Revision history for Perl extension Crypt::CBC.

2.29     Tue Apr 22 10:22:37 EDT 2008
         - Fixed errors that occurred when encrypting/decrypting utf8 strings
         in Perl's more recent than 5.8.8.

2.28     Mon Mar 31 10:46:25 EDT 2008
         - Fixed bug in onesandzeroes test that causes it to fail with Rijndael module
         is not installed.

2.27     Fri Mar 28 10:13:32 EDT 2008
         - When taint mode is turned on and user is using a tainted key, explicitly check
           tainting of key in order to avoid "cryptic" failure messages from some crypt
           modules.

2.26 Thu Mar 20 16:41:23 EDT 2008

• Fixed onezeropadding test, which was not reporting its test count properly.

2.25 Fri Jan 11 15:26:27 EST 2008

• Fixed failure of oneandzeroes padding when plaintext size is an even multiple of blocksize.
• Added new "rijndael_compat" padding method, which is compatible with the oneandzeroes padding method used by Crypt::Rijndael in CBC mode.

2.24 Fri Sep 28 11:21:07 EDT 2007

• Fixed failure to run under taint checks with Crypt::Rijndael or Crypt::OpenSSL::AES (and maybe other Crypt modules). See http://rt.cpan.org/Public/Bug/Display.html?id=29646.

2.23 Fri Apr 13 14:50:21 EDT 2007

• Added checks for other implementations of CBC which add no standard padding at all when cipher text is an even multiple of the block size.

2.22 Sun Oct 29 16:50:32 EST 2006

• Fixed bug in which plaintext encrypted with the -literal_key option could not be decrypted using a new object created with the same -literal_key.
• Added documentation confirming that -literal_key must be accompanied by a -header of 'none' and a manually specificied IV.

2.21 Mon Oct 16 19:26:26 EDT 2006

• Fixed bug in which new() failed to work when first option is -literal_key.

2.20 Sat Aug 12 22:30:53 EDT 2006

• Added ability to pass a preinitialized Crypt::* block cipher object instead of the class name.
• Fixed a bug when processing -literal_key.

2.19 Tue Jul 18 18:39:57 EDT 2006

• Renamed Crypt::CBC-2.16-vulnerability.txt so that package installs correctly under Cygwin

2.18 2006/06/06 23:17:04

• added more documentation describing how to achieve compatibility with old encrypted messages

2.17 Mon Jan 9 18:22:51 EST 2006

        -IMPORTANT NOTE: Versions of this module prior to 2.17 were incorrectly
        using 8 byte IVs when generating the old-style RandomIV style header
        (as opposed to the new-style random salt header). This affects data
        encrypted using the Rijndael algorithm, which has a 16 byte blocksize,
        and is a significant security issue.

        The bug has been corrected in versions 2.17 and higher by making it
        impossible to use 16-byte block ciphers with RandomIV headers. You may
        still read legacy encrypted data by explicitly passing the 
        -insecure_legacy_decrypt option to Crypt::CBC->new().

        -The salt, iv and key are now reset before each complete encryption
         cycle. This avoids inadvertent reuse of the same salt.

        -A new -header option has been added that allows you to select
         among the various types of headers, and avoids the ambiguity
         of having multiple interacting options.

        -A new random_bytes() method provides access to /dev/urandom on
         suitably-equipped hardware.

2.16 Tue Dec 6 14:17:45 EST 2005

• Added two new options to new():

  -keysize => <bytes> Force the keysize -- useful for Blowfish -blocksize => <bytes> Force the blocksize -- not known to be useful

                ("-keysize=>16" is necessary to decrypt OpenSSL messages encrypted with
                        Blowfish)

2.15 Thu Nov 17 17:34:28 EST 2005

• -add_header=>0 now explicitly turns off any attempt of parsing the header

  in decrypt routines.

2.14 Thu May 5 16:08:15 EDT 2005

• RandomIV in message header overrides manually-supplied -salt, as one would expect it should.

2.13 Fri Apr 22 13:01:32 EDT 200

• Added OpenSSL compatibility
• Salt and IV generators take advantage of /dev/urandom device, if available
• Reorganized internal structure for coding clarity
• Added regression test for PCBC mode

2.12 Thu Jun 17 11:52:04 EDT 2004

• quenched (again) uninitialized variable warnings

2.11 Thu Jun 3 12:07:33 EDT 2004

        -Fixed bug reported by Joshua Brown that caused certain length
        strings to not encrypt properly if ending in a "0" character.

2.10 Sat May 29 13:10:05 EDT 2004

-Fixed Rijndael compat problems

2.09 Thu May 27 11:18:06 EDT 2004

-Quenched uninitialized variable warnings

2.08 Wed Sep 11 08:12:49 EDT 2002

-Bug fix from Chris Laas to fix custom padding

2.07 Thu Aug 8 14:44:52 EDT 2002

        -Bug fixes from Stephen Waters to fix space padding
        -Lots of regression tests from Stephen Waters

2.05 Tue Jun 11 22:18:04 EDT 2002

        -Makes zero-and-one padding compatible with Crypt::Rijndael::MODE_CBC.
        -Lots of improvements to padding mechanisms from Stephen Waters

2.04 Tue Jun 11 22:18:04 EDT 2002

WITHDRAWN VERSION DO NOT USE

2.03 Mon Feb 4 15:41:51 EST 2002

        -Patch from Andy Turner <turner@mikomi.org> to allow backward
        compatibility with old versions when key length exceeded max.

2.02 Thu Jan 24 00:15:52 EST 2002

• Default to pre-2.00 style padding, because Jody's default padding

  method was not binary safe.

2.01 Mon Dec 10 12:11:35 EST 2001

• Removed debugging code.

2.00 Tue Oct 31, 2000

• Patches for foreign program compatibility, initialization vectors

  and padding methods from Jody Biggs <jody.biggs@paymybills.com>

1.25 Thu Jun 8 11:56:28 EDT 2000

• Bug fix didn't get into version 1.24. Is in version 1.25

1.24 Tue Jun 6 17:35:18 EDT 2000

• Fixed a bug that prevented a DES and an IDEA object from being

  used simultaneously.

1.22 Wed Jan 26 19:07:30 EST 2000

• Added support for Crypt::Blowfish (available from www.cryptix.org)
• Fixed failure to encrypt data files < 8 bytes
• Fixed -w warning when decrypting data files < 8 bytes

1.21 Mon Nov 29 17:11:17 EST 1999

• Generate random initialization vector.
• Use same encryption format as Ben Laurie's patches to OpenSSL (versions >= 0.9.5)

1.20 Sun Dec 20 3:58:01 1998 MET

• Folded in bug fixes from Devin Carraway <aqua@sonic.net> (chiefly having to do with finish() being called with a zero-length buffer).

1.10 Thu Sep 11 09:15:01 1998

• Changed package name to Crypt::CBC

1.00 Tue Jun 16 07:37:35 1998

• original version; created by h2xs 1.18