diff options
author | lloyd <[email protected]> | 2013-11-08 21:04:27 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2013-11-08 21:04:27 +0000 |
commit | f205292f8fde3c206f77e80a21fa9b9e2513bb86 (patch) | |
tree | 8dc3208212b69afd55c5130d78efc911c1f4fae4 /doc/relnotes | |
parent | 6db7f4715cf897e026573b870598e89c0f20c3ce (diff) |
Start updating release notes
Diffstat (limited to 'doc/relnotes')
-rw-r--r-- | doc/relnotes/1_11_5.rst | 37 |
1 files changed, 30 insertions, 7 deletions
diff --git a/doc/relnotes/1_11_5.rst b/doc/relnotes/1_11_5.rst index bed6261a5..e4528a581 100644 --- a/doc/relnotes/1_11_5.rst +++ b/doc/relnotes/1_11_5.rst @@ -1,21 +1,44 @@ Version 1.11.5, Not Yet Released ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -* The interface previously exposed by AEAD modes which allows in-place - processing of messages is now used by all cipher modes. An adaptor - filter allows them to be used in a pipe. +* The TLS callback signatures have changed - there are now two distinct + callbacks for application data and alerts. TLS::Client and TLS::Server have + constructors which continue to accept the old callback and use it for both + operations. -* An implementation of CCM mode has been added +* The entropy collector that read from randomness devices had two bugs - it + would break out of the poll as soon as any read succeeded, and it selected on + each device individually. When a blocking source was first in the device list + and the entropy pool was running low, the reader might either block in select + until eventually timing out (continuing on to read from /dev/urandom instead), + or read just a few bytes, skip /dev/urandom, fail to satisfy the entropy + target, and the poll would continue using other (slower) sources. This caused + substantial performance/latency problems in RNG heavy applications. Now all + devices are selected over at once, with the effect that a full read from + urandom always occurs, along with however much (if any) output is available + from blocking sources. + +* All existing cipher mode implementations (such as CBC and XTS) have been + converted from filters to using the interface previously provided by + :ref:`AEAD modes <aead_modes>` which allows for in-place message + processing. Code which directly references the filter objects will break, but + an adaptor filter allows usage through get_cipher as usual. + +* An implementation of CCM mode from RFC 3601 has been added, as well as CCM + ciphersuites for TLS. * The implementation of OCB mode now supports 64 and 96 bit tags * Optimized computation of XTS tweaks, producing a substantial speedup +* Add support for negotiating Brainpool ECC curves in TLS + +* TLS v1.2 will not negotiate plain SHA-1 signatures by default. + * TLS channels now support sending a ``std::vector`` -* Add a generic 64-bit multiply instruction for producing a 128 bit result - in mul128.h +* Add a generic 64-bit multiply instruction for producing a 128 bit result in mul128.h -* Avoid potentially undefined operations in the bit rotation operations. Not +* Avoid potentially undefined operations in the bit rotation operations. Not known to have caused problems under existing compilers but might break in the future. Found by Clang sanitizer, reported by Jeffrey Walton. |