Revision history for Perl extension Crypt::CBC.
3.04 Mon 17 May 2021 10:58:37 AM EDT
- Fixed bug involving manually-specified IV not being used in some circumstances.
3.03 Sun 18 Apr 2021 10:54:19 PM EDT
- Fixed bug which caused an extraneous block of garbage data to be appended to encrypted
string when "nopadding" specified and plaintext is even multiple of blocksize.
3.02
- CTR mode now requires the Math::Int128 module, which gives a ~5x performance
boost over Math::BigInt.
3.01
- Warn when the deprecated opensslv1 PBKDF (key derivation function) is used
for encryption. Turn off with -nodeprecate=>1 or by choosing a different
PBKDF, such as -pbkdf=>'pbkdf2'.
- Fix a regression when passing the legacy -salt=>1 argument.
3.00 Sun Feb 7 10:28:08 EST 2021
- Released version 3.00 in recognition of multiple new features
and cleanups.
2.37 Sun Feb 7 10:20:17 EST 2021
- Added better argument checking.
- Fixed long-standing standard padding bug: plaintext ending with
bytes between 0x00 and 0x0A would be truncated in some conditions.
- Fixed Rijndael_compat padding.
2.36 Wed 03 Feb 2021 09:19:06 AM EST
- Add support for OFB, CFB and CTR chain modes.
- New dependency: Math::BigInt
2.35 Sun Jan 31 22:02:42 EST 2021
- Add support for PBKDF2 key derivation algorithm
- New dependencies: Digest::SHA, Crypt::PBKDF2, Crypt::Cipher::AES
2.34 Fri Jan 29 18:08:12 EST 2021
- Support for openssl SHA-256 key derivation algorithm
2.33 Tue Jul 30 16:02:04 EDT 2013
- Fix minor RT bugs 83175 and 86455.
2.32 Fri Dec 14 14:20:17 EST 2012
- Fix "Taint checks are turned on and your key is tainted" error when autogenerating salt and IV.
2.31 Tue Oct 30 07:03:40 EDT 2012
- Fixes to regular expressions to avoid rare failures to
correctly strip padding in decoded messages.
- Add padding type = "none".
- Both fixes contributed by Bas van Sisseren.
2.29 Tue Apr 22 10:22:37 EDT 2008
- Fixed errors that occurred when encrypting/decrypting utf8 strings
in Perl's more recent than 5.8.8.
2.28 Mon Mar 31 10:46:25 EDT 2008
- Fixed bug in onesandzeroes test that causes it to fail with Rijndael module
is not installed.
2.27 Fri Mar 28 10:13:32 EDT 2008
- When taint mode is turned on and user is using a tainted key, explicitly check
tainting of key in order to avoid "cryptic" failure messages from some crypt
modules.
2.26 Thu Mar 20 16:41:23 EDT 2008
- Fixed onezeropadding test, which was not reporting its test count
properly.
2.25 Fri Jan 11 15:26:27 EST 2008
- Fixed failure of oneandzeroes padding when plaintext size is
an even multiple of blocksize.
- Added new "rijndael_compat" padding method, which is compatible
with the oneandzeroes padding method used by Crypt::Rijndael in
CBC mode.
2.24 Fri Sep 28 11:21:07 EDT 2007
- Fixed failure to run under taint checks with Crypt::Rijndael
or Crypt::OpenSSL::AES (and maybe other Crypt modules). See
http://rt.cpan.org/Public/Bug/Display.html?id=29646.
2.23 Fri Apr 13 14:50:21 EDT 2007
- Added checks for other implementations of CBC which add no
standard padding at all when cipher text is an even multiple
of the block size.
2.22 Sun Oct 29 16:50:32 EST 2006
- Fixed bug in which plaintext encrypted with the -literal_key
option could not be decrypted using a new object created with
the same -literal_key.
- Added documentation confirming that -literal_key must be accompanied by a
-header of 'none' and a manually specificied IV.
2.21 Mon Oct 16 19:26:26 EDT 2006
- Fixed bug in which new() failed to work when first option is -literal_key.
2.20 Sat Aug 12 22:30:53 EDT 2006
- Added ability to pass a preinitialized Crypt::* block cipher object instead of
the class name.
- Fixed a bug when processing -literal_key.
