v0.8.8

CHANGES:

• new package mirage-crypto-rng-async, entropy feeding using async (#90 @seliopou)
• Entropy.cpu_rng and Entropy.cpu_rng_bootstrap result in Error `Not_supported
  on CPUs without RDRAND/RDSEED support (previously an exception was raised
  in cpu_rng_bootstrap, and cpu_rng resulted in a no-op) (#92 @seliopou)
• Entropy.cpu_rng delays entropy feeding (returns unit -> unit instead of unit).
  This fixes a memory leak, reported by @talex5 #94, fixed in #95 by @hannesm
• Avoid illegal instructions on X86 CPUs without SSSE3 instruction set. Both
  SHA256 and ChaCha used PSHUFB which is not available on e.g. AMD Phenom II
  (report #93 by @dinosaure @samoht @pirbo @RichAyotte @sebeec, fixed in #96 by
  @hannesm)

v0.8.7

CHANGES:

• revise MirageOS cross-compilation (#89, @hannesm)

v0.8.6

CHANGES:

• Detect CPU architecture from C compiler, allowing cross-compiling to Android
  and iOS (#84 by @EduardoRFC)
• Upgrade to dune2, use a Makefile for building freestanding libraries, drop
  mirage-xen-posix support (solo5-based PVH exists now) #86 by @hannesm

v0.8.5

CHANGES:

• Avoid accessing unmapped memory in ChaCha20 (#83 by @hannesm, introduced in
  0.8.1)

v0.8.4

CHANGES:

• Mirage_crypto_rng: avoid using rdseed if it returned 0 during bootstrap
  (#82 @hannesm)
• Avoid misaligned cast in xor (#79 reported by @talex5 on arm32, fixed in #81
  by @hannesm)

v0.8.3

CHANGES:

• Fix ppc64le cycle_counter (add missing Val_long) (#78 @hannesm)
  • test_entropy is now test_entropy_collection
  • test_entropy checks timer and bootstrap functions
• Avoid polluting symbol table with global non-prefixed symbols
  (reported by @anmonteiro in #77, fixed #78 @hannesm (suggested by @dinosaure))
• Avoid "caml_" prefix in entropy_stubs, use "mc_" instead (#78 @hannesm)

v0.8.2

CHANGES:

• Add support for ppc64le. (#76 @avsm)

v0.8.1

CHANGES:

• Add Chacha20 implementation (based on abeaumont/ocaml-chacha), supporting
  both DJB's original specification (nonce 64 bit, counter 64 bit) and IETF
  (RFC 8439: nonce 96 bit, counter 32 bit)
  (#72 @hannesm)
• Add Poly1305 implementation based on floodyberry/poly1305-donna (#72 @hannesm)
• Unified AEAD module type, implemented by CCM, GCM, and Chacha20/Poly1305
  The functions "authenticate_encrypt" and "authenticate_decrypt" are defined,
  which append (encrypt) and check equality (decrypt, using Eqaf for
  constant-time comparison) the authentication tag directly.
  Breaking changes:
  • GCM "~iv" is now "~nonce"
  • GCM encrypt returns the encrypted data and authentication tag appended
  • GCM decrypt returns the plaintext as option (None on authentication failure)
    (#73 @hannesm)

v0.8.0

CHANGES:

• New package mirage-crypto-rng-mirage which contains the entropy collection
  code for MirageOS (#69 requested by @samoht, implemented by @hannesm)
• Mirage_crypto_rng_lwt.initialize is not inside the Lwt monad anymore, and
  thus can be called by libraries at top level (#69, requested by @avsm @xguerin
  @talex5 in mirage/ocaml-conduit#318, implemented by @hannesm)
• Both Mirage_crypto_rng_lwt.initialize and Mirage_crypto_rng_unix.initialize
  don't do anything if called a second time (#69, implemented by @hannesm)
• Entropy source registration is now open and done via
  Entropy.register_source : string -> source, instead of a closed variant
  (#69, fixes #68, implemented by @hannesm)

v0.7.0

CHANGES:

• CPU feature detection (AESNI, SSE3, PCLMULQ) at runtime instead of compile
  time (#53 @Julow, fixed MirageOS support #61, review by @hannesm)
  performance hit up to 5%
• Revise entropy collection (#64 @hannesm review by @dinosaure @cfcs)
  mirage-crypto-entropy has been folded into mirage-crypto-rng.{unix,lwt,mirage}
  • the RNG is no longer fork() safe, if you use fork in your code, be sure to
    reseed the RNG in the child process
  • on Unix and Lwt, the used RNG is Fortuna, seeded by getrandom(),
    rdrand/rdseed, and whirlwind
  • Mirage_crypto_rng_lwt does entropy collection for Lwt applications
  • entropy collection is now similar to FreeBSD:
    • rdrand/rdseed is executed in a separate task (by default every second)
    • on Unix, getrandom() is executed in another separate task (by default
      every 10 seconds)
    • on every enter of the Lwt event loop, some bits of rdtsc are collected
      (rdrand/rdseed is not on each even loop enter anymore)
  • Fortuna only uses entropy pools if the given period is exhausted (defaults
    to 1s), and the pool size exceeds 64 bytes
  • The unseeded generator exception prints instructions how to seed the RNG
• 32 bit support (for ghash), requested by @TImada in #60, #65 @hannesm
• use Eqaf_cstruct.find_uint8 instead of Cs.ct_find_uint8 (#52 @dinosaure)
• add (:standard) in C flags to allow cross-compilation #47 @samoht
• Mirage_crypto.Uncommon: remove several functions (Cs.create, Option),
  requires OCaml 4.08 (#49 #51 @hannesm)
• remove ocplib-endian dependency, use Bytes directly (since 4.07) #51 @hannesm
• bitfn.h cleanup (#56 #58 @hannesm)
• fix build if opam is not available (#66 @hannesm)
• update test.yml GitHub actions (#44 #57 @imbsky)
• Travis CI for arm64 (#55 @hannesm)