0.11.3

CHANGES:

• mirage-crypto, mirage-crypto-rng{,lwt,mirage}: support CL.EXE compiler
  (#137 @jonahbeckford) - mirage-crypto-pk not yet due to gmp dependency,
  mirage-crypto-ec doesn't pass testsuite
• mirage-crypto-ec: use simpler square root for ed25519 - saving 3
  multiplications and 2 squarings, details
  https://mailarchive.ietf.org/arch/msg/cfrg/qlKpMBqxXZYmDpXXIx6LO3Oznv4/
  (#196 @hannesm)
• mirage-crypto-ec: use sliding window method with pre-computed calues of
  multiples of the generator point for NIST curves, speedup around 4x for P-256
  sign (#191 @Firobe, review @palainp @hannesm)
• mirage-crypto-ec: documentation: warn about power timing analysis on k in
  Dsa.sign (#195 @hannesm, as proposed by @edwintorok)
• mirage-crypto-ec: replace internal Cstruct.t by string (speedup up to 2.5x)
  (#146 @dinosaure @hannesm @reynir, review @Firobe @palainp @hannesm @reynir)
• bench/speed: add EC (ECDSA & EdDSA generate/sign/verify, ECDH secret/share)
  operations (#192 @hannesm)
• mirage-crypto-rng: use rdtime instead of rdcycle on RISC-V (rdcycle is
  privileged since Linux kernel 6.6) (#194 @AdrianBunk, review by @edwintorok)
• mirage-crypto-rng: support Loongarch (#190 @fangyaling, review @loongson-zn)
• mirage-crypto-rng: support NetBSD (#189 @drchrispinnock)
• mirage-crypto-rng: allocate less in Fortuna when feeding (#188 @hannesm,
  reported by @palainp)
• mirage-crypto-ec: avoid mirage-crypto-pk and asn1-combinators test dependency
  (instead, craft our own asn.1 decoder -- #200 @hannesm)

Performance differences between v0.11.2 and v0.11.3 and OpenSSL

The overall result is promising: P-256 sign operation improved 9.4 times, but
is still a 4.9 times slower than OpenSSL.

Numbers in operations per second (apart from speedup, which is a factor
v0.11.3 / v0.11.2), gathered on a Intel i7-5600U CPU 2.60GHz using FreeBSD 14.0,
OCaml 4.14.1, and OpenSSL 3.0.12.

P224

op	v0.11.2	v0.11.3	speedup	OpenSSL
gen	1160	20609	17.8
sign	931	8169	8.8	21319
verify	328	1606	4.9	10719
dh-sec	1011	12595	12.5
dh-kex	992	2021	2.0	16691

P256

op	v0.11.2	v0.11.3	speedup	OpenSSL
gen	990	19365	19.6
sign	792	7436	9.4	36182
verify	303	1488	4.9	13383
dh-sec	875	11508	13.2
dh-kex	895	1861	2.1	17742

P384

op	v0.11.2	v0.11.3	speedup	OpenSSL
gen	474	6703	14.1
sign	349	3061	8.8	900
verify	147	544	3.7	1062
dh-sec	378	4405	11.7
dh-kex	433	673	1.6	973

P521

op	v0.11.2	v0.11.3	speedup	OpenSSL
gen	185	1996	10.8
sign	137	438	3.2	2737
verify	66	211	3.2	1354
dh-sec	180	1535	8.5
dh-kex	201	268	1.3	2207

25519

op	v0.11.2	v0.11.3	speedup	OpenSSL
gen	23271	22345	1.0
sign	11228	10985	1.0	21794
verify	8149	8029	1.0	7729
dh-sec	14075	13968	1.0
dh-kex	13487	14079	1.0	24824

0.11.2

CHANGES:

• mirage-crypto-rng-eio: improve portability by using eio 0.7's monotonic clock
  interface instead of mtime.clock.os. (#176 @TheLortex)
• mirage-crypto-rng-eio: update to eio 0.12 (#182 @talex5)
• mirage-crypto-rng: fix typo in RNG setup (#179 @samueldurantes)
• macOS: on arm64 with clang 14.0.3, avoid instcombine (due to miscompilations)
  reported by @samoht mit-plv/fiat-crypto#1606 (comment)
  re-reported in ulrikstrid/ocaml-jose#63 and mirleft/ocaml-tls#478
  (#185 @hannesm @kit-ty-kate)
• avoid "stringop-overflow" warning on PPC64 and S390x (spurious warnings) when
  in devel mode (#178 #184 @avsm @hannesm)
• stricter C prototypes, unsigned/signed integers (#175 @MisterDA @haesbaert
  @avsm @hannesm)
• support DragonFlyBSD (#181 @movepointsolutions)
• support GNU/Hurd (#174 @pinotree)

0.11.1

CHANGES:

• BUGFIX Chacha20 decrypt and encrypt with empty data (previously lead to
  segmentation fault, reported by @smondet in #172, fix in #173 by @reynir
  @hannesm), added tests with empty data for all symmetric ciphers

0.11.0

CHANGES:

• BREAKING split mirage-crypto-rng-lwt away from mirage-crypto-rng (#168
  @hannesm, reported by @bikallem #158)
  This means, a "mirage-crypto-rng.lwt" should now be "mirage-crypto-rng-lwt"
  in your dune file (or in META requires, or in _tags).
• AEAD API improvements: provide tag_size, of_secret, and functions that deal
  with the tag separately (#171 @hannesm, fixes #74 #144 @orbitz @anmonteiro)
  Only CCM16 (with tag size 16) is now exposed, the former API does not exist
  anymore (passing ~maclen to of_secret), according to sherlocode the only
  usage was CCM16 anyways
  This means any "Mirage_crypto.AES.CCM" should now be "Mirage_crypto.AES.CCM16"
  and any "CCM.of_secret ~maclen:16 key" should now be "CCM16.of_secret key"
  Any occurrence of "Mirage_crypto.Cipher_block.S.CCM" should now be
  "Mirage_crypto.Cipher_block.S.CCM16"
• BREAKING unify RNG initialization (reported by @talex5 in #155, fixes #160,
  PR #162 @hannesm)
  This means:
  • "Mirage_crypto_rng_lwt.initialize ()" should now be
    "Mirage_crypto_rng_lwt.initialize (module Mirage_crypto_rng.Fortuna)"
  • "Mirage_crypto_rng_unix.initialize ()" should now be
    "Mirage_crypto_rng_unix.initialize (module Mirage_crypto_rng.Fortuna)"
• remove mirage 3 cross-compilation runes (#163 @hannesm)
• CI: mirage-crypto-rng-eio requires ocaml 5 and dune 2.7 (#170 @hannesm, fixes
  #169 thanks to @bikallem @talex5)
• CI: use miage 4 (#166 @hannesm)

0.10.7

CHANGES:

• mirage-crypto-rng-eio: new package for seeding and feeding entropy to the
  rng with eio (#155 @bikallem, @talex5, @hannesm)
• mirage-crypto-ec: expose Dsa.byte_length (#164 @hannesm)
• CI: various fixes (#154 #164 @hannesm)
• mirage-crypto-rng-mirage: use 'a generator type alias
• mirage-crypto-rng: improve setup_rng message (add async, revise lwt) (#161
  @hannesm)
• mirage-crypto-rng-mirage: always feed the default generator (as done in
  a8c7bbd for the lwt feeding) (#161 @hannesm)
• ec: update generated code to recent fiat-crypto (#156 @hannesm)

0.10.6

CHANGES:

• Use _WIN32 instead of WIN32, as proposed by @jonahbeckford in #137
• PKG_CONFIG_PATH via cygpath on Window (#150 @MisterDA)
• ocaml-solo5 (formerly ocaml-freestanding) defines ocaml_solo5, use this
  in ifdef (arm only, #152 @hannesm)
• mirag-crypto-rng-mirage test: require mirage-unix >= 5.0.0 (#151 @hannesm)
• use oUnit2 as dependency, instead of oUnit (#149 @MisterDA)
• support mipsel and mips64el compilation (#148 @glondu)
• bugfix: define _POSIX_C_SOURCE in entropy_cpu_stubs.c (otherwise clock_gettime
  is not defined - at least on armhf) (#148 @glondu)
• bugfix: compilation on kfreebsd-* (adding FreeBSD_kernel to ifdef)
  (#148 @glondu)

0.10.5

CHANGES:

• mirage-crypto-ec: support point compression (#142 #147 @Zett98)

0.10.4

CHANGES:

• hash: ensure alignment of data, fixes arm32 test cases (#143 @hannesm)
• drop sexplib and ppx_sexp_conv dependencies (#141 @hannesm)
• install LICENSE files of different opam packages
• require eqaf >= 0.8 to avoid bigarray-compat dependency (#139 by @hannesm)
• update to GH actions 2.1, fix windows action (#135 #139 @avsm @smorimoto)
• drop rresult dependency (#139 #141 by @hannesm @reynir)
• avoid deprecated Cstruct.len, use Cstruct.length instead (#134 by @hannesm)
• mirage-crypto-pk: adapt to mirage 4 (#141 @TheLortex @samoht)

v0.10.3

CHANGES:

• support for s390x (#129 by @edelsohn)
• mirage-crypto: add Hash.hmac_feed, analogous to Hash.feed (#130 by @reynir)
• use --std=c11 in C flags, as required by upcoming OCaml multicore (#133 by
  @hannesm, review by @Engil)
• update fiat-crypto generated code (now emitting inline attribute)
  (#132 by @hannesm)

v0.10.2

CHANGES:

• mirage-crypto-ec: dune C stubs compilation rules: explicitely declare the
  include directory instead of listing it as a flag, so that the dependency
  is correctly tracked (#122 by @TheLortex)
• mirage-crypto: compatibility with gcc11 (-Warray-parameters warning)
  (reported in #124 by @TheLortex, fixed in #125 by @hannesm)
• support for 64 bit RISC-V (#127 by @edwintorok)
• Fixed esy cross-compile CI (#126 by @EduardoRFS)