0.10.4

CHANGES:

• hash: ensure alignment of data, fixes arm32 test cases (#143 @hannesm)
• drop sexplib and ppx_sexp_conv dependencies (#141 @hannesm)
• install LICENSE files of different opam packages
• require eqaf >= 0.8 to avoid bigarray-compat dependency (#139 by @hannesm)
• update to GH actions 2.1, fix windows action (#135 #139 @avsm @smorimoto)
• drop rresult dependency (#139 #141 by @hannesm @reynir)
• avoid deprecated Cstruct.len, use Cstruct.length instead (#134 by @hannesm)
• mirage-crypto-pk: adapt to mirage 4 (#141 @TheLortex @samoht)

v0.10.3

CHANGES:

• support for s390x (#129 by @edelsohn)
• mirage-crypto: add Hash.hmac_feed, analogous to Hash.feed (#130 by @reynir)
• use --std=c11 in C flags, as required by upcoming OCaml multicore (#133 by
  @hannesm, review by @Engil)
• update fiat-crypto generated code (now emitting inline attribute)
  (#132 by @hannesm)

v0.10.2

CHANGES:

• mirage-crypto-ec: dune C stubs compilation rules: explicitely declare the
  include directory instead of listing it as a flag, so that the dependency
  is correctly tracked (#122 by @TheLortex)
• mirage-crypto: compatibility with gcc11 (-Warray-parameters warning)
  (reported in #124 by @TheLortex, fixed in #125 by @hannesm)
• support for 64 bit RISC-V (#127 by @edwintorok)
• Fixed esy cross-compile CI (#126 by @EduardoRFS)

v0.10.1

CHANGES:

• mirage-crypto-ec: make inversion run in constant time (#121 by @dfaranha)

v0.10.0

CHANGES:

• mirage-crypto-rng on arm32 only use mrrc if in kernel mode, use mrc in user
  land mode, and clock_gettime as fallback (reported by @adams-1979 in #113,
  fix in #120 by @hannesm)
• mirage-crypto-ec: revise key generation API, and provide Dh.secret_of_cstruct
  for test vectors (and other scenarios where you need to decode an existing
  DH secret). Before, this was embedded into the generate function, which
  could diverged for some input (#119 @hannesm)

v0.9.2

CHANGES:

• mirage-crypto-ec: fix X25519 and Ed25519 if called with Cstruct.t whose
  offset is not equal to 0. Add unit tests to avoid the same issue in the
  future (#118 by @hannesm)

v0.9.1

CHANGES:

• mirage-crypto-ec: fix ECDSA verify if r or s are shorter than the modulus
  (#117 by @hannesm)
• Fixed esy cross-compile CI (#116 by @EduardoRFS)

v0.9.0

CHANGES:

• Elliptic curve support in the new package mirage-crypto-ec

  The arithmetic code is generated by
  fiat-crypto, a development in Coq
  which includes proofs of constant time behaviour. The generation can be
  reproduced (see ec/native/GNUmakefile).

  The group operation implementations are taken from BoringSSL. The high-level
  mechanisms (signature DSA and key exchange ECDH) are implemented in OCaml.
  The ECDSA implementation (as our DSA one) uses a deterministic k (RFC 6979).

  The NIST curves P224 (SECP224R1), P256 (SECP256R1), P384 (SECP384R1), and
  P521 (SECP521R1) are supported (ECDH and ECDSA), in addition to Curve25519
  (X25519 and Ed25519).

  Performance of X25519 has been measured and is roughly the same as
  the hacl_x25519 and also the hacl opam package (see #107 for numbers).

  Tests vectors are from RFCs and wycheproof.

  Import mirage/fiat repository (@pascutto @emillon @NathanReb @hannesm #101)
  Check bounds of message (reported by @greg42, fixed by @hannesm #108)
  Remove blinding, since constant time arithmetics is used (@hannesm #106)
  Curve 25519 (X25519 & Ed25519) support (@hannesm #107 imported from BoringSSL)

  Partially reviewed by @JasonGross @avsm @dinosaure
  Partially sponsored by Nitrokey GmbH

v0.8.10

CHANGES:

• Rsa.priv: require 1 = d * e mod (lam n). This allows interoperability with
  OpenSSL generated keys. Reported and fixed by @psafont in #100.

v0.8.9

CHANGES:

• Rsa: Adapt computation of d = e ^ -1 mod (lam n), with
  lam n = lcm (p - 1) (q - 1) (previously lam n = (p - 1) * (q - 1))
  Fixes #62 reported by @mattjbray, investigated by @psafont, code by @hannesm