C12G22 (C12 GAMMA-22 2nd Release): 13th Dec 2011: o Fix a g++ warning in cion_fencrypt.cxx caused by unsigned/signed comparison; size_t i, off_t inSize. Eliminate warning by casting inSize to (size_t). o Fix a problem where the program would leave the console in an un-useable state (due to Terminal::RawInput()). Fix the problem by restoring the termios(4)/Terminal state ASAP after a call to RawInput(). o Update DOCS/OPERATING-SYSTEMS to current reality. C12G22 (C12 GAMMA-22): 12th Dec 2011: o In cion_fencrypt.cxx, explicitly cast the isascii(3) "unsigned char" argument to "int". o In class Startup (begining of program execution), check to make sure the locale is the "C" locale, and if it isn't print an error message and exit(3). Full support for different locales and wide-chars/multibyte-chars/etc, is not currently available in C12. o In class Terminal, re-position the RawInput() call immediately before calling select(2) (to reduce the chances of a user ^Z changing the terminal/termios(4) configuration). o Create a new method (static) Terminal::BlockingInOutErr(), to check that stdin/stdout/stderr are set to blocking I/O. If they aren't, set them to blocking I/O. This method is called from class Startup. o Bring in the latest version of L15 (the only difference being the addition of output indirection for higher security). C12G21 (C12 GAMMA-21): Second release; 25th September 2011: *** NOTE: C12G21 re-released on 25th Sept 2011 after I discovered *** (through thorough testing) that the tricky terminal/termios(4) *** problem had not been completely purged. *** *** This time I believe I have completely fixed the problem. *** Changes from previous version 12-GAMMA20: ========================================= C12G21 (C12 GAMMA-21): 25th September 2011: o Fix a tricky terminal/termios(4) job-control problem. The result of this fix works fine on FreeBSD, no problems whatsoever. However, there seems to be discrepancies on DragonFlyBSD/OpenBSD with regard to the select(2) system call. Since the programs work fine on FreeBSD without any kind of problem/error/discrepancy whatsoever, I conclude this particular problem is a select(2)/Kernel bug in OpenBSD-4.7 and DragonFlyBSD-current. *** NOTE: Despite the discrepancies on OpenBSD-4.7/DragonFlyBSD-current, *** the programs seem to function correctly and hence can be used without *** problem on these operating systems. o Various small cleanups in Key.h, Passwd.h, Terminal.h in the process of fixing the above problem. o Delete the RANDOM sub-directory, since it was out of date (and also probably not serving any useful purpose). *** NOTE: To see a good cryptographic random number generator for BSD, *** have a look at /sys/kern/kern_nrandom.c in the DragonFlyBSD source *** tree (GitWeb). *** *** Also, there are 3 CSPRNGs available from: http://www.leopard.uk.com/IBAA64 and http://www.leopard.uk.com/L15 Changes from previous version 12-GAMMA19: ========================================= C12G20 (C12 GAMMA-20): 18th August 2011: o There were no full-stops at the end of FATAL sentences in class Startup. Fix that. o Make FileUtil::SecureMask () right at the start of program execution (class Startup). o Make the "unsigned char" test and the isatty() tests closer to the start of program execution (class Startup). o Remove string duplication by using a SFATAL definition in class Startup. o Add missing FileUtil::FCloseErrCheck() to cion_fencrypt.cxx o Cleanup all the Usage() functions/messages in all the programs. o Various small cleanups. o Remove Terminal::LoclEchoOff() method consolidating it into RawInput(). Slightly refactor the way class Terminal works to be more correct. The above changes seem to have fixed a Terminal termios(4) setting problem which manifested when the program was run initially in the background. Importantly: o Implement a lock-file mechanism to ensure there is only ever 1 C12 program executing, per user (concurrent execution is not allowed since certain programs can interfere with each other; cion_keygen, cion_encrypt, cion_decrypt (but not cion_fencrypt or cion_fdecrypt). o Print a message to the user relaying the fact that if the program is terminated abruptly the LOCKED file will remain in ~/caesarion, and has to be manually removed by the user (cion_keygen, cion_encrypt, cion_decrypt only). o In class Startup, change the arguments to the constructor to: dirShouldExist (bool), mkDir (bool), useLockFile (bool). Thus: cion_keygen is (false, true, true), cion_encrypt