
303
304Version 1.97 20/05/92 eay
305          Fixed the Imakefile and made some changes to des.h to fix some
306          problems when building this package with Kerberos v 4.
307
308Version 1.96 18/05/92 eay
309          Fixed a small bug in string_to_key() where problems could
310          occur if des_check_key was set to true and the string
311          generated a weak key.
312
313Patch2 posted to comp.sources.misc
314Version 1.95 13/05/92 eay
315          Added an alternative version of the D_ENCRYPT macro in
316          ecb_encrypt and fcrypt.  Depending on the compiler, one version or the
317          other will be faster.  This was inspired by
318          Dana How <how@isl.stanford.edu>, and her pointers about doing the
319          *(ulong *)((uchar *)ptr+(value&0xfc))
320          vs
321          ptr[value&0x3f]
322          to stop the C compiler doing a <<2 to convert the long array index.
323
324Version 1.94 05/05/92 eay
325          Fixed an incompatibility between my string_to_key and the MIT
326           version.  When the key is longer than 8 chars, I was wrapping
327           with a different method.  To use the old version, define
328           OLD_STR_TO_KEY in the makefile.  Thanks to
329           viktor@newsu.shearson.com (Viktor Dukhovni).
330
331Version 1.93 28/04/92 eay
332          Fixed the VMS mods so that echo is now turned off in
333           read_password.  Thanks again to brennan@coco.cchs.su.oz.AU.
334          MSDOS support added.  The routines can be compiled with
335           Turbo C (v2.0) and MSC (v5.1).  Make sure MSDOS is defined.
336
337Patch1 posted to comp.sources.misc
338Version 1.92 13/04/92 eay
339          Changed D_ENCRYPT so that the rotation of R occurs outside of
340           the loop.  This required rotating all the longs in sp.h (now
341           called spr.h). Thanks to Richard Outerbridge <71755.204@CompuServe.COM>
342          speed.c has been changed so it will work without SIGALRM.  If
343           times(3) is not present it will try to use ftime() instead.
344
345Version 1.91 08/04/92 eay
346          Added -E/-D options to des(1) so it can use string_to_key.
347          Added SVR4 mods suggested by witr@rwwa.COM
348          Added VMS mods suggested by brennan@coco.cchs.su.oz.AU.  If
349          anyone knows how to turn of tty echo in VMS please tell me or
350          implement it yourself :-).
351          Changed FILE *IN/*OUT to *DES_IN/*DES_OUT since it appears VMS
352          does not like IN/OUT being used.
353
354Libdes posted to comp.sources.misc
355Version 1.9 24/03/92 eay
356          Now contains a fast small crypt replacement.
357          Added des(1) command.
358          Added des_rw_mode so people can use cbc encryption with
359          enc_read and enc_write.
360
361Version 1.8 15/10/91 eay
362          Bug in cbc_cksum.
363          Many thanks to Keith Reynolds (keithr@sco.COM) for pointing this
364          one out.
365
366Version 1.7 24/09/91 eay
367          Fixed set_key :-)
368          set_key is 4 times faster and takes less space.
369          There are a few minor changes that could be made.
370
371Version 1.6 19/09/1991 eay
372          Finally go IP and FP finished.
373          Now I need to fix set_key.
374          This version is quite a bit faster that 1.51
375
376Version 1.52 15/06/1991 eay
377          20% speedup in ecb_encrypt by changing the E bit selection
378          to use 2 32bit words.  This also required modification of the
379          sp table.  There is still a way to speedup the IP and IP-1
380          (hints from outer@sq.com) still working on this one :-(.
381
382Version 1.51 07/06/1991 eay
383          Faster des_encrypt by loop unrolling
384          Fixed bug in quad_cksum.c (thanks to hughes@logos.ucs.indiana.edu)
385
386Version 1.50 28/05/1991 eay
387          Optimised the code a bit more for the sparc.  I have improved the
388          speed of the inner des_encrypt by speeding up the initial and
389          final permutations.
390
391Version 1.40 23/10/1990 eay
392          Fixed des_random_key, it did not produce a random key :-(
393
394Version 1.30  2/10/1990 eay
395          Have made des_quad_cksum the same as MIT's, the full package
396          should be compatible with MIT's
397          Have tested on a DECstation 3100
398          Still need to fix des_set_key (make it faster).
399          Does des_cbc_encrypts at 70.5k/sec on a 3100.
400
401Version 1.20 18/09/1990 eay
402          Fixed byte order dependencies.
403          Fixed (I hope) all the word alignment problems.
404          Speedup in des_ecb_encrypt.
405
406Version 1.10 11/09/1990 eay
407          Added des_enc_read and des_enc_write.
408          Still need to fix des_quad_cksum.
409          Still need to document des_enc_read and des_enc_write.
410
411Version 1.00 27/08/1990 eay
412
413