2.19 Tue Jul 18 18:39:57 EDT 2006
- Renamed Crypt::CBC-2.16-vulnerability.txt so that package installs correctly under
Cygwin
2.18 2006/06/06 23:17:04
- added more documentation describing how to achieve compatibility with old encrypted messages
2.17 Mon Jan 9 18:22:51 EST 2006
-IMPORTANT NOTE: Versions of this module prior to 2.17 were incorrectly
using 8 byte IVs when generating the old-style RandomIV style header
(as opposed to the new-style random salt header). This affects data
encrypted using the Rijndael algorithm, which has a 16 byte blocksize,
and is a significant security issue.
The bug has been corrected in versions 2.17 and higher by making it
impossible to use 16-byte block ciphers with RandomIV headers. You may
still read legacy encrypted data by explicitly passing the
-insecure_legacy_decrypt option to Crypt::CBC->new().
-The salt, iv and key are now reset before each complete encryption
cycle. This avoids inadvertent reuse of the same salt.
-A new -header option has been added that allows you to select
among the various types of headers, and avoids the ambiguity
of having multiple interacting options.
-A new random_bytes() method provides access to /dev/urandom on
suitably-equipped hardware.
2.16 Tue Dec 6 14:17:45 EST 2005
- Added two new options to new():
-keysize => <bytes> Force the keysize -- useful for Blowfish
-blocksize => <bytes> Force the blocksize -- not known to be useful
("-keysize=>16" is necessary to decrypt OpenSSL messages encrypted with
Blowfish)
2.15 Thu Nov 17 17:34:28 EST 2005
- -add_header=>0 now explicitly turns off any attempt of parsing the header
in decrypt routines.
2.14 Thu May 5 16:08:15 EDT 2005
- RandomIV in message header overrides manually-supplied -salt, as one
would expect it should.
2.13 Fri Apr 22 13:01:32 EDT 200
- Added OpenSSL compatibility
- Salt and IV generators take advantage of /dev/urandom device, if available
- Reorganized internal structure for coding clarity
- Added regression test for PCBC mode
2.12 Thu Jun 17 11:52:04 EDT 2004
- quenched (again) uninitialized variable warnings
2.11 Thu Jun 3 12:07:33 EDT 2004
-Fixed bug reported by Joshua Brown that caused certain length
strings to not encrypt properly if ending in a "0" character.
2.10 Sat May 29 13:10:05 EDT 2004
-Fixed Rijndael compat problems
2.09 Thu May 27 11:18:06 EDT 2004
-Quenched uninitialized variable warnings
2.08 Wed Sep 11 08:12:49 EDT 2002
-Bug fix from Chris Laas to fix custom padding
2.07 Thu Aug 8 14:44:52 EDT 2002
-Bug fixes from Stephen Waters to fix space padding
-Lots of regression tests from Stephen Waters
2.05 Tue Jun 11 22:18:04 EDT 2002
-Makes zero-and-one padding compatible with Crypt::Rijndael::MODE_CBC.
-Lots of improvements to padding mechanisms from Stephen Waters
2.04 Tue Jun 11 22:18:04 EDT 2002
WITHDRAWN VERSION DO NOT USE
2.03 Mon Feb 4 15:41:51 EST 2002
-Patch from Andy Turner <turner@mikomi.org> to allow backward
compatibility with old versions when key length exceeded max.
2.02 Thu Jan 24 00:15:52 EST 2002
- Default to pre-2.00 style padding, because Jody's default padding
method was not binary safe.
2.01 Mon Dec 10 12:11:35 EST 2001
- Removed debugging code.
2.00 Tue Oct 31, 2000
- Patches for foreign program compatibility, initialization vectors
and padding methods from Jody Biggs <jody.biggs@paymybills.com>
1.25 Thu Jun 8 11:56:28 EDT 2000
- Bug fix didn't get into version 1.24. Is in version 1.25
1.24 Tue Jun 6 17:35:18 EDT 2000
- Fixed a bug that prevented a DES and an IDEA object from being
used simultaneously.
1.22 Wed Jan 26 19:07:30 EST 2000
- Added support for Crypt::Blowfish (available from www.cryptix.org)
- Fixed failure to encrypt data files < 8 bytes
- Fixed -w warning when decrypting data files < 8 bytes
1.21 Mon Nov 29 17:11:17 EST 1999
- Generate random initialization vector.
- Use same encryption format as Ben Laurie's patches to OpenSSL (versions >= 0.9.5)
1.20 Sun Dec 20 3:58:01 1998 MET
- Folded in bug fixes from Devin Carraway <aqua@sonic.net>
(chiefly having to do with finish() being called with a
zero-length buffer).
1.10 Thu Sep 11 09:15:01 1998
- Changed package name to Crypt::CBC
1.00 Tue Jun 16 07:37:35 1998
- original version; created by h2xs 1.18