is (true, false, true), cion_decrypt is (true, false, true), and cion_fdecrypt and cion_fdecrypt is (false, false, false). Changes from previous version 12-GAMMA18: ========================================= C12G19 (C12 GAMMA-19): 12th August 2011: o Fix a bug that only manifested during job-control; after executing Terminal::RawInput(), pressing the Enter/Return-Key would result in a never ending loop because the NL (Newline) character was being mapped to CR (Carriage Return), and thus not detected. Fix the problem by ensuring ICRNL is set in Terminal::RawInput(). Changes from previous version 12-GAMMA17: ========================================= C12G18 (C12 GAMMA-18): 11th August 2011: o In class Startup, ensure that all three default streams (in, out, err) are connected to a valid terminal device (and exit(3) if they are not). o Cleanup the error messages in class Startup. o In class Passwd, ASSERT(key != EOF), and ASSERT(!feof(stdin)). o In Key::WriteKey(), ASSERT(YesNo != EOF), and ASSERT(!feof(stdin)). o In DOCS/OPERATING-SYSTEMS, remove all old/obsolete operating systems from the list. o In Decrypt::FATAL(), prepend the word "FATAL: " to all (fatal) error messages. Changes from version 12-GAMMA16: =============================== C12G17 (C12 GAMMA-17): 10th August 2011: o In class Passwd, make Terminal Raw Input mandatory (we only ever need Raw Input), and remove checks for EOF detection (thus simplifying the code). NOTE: During testing, it was discovered that Non-Raw input was behaving strangely with regard to buffering and the input of EOF/^D (which was another reason for making the above change). o Fix a variable indentation error in Decrypt::FATAL(). o In cion_fdecrypt.cxx, explicitly close fOut (including error check), rather than relying on exit(3) to flush/close the stream. o In Decrypt.h, expand the rejection message to include the possibility that the user may have specified the wrong public-key. o Remove an old/incorrect library specification from the Makefile. Changes from version 12-GAMMA15: =============================== C12G16 (C12 GAMMA-16): 29-30th April 2011: o Replace the old L15.h file with the latest version (no effective change in algorithm/functionality; from http://www.leopard.uk.com/L15). o Fix a semantic/grammar/typographical variable name error in Decrypt.h; toKeyFile -> fromKeyFile. o Replace calls to BN_num_bytes() with BN::BN_numBytes() in Key.h. o Replace calls to BN_new() with (new) BN::BN_New() (which checks for NULL error return) in: KeyGen.h, Encrypt.h, Decrypt.h. o Replace calls to BN_CTX_new() with (new) BN::BN_CtxNew() (which checks for NULL error return) in: KeyGen.h, Encrypt.h, Decrypt.h. o Change CipherPacket::DataDecrypt() to return a (bigger) long, rather than an int. Changes from version 12-GAMMA14: =============================== C12G15 (C12 GAMMA-15): 2nd April 2011: o The .depend file included in the C12G14 release was incorrectly generated. Fix that problem. o Fix some typo's in the previously generated DOCS/CHANGES.TXT file. o Add "DragonFlyBSD 2.9-DEVELOPMENT" to DOCS/OPERATING-SYSTEMS.TXT. Changes from version 12-GAMMA13: =============================== C12G14 (C12 GAMMA-14): 22nd March 2011: Security related refinements: o In Encrypt::RSAEncryptData(), memset() "messageBin" to 0 (after use). o In Encrypt::EncryptData(), memset() "Data" to 0 (after use). o In Encrypt::EncryptSignature(), memset() "Data" to 0 (after use). Other refinements: o In Random::Byte(), only exit(3) if errno != EINTR. Also, check for read(2) returning 0/End-Of-File and exit(3) if this happens (as End-Of-File should never be returned from /dev/random or /dev/urandom). o Add FreeBSD 8.2-RELEASE to OPERATING-SYSTEMS.TXT. Changes from version 12-GAMMA12: =============================== [ Enough changes have accumulated to increase the version number ] [ to C12-GAMMA13. ] C12G13 (C12 GAMMA-13); 26th September 2010: o Change RSA.h to have type specific definitions for e.g. SIGNATURE and all the other (previously #define'd) definitions. This is the C++ way. o Document that i.e. SIGNATURE is an int which is converted to unsigned char in the fprintf ("%c") conversion. o Change Passwd.h to hide (in private:) ancillary methods. o Minor Makefile cleanup. Changes from version 12-GAMMA11: =============================== C12G12 (GAMMA-12); 26th September 2010: (Minor adjustments to C12-GAMMA12): o Remove Password.cxx/Password.h and reformulate its functionality into a new class Passwd/Passwd.h