Heads up on LibTomCrypt [v0.97b]

From: Tom St Denis (tomstdenis_at_iahu.ca)
Date: 07/24/04

Date: Sat, 24 Jul 2004 18:42:28 GMT

Ok just a heads up on some things.

1. Avoid the new export/import functions of the PRNGs [from v0.97b], for
that matter avoid Fortuna as well [for that release...]

2. There still is a lingering bug [not as problematic] with the HMAC code.
If the hash'ing fails [when producing the initial state] the hmac->key
variable isn't freed.

3. My RC4 code was "slightly off". Mostly because I didn't intend to use
it as a cipher [just a relatively quick PRNG]. The problem is I didn't
reset x/y to 0 after keying. Fixed. I also reverted the behaviour of
rc4_read() to make it XOR the output again [instead of storing it].

4. I added test vector routines to the PRNG api

5. I added SOBER-128 [4 cycles/byte ;-)]

I've ran the test programs all through valgrind. Aside from spurious
"unitialized" variables in mpi.c [which I still can't figure out, LTM has
yet to show any buggy behaviour related to this in it's two years of

No memory leaks or overflows I can detect.

So the crux of it is

- avoid new PRNG stuff from v0.97b
- if hmac_init fails you may leak memory
- Overall v0.97b *should* be otherwise safe to use.

I could use more user feedback though. I mean personally I have a linux
[P4], windows [Athlon and P4] with GCC 3.3.4, 3.3.1, 3.4.1, ICC v8 and MSVC
v6 on my hands. However, I'd like it if people on other platforms [MIPS,
PPC, ARM] with other compilers [Borland, Watcom, MetroWerks] could give the
test programs "a go". Specifically if you could do two specific tests

1. build demos/tv_gen [e.g. "make tv_gen"], run it, compare the *.txt files
in the working directory to the *.txt files in the notes/ directory


for f in *.txt; do diff $f notes/$f; done

will work just fine ;-)

2. build demos/test/test [e.g. "make install ; cd demos/test ; make test"],
run it and see if it segfaults or errors out.

Tenatively I plan to release v0.98 in two weeks. That gives me oodles of
testing/documenting time. If anyone wants a work-in-progress copy so they
can test it [please help here!!!] I can provide a copy.