Update relnotes and todo, fix python signature

3 files changed, 62 insertions, 38 deletions

diff --git a/doc/dev/todo.rst b/doc/dev/todo.rst
index ae1853dbf..223c50bbb 100644
--- a/doc/dev/todo.rst
+++ b/doc/dev/todo.rst
@@ -5,13 +5,16 @@ These are features either requested by users or that seem like
 potentially useful things to have. Several are quite self-contained
 and could make a quick project.
 
-Request a new feature by sending a patch.
+Request a new feature by sending a patch to this file or by writing to
+the mailing list.
 
 Basic Crypto
 ----------------------------------------
 
+* Bitsliced AES or Camellia
+* Serpent using AVX2
 * scrypt
-* BLAKE2
+* BLAKE2b
 * EdDSA
 * Skein-MAC
 * ARIA (Korean block cipher, RFCs 5794 and 6209)
@@ -36,18 +39,20 @@ PKIX
 * OCSP responder logic
 * X.509 attribute certificates (RFC 5755)
 
-ECC / BigInt / Math
+Public Key Crypto, Math, Algorithms
 ----------------------------------------
 
-* Specialized reductions for P-256 and P-384
-* MP asm optimizations - SSE2, ARM/NEON, ...
+* Add specialized reductions for P-256 and P-384
+* Optimizations for BigInt using SSE2, ARM/NEON, AVX2, ...
+* Fast new implementations/algorithms for ECC point operations,
+  Montgomery multiplication, multi-exponentiation, ...
 
 New Protocols
 ----------------------------------------
 
 * Off-The-Record message protocol
 * Some useful subset of OpenPGP
-* SSHv2 server
+* SSHv2 client and/or server
 * Cash schemes (such as Lucre, credlib, bitcoin?)
 
 Accelerators / backends
@@ -60,7 +65,12 @@ Accelerators / backends
 * ARMv8 crypto extensions
 * Intel Skylake SHA-1/SHA-2
 
-Python
+Python/FFI
 ----------------------------------------
 
-* TLS, ECDSA, bcrypt, ...
+* Expose TLS
+
+Build
+----------------------------------------
+
+* Code signing for Windows installers
diff --git a/doc/manual/python.rst b/doc/manual/python.rst
index a1239253b..295caa3c3 100644
--- a/doc/manual/python.rst
+++ b/doc/manual/python.rst
@@ -202,7 +202,7 @@ Public Key
 
 Public Key Operations
 ----------------------------------------
-.. py:class:: pk_op_encrypt(pubkey, padding, rng)
+.. py:class:: pk_op_encrypt(pubkey, padding)
 
     .. py:method:: encrypt(msg, rng)
 
diff --git a/doc/relnotes/1_11_14.rst b/doc/relnotes/1_11_14.rst
index 008d2e795..88c14b444 100644
--- a/doc/relnotes/1_11_14.rst
+++ b/doc/relnotes/1_11_14.rst
@@ -1,35 +1,49 @@
 Version 1.11.14, Not Yet Released
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-* The global state object previously used by the library has been
-  removed and no form of initialization is required to use the library.
-  LibraryInitializer remains as a stub.
-
-* The new `ffi` submodule provides a simple C API/ABI for a number of
-  useful operations (hashing, ciphers, public key operations, etc)
-  which is easily accessed using the FFI modules included in many
-  languages. A new Python wrapper using the Python `ctypes` module
-  is available. The old Boost.Python wrapper has been removed.
-
-* OCB mode, which provides a fast and constant time AEAD mode without
-  requiring hardware support, is now supported in TLS, following
-  draft-zauner-tls-aes-ocb-01. Because this specification is not yet
-  finalized is not yet enabled by the default policy, and the
-  ciphersuite numbers used are in the experimental range and may
-  conflict with other uses.
+* The global state object previously used by the library has been removed and no
+  form of initialization is required to use the library.  The global PRNG has
+  also been removed. LibraryInitializer remains as a stub.
+
+  The engine code has also been removed, replaced by a much lighter-weight
+  object registry system which provides lookups in faster time and with less
+  memory overhead than the previous approach.
+
+* The new `ffi` submodule provides a simple C API/ABI for a number of useful
+  operations (hashing, ciphers, public key operations, etc) which is easily
+  accessed using the FFI modules included in many languages. A new Python
+  wrapper using the Python `ctypes` module is available. The old Boost.Python
+  wrapper has been removed.
+
+* PBKDF and KDF operations now provide a way to write the desired output
+  directly to an application-specified area rather than always allocating a new
+  heap buffer.
+
+* HKDF, previously provided using a non-standard interface, now uses the
+  standard KDF interface and is retreivable using get_kdf.
+
+* OCB mode, which provides a fast and constant time AEAD mode without requiring
+  hardware support, is now supported in TLS, following
+  draft-zauner-tls-aes-ocb-01. Because this specification is not yet finalized
+  is not yet enabled by the default policy, and the ciphersuite numbers used are
+  in the experimental range and may conflict with other uses.
+
+* Add ability to read TLS policy from text file
+
+* Remove use of memset_s which caused problems with amalgamation on OS X.
+  Github 42, 45
 
 * The memory usage of the counter mode implementation has been reduced.
 
-* The memory allocator available on Unix systems which uses mmap and
-  mlock to lock a pool of memory now checks an environment variable
-  BOTAN_MLOCK_POOL_SIZE. If this is set to a smaller value then the
-  library would originally have allocated the user specified size is
-  used. You can also set it to zero to disable the pool entirely.
-  Previously the allocator would consume all available mlocked memory,
-  this allows botan to coexist with an application which wants to
-  mlock memory of its own.
-
-* The botan-config script previously installed on Unix systems has
-  been removed. Its functionality is replaced by the `config` command
-  of the `botan` tool executable, for example `botan config cflags`
-  instead of `botan-config --cflags`.
+* The memory allocator available on Unix systems which uses mmap and mlock to
+  lock a pool of memory now checks an environment variable
+  BOTAN_MLOCK_POOL_SIZE. If this is set to a smaller value then the library
+  would originally have allocated the user specified size is used. You can also
+  set it to zero to disable the pool entirely.  Previously the allocator would
+  consume all available mlocked memory, this allows botan to coexist with an
+  application which wants to mlock memory of its own.
+
+* The botan-config script previously installed on Unix systems has been
+  removed. Its functionality is replaced by the `config` command of the `botan`
+  tool executable, for example `botan config cflags` instead of `botan-config
+  --cflags`.