Doc/relnote updates

[ci skip]

4 files changed, 57 insertions, 29 deletions

diff --git a/doc/contributing.rst b/doc/contributing.rst
index a0b8daec1..0d160c680 100644
--- a/doc/contributing.rst
+++ b/doc/contributing.rst
@@ -38,7 +38,6 @@ Library Layout
 * ``entropy`` has various entropy sources
 * ``asn1`` is the DER encoder/decoder
 * ``cert/x509`` is X.509 certificates, PKCS #10 requests, OCSP
-* ``cert/cvc`` is Card Verifiable Certificates (ePassport credentials)
 * ``tls`` contains the TLS implementation
 * ``filters`` is a filter/pipe API for data transforms
 * ``compression`` has the compression wrappers (zlib, bzip2, lzma)
diff --git a/doc/deprecated.txt b/doc/deprecated.txt
index bb7bb28ef..456a7e6b7 100644
--- a/doc/deprecated.txt
+++ b/doc/deprecated.txt
@@ -6,9 +6,11 @@ Currently deprecated:
 
 - MARS, RC2, RC5, RC6, SAFER, TEA
 
+- ECB Cipher_Mode
+
 - MD2, HAS-160, RIPEMD-128
 
-- TLS 3DES and SEED ciphersuites in TLS
+- 3DES and SEED ciphersuites in TLS
 
 - DSA auth in TLS (not ECDSA)
 
@@ -25,4 +27,3 @@ Currently deprecated:
 - EGD entropy source
 
 - Unix process exec entropy source
-
diff --git a/doc/news.rst b/doc/news.rst
index 0c9018be0..6e9b88479 100644
--- a/doc/news.rst
+++ b/doc/news.rst
@@ -4,48 +4,68 @@ Release Notes
 Version 1.11.31, Not Yet Released
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-* Add PKCS #11 support (GH #507)
-
-* Add ECIES encryption system (GH #483)
+* Fix undefined behavior in Curve25519 on platforms without a native 128-bit
+  integer type. This was known to produce incorrect results on 32-bit ARM
+  under Clang. GH #532 (CVE-2016-6878)
+
+* If X509_Certificate::allowed_usage was called with more than one Key_Usage
+  set in the enum value, the function would return true if *any* of the allowed
+  usages were set, instead of if *all* of the allowed usages are set.
+  GH #591 (CVE-2016-6879)
+
+* Incompatible changes in DLIES: Previously the input to the KDF was
+  the concatenation of the (ephemeral) public key and the secret value
+  derived by the key agreement operation. Now the input is only the
+  secret value obtained by the key agreement operation. That's how it
+  is specified in the original paper "DHIES: An encryption scheme
+  based on Diffie-Hellman Problem" or in BSI technical guideline
+  TR-02102-1 for example. In addition to the already present
+  XOR-encrypion/decryption mode it's now possible to use DLIES with a
+  block cipher.  Furthermore the order of the output was changed from
+  {public key, tag, ciphertext} to {public key, ciphertext, tag}. Both
+  modes are compatible with bouncycastle.
+
+* Add initial PKCS #11 support (GH #507). Currently includes a low level
+  wrapper to all of PKCS #11 (p11.h) and high level code for RSA and ECDSA
+  signatures and hardware RNG access.
 
 * Add ECKCDSA signature algorithm (#504)
 
 * Add KDF1 from ISO 18033 (GH #483)
 
+* Add FRP256v1 curve (GH #551)
+
 * RNG changes: NIST SP900-80's HMAC_DRBG is now the default generator
   for userspace RNG (AutoSeeded_RNG). HMAC_DRBG now attempts to detect
   use of fork (via pid checks)
 
-* Fix undefined behavior in Curve25519 on platforms without a native 128-bit
-  integer type. This was known to produce incorrect results on 32-bit ARM
-  under Clang. GH #532
+* The X9.31 and HMAC_RNG RNGs are deprecated and will be removed in a
+  future release.  If you need a userspace PRNG switch to HMAC_DRBG
+  (or AutoSeeded_RNG which is HMAC_DRBG with useful defaults).
+
+* Fix a bug in ANSI X9.23 padding mode, which returned one byte more
+  than the given block size (GH #529).
 
 * Fixes for FreeBSD (GH #517) and OpenBSD (GH #523)
 
-* Support for getting entropy from EGD is deprecated, and will be removed in
-  a future release. The developers believe that it is unlikely that any modern
-  system requires EGD and so the code is now dead weight. If you rely on EGD
-  support, you should contact the developers by email or GitHub ASAP.
+* New deprecations. See the full list in doc/deprecated.txt
 
-* The TLS ciphersuites using 3DES and SEED are deprecated and will be removed in
-  a future release.
+  Support for getting entropy from EGD is deprecated, and will be
+  removed in a future release. The developers believe that it is
+  unlikely that any modern system requires EGD and so the code is now
+  dead weight. If you rely on EGD support, you should contact the
+  developers by email or GitHub ASAP.
 
-* Support for BeOS/Haiku has not been tested in 5 years and is in an unknown state.
-  Unless reports are received of successful builds and use on this platform, support
-  for BeOS/Haiku will be removed in a future release.
+  The TLS ciphersuites using 3DES and SEED are deprecated and will be
+  removed in a future release.
 
-* Changes in DLIES: Previously the input to the KDF was the concatenation
-  of the (ephemeral) public key and the secret value derived by the key
-  agreement operation. Now the input is only the secret value obtained
-  by the key agreement operation. That's how it is specified in the original
-  paper "DHIES: An encryption scheme based on Diffie-Hellman Problem" or in BSI
-  technical guideline TR-02102-1 for example. In addition to the already present
-  XOR-encrypion/decryption mode it's now possible to use DLIES with a block cipher.
-  Furthermore the order of the output was changed from {public key, tag, ciphertext}
-  to {public key, ciphertext, tag}. Both modes are compatible with bouncycastle.
+  ECB mode Cipher_Mode is deprecated and will be removed in a future
+  release.
 
-* Fix a bug in ANSI X9.23 padding mode, which returned one byte more
-  than the given block size (GH #529).
+  Support for BeOS/Haiku has not been tested in 5+ years and is in an
+  unknown state.  Unless reports are received of successful builds and
+  use on this platform, support for BeOS/Haiku will be removed in a
+  future release.
 
 Version 1.11.30, 2016-06-19
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
diff --git a/doc/todo.rst b/doc/todo.rst
index a66c97f4f..b6c55a898 100644
--- a/doc/todo.rst
+++ b/doc/todo.rst
@@ -7,6 +7,14 @@ ticket on GitHub to make sure you're on the right track.
 
 Request a new feature by opening a pull request to update this file.
 
+Documentation
+----------------------------------------
+
+* TPM (no docs)
+* PKCS #11 (no docs)
+* X.509 certs, path validation
+* Specific docs covering one major topic (RSA, ECDSA, AES/GCM, ...)
+
 CLI
 ----------------------------------------