Cryptokit version 1.19

• Fix missing root registration in some Chacha20, Blake2, and Blake3 functions (#34)

Cryptokit version 1.18

• Add BLAKE3 hash and MAC functions.
• Fix compile-time error "SSE4.1 instruction set not enabled" (#32, #33).

Cryptokit version 1.17

• Add interfaces for authenticated encryption (AEAD) and two implementations: AES-GCM and Chacha20-Poly1305.
• Use getentropy() for system_rng when available (Linux, macOS, BSD).
• Removed support for EGD (the Entropy Gathering Daemon).
• Added compile-time alerts on uses of broken or weak ciphers and hashes. (Can be silenced with "-alert -crypto".)
• Add the hmac_sha384 MAC (#8).
• Add the SipHash MAC.
• Set file descriptor to close-on-exec in device_rng (#27).
• Improve compatibility with OCaml 5.0 (#28).
• Make sure CryptokitBignum is installed like before the switch to Dune (#31).

Cryptokit version 1.16.1

• Make the tests faster and more robust
• Update dependencies and documentation.

Cryptokit version 1.16

• Use dune as the build system (contributed by Andrey Mokhov, PR #24)
• Add BLAKE2b and BLAKE2s hash and MAC functions.

Cryptokit version 1.15

• Added constant-time string_equal and bytes_equal comparison functions (execution time depends on the lengths of the strings but not on their contents) (issue #13, PR #14)
• Caml FFI: use caml_ long names and CAML_NAME_SPACE; get rid of Begin_roots
• OASIS files regenerated in dynamic mode for OCaml 4.09 compatibility. For this reason, OASIS is now a build dependency.

Cryptokit version 1.14

• Ensure compatibility with OCaml 4.09 and up.
• Detect early AMD Ryzen 3000 bug where the RDRAND instruction always generates 0xFF...FF, and, in this case, report the hardware RNG as unavailable.
• Fix formatting of documentation comments (issue #3, PR #5)
• Optional argument to control whether the zlib transform expects a zlib header (PR #12).
• Fix issue with zlib >= 1.2.9 where internal sanity check is affected by the stream data block being moved by OCaml's GC (issue #7, PR #17).
• DH.new_parameters: update documentation to suggest at least 2048 bits (PR #18).
• DH.derive_key: use SHA256 instead of SHA1 (PR #19).

Cryptokit version 1.13

• Add the Chacha20 stream cipher.
• Add the AES-CMAC (a.k.a. AES-OMAC1) message authentication code.
• Pseudo-random number generator: replace the old AES-CBC-Fibonacci generator
  with a faster, simpler generator based on Chacha20.
• Add an alternate pseudo-random number generator based on AES in CTR mode.
• Documentation: warn about known cryptographic weaknesses in Triple DES,
  Blowfish, and ARCfour.
• Documentation: warn about problems with variable-length messages in
  MACs based on block ciphers in CBC mode.

Cryptokit version 1.12

• Fix x86-32 compilation error and improve detection of AES-NI for x86 processors (Jeremie Dimino, Etienne Millon)
  (Closes: #1646)
• AES-NI: align key_schedule on a 16 byte boundary (Etienne Millon)
  (Closes: #1709)
• Add original Keccak submission to SHA-3 (Yoichi Hirai)