diff options
author | Jack Lloyd <[email protected]> | 2015-07-02 07:23:29 -0400 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2015-07-02 07:23:29 -0400 |
commit | f3180d6ef7025146ff8ea8c9fed2d0b40cab96f9 (patch) | |
tree | 21c280b7b448f88a42f3cedebf28b4488f4af479 /doc | |
parent | 2c4a8aa78a3cb40a3a5ab7a902db2a55e4d33388 (diff) |
Combine all release notes into a single file, just easier to read.
Which when you think about it is the main criteria on which to judge
release notes, right? No text changes beyond removing Sphinx interdoc
links and the :pr: extlinks to Bugzilla.
Remove combine_relnotes.py as this was its last run. The setup for
the website is very broken as a result of this change, that comes next.
Diffstat (limited to 'doc')
187 files changed, 3223 insertions, 3491 deletions
diff --git a/doc/news.rst b/doc/news.rst new file mode 100644 index 000000000..658726f59 --- /dev/null +++ b/doc/news.rst @@ -0,0 +1,3223 @@ +Release Notes +======================================== + +Version 1.11.18, Not Yet Released +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* In this release Botan has switched VCS from `monotone` to `git`, + and is now hosted on github at https://github.com/randombt/botan + +Version 1.11.17, 2015-06-18 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* All support for the insecure RC4 stream cipher has been removed + from the TLS implementation. + +* Fix decoding of TLS maximum fragment length. Regardless of what + value was actually negotiated, TLS would treat it as a negotiated + limit of 4096. + +* Fix the configure.py flag `--disable-aes-ni` which did nothing of + the sort. + +* Fixed nmake clean target. GitHub #104 + +* Correct buffering logic in `Compression_Filter`. GitHub #93 and #95 + +Version 1.11.16, 2015-03-29 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* TLS has changed from using the non-standard NPN extension to the IETF + standardized ALPN extension for negotiating an application-level protocol. + Unfortunately the semantics of the exchange have changed with ALPN. Using + NPN, the server offered a list of protocols it advertised, and then the + client chose its favorite. With ALPN, the client offers a list of protocols + and the server chooses. The the signatures of both the TLS::Client and + TLS::Server constructors have changed to support this new flow. + +* Optimized ECDSA signature verification thanks to an observation by + Dr. Falko Strenzke. On some systems verifications are between 1.5 + and 2 times faster than in 1.11.15. + +* RSA encrypt and decrypt operations using OpenSSL have been added. + +* Public key operation types now handle all aspects of the operation, + such as hashing and padding for signatures. This change allows + supporting specialized implementations which only support particular + padding types. + +* Added global timeout to HMAC_RNG entropy reseed. The defaults are + the values set in the build.h macros `BOTAN_RNG_AUTO_RESEED_TIMEOUT` + and `BOTAN_RNG_RESEED_DEFAULT_TIMEOUT`, but can be overriden + on a specific poll with the new API call reseed_with_timeout. + +* Fixed Python cipher update_granularity() and default_nonce_length() + functions + +* The library now builds on Visual C++ 2013 + +* The GCM update granularity was reduced from 4096 to 16 bytes. + +* Fix a bug that prevented building the amalgamation until a non-amalgamation + configuration was performed first in the same directory. + +* Add Travis CI integration. Github pull 60. + +Version 1.11.15, 2015-03-08 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Support for RC4 in TLS, already disabled by default, is now deprecated. + The RC4 ciphersuites will be removed entirely in a future release. + +* A bug in ffi.cpp meant Python could only encrypt. Github issue 53. + +* When comparing two ASN.1 algorithm identifiers, consider empty and + NULL parameters the same. + +* Fixed memory leaks in TLS and cipher modes introduced in 1.11.14 + +* MARK-4 failed when OpenSSL was enabled in the build in 1.11.14 + because the OpenSSL version ignored the skip parameter. + +* Fix compilation problem on OS X/clang + +* Use BOTAN_NOEXCEPT macro to work around lack of noexcept in VS 2013 + +Version 1.11.14, 2015-02-27 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* The global state object previously used by the library has been removed. + This includes the global PRNG. The library can be safely initialized + multiple times without harm. + + The engine code has also been removed, replaced by a much lighter-weight + object registry system which provides lookups in faster time and with less + memory overhead than the previous approach. + + One caveat of the current system with regards to static linking: because only + symbols already mentioned elsewhere in the program are included in the final + link step, few algorithms will be available through the lookup system by + default, even though they were compiled into the library. Your application + must explicitly reference the types you require or they will not end up + being available in the final binary. See also Github issue #52 + + If you intend to build your application against a static library and don't + want to explicitly reference each algo object you might attempt to look up by + string, consider either building with `--via-amalgamation`, or else (much + simpler) using the amalgamation directly. + +* The new `ffi` submodule provides a simple C API/ABI for a number of useful + operations (hashing, ciphers, public key operations, etc) which is easily + accessed using the FFI modules included in many languages. + +* A new Python wrapper (in `src/lib/python/botan.py`) using `ffi` and the Python + `ctypes` module is available. The old Boost.Python wrapper has been removed. + +* Add specialized reducers for P-192, P-224, P-256, and P-384 + +* OCB mode, which provides a fast and constant time AEAD mode without requiring + hardware support, is now supported in TLS, following + draft-zauner-tls-aes-ocb-01. Because this specification is not yet finalized + is not yet enabled by the default policy, and the ciphersuite numbers used are + in the experimental range and may conflict with other uses. + +* Add ability to read TLS policy from a text file using `TLS::Text_Policy`. + +* The amalgamation now splits off any ISA specific code (for instance, that + requiring SSSE3 instruction sets) into a new file named (for instance) + `botan_all_ssse3.cpp`. This allows the main amalgamation file to be compiled + without any special flags, so `--via-amalgamation` builds actually work now. + This is disabled with the build option `--single-amalgamation-file` + +* PBKDF and KDF operations now provide a way to write the desired output + directly to an application-specified area rather than always allocating a new + heap buffer. + +* HKDF, previously provided using a non-standard interface, now uses the + standard KDF interface and is retrievable using get_kdf. + +* It is once again possible to build the complete test suite without requiring + any boost libraries. This is currently only supported on systems supporting + the readdir interface. + +* Remove use of memset_s which caused problems with amalgamation on OS X. + Github 42, 45 + +* The memory usage of the counter mode implementation has been reduced. + Previously it encrypted 256 blocks in parallel as this leads to a slightly + faster counter increment operation. Instead CTR_BE simply encrypts a buffer + equal in size to the advertised parallelism of the cipher implementation. + This is not measurably slower, and dramatically reduces the memory use of + CTR mode. + +* The memory allocator available on Unix systems which uses mmap and mlock to + lock a pool of memory now checks environment variable BOTAN_MLOCK_POOL_SIZE + and interprets it as an integer. If the value set to a smaller value then the + library would originally have allocated (based on resource limits) the user + specified size is used instead. You can also set the variable to 0 to + disable the pool entirely. Previously the allocator would consume all + available mlocked memory, this allows botan to coexist with an application + which wants to mlock memory for its own uses. + +* The botan-config script previously installed on Unix systems has been + removed. Its functionality is replaced by the `config` command of the + `botan` tool executable, for example `botan config cflags` instead of + `botan-config --cflags`. + +* Added a target for POWER8 processors + +Version 1.11.13, 2015-01-11 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* All support for the insecure SSLv3 protocol and the server support + for processing SSLv2 client hellos has been removed. + +* The command line tool now has `tls_proxy` which negotiates TLS with + clients and forwards the plaintext to a specified port. + +* Add MCEIES, a McEliece-based integrated encryption system using + AES-256 in OCB mode for message encryption/authentication. + +* Add DTLS-SRTP negotiation defined in RFC 5764 + +* Add SipHash + +* Add SHA-512/256 + +* The format of serialized TLS sessions has changed. Additiionally, PEM + formatted sessions now use the label of "TLS SESSION" instead of "SSL SESSION" + +* Serialized TLS sessions are now encrypted using AES-256/GCM instead of a + CBC+HMAC construction. + +* The cryptobox_psk module added in 1.11.4 and previously used for TLS session + encryption has been removed. + +* When sending a TLS heartbeat message, the number of pad bytes to use can now + be specified, making it easier to use for PMTU discovery. + +* If available, zero_mem now uses RtlSecureZeroMemory or memset_s instead of a + byte-at-a-time loop. + +* The functions base64_encode and base64_decode would erroneously + throw an exception if passed a zero-length input. Github issue 37. + +* The Python install script added in version 1.11.10 failed to place the + headers into a versioned subdirectory. + +* Fix the install script when running under Python3. + +* Avoid code that triggers iterator debugging asserts under MSVC 2013. Github + pull 36 from Simon Warta. + +Version 1.11.12, 2015-01-02 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add Curve25519. The implementation is based on curve25519-donna-c64.c + by