file. o As a result of the above change, clean up the Makefile even more. C12G12 (GAMMA-12); 25th September 2010: (Minor adjustments to C12-GAMMA12): o In class Decrypt, use different variable names for constructor arguments and private variables, e.g. InputFile/inputFile to avoid namespace clash (before it was inputFile/inputFile). o Fix a grammar mistake in ABOUT.TXT. o Small cleanup in the Makefile. C12G12 (GAMMA-12); 1st September 2010: (Minor adjustments to C12-GAMMA12): o In class Decrypt/Decrypt.h ASSERT(inputFile != NULL) (and outputFile) before OpenFiles(). o Update INSTRUCTIONS.TXT to reflect the fact that the -m flag for cion_encrypt(1) was removed. o Remove PERFORMANCE.TXT (it was out of date anyway). o Update USER-SECURITY.TXT. o Remove PGPI-COMPARISON.TXT. o Update ABOUT.TXT. o Update INSTALL.TXT. o Update OPERATING-SYSTEMS.TXT C12G12 (GAMMA-12); 28th July 2010: (Minor adjustments to C12-GAMMA12): o CloseFiles() method in class Encrypt (cleanup). o free() inputFile/outputFile in class Decrypt. o CloseFiles() in class Decrypt. C12-GAMMA12: ============ o ASSERT outputFile != NULL in FileCrypt::Encrypt() o Create a new class "Encrypt" to do the RSA encryption, signature generation and signature encryption. Completely rewrite cion_encrypt.cxx to use the new "class Encrypt" and "do things the right (C++) way (tm)". Before, cion_encrypt.cxx was a hard-to-read mess !!!! o Create a new class "Decrypt" to do the RSA decryption, and signature verification. Completely rewrite cion_decrypt.cxx to use the new "class Decrypt" and "do things the right (C++) way (tm)". Before, cion_decrypt.cxx was a hard-to-read mess !!!! o Remove Fatal.h/Fatal.cxx since its functionality was incorporated into "class Decrypt". o Remove direct input facility from cion_decrypt program since I was pressed for time making these changes and couldn't justify the effort. o Updated OPERATING-SYSTEMS.TXT to show this software was compiled and tested on FreeBSD-8.1. NOTE: Some of the .TXT TextFiles (in the DOCS directory) are out of date since they refer to the -m flag and -s flag for the cion_encrypt program (which were removed in this release to simplify things). *** But note that the Manual Page (cion_encrypt.1) was updated. Changes from version 12-GAMMA10: =============================== C12G11 (GAMMA-11); 20th May 2010: o Update OPERATING-SYSTEMS.TXT. o Update RANDOM/README and correct a typo. o Add missing ASSERT.h #include to FileCrypt.h. o Use fgetc(stdin) (instead of getchar()) in Key::WriteKey() and ASSERT there is no error on stdin. o Change the Makefile to only use -lcrypto (-lssl is not needed). o Bring in the most recent/improved version of L15.h (which is available from http://www.leopard.uk.com/L15). Changes from version 12-GAMMA9: =============================== C12G9 (GAMMA-10); 28th February 2010: o Remove L16 (the logic behind the 64-bit counter yielding a 64-bit cycle length was flawed). Revert to L15. o Revert ByteType.h back to using "unsigned char" since this removes dependency on Changes from version 12-GAMMA8: =============================== C12G9 (GAMMA-9); 27th February 2010: o Increase "IVsize"/IV from 8 bytes to 16 bytes. o Replace L15 with L16 (with its guaranteed cycle length of 2^64 bytes). o Change ByteType.h to use and define ByteType type to be uint8_t. o Upgrade C12 to use SHA256 instead of SHA1 (which has security problems). o Minor cleanup in otherwise perfect FileUtil.h o Update DOCS/* with regard to file-extension ".L16"/L16. Changes from version 12-GAMMA7: =============================== C12G8 (GAMMA-8); 13th August 2009: o Protect against Coppersmiths attacks in cion_encrypt.cxx by ensuring that saltLen is > 1/9th the length of to_n (SECURITY FIX). o Follow the same rule when generating the digital signature and ensure that the saltLen is > 1/9th the length of n (SECURITY FIX). o Don't allow a zero salt-size when generating the digital signature. o Fix an errant space " " in the status printf's in cion_encrypt.cxx o In FileCrypt.h, make the constructor arg all upper case to match the rest of the methods. o In FileCrypt.h make the Decrypt method return const *. o In Key::ReadKey() make data const * (FileCrypt::Decrypt()). o In cion_fdecrypt.cxx make data const * (FileCrypt::Decrypt()). o In Password.cxx we must allow a password the same size as passSize. Changes from version 12-GAMMA6: =============================== C12G7 (GAMMA-7); 10th August 2009: o Add missing ByteType.h to Password.cxx o Check for ferror(stdin) in Password.cxx o Use fgetc(stdin) in Password.cxx o Small cleanup of Password.cxx o Make Password() check for EOF return from fgetc(3). o Cast and document conversion from int to ByteType in Password.cxx (characters read from stdin are returned as an unsigned char in an int). o Have Random.h check to see if the newly created file descriptor is set for non-blocking I/O (shouldn't be), and if it is, clear the non-blocking I/O flag. o Make FileCrypt::Decrypt record the size of data malloc'd and make the FileCrypt destructor memset() the memory to 0 on destruction. Adjust the rest of the source code to not memset memory returned from FileCrypt::Decrypt(). Changes from version 12-GAMMA5: =============================== C12G6 (GAMMA-6); 8th August 2009: o Remove ByteType.h and all ByteType declarations/usage from cion_decrypt.cxx (since it is not required). o Make cion_encrypt.cxx check if dataLen == 0 when it is encrypting the digital signature (and skip computations if it is 0). o Make cion_decrypt.cxx avoid recomputing dataLen when it is checking if dataLen is > max_msg_data_size. o Make dataLen in cion_decrypt.cxx a size_t instead of unsigned char/ByteType. Changes from version 12-GAMMA4: =============================== C12G5 (GAMMA-5); 7th August 2009: o Add missing ASSERT.h to CipherPacket.h o Remove unrequired ByteType.h from KeyGen.h o In cion_decrypt.cxx, move saltLen and dataLen declarations inside the do-while loop and make them const. Changes from version 12-GAMMA3: =============================== C12G4 (GAMMA-4); 6th August 2009: o Make CipherPacket::StreamDecrypt() return a const pointer. o Make CipherPacket::EndPad() return a const pointer. o Move "left" inside the for-loop in CipherPacket::DataEncrypt() and make it const. o Move "got" inside the do-while loop in CipherPacket::DataDecrypt() and make it const. o Move "Data" inside the do-while loop in CipherPacket::DataDecrypt() and make it const * const. o In cion_encrypt.cxx, make "messageBin" of type unsigned char, to match BN_bin2bn() argument type. o In cion_decrypt.cxx, make "sigBin" of type unsigned char, to match BN_bin2bn() argument type. o In cion_decrypt.cxx, move "Got" inside the do-while loop and make it const. Changes from version 12-GAMMA2: =============================== C12G3 (GAMMA-3); 5th August 2009: o Make the BIGNUM argument in Key::WriteKey const. o New BN class to circumvent wrong int return from BN_num_bytes(), and also assert that the byte size is greater than zero. o Cleanup Key.h o Cleanup cion_decrypt.cxx o Cleanup cion_encrypt.cxx o Small cleanup in: cion_fecnrypt.cxx o Small cleanup in: cion_fdecrypt.cxx o Assert fileSize > 0 in FileCrypt.h during Decryption method. Changes from version 12-GAMMA1: ============================== C12G2 (GAMMA-2); 2nd August 2009: o Bring in the finalised/improved version of L15. o Update DOCS/WEBSITE.TXT to the current reality. o Update DOCS/ABOUT.TXT (improve it). o Rewrite/simplify cion_keygen.cxx and bring in newly created KeyGen.h. o Fix a bug in Key.h, Key::ReadKey() where the method tried to access data that had been free'd/destructed. Changes from version 12: ======================== NOTE: C12-GAMMA is not inter-operable with any previous version. If you are using a previous version of Caesarion, you are advised to upgrade at your earliest opportunity and regenerate/redistribute keys due to the improvements listed below: o Remove L14, replacing it with L15 (http://www.leopard.uk.com). o Fix a minor bug in cion_encrypt.cxx where the last S line of hex output was of 0 binary length/size. Thus, it was possible to delete this line of hex output and the E-mail would still be decrypted and signature verified (which was/is wrong; if the E-mail is tampered with in any way it should be flagged). o Make cion_fencrypt(1) abort encryption if it detects the input-file is pure ASCII (and print an error message). o Added RANDOM subdirectory; FreeBSD-4.11 /dev/[u]random Kernel replacement kit. o Update manual page sources. o Update DOCS/*. Changes from version 11: ======================== NOTE: Caesarion v12 is not inter-operable with any previous version. If you are using a previous version of Caesarion, you are advised to upgrade at your earliest opportunity and regenerate/redistribute keys due to the improvements listed below: Note on integrity and the use of HMACs: Integrity checks are necessary to prevent chosen-ciphertext attacks. However, I have decided that these are not necessary in Caesarion; For encrypted public/private keys, a chosen-ciphertext attack should not reveal any useful information to an adversary since the decrypted keys are then used in the relatively complicated RSA public-key cryptosystem (which has adversary-unknown parameters). For non-key files, it is unlikely that an adversary would be in a position to make the target decrypt a chosen-ciphertext and then be able to acquire the decrypted chosen-ciphertext. o Non-critical security fix: Upgrade to Leopard14/L14 CSPRNG/cipher, since two fairly serious problems were discovered in Leopard13/L13. o New .L14 extension for encrypted files (file.L13 -> file.L14). o Make the Cipher-Packet technique use a proper IV to ensure that the output sequence from L14 is never reused. The IV is hidden in the ciphertext, since it appears after the initial start-pad whose size is adversary-unknown. o Fix a mistake in the cion_encrypt.1 manual page source. o Add an important security recommendation to DOCS/USER-SECURITY.TXT. o Fix a typo in the conditional compilation cpp directives in FileCrypt.h. o Add a self-test to class Startup to assert that "ByteType" is exactly eight bits in size, before program execution. o Add missing "FileUtil.h" header to cion_fencrypt.cxx and cion_fdecrypt.cxx. o Add missing "ByteType.h" header to cion_decrypt.cxx, cion_encrypt.cxx and cion_keygen.cxx. o Use a better method of assigning signature "startPad" in cion_encrypt.cxx. o Updated documentation. Changes from version 10: ======================== o Fix an indentation mistake in Key::WriteKey(). o Remove an incorrect statement from DOCS/INSTRUCTIONS.TXT. o Non-critical security improvement: Use BN_clear(), memset(3) and other methods to clear memory containing sensitive information before exit(3). o Non-critical security improvement: Guarantee there are no unconcealed messages. o Simplify Random.h. o Import new Leopard.h source code with memory clearing destructor. o Due to recent changes it was possible to make more pointers const. o Updated documentation. o Fix a nroff-mdoc mistake in the cion_fdecrypt(1) manual page. o Some small cleanups. Changes from version 9: ======================= NOTE: Caesarion v10 is not inter-operable with any previous version. If you are using a previous version of Caesarion, you are advised to upgrade at your earliest opportunity and regenerate/redistribute keys due to the improvements listed below: o Assert BN_is_prime() doesn't return -1 in cion_keygen.cxx o Remove duplicated source code by adding FileUtil::FOpenErrCheck(), FileUtil::FOpenEmptyCheck() and FileUtil::FCloseErrCheck(). o Add a missing assertion in Key::ReadKey(). o Don't assign saltLen with 1 when entropy returns 0 (by using a do-while). This helps protect against Coppersmith's attacks. o Make cion_fencrypt(1) and cion_fdecrypt(1) use a secure umask (minor security fix). o Non-critical security improvement: Change the cipher-packet technique to encode and use a per-packet true-random initialization-vector. This ensures that initial sp-len is different for passwords which are the same (before, sp-len was always initially the same value for same-passwords). It also decimates the CSPRNG output sequence making it different even for passwords which are the same, increasing security (especially same-password security). o Non-critical security improvement: Make the cipher-packet technique read/write an initial pseudo-random-sized random-pad, preventing an adversary from being able to isolate the start of the first cipher-packet (in the ciphertext). Changes from version 8: ======================= NOTE: Caesarion v9 is not inter-operable with any previous version. If you are using a previous version of Caesarion, you are advised to upgrade at your earliest opportunity and regenerate/redistribute keys due to the improvements listed below: o Update some old source code comments to the current reality. o Add missing copyright notice to manual page sources. o Import new Leopard.h source code and use Leoaprd13 in preference to Leopard12 since it has better DIEHARD BITSTREAM results and a "fixed" permutation algorithm. o Various source code name-changes and improvements to the layout/design. o Write cion_fencrypt(1) and cion_fdecrypt(1) programs and their manual pages in preparation for supporting encrypted secret-public-keys. o Clean up the Makefile. o New Key.h file replaces ReadPublicKey.cxx and ReadPrivateKey.cxx. o Make Caesarion read/write public-keys in binary in preparation for supporting encrypted secret-public-keys. o Add support for encrypted public-keys. o Make cion_encrypt(1) automatically enter secret-public-key mode if the targets public-key is encrypted. o Non-critical security improvement: Change the cipher-packet technique so that start-pad-len and end-pad-len are produced directly from the CSPRNG, and are not encoded into the ciphertext. If they're not encoded into the ciphertext, there is no risk of them being compromised. o Updated documentation and manual pages. Changes from version 7: ======================= NOTE: Caesarion v8 is not inter-operable with any previous version. If you are using a previous version of Caesarion, you are advised to upgrade at your earliest opportunity and regenerate/redistribute keys due to the improvements listed below: o Allow plaintext message data-size to be zero; this helps protect against Coppersmith's attacks and is also a non-critical security improvement. o Make the digital signature system work in binary rather than hexadecimal. This should be considered a non-critical security fix. It also reduces the memory footprint by 0.5 megabytes. o Non-critical security improvement: Allow zero data-size when encrypting the private-key. o Create groff_mdoc manual pages and provide "maninstall" Makefile target. o Add Cipher::DataEncrypt() reducing size of RSA_KeyGen.cxx. o Add Cipher::DataDecrypt() reducing size of ReadPrivateKey.cxx. o Updated documentation. Changes from version 6: ======================= NOTE: Caesarion v7 is not inter-operable with any previous version. If you are using a previous version of Caesarion, you are advised to upgrade at your earliest opportunity and regenerate/redistribute keys due to the improvements listed below: o Remove FileUtil::ReadUChar(). o Remove Entropy.h since the Entropy generation algorithm produced very bad results (it was tested with the DIEHARD test-suite). As a result of this change you will probably be glad to know there will be no more asterisks appearing on your screen. o Replace Term.cxx with a better version. o Replace badly written Password.cxx with a better written version. o Replace MD5 with SHA1, since the security of MD5 is in doubt. o Replace ARC4/5 with Leopard12. o Continually prompt for message when accepting direct input. o New software license. o Updated documentation. Changes from version 5: ======================= NOTE: Caesarion v6 is not inter-operable with any previous version. If you are using a previous version of Caesarion, you are advised to upgrade immediately and regenerate/redistribute keys due to the improvements listed below: o Bug-fix: A "bug" was discovered in the OpenSSL BN_bin2bn() function. The "bug" is that the BN_bin2bn() function renders the same BIGNUM value for the two distinct { 0, 1, 2 }, { 1, 2 } binary representations. This "bug" meant that it would be possible for the digital signature implementation to incorrectly flag a fraudulent signature if the MD5 digest began with a byte equal to zero. o Ensure message-size does not exceed maximum allowed limit in RSA_Decrypt.cxx. o Read/Check "from_n" public-key before decryption starts in RSA_Decrypt.cxx. o Read/Check "d" and "n" before encryption starts in RSA_Encrypt.cxx. o Non-critical security improvement; alter the way the data and salt are encoded as follows. The first byte of the message is the salt-length. Upto the next 255 bytes are the salt itself. Then upto the next 255 bytes are the actual data. This is a security improvement since previously an adversary knew that the data would begin at the 2nd byte in the message. Now an adversary is denied knowledge of where the data is in the message. A nice side-effect of this change is that it is has now been made possible to impose more stringent checks during decryption which detect an incorrect password or a fraudulent/corrupt ciphertext. o Switch off the entropy generation algorithm by default (inspired by an OpenBSD Journal user). o Add -e option to cion_keygen(1) and cion_encrypt(1) to activate the entropy generation algorithm (inspired by an OpenBSD Journal user). o Print an asterisk when the Entropy class detects the entropy pool has been exhausted (reading 0 from RND_DEVICE). Thereafter, only print another asterisk every 1000th time exhaustion is detected (to stop spam). o Remove FileUtil::FReadUChar() and FileUtil::FReadChar(), and use fread(3) in their place. o Various source code quality improvements. o Updated documentation.