# Changelog - 0.3.0 (2026-02-01) * This backwards-incompatible version changes the "bring your own HMAC function" design and simply provides specialized DRBGs for HMAC-SHA256 and HMAC-SHA512, respectively. These HMAC functions are provided by ppad-sha256 and ppad-sha512. * The rationale here is to provide better security guarantees around the DRBG state. Now, the DRBG state is restricted to a single, pinned, heap-allocated mutable buffer; components of it are /never/ allocated anywhere else on the heap during DRBG operation (not even in temporary, to-be-GC'd bytestrings). A new 'wipe' function is also exposed for explicitly zeroing out state when one is finished generating bytes from the DRBG. * Aside from the increased security guarantees, DRBG performance is dramatically improved, and other heap allocation dramatically limited, compared to previous versions. - 0.2.1 (2026-01-10) * Simply adds bounds to the ppad-sha{256,512} dependencies in the test and benchmark suites. - 0.2.0 (2026-01-10) * In order to better-match the spec, 'gen' now returns an 'Either Error BS.ByteString'. The new 'Error' value is returned either in the exceptionally rare case that the DRBG needs a reseed (previously this was just "error <msg>"), or, more likely to occur in practice, if more than 65536 bytes are requested from the DRBG at a time. - 0.1.3 (2025-12-28) * Adds an 'llvm' build flag and tests with GHC 9.10.3. - 0.1.2 (2025-02-06) * Minor bytestring optimizations for shaving off microseconds in certain cases. - 0.1.1 (2024-10-07) * Add a basic placeholder 'Show' instance for the DRBG type. - 0.1.0 (2024-10-05) * Initial release.