Adam Langley. New (completely non-standard) OIDs and formats for + encrypting Curve25519 keys under PKCS #8 and including them in + certificates and CRLs have been defined. + +* Add Poly1305, based on the implementation poly1305-donna by Andrew Moon. + +* Add the ChaCha20Poly1305 AEADs defined in draft-irtf-cfrg-chacha20-poly1305-03 + and draft-agl-tls-chacha20poly1305-04. + +* Add ChaCha20Poly1305 ciphersuites for TLS compatible with Google's servers + following draft-agl-tls-chacha20poly1305-04 + +* When encrypted as PKCS #8 structures, Curve25519 and McEliece + private keys default to using AES-256/GCM instead of AES-256/CBC + +* Define OIDs for OCB mode with AES, Serpent and Twofish. + +Version 1.11.11, 2014-12-21 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* The Sqlite3 wrapper has been abstracted to a simple interface for + SQL dbs in general, though Sqlite3 remains the only implementation. + The main logic of the TLS session manager which stored encrypted + sessions to a Sqlite3 database (`TLS::Session_Manager_SQLite`) has + been moved to the new `TLS::Session_Manager_SQL`. The Sqlite3 + manager API remains the same but now just subclasses + `TLS::Session_Manager_SQL` and has a constructor instantiate the + concrete database instance. + + Applications which would like to use a different db can now do so + without having to reimplement the session cache logic simply by + implementing a database wrapper subtype. + +* The CryptGenRandom entropy source is now also used on MinGW. + +* The system_rng API is now also available on systems with CryptGenRandom + +* With GCC use -fstack-protector for linking as well as compiling, + as this is required on MinGW. Github issue 34. + +* Fix missing dependency in filters that caused compilation problem + in amalgamation builds. Github issue 33. + +* SSLv3 support is officially deprecated and will be removed in a + future release. + +Version 1.10.9, 2014-12-13 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed EAX tag verification to run in constant time + +* The default TLS policy now disables SSLv3. + +* A crash could occur when reading from a blocking random device if + the device initially indicated that entropy was available but + a concurrent process drained the entropy pool before the + read was initiated. + +* Fix decoding indefinite length BER constructs that contain a context + sensitive tag of zero. Github pull 26 from Janusz Chorko. + +* The `botan-config` script previously tried to guess its prefix from + the location of the binary. However this was error prone, and now + the script assumes the final installation prefix matches the value + set during the build. Github issue 29. + +Version 1.11.10, 2014-12-10 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* An implementation of McEliece code-based public key encryption based + on INRIA's HyMES and secured against a variety of side-channels was + contributed by cryptosource GmbH. The original version is LGPL but + cryptosource has secured permission to release an adaptation under a + BSD license. A CCA2-secure KEM scheme is also included. + + The implementation is further described in + http://www.cryptosource.de/docs/mceliece_in_botan.pdf and + http://cryptosource.de/news_mce_in_botan_en.html + +* DSA and ECDSA now create RFC 6979 deterministic signatures. + +* Add support for TLS fallback signaling (draft-ietf-tls-downgrade-scsv-00). + Clients will send a fallback SCSV if the version passed to the Client + constructor is less than the latest version supported by local policy, so + applications implementing fallback are protected. Servers always check the + SCSV. + +* In previous versions a TLS::Server could service either TLS or DTLS + connections depending on policy settings and what type of client hello it + received. This has changed and now a Server object is initialized for + either TLS or DTLS operation. The default policy previously prohibited + DTLS, precisely to prevent a TCP server from being surprised by a DTLS + connection. The default policy now allows TLS v1.0 or higher or DTLS v1.2. + +* Fixed a bug in CCM mode which caused it to produce incorrect tags when used + with a value of L other than 2. This affected CCM TLS ciphersuites, which + use L=3. Thanks to Manuel Pégourié-Gonnard for the anaylsis and patch. + Bugzilla 270. + +* DTLS now supports timeouts and handshake retransmits. Timeout checking + is triggered by the application calling the new TLS::Channel::timeout_check. + +* Add a TLS policy hook to disable putting the value of the local clock in hello + random fields. + +* All compression operations previously available as Filters are now + performed via the Transformation API, which minimizes memory copies. + Compression operations are still available through the Filter API + using new general compression/decompression filters in comp_filter.h + +* The zlib module now also supports gzip compression and decompression. + +* Avoid a crash in low-entropy situations when reading from /dev/random, when + select indicated the device was readable but by the time we start the read the + entropy pool had been depleted. + +* The Miller-Rabin primality test function now takes a parameter allowing the + user to directly specify the maximum false negative probability they are + willing to accept. + +* PKCS #8 private keys can now be encrypted using GCM mode instead of + unauthenticated CBC. The default remains CBC for compatability. + +* The default PKCS #8 encryption scheme has changed to use PBKDF2 with + SHA-256 instead of SHA-1 + +* A specialized reducer for P-521 was added. + +* On Linux the mlock allocator will use MADV_DONTDUMP on the pool so + that the contents are not included in coredumps. + +* A new interface for directly using a system-provided PRNG is + available in system_rng.h. Currently only systems with /dev/urandom + are supported. + +* Fix decoding indefinite length BER constructs that contain a context sensitive + tag of zero. Github pull 26 from Janusz Chorko. + +* The GNU MP engine has been removed. + +* Added AltiVec detection for POWER8 processors. + +* Add a new install script written in Python which replaces shell hackery in the + makefiles. + +* Various modifications to better support Visual C++ 2013 and 2015. Github + issues 11, 17, 18, 21, 22. + +Version 1.10.8, 2014-04-10 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fix a bug in primality testing introduced in 1.8.3 which caused only + a single random base, rather than a sequence of random bases, to be + used in the Miller-Rabin test. This increased the probability that a + non-prime would be accepted, for instance a 1024 bit number would be + incorrectly classed as prime with probability around 2^-40. Reported + by Jeff Marrison. + +* The key length limit on HMAC has been raised to 512 bytes, allowing + the use of very long passphrases with PBKDF2. + +Version 1.11.9, 2014-04-10 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fix a bug in primality testing introduced in 1.8.3 which caused + only a single random base, rather than a sequence of random bases, + to be used in the Miller-Rabin test. This increased the probability + that a non-prime would be accepted. Reported by Jeff Marrison. + +* X.509 path validation now returns a set of all errors that occurred + during validation, rather than immediately returning the first + detected error. This prevents a seemingly innocuous error (such as + an expired certificate) from hiding an obviously serious error + (such as an invalid signature). The Certificate_Status_Code enum is + now ordered by severity, and the most severe error is returned by + Path_Validation_Result::result(). The entire set of status codes is + available with the new all_statuses call. + +* Fixed a bug in OCSP response decoding which would cause an error + when attempting to decode responses from some widely used + responders. + +* An implementation of HMAC_DRBG RNG from NIST SP800-90A has been + added. Like the X9.31 PRNG implementation, it uses another + underlying RNG for seeding material. + +* An implementation of the RFC 6979 deterministic nonce generator has + been added. + +* Fix a bug in certificate path validation which prevented successful + validation if intermediate certificates were presented out of order. + +* Fix a bug introduced in 1.11.5 which could cause crashes or other + incorrect behavior when a cipher mode filter was followed in the + pipe by another filter, and that filter had a non-empty start_msg. + +* The types.h header now uses stdint.h rather than cstdint to avoid + problems with Clang on OS X. + +Version 1.11.8, 2014-02-13 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* The `botan` command line application introduced in 1.11.7 is now + installed along with the library. + +* A bug in certificate path validation introduced in 1.11.6 which + caused all CRL signature checks to fail has been corrected. + +* The ChaCha20 stream cipher has been added. + +* The ``Transformation`` class no longer implements an interface for keying, + this has been moved to a new subclass ``Keyed_Transformation``. + +* The ``Algorithm`` class, which previously acted as a global base for + various types (ciphers, hashes, etc) has been removed. + +* CMAC now supports 256 and 512 bit block ciphers, which also allows + the use of larger block ciphers with EAX mode. In particular this + allows using Threefish in EAX mode. + +* The antique PBES1 private key encryption scheme (which only supports + DES or 64-bit RC2) has been removed. + +* The Square, Skipjack, and Luby-Rackoff block ciphers have been removed. + +* The Blue Midnight Wish hash function has been removed. + +* Skein-512 no longer supports output lengths greater than 512 bits. + +* Skein did not reset its internal state properly if clear() was + called, causing it to produce incorrect results for the following + message. It was reset correctly in final() so most usages should not + be affected. + +* A number of public key padding schemes have been renamed to match + the most common notation; for instance EME1 is now called OAEP and + EMSA4 is now called PSSR. Aliases are set which should allow all + current applications to continue to work unmodified. + +* A bug in CFB encryption caused a few bytes past the end of the final + block to be read. The actual output was not affected. + +* Fix compilation errors in the tests that occured with minimized + builds. Contributed by Markus Wanner. + +* Add a new ``--destdir`` option to ``configure.py`` which controls + where the install target will place the output. The ``--prefix`` + option continues to set the location where the library expects to be + eventually installed. + +* Many class destructors which previously deleted memory have been + removed in favor of using ``unique_ptr``. + +* Various portability fixes for Clang, Windows, Visual C++ 2013, OS X, + and x86-32. + +Version 1.11.7, 2014-01-10 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Botan's basic numeric types are now defined in terms of the + C99/C++11 standard integer types. For instance `u32bit` is now a + typedef for `uint32_t`, and both names are included in the library + namespace. This should not result in any application-visible + changes. + +* There are now two executable outputs of the build, `botan-test`, + which runs the tests, and `botan` which is used as a driver to call + into various subcommands which can also act as examples of library + use, much in the manner of the `openssl` command. It understands the + commands `base64`, `asn1`, `x509`, `tls_client`, `tls_server`, + `bcrypt`, `keygen`, `speed`, and various others. As part of this + change many obsolete, duplicated, or one-off examples were removed, + while others were extended with new functionality. Contributions of + new subcommands, new bling for exising ones, or documentation in any + form is welcome. + +* Fix a bug in Lion, which was broken by a change in 1.11.0. The + problem was not noticed before as Lion was also missing a test vector + in previous releases. + +Version 1.10.7, 2013-12-29 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* OAEP had two bugs, one of which allowed it to be used even if the + key was too small, and the other of which would cause a crash during + decryption if the EME data was too large for the associated key. + +Version 1.11.6, 2013-12-29 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* The Boost filesystem and asio libraries are now being used by default. + Pass ``--without-boost`` to ``configure.py`` to disable. + +* The default TLS policy no longer allows SSLv3 or RC4. + +* OAEP had two bugs, one of which allowed it to be used even if the + key was too small, and the other of which would cause a crash during + decryption if the EME data was too large for the associated key. + +* GCM mode now uses the Intel clmul instruction when available + +* Add the Threefish-512 tweakable block cipher, including an AVX2 version + +* Add SIV (from :rfc:`5297`) as a nonce-based AEAD + +* Add HKDF (from :rfc:`5869`) using an experimental PRF interface + +* Add HTTP utility functions and OCSP online checking + +* Add TLS::Policy::acceptable_ciphersuite hook to disable ciphersuites + on an ad-hoc basis. + +* TLS::Session_Manager_In_Memory's constructor now requires a RNG + +Version 1.10.6, 2013-11-10 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* The device reading entropy source now attempts to read from all + available devices. Previously it would break out early if a partial + read from a blocking source occured, not continuing to read from a + non-blocking device. This would cause the library to fall back on + slower and less reliable techniques for collecting PRNG seed + material. Reported by Rickard Bellgrim. + +* HMAC_RNG (the default PRNG implementation) now automatically reseeds + itself periodically. Previously reseeds only occured on explicit + application request. + +* Fix an encoding error in EC_Group when encoding using EC_DOMPAR_ENC_OID. + Reported by fxdupont on github. + +* In EMSA2 and Randpool, avoid calling name() on objects after deleting them if + the provided algorithm objects are not suitable for use. Found by Clang + analyzer, reported by Jeffrey Walton. + +* If X509_Store was copied, the u32bit containing how long to cache validation + results was not initialized, potentially causing results to be cached for + significant amounts of time. This could allow a certificate to be considered + valid after its issuing CA's cert expired. Expiration of the end-entity cert + is always checked, and reading a CRL always causes the status to be reset, so + this issue does not affect revocation. Found by Coverity scanner. + +* Avoid off by one causing a potentially unterminated string to be passed to + the connect system call if the library was configured to use a very long path + name for the EGD socket. Found by Coverity Scanner. + +* In PK_Encryptor_EME, PK_Decryptor_EME, PK_Verifier, and PK_Key_Agreement, + avoid dereferencing an unitialized pointer if no engine supported operations + on the key object given. Found by Coverity scanner. + +* Avoid leaking a file descriptor in the /dev/random and EGD entropy sources if + stdin (file descriptor 0) was closed. Found by Coverity scanner. + +* Avoid a potentially undefined operation in the bit rotation operations. Not + known to have caused problems under any existing compiler, but might have + caused problems in the future. Caught by Clang sanitizer, reported by Jeffrey + Walton. + +* Increase default hash iterations from 10000 to 50000 in PBES1 and PBES2 + +* Add a fix for mips64el builds from Brad Smith. + +Version 1.11.5, 2013-11-10 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* The TLS callback signatures have changed - there are now two distinct + callbacks for application data and alerts. TLS::Client and TLS::Server have + constructors which continue to accept the old callback and use it for both + operations. + +* The entropy collector that read from randomness devices had two bugs - it + would break out of the poll as soon as any read succeeded, and it selected on + each device individually. When a blocking source was first in the device list + and the entropy pool was running low, the reader might either block in select + until eventually timing out (continuing on to read from /dev/urandom instead), + or read just a few bytes, skip /dev/urandom, fail to satisfy the entropy + target, and the poll would continue using other (slower) sources. This caused + substantial performance/latency problems in RNG heavy applications. Now all + devices are selected over at once, with the effect that a full read from + urandom always occurs, along with however much (if any) output is available + from blocking sources. + +* Previously AutoSeeded_RNG referenced a globally shared PRNG instance. + Now each instance has distinct state. + +* The entropy collector that runs Unix programs to collect statistical + data now runs multiple processes in parallel, greatly reducing poll + times on some systems. + +* The Randpool RNG implementation was removed. + +* All existing cipher mode implementations (such as CBC and XTS) have been + converted from filters to using the interface previously provided by + AEAD modes which allows for in-place message + processing. Code which directly references the filter objects will break, but + an adaptor filter allows usage through get_cipher as usual. + +* An implementation of CCM mode from RFC 3601 has been added, as well as CCM + ciphersuites for TLS. + +* The implementation of OCB mode now supports 64 and 96 bit tags + +* Optimized computation of XTS tweaks, producing a substantial speedup + +* Add support for negotiating Brainpool ECC curves in TLS + +* TLS v1.2 will not negotiate plain SHA-1 signatures by default. + +* TLS channels now support sending a ``std::vector`` + +* Add a generic 64x64->128 bit multiply instruction operation in mul128.h + +* Avoid potentially undefined operations in the bit rotation operations. Not + known to have caused problems under existing compilers but might break in the + future. Found by Clang sanitizer, reported by Jeffrey Walton. + +Version 1.11.4, 2013-07-25 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* CPU specific extensions are now always compiled if support for the + operations is available at build time, and flags enabling use of + extra operations (such as SSE2) are only included when compiling + files which specifically request support. This means, for instance, + that the SSSE3 and AES-NI implementations of AES are always included + in x86 builds, relying on runtime cpuid checking to prevent their + use on CPUs that do not support those operations. + +* The default TLS policy now only accepts TLS, to minimize surprise + for servers which might not expect to negotiate DTLS. Previously a + server would by default negotiate either protocol type (clients + would only accept the same protocol type as they + offered). Applications which use DTLS or combined TLS/DTLS need to + override :cpp:func:`Policy::acceptable_protocol_version`. + +* The TLS channels now accept a new parameter specifying how many + bytes to preallocate for the record handling buffers, which allows + an application some control over how much memory is used at runtime + for a particular connection. + +* Applications can now send arbitrary TLS alert messages using + :cpp:func:`TLS::Channel::send_alert` + +* A new TLS policy :cpp:class:`NSA_Suite_B_128` is available, which + will negotiate only the 128-bit security NSA Suite B. See + :rfc:`6460` for more information about Suite B. + +* Adds a new interface for benchmarking, :cpp:func:`time_algorithm_ops`, + which returns a map of operations to operations per second. For + instance now both encrypt and decrypt speed of a block cipher can be + checked, as well as the key schedule of all keyed algorithms. It + additionally supports AEAD modes. + +* Rename ARC4 to RC4 + +Version 1.11.3, 2013-04-11 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add a new interface for AEAD modes (:cpp:class:`AEAD_Mode`). + +* Implementations of the OCB and GCM authenticated cipher modes are + now included. + +* Support for TLS GCM ciphersuites is now available. + +* A new TLS policy mechanism + :cpp:func:`TLS::Policy::server_uses_own_ciphersuite_preferences` + controls how a server chooses a ciphersuite. Previously it always + chose its most preferred cipher out of the client's list, but this + can allow configuring a server to choose by the client's preferences + instead. + +* :cpp:class:`Keyed_Filter` now supports returning a + :cpp:class:`Key_Length_Specification` so the full details of what + keylengths are supported is now available in keyed filters. + +* The experimental and rarely used Turing and WiderWAKE stream ciphers + have been removed + +* New functions for symmetric encryption are included in cryptobox.h + though interfaces and formats are subject to change. + +* A new function :cpp:func:`algorithm_kat_detailed` returns a string + providing information about failures, instead of just a pass/fail + indicator as in :cpp:func:`algorithm_kat`. + +Version 1.10.5, 2013-03-02 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* A potential crash in the AES-NI implementation of the AES-192 key + schedule (caused by misaligned loads) has been fixed. + +* A previously conditional operation in Montgomery multiplication and + squaring is now always performed, removing a possible timing + channel. + +* Use correct flags for creating a shared library on OS X under Clang. + +* Fix a compile time incompatability with Visual C++ 2012. + +Version 1.11.2, 2013-03-02 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* A bug in the release script caused the `botan_version.py` included + in 1.11.1` to be invalid, which required a manual edit to fix + (Bugzilla 226) + +Memory Zeroization Changes +"""""""""""""""""""""""""""""""""""""""" + +* Previously `clear_mem` was implemented by an inlined call to + `std::memset`. However an optimizing compiler might notice cases + where the memset could be skipped in cases allowed by the standard. + Now `clear_mem` calls `zero_mem` which is compiled separately and + which zeros out the array through a volatile pointer. It is possible + some compiler with some optimization setting (especially with + something like LTO) might still skip the writes. It would be nice if + there was an automated way to test this. + +New Parallel Filter +"""""""""""""""""""""""""""""""""""""""" + +* The new filter :cpp:class:`Threaded_Fork` acts like a normal + :cpp:class:`Fork`, sending its input to a number of different + filters, but each subchain of filters in the fork runs in its own + thread. Contributed by Joel Low. + +TLS Enhancements and Bug Fixes +"""""""""""""""""""""""""""""""""""""""" + +* The default TLS policy formerly preferred AES over RC4, and allowed + 3DES by default. Now the default policy is to negotiate only either + AES or RC4, and to prefer RC4. + +* New TLS :cpp:class:`Blocking_Client` provides a thread per + connection style API similar to that provided in 1.10 + +Other API Changes +"""""""""""""""""""""""""""""""""""""""" + +* The API of `Credentials_Manager::trusted_certificate_authorities` + has changed to return a vector of `Certificate_Store*` instead of + `X509_Certificate`. This allows the list of trusted CAs to be + more easily updated dynamically or loaded lazily. + +* The `asn1_int.h` header was split into `asn1_alt_name.h`, + `asn1_attribute.h` and `asn1_time.h`. + +Version 1.10.4, 2013-01-07 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Avoid a conditional operation in the power mod implementations on if + a nibble of the exponent was zero or not. This may help protect + against certain forms of side channel attacks. + +* The SRP6 code was checking for invalid values as specified in RFC + 5054, specifically values equal to zero mod p. However SRP would + accept negative A/B values, or ones larger than p, neither of which + should occur in a normal run of the protocol. These values are now + rejected. Credits to Timothy Prepscius for pointing out these values + are not normally used and probably signal something fishy. + +* The return value of version_string is now a compile time constant + string, so version information can be more easily extracted from + binaries. + +Version 1.11.1, 2012-10-30 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +TLS Enhancements and Bug Fixes +"""""""""""""""""""""""""""""""""""""""" + +Initial support for DTLS (both v1.0 and v1.2) is available in this +release, though it should be considered highly experimental. Currently +timeouts and retransmissions are not handled. + +The :cpp:class:`TLS::Client` constructor now takes the version to +offer to the server. The policy hook :cpp:class:`TLS::Policy` function +`pref_version`, which previously controlled this, has been removed. + +:cpp:class:`TLS::Session_Manager_In_Memory` now chooses a random +256-bit key at startup and encrypts all sessions (using the existing +:cpp:func:`TLS::Session::encrypt` mechanism) while they are stored in +memory. This is primarily to reduce pressure on locked memory, as each +session normally requires 48 bytes of locked memory for the master +secret, whereas now only 32 bytes are needed total. This change may +also make it slightly harder for an attacker to extract session data +from memory dumps (eg with a cold boot attack). + +The keys used in :cpp:func:`session encryption <TLS::Session::encrypt>` +were previously uniquely determined by the master key. Now the +encrypted session blob includes two 80 bit salts which are used in the +derivation of the cipher and MAC keys. + +The ``secure_renegotiation`` flag is now considered an aspect of the +connection rather than the session, which matches the behavior of +other implementations. As the format has changed, sessions saved to +persistent storage by 1.11.0 will not load in this version and vice +versa. In either case this will not cause any errors, the session will +simply not resume and instead a full handshake will occur. + +New policy hooks :cpp:func:`TLS::Policy::acceptable_protocol_version`, +:cpp:func:`TLS::Policy::allow_server_initiated_renegotiation`, and +:cpp:func:`TLS::Policy::negotiate_heartbeat_support` were added. + +TLS clients were not sending a next protocol message during a session +resumption, which would cause resumption failures with servers that +support NPN if NPN was being offered by the client. + +A bug caused heartbeat requests sent by the counterparty during a +handshake to be passed to the application callback as if they were +heartbeat responses. + +Support for TLS key material export as specified in :rfc:`5705` has +been added, available via :cpp:func:`TLS::Channel::key_material_export` + +New Feature: Public Key Strength Checking +"""""""""""""""""""""""""""""""""""""""""" + +A new function :cpp:func:`Public_Key::estimated_strength` returns +an estimate for the upper bound of the strength of the key. For +instance for an RSA key, it will return an estimate of how many +operations GNFS would take to factor the key. + +A new :cpp:class:`Path_Validation_Result` code has been added +``SIGNATURE_METHOD_TOO_WEAK``. By default signatures created with keys +below 80 bits of strength (as estimated by ``estimated_strength``) are +rejected. This level can be modified using a parameter to the +:cpp:class:`Path_Validation_Restrictions` constructor. + +SRP6 Is Picker About Values +"""""""""""""""""""""""""""""""""""""""" + +The SRP6 code was checking for invalid values as specified in +:rfc:`5054`, ones equal to zero mod p, however it would accept +negative A/B values, or ones larger than p, neither of which should +occur in a normal run of the protocol. These values are now +rejected. Credits to Timothy Prepscius for pointing out these values +are not normally used and probably signal something fishy. + +Removal of Various BigInt Functions +"""""""""""""""""""""""""""""""""""""""" + +Several :cpp:class:`BigInt` functions have been removed, including +``operator[]``, ``assign``, ``get_reg``, and ``grow_reg``. The version +of ``data`` that returns a mutable pointer has been renamed +``mutable_data``. Support for octal conversions has been removed. + +The constructor ``BigInt(NumberType type, size_t n)`` has been +removed, replaced by ``BigInt::power_of_2``. + +AES-NI Crash Fixed +"""""""""""""""""""""""""""""""""""""""" + +In 1.11.0, when compiled by GCC, the AES-NI implementation of AES-192 +would crash if the mlock-based allocator was used due to an alignment +issue. + +Version 1.11.0, 2012-07-19 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +.. note:: + + In this release, many new features of C++11 are being used in the + library. Currently GCC 4.7 and Clang 3.1 are known to work well. + This version of the library cannot be compiled by or used with a + C++98 compiler. + +TLS and PKI Changes +"""""""""""""""""""""""""""""""""""""""" + +There have been many changes and improvements to TLS. The interface +is now purely event driven and does not directly interact with +sockets. New TLS features include TLS v1.2 support, client +certificate authentication, renegotiation, session tickets, and +session resumption. Session information can be saved in memory or to +an encrypted SQLite3 database. Newly supported TLS ciphersuite +algorithms include using SHA-2 for message authentication, pre shared +keys and SRP for authentication and key exchange, ECC algorithms for +key exchange and signatures, and anonymous DH/ECDH key exchange. + +Support for OCSP has been added. Currently only client-side support +exists. + +The API for X.509 path validation has changed, with +``x509_path_validate`` in x509path.h now handles path validation and +``Certificate_Store`` handles storage of certificates and CRLs. + +Memory Container Changes +"""""""""""""""""""""""""""""""""""""""" + +The memory container types have changed substantially. The +``MemoryVector`` and ``SecureVector`` container types have been +removed, and an alias of ``std::vector`` using an allocator that +clears memory named ``secure_vector`` is used for key material, with +plain ``std::vector`` being used for everything else. + +The technique used for mlock'ing memory on Linux and BSD systems is +much improved. Now a single page-aligned block of memory (the exact +limit of what we can mlock) is mmap'ed, with allocations being done +using a best-fit allocator and all metadata held outside the mmap'ed +range, in an effort to make best use of the very limited amount of +memory current Linux kernels allow unpriveledged users to lock. + +New LZMA Compression Filter +"""""""""""""""""""""""""""""""""""""""" + +A filter using LZMA was contributed by Vojtech Kral. It is available +if LZMA support was enabled at compilation time by passing +``--with-lzma`` to ``configure.py``. + +ECC Key Decoding Problem Resolved +"""""""""""""""""""""""""""""""""""""""" + +:rfc:`5915` adds some extended information which can be included in +ECC private keys which the ECC key decoder did not expect, causing an +exception when such a key was loaded. In particular, recent versions +of OpenSSL use these fields. Now these fields are decoded properly, +and if the public key value is included it is used, as otherwise the +public key needs to be rederived from the private key. However the +library does not include these fields on encoding keys for +compatability with software that does not expect them (including older +versions of botan). + +Version 1.8.14, 2012-07-18 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* The malloc allocator would return null instead of throwing in the + event of an allocation failure, which could cause an application + crash due to null pointer dereference where normally an exception + would occur. + +* Recent versions of OpenSSL include extra information in ECC private + keys, the presence of which caused an exception when such a key was + loaded by botan. The decoding of ECC private keys has been changed to + ignore these fields if they are set. + +* AutoSeeded_RNG has been changed to prefer ``/dev/random`` over + ``/dev/urandom`` + +* Fix detection of s390x (Debian bug 638347) + +Version 1.10.3, 2012-07-10 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +A change in 1.10.2 accidentally broke ABI compatibility with 1.10.1 +and earlier versions, causing programs compiled against 1.10.1 to +crash if linked with 1.10.2 at runtime. + +Recent versions of OpenSSL include extra information in ECC private +keys, the presence of which caused an exception when such a key was +loaded by botan. The decoding of ECC private keys has been changed to +ignore these fields if they are set. + +Version 1.10.2, 2012-06-17 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Several TLS bugs were fixed in this release, including a major +omission that the renegotiation extension was not being used. As the +1.10 implementation of TLS does not properly support renegotiation, +the approach in this release is simply to send the renegotiation +extension SCSV, which should protect the client against any handshake +splicing. In addition renegotiation attempts are handled properly +instead of causing handshake failures - all hello requests, and all +client hellos after the initial negotiation, are ignored. Some +bugs affecting DSA server authentication were also fixed. + +By popular request, ``Pipe::reset`` no longer requires that message +processing be completed, a requirement that caused problems when a +Filter's end_msg call threw an exception, after which point the Pipe +object was no longer usable. + +Support for getting entropy using the rdrand instruction introduced in +Intel's Ivy Bridge processors has been added. In previous releases, +the ``CPUID::has_rdrand`` function was checking the wrong cpuid bit, +and would false positive on AMD Bulldozer processors. + +An implementation of SRP-6a compatible with the specification in RFC +5054 is now available in ``srp6.h``. In 1.11, this is being used for +TLS-SRP, but may be useful in other environments as well. + +An implementation of the Camellia block cipher was added, again largely +for use in TLS. + +If ``clock_gettime`` is available on the system, hres_timer will poll all +the available clock types. + +AltiVec is now detected on IBM POWER7 processors and on OpenBSD systems. +The OpenBSD support was contributed by Brad Smith. + +The Qt mutex wrapper was broken and would not compile with any recent +version of Qt. Taking this as a clear indication that it is not in use, +it has been removed. + +Avoid setting the soname on OpenBSD, as it doesn't support it (Bugzilla 158) + +A compilation problem in the dynamic loader that prevented using +dyn_load under MinGW GCC has been fixed. + +A common error for people using MinGW is to target GCC on Windows, +however the 'Windows' target assumes the existence of Visual C++ +runtime functions which do not exist in MinGW. Now, configuring for +GCC on Windows will cause the configure.py to warn that likely you +wanted to configure for either MinGW or Cygwin, not the generic +Windows target. + +A bug in configure.py would cause it to interpret `--cpu=s390x` as +`s390`. This may have affected other CPUs as well. Now configure.py +searches for an exact match, and only if no exact match is found will +it search for substring matches. + +An incompatability in configure.py with the subprocess module included +in Python 3.1 has been fixed (Bugzilla 157). + +The exception catching syntax of configure.py has been changed to the +Python 3.x syntax. This syntax also works with Python 2.6 and 2.7, but +not with any earlier Python 2 release. A simple search and replace +will allow running it under Python 2.5:: + + perl -pi -e 's/except (.*) as (.*):/except $1, $2:/g' configure.py + +Note that Python 2.4 is not supported at all. + +Version 1.10.1, 2011-07-11 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* A race condition in `Algorithm_Factory` could cause crashes in + multithreaded code. See + :botan-devel:`this thread on botan-devel <2011-July/001455>` + for details and workarounds. + +* The return value of ``name`` has changed for GOST 28147-89 and + Skein-512. GOST's ``name`` now includes the name of the sbox, and + Skein's includes the personalization string (if nonempty). This + allows an object to be properly roundtripped, which is necessary to + fix the race condition described above. + +* A new distribution script is now included, as + ``src/build-data/scripts/dist.py`` + +* The ``build.h`` header now includes, if available, an identifier of + the source revision that was used. This identifier is also included + in the result of ``version_string``. + +Version 1.8.13, 2011-07-02 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* A race condition in `Algorithm_Factory` could cause crashes in + multithreaded code. See :botan-devel:`this thread on botan-devel + <2011-July/001455>` for details and workarounds. + +Version 1.10.0, 2011-06-20 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Detection for the rdrand instruction being added to upcoming Intel + Ivy Bridge processors has been added. + +* A template specialization of std::swap was added for the memory + container types. + +Version 1.8.12, 2011-06-20 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +* If EMSA3(Raw) was used for more than one signature, it would produce + incorrect output. + +* Fix the --enable-debug option to configure.py + +* Improve OS detection on Cygwin + +* Fix compilation under Sun Studio 12 on Solaris + +* Fix a memory leak in the constructors of DataSource_Stream and + DataSink_Stream which would occur if opening the file failed (Bugzilla 144) + +Version 1.9.18, 2011-06-03 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fourth release candidate for 1.10.0 + +* The GOST 34.10 verification operation was not ensuring that s and r + were both greater than zero. This could potentially have meant it + would have accepted an invalid all-zero signature as valid for any + message. Due to how ECC points are internally represented it instead + resulted in an exception being thrown. + +* A simple multiexponentation algorithm is now used in ECDSA and + GOST-34.10 signature verification, leading to 20 to 25% improvements + in ECDSA and 25% to 40% improvements in GOST-34.10 verification + performance. + +* The internal representation of elliptic curve points has been + modified to use Montgomery representation exclusively, resulting in + reduced memory usage and a 10 to 20% performance improvement for + ECDSA and ECDH. + +* In OAEP decoding, scan for the delimiter bytes using a loop that is + written without conditionals so as to help avoid timing analysis. + Unfortunately GCC at least is 'smart' enough to compile it to + jumps anyway. + +* The SSE2 implementation of IDEA did not work correctly when compiled + by Clang, because the trick it used to emulate a 16 bit unsigned + compare in SSE (which doesn't contain one natively) relied on signed + overflow working in the 'usual' way. A different method that doesn't + rely on signed overflow is now used. + +* Add support for compiling SSL using Visual C++ 2010's TR1 + implementation. + +* Fix a bug under Visual C++ 2010 which would cause ``hex_encode`` to + crash if given a zero-sized input to encode. + +* A new build option ``--via-amalgamation`` will first generate the + single-file amalgamation, then build the library from that single + file. This option requires a lot of memory and does not parallelize, + but the resulting library is smaller and may be faster. + +* On Unix, the library and header paths have been changed to allow + parallel installation of different versions of the library. Headers + are installed into ``<prefix>/include/botan-1.9/botan``, libraries + are named ``libbotan-1.9``, and ``botan-config`` is now namespaced + (so in this release ``botan-config-1.9``). All of these embedded + versions will be 1.10 in the upcoming stable release. + +* The soname system has been modified. In this release the library + soname is ``libbotan-1.9.so.0``, with the full library being named + ``libbotan-1.9.so.0.18``. The ``0`` is the ABI version, and will be + incremented whenever a breaking ABI change is made. + +* TR1 support is not longer automatically assumed under older versions + of GCC + +* Functions for base64 decoding that work standalone (without needing + to use a pipe) have been added to ``base64.h`` + +* The function ``BigInt::to_u32bit`` was inadvertently removed in 1.9.11 + and has been added back. + +* The function ``BigInt::get_substring`` did not work correctly with a + *length* argument of 32. + +* The implementation of ``FD_ZERO`` on Solaris uses ``memset`` and + assumes the caller included ``string.h`` on its behalf. Do so to + fix compilation in the ``dev_random`` and ``unix_procs`` entropy + sources. Patch from Jeremy C. Reed. + +* Add two different configuration targets for Atom, since some are + 32-bit and some are 64-bit. The 'atom' target now refers to the + 64-bit implementations, use 'atom32' to target the 32-bit + processors. + +* The (incomplete) support for CMS and card verifiable certificates + are disabled by default; add ``--enable-modules=cms`` or + ``--enable-modules=cvc`` during configuration to turn them back on. + +Version 1.9.17, 2011-04-29 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Third release candidate for 1.10.0 + +* The format preserving encryption method currently available was + presented in the header ``fpe.h`` and the functions ``fpe_encrypt`` + and ``fpe_decrypt``. These were renamed as it is likely that other + FPE schemes will be included in the future. The header is now + ``fpe_fe1.h``, and the functions are named ``fe1_encrypt`` and + ``fe1_decrypt``. + +* New options to ``configure.py`` control what tools are used for + documentation generation. The ``--with-sphinx`` option enables using + Sphinx to convert ReST into HTML; otherwise the ReST sources are + installed directly. If ``--with-doxygen`` is used, Doxygen will run + as well. Documentation generation can be triggered via the ``docs`` + target in the makefile; it will also be installed by the install + target on Unix. + +* A bug in 1.9.16 effectively disabled support for runtime CPU feature + detection on x86 under GCC in that release. + +* A mostly internal change, all references to "ia32" and "amd64" have + been changed to the vendor neutral and probably easier to understand + "x86-32" and "x86-64". For instance, the "mp_amd64" module has been + renamed "mp_x86_64", and the macro indicating x86-32 has changed + from ``BOTAN_TARGET_ARCH_IS_IA32`` to + ``BOTAN_TARGET_ARCH_IS_X86_32``. The classes calling assembly have + also been renamed. + +* Similiarly to the above change, the AES implemenations using the + AES-NI instruction set have been renamed from AES_XXX_Intel to + AES_XXX_NI. + +* Systems that are identified as `sun4u` will default to compiling for + 32-bit SPARCv9 code rather than 64-bit. This matches the still + common convention for 32-bit SPARC userspaces. If you want 64-bit + code on such as system, use ``--cpu=sparc64``. + +* Some minor fixes for compiling botan under the BeOS + clone/continuation `Haiku <http://haiku-os.org>`_. + +* Further updates to the documentation + +Version 1.9.16, 2011-04-11 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Second release candidate for 1.10.0 + +* The documentation, previously written in LaTeX, is now in + reStructuredText suitable for processing by `Sphinx + <http://sphinx.pocoo.org>`_, which can generate nicely formatted + HTML and PDFs. The documentation has also been greatly updated and + expanded. + +* The class ``EC_Domain_Params`` has been renamed ``EC_Group``, with a + typedef for backwards compatability. + +* ``EC_Group``'s string constructor didn't understand the standard + names like "secp160r1", forcing use of the OIDs. + +* Two constructors for ECDSA private keys, the one that creates a new + random key, and the one that provides a preset private key as a + ``BigInt``, have been merged. This matches the existing interface + for DSA and DH keys. If you previously used the version taking a + ``BigInt`` private key, you'll have to additionally pass in a + ``RandomNumberGenerator`` object starting in this release. + +* It is now possible to create ECDH keys with a preset ``BigInt`` + private key; previously no method for this was available. + +* The overload of ``generate_passhash9`` that takes an explicit + algorithm identifier has been merged with the one that does not. + The algorithm identifier code has been moved from the second + parameter to the fourth. + +* Change shared library versioning to match the normal Unix + conventions. Instead of ``libbotan-X.Y.Z.so``, the shared lib is + named ``libbotan-X.Y.so.Z``; this allows the runtime linker to do + its runtime linky magic. It can be safely presumed that any change + in the major or minor version indicates ABI incompatability. + +* Remove the socket wrapper code; it was not actually used by anything + in the library, only in the examples, and you can use whatever kind + of (blocking) socket interface you like with the SSL/TLS code. It's + available as socket.h in the examples directory if you want to use + it. + +* Disable the by-default 'strong' checking of private keys that are + loaded from storage. You can always request key material sanity + checking using Private_Key::check_key. + +* Bring back removed functions ``min_keylength_of``, + ``max_keylength_of``, ``keylength_multiple_of`` in ``lookup.h`` to + avoid breaking applications written against 1.8 + +Version 1.9.15, 2011-03-21 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* First release candidate for 1.10.0 + +* Modify how message expansion is done in SHA-256 and SHA-512. + Instead of expanding the entire message at the start, compute them + in the minimum number of registers. Values are computed 15 rounds + before they are needed. On a Core i7-860, GCC 4.5.2, went from 143 + to 157 MiB/s in SHA-256, and 211 to 256 MiB/s in SHA-512. + +* Pipe will delete empty output queues as soon as they are no longer + needed, even if earlier messages still have data unread. However an + (empty) entry in a deque of pointers will remain until all prior + messages are completely emptied. + +* Avoid reading the SPARC ``%tick`` register on OpenBSD as unlike the + Linux and NetBSD kernels, it will not trap and emulate it for us, + causing a illegal instruction crash. + +* Improve detection and autoconfiguration for ARM processors. Thanks + go out to the the `Tahoe-LAFS Software Foundation + <http://tahoe-lafs.org>`_, who donated a Sheevaplug that I'll be + using to figure out how to make the cryptographic primitives + Tahoe-LAFS relies on faster, particularly targeting the ARMv5TE. + +Version 1.9.14, 2011-03-01 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add support for bcrypt, OpenBSD's password hashing scheme. + +* Add support for NIST's AES key wrapping algorithm, as described in + :rfc:`3394`. It is available by including ``rfc3394.h``. + +* Fix an infinite loop in zlib filters introduced in 1.9.11 (Bugzilla 142) + +Version 1.9.13, 2011-02-19 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +GOST 34.10 signatures were being formatted in a way that was not +compatible with other implemenations, and specifically how GOST is +used in DNSSEC. + +The Keccak hash function was updated to the tweaked variant proposed +for round 3 of the NIST hash competition. This version is not +compatible with the previous algorithm. + +A new option ``--distribution-info`` was added to the configure +script. It allows the user building the library to set any +distribution-specific notes on the build, which are available as a +macro ``BOTAN_DISTRIBUTION_INFO``. The default value is +'unspecified'. If you are building an unmodified version of botan +(especially for distribution), and want to indicate to applications +that this is the case, consider using +``--distribution-info=pristine``. If you are making any patches or +modifications, it is recommended to use +``--distribution-info=[Distribution Name] [Version]``, for instance +'FooNix 1.9.13-r3'. + +Some bugs preventing compilation under Clang 2.9 and Sun Studio 12 +were fixed. + +The DER/BER codecs use ``size_t`` instead of ``u32bit`` for small +integers + +Version 1.9.12, 2010-12-13 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add the Keccak hash function +* Fix compilation problems in Python wrappers +* Fix compilation problem in OpenSSL engine +* Update SQLite3 database encryption codec + +Version 1.9.11, 2010-11-29 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* The TLS API has changed substantially and now relies heavily on + TR1's ``std::function`` is now required. Additionally, it is + required that all callers derive a subclass of TLS_Policy and pass + it to a client or server object. Please remember that the TLS + interface/API is currently unstable and will very likely change + further before TLS is included in a stable release. A handshake + failure that occured when RC4 was negotiated has also been fixed. + +* Some possible timing channels in the implementations of Montgomery + reduction and the IDEA key schedule were removed. The table-based + AES implementation uses smaller tables in the first round to help + make some timing/cache attacks harder. + +* The library now uses size_t instead of u32bit to represent + lengths. Also the interfaces for the memory containers have changed + substantially to better match STL container interfaces; + MemoryRegion::append, MemoryRegion::destroy, and MemoryRegion::set + were all removed, and several other functions, like clear and + resize, have changed meaning. + +* Update Skein-512 to match the v1.3 specification +* Fix a number of CRL encoding and decoding bugs +* Counter mode now always encrypts 256 blocks in parallel +* Use small tables in the first round of AES +* Removed AES class: app must choose AES-128, AES-192, or AES-256 +* Add hex encoding/decoding functions that can be used without a Pipe +* Add base64 encoding functions that can be used without a Pipe +* Add to_string function to X509_Certificate +* Add support for dynamic engine loading on Windows +* Replace BlockCipher::BLOCK_SIZE attribute with function block_size() +* Replace HashFunction::HASH_BLOCK_SIZE attribute with hash_block_size() +* Move PBKDF lookup to engine system +* The IDEA key schedule has been changed to run in constant time +* Add Algorithm and Key_Length_Specification classes +* Switch default PKCS #8 encryption algorithm from AES-128 to AES-256 +* Allow using PBKDF2 with empty passphrases +* Add compile-time deprecation warnings for GCC, Clang, and MSVC +* Support use of HMAC(SHA-256) and CMAC(Blowfish) in passhash9 +* Improve support for Intel Atom processors +* Fix compilation problems under Sun Studio and Clang + +Version 1.8.11, 2010-11-02 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fix a number of CRL encoding and decoding bugs +* When building a debug library under VC++, use the debug runtime +* Fix compilation under Sun Studio on Linux and Solaris +* Add several functions for compatability with 1.9 +* In the examples, read most input files as binary +* The Perl build script has been removed in this release + +Version 1.8.10, 2010-08-31 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Switch default PKCS #8 encryption algorithm from 3DES to AES-256 +* Increase default hash iterations from 2048 to 10000 in PBES1 and PBES2 +* Use small tables in the first round of AES +* Add PBKDF typedef and get_pbkdf for better compatability with 1.9 +* Add version of S2K::derive_key taking salt and iteration count +* Enable the /proc-walking entropy source on NetBSD +* Fix the doxygen makefile target + +Version 1.9.10, 2010-08-12 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add a constant-time AES implementation using SSSE3. This code is + based on public domain assembly written by `Mike Hamburg + <http://crypto.stanford.edu/vpaes/>`_, and described in his CHES + 2009 paper "Accelerating AES with Vector Permute Instructions". In + addition to being constant time, it is also significantly faster + than the table-based implementation on some processors. The current + code has been tested with GCC 4.5, Visual C++ 2008, and Clang 2.8. + + +* Support for dynamically loading Engine objects at runtime was also + added. Currently only system that use ``dlopen``-style dynamic + linking are supported. + +* On GCC 4.3 and later, use the byteswap intrinsic functions. + +* Drop support for building with Python 2.4 + +* Fix benchmarking of block ciphers in ECB mode + +* Consolidate the two x86 assembly engines + +* Rename S2K to PBKDF + +Version 1.9.9, 2010-06-28 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +A new pure virtual function has been added to ``Filter``, ``name`` +which simply returns some useful identifier for the object. Any +out-of-tree ``Filter`` implementations will need to be updated. + +Add ``Keyed_Filter::valid_iv_length`` which makes it possible to query +as to what IV length(s) a particular filter allows. Previously, +partially because there was no such query mechanism, if a filter did +not support IVs at all, then calls to ``set_iv`` would be silently +ignored. Now an exception about the invalid IV length will be thrown. + +The default iteration count for the password based encryption schemes +has been increased from 2048 to 10000. This should make +password-guessing attacks against private keys encrypted with versions +after this release somewhat harder. + +New functions for encoding public and private keys to binary, +``X509::BER_encode`` and ``PKCS8::BER_encode`` have been added. + +Problems compiling under Apple's version of GCC 4.2.1 and on 64-bit +MIPS systems using GCC 4.4 or later were fixed. + +The coverage of Doxygen documentation comments has significantly +improved in this release. + +Version 1.8.9, 2010-06-16 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Use constant time multiplication in IDEA + +* Avoid possible timing attack against OAEP decoding + +* Add new X509::BER_encode and PKCS8::BER_encode + +* Enable DLL builds under Windows + +* Add Win32 installer support + +* Add support for the Clang compiler + +* Fix problem in semcem.h preventing build under Clang or GCC 3.4 + +* Fix bug that prevented creation of DSA groups under 1024 bits + +* Fix crash in GMP_Engine if library is shutdown and reinitialized and + a PK algorithm was used after the second init + +* Work around problem with recent binutils in x86-64 SHA-1 + +* The Perl build script is no longer supported and refuses to run by + default. If you really want to use it, pass + ``--i-know-this-is-broken`` to the script. + +Version 1.9.8, 2010-06-14 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add support for wide multiplications on 64-bit Windows +* Use constant time multiplication in IDEA +* Avoid possible timing attack against OAEP decoding +* Removed FORK-256; rarely used and it has been broken +* Rename ``--use-boost-python`` to ``--with-boost-python`` +* Skip building shared libraries on MinGW/Cygwin +* Fix creation of 512 and 768 bit DL groups using the DSA kosherizer +* Fix compilation on GCC versions before 4.3 (missing cpuid.h) +* Fix compilation under the Clang compiler + +Version 1.9.7, 2010-04-27 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* TLS: Support reading SSLv2 client hellos +* TLS: Add support for SEED ciphersuites (RFC 4162) +* Add Comb4P hash combiner function + +* Fix checking of EMSA_Raw signatures with leading 0 bytes, valid + signatures could be rejected in certain scenarios. + +Version 1.9.6, 2010-04-09 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* TLS: Add support for TLS v1.1 +* TLS: Support server name indicator extension +* TLS: Fix server handshake +* TLS: Fix server using DSA certificates +* TLS: Avoid timing channel between CBC padding check and MAC verification + +Version 1.9.5, 2010-03-29 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Numerous ECC optimizations +* Fix GOST 34.10-2001 X.509 key loading +* Allow PK_Signer's fault protection checks to be toggled off +* Avoid using pool-based locking allocator if we can't mlock +* Remove all runtime options +* New BER_Decoder::{decode_and_check, decode_octet_string_bigint} +* Remove SecureBuffer in favor of SecureVector length parameter +* HMAC_RNG: Perform a poll along with user-supplied entropy +* Fix crash in MemoryRegion if Allocator::get failed +* Fix small compilation problem on FreeBSD + +Version 1.9.4, 2010-03-09 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add the Ajisai SSLv3/TLSv1.0 implementation + +* Add GOST 34.10-2001 public key signature scheme +* Add SIMD implementation of Noekeon + +* Add SSE2 implementation of IDEA + +* Extend Salsa20 to support longer IVs (XSalsa20) + +* Perform XTS encryption and decryption in parallel where possible + +* Perform CBC decryption in parallel where possible + +* Add SQLite3 db encryption codec, contributed by Olivier de Gaalon + +* Add a block cipher cascade construction + +* Add support for password hashing for authentication (passhash9.h) + +* Add support for Win32 high resolution system timers + +* Major refactoring and API changes in the public key code + +* PK_Signer class now verifies all signatures before releasing them to + the caller; this should help prevent a wide variety of fault + attacks, though it does have the downside of hurting signature + performance, particularly for DSA/ECDSA. + +* Changed S2K interface: derive_key now takes salt, iteration count + +* Remove dependency on TR1 shared_ptr in ECC and CVC code + +* Renamed ECKAEG to its more usual name, ECDH + +* Fix crash in GMP_Engine if library is shutdown and reinitialized + +* Fix an invalid memory read in MD4 + +* Fix Visual C++ static builds + +* Remove Timer class entirely + +* Switch default PKCS #8 encryption algorithm from 3DES to AES-128 + +* New configuration option, ``--gen-amalgamation``, creates a pair of + files (``botan_all.cpp`` and ``botan_all.h``) which contain the + contents of the library as it would have normally been compiled + based on the set configuration. + +* Many headers are now explicitly internal-use-only and are not installed + +* Greatly improve the Win32 installer + +* Several fixes for Visual C++ debug builds + +Version 1.9.3, 2009-11-19 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add new AES implementation using Intel's AES instruction intrinsics +* Add an implementation of format preserving encryption +* Allow use of any hash function in X.509 certificate creation +* Optimizations for MARS, Skipjack, and AES +* Set macros for available SIMD instructions in build.h +* Add support for using InnoSetup to package Windows builds +* By default build a DLL on Windows + +Version 1.8.8, 2009-11-03 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Alter Skein-512 to match the tweaked 1.2 specification +* Fix use of inline asm for access to x86 bswap function +* Allow building the library without AES enabled +* Add 'powerpc64' alias to ppc64 arch for Gentoo ebuild + +Version 1.9.2, 2009-11-03 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add SIMD version of XTEA +* Support both SSE2 and AltiVec SIMD for Serpent and XTEA +* Optimizations for SHA-1 and SHA-2 +* Add AltiVec runtime detection +* Fix x86 CPU identification with Intel C++ and Visual C++ + +Version 1.9.1, 2009-10-23 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Better support for Python and Perl wrappers +* Add an implementation of Blue Midnight Wish (Round 2 tweak version) +* Modify Skein-512 to match the tweaked 1.2 specification +* Add threshold secret sharing (draft-mcgrew-tss-02) +* Add runtime cpu feature detection for x86/x86-64 +* Add code for general runtime self testing for hashes, MACs, and ciphers +* Optimize XTEA; twice as fast as before on Core2 and Opteron +* Convert CTR_BE and OFB from filters to stream ciphers +* New parsing code for SCAN algorithm names +* Enable SSE2 optimizations under Visual C++ +* Remove all use of C++ exception specifications +* Add support for GNU/Hurd and Clang/LLVM + +Version 1.8.7, 2009-09-09 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fix processing multiple messages in XTS mode +* Add --no-autoload option to configure.py, for minimized builds + +Version 1.9.0, 2009-09-09 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add support for parallel invocation of block ciphers where possible +* Add SSE2 implementation of Serpent +* Add Rivest's package transform (an all or nothing transform) +* Minor speedups to the Turing key schedule +* Fix processing multiple messages in XTS mode +* Add --no-autoload option to configure.py, for minimized builds +* The previously used configure.pl script is no longer supported + +Version 1.8.6, 2009-08-13 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add Cryptobox, a set of simple password-based encryption routines +* Only read world-readable files when walking /proc for entropy +* Fix building with TR1 disabled +* Fix x86 bswap support for Visual C++ +* Fixes for compilation under Sun C++ +* Add support for Dragonfly BSD (contributed by Patrick Georgi) +* Add support for the Open64 C++ compiler +* Build fixes for MIPS systems running Linux +* Minor changes to license, now equivalent to the FreeBSD/NetBSD license + +Version 1.8.5, 2009-07-23 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Change configure.py to work on stock Python 2.4 +* Avoid a crash in Skein_512::add_data processing a zero-length input +* Small build fixes for SPARC, ARM, and HP-PA processors +* The test suite now returns an error code from main() if any tests failed + +Version 1.8.4, 2009-07-12 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fix a bug in nonce generation in the Miller-Rabin test + +Version 1.8.3, 2009-07-11 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add a new Python configuration script +* Add the Skein-512 SHA-3 candidate hash function +* Add the XTS block cipher mode from IEEE P1619 +* Fix random_prime when generating a prime of less than 7 bits +* Improve handling of low-entropy situations during PRNG seeding +* Change random device polling to prefer /dev/urandom over /dev/random +* Use an input insensitive implementation of same_mem instead of memcmp +* Correct DataSource::discard_next to return the number of discarded bytes +* Provide a default value for AutoSeeded_RNG::reseed +* Fix Gentoo bug 272242 + +Version 1.8.2, 2009-04-07 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Make entropy polling more flexible and in most cases faster +* GOST 28147 now supports multiple sbox parameters +* Added the GOST 34.11 hash function +* Fix botan-config problems on MacOS X + +Version 1.8.1, 2009-01-20 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Avoid a valgrind warning in es_unix.cpp on 32-bit Linux +* Fix memory leak in PKCS8 load_key and encrypt_key +* Relicense api.tex from CC-By-SA 2.5 to BSD +* Fix botan-config on MacOS X, Solaris + +Version 1.8.0, 2008-12-08 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fix compilation on Solaris with GCC + +Version 1.7.24, 2008-12-01 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fix a compatibility problem with SHA-512/EMSA3 signature padding +* Fix bug preventing EGD/PRNGD entropy poller from working +* Fix integer overflow in Pooling_Allocator::get_more_core (bug id #27) +* Add EMSA3_Raw, a variant of EMSA3 called CKM_RSA_PKCS in PKCS #11 +* Add support for SHA-224 in EMSA2 and EMSA3 PK signature padding schemes +* Add many more test vectors for RSA with EMSA2, EMSA3, and EMSA4 +* Wrap private structs in SSE2 SHA-1 code in anonymous namespace +* Change configure.pl's CPU autodetection output to be more consistent +* Disable using OpenSSL's AES due to crashes of unknown cause +* Fix warning in /proc walking entropy poller +* Fix compilation with IBM XLC for Cell 0.9-200709 + +Version 1.7.23, 2008-11-23 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Change to use TR1 (thus enabling ECDSA) with GCC and ICC +* Optimize almost all hash functions, especially MD4 and Tiger +* Add configure.pl options --{with,without}-{bzip2,zlib,openssl,gnump} +* Change Timer to be pure virtual, and add ANSI_Clock_Timer +* Cache socket descriptors in the EGD entropy source +* Avoid bogging down startup in /proc walking entropy source +* Remove Buffered_EntropySource helper class +* Add a Default_Benchmark_Timer typedef in benchmark.h +* Add examples using benchmark.h and Algorithm_Factory +* Add ECC tests from InSiTo +* Minor documentation updates + +Version 1.7.22, 2008-11-17 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add provider preferences to Algorithm_Factory +* Fix memory leaks in PBE_PKCS5v20 and get_pbe introduced in 1.7.21 +* Optimize AES encryption and decryption (about 10% faster) +* Enable SSE2 optimized SHA-1 implementation on Intel Prescott CPUs +* Fix nanoseconds overflow in benchmark code +* Remove Engine::add_engine + +Version 1.7.21, 2008-11-11 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Make algorithm lookup much more configuable +* Add facilities for runtime performance testing of algorithms +* Drop use of entropy estimation in the PRNGs +* Increase intervals between HMAC_RNG automatic reseeding +* Drop InitializerOptions class, all options but thread safety + +Version 1.7.20, 2008-11-09 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Namespace pkg-config file by major and minor versions +* Cache device descriptors in Device_EntropySource +* Split base.h into {block_cipher,stream_cipher,mac,hash}.h +* Removed get_mgf function from lookup.h + +Version 1.7.19, 2008-11-06 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add HMAC_RNG, based on a design by Hugo Krawczyk +* Optimized the Turing stream cipher (about 20% faster on x86-64) +* Modify Randpool's reseeding algorithm to poll more sources +* Add a new AutoSeeded_RNG in auto_rng.h +* OpenPGP_S2K changed to take hash object instead of name +* Add automatic identification for Intel's Prescott processors + +Version 1.7.18, 2008-10-22 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add Doxygen comments from InSiTo +* Add ECDSA and ECKAEG benchmarks +* Add configure.pl switch --with-tr1-implementation +* Fix configure.pl's --with-endian and --with-unaligned-mem options +* Added support for pkg-config +* Optimize byteswap with x86 inline asm for Visual C++ by Yves Jerschow +* Use const references to avoid copying overhead in CurveGFp, GFpModulus + +Version 1.7.17, 2008-10-12 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add missing ECDSA object identifiers +* Fix error in x86 and x86-64 assembler affecting GF(p) math +* Remove Boost dependency from GF(p) math +* Modify botan-config to not print -L/usr/lib or -L/usr/local/lib +* Add BOTAN_DLL macro to over 30 classes missing it +* Rename the two SHA-2 base classes for consistency + +Version 1.7.16, 2008-10-09 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add several missing pieces needed for ECDSA and ECKAEG +* Add Card Verifiable Certificates from InSiTo +* Add SHA-224 from InSiTo +* Add BSI variant of EMSA1 from InSiTo +* Add GF(p) and ECDSA tests from InSiTo +* Split ECDSA and ECKAEG into distinct modules +* Allow OpenSSL and GNU MP engines to be built with public key algos disabled +* Rename sha256.h to sha2_32.h and sha_64.h to sha2_64.h + +Version 1.7.15, 2008-10-07 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add GF(p) arithmetic from InSiTo +* Add ECDSA and ECKAEG implementations from InSiTo +* Minimize internal dependencies, allowing for smaller build configurations +* Add new User Manual and Architecture Guide from FlexSecure GmbH +* Alter configure.pl options for better autotools compatibility +* Update build instructions for recent changes to configure.pl +* Fix CPU detection using /proc/cpuinfo + +Version 1.7.14, 2008-09-30 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Split library into parts allowing modular builds +* Add (very preliminary) CMS support to the main library +* Some constructors now require object pointers instead of names +* Support multiple implementations of the same algorithm +* Build support for Pentium-M processors, from Derek Scherger +* Build support for MinGW/MSYS, from Zbigniew Zagorski +* Use inline assembly for bswap on 32-bit x86 + +Version 1.7.13, 2008-09-27 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add SSLv3 MAC, SSLv3 PRF, and TLS v1.0 PRF from Ajisai +* Allow all examples to compile even if compression not enabled +* Make CMAC's polynomial doubling operation a public class method +* Use the -m64 flag when compiling with Sun Forte on x86-64 +* Clean up and slightly optimize CMAC::final_result + +Version 1.7.12, 2008-09-18 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add x86 assembly for Visual Studio C++, by Luca Piccarreta +* Add a Perl XS module, by Vaclav Ovsik +* Add SWIG-based wrapper for Botan +* Add SSE2 implementation of SHA-1, by Dean Gaudet +* Remove the BigInt::sig_words cache due to bugs +* Combined the 4 Blowfish sboxes, suggested by Yves Jerschow +* Changed BigInt::grow_by and BigInt::grow_to to be non-const +* Add private assignment operators to classes that don't support assignment +* Benchmark RSA encryption and signatures +* Added test programs for random_prime and ressol +* Add high resolution timers for IA-64, HP-PA, S390x +* Reduce use of the RNG during benchmarks +* Fix builds on STI Cell PPU +* Add support for IBM's XLC compiler +* Add IETF 8192 bit MODP group + +Version 1.7.11, 2008-09-11 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added the Salsa20 stream cipher +* Optimized Montgomery reduction, Karatsuba squaring +* Added 16x16->32 word Comba multiplication and squaring +* Use a much larger Karatsuba cutoff point +* Remove bigint_mul_add_words +* Inlined several BigInt functions +* Add useful information to the generated build.h +* Rename alg_{ia32,amd64} modules to asm_{ia32,amd64} +* Fix the Windows build + +Version 1.7.10, 2008-09-05 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Public key benchmarks run using a selection of random keys +* New benchmark timer options are clock_gettime, gettimeofday, times, clock +* Including reinterpret_cast optimization for xor_buf in default header +* Split byte swapping and word rotation functions into distinct headers +* Add IETF modp 6144 group and 2048 and 3072 bit DSS groups +* Optimizes BigInt right shift +* Add aliases in DL_Group::Format enum +* BigInt now caches the significant word count + +Version 1.6.5, 2008-08-27 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add noexec stack marker for GNU linker in assembly code +* Fix autoconfiguration problem on x86 with GCC 4.2 and 4.3 + +Version 1.7.9, 2008-08-27 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Make clear() in most algorithm base classes a pure virtual +* Add noexec stack marker for GNU linker in assembly code +* Avoid string operations in ressol +* Compilation fixes for MinGW and Visual Studio C++ 2008 +* Some autoconfiguration fixes for Windows + +Version 1.7.8, 2008-07-15 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added the block cipher Noekeon +* Remove global deref_alias function +* X509_Store takes timeout options as constructor arguments +* Add Shanks-Tonelli algorithm, contributed by FlexSecure GmbH +* Extend random_prime() for generating primes of any bit length +* Remove Config class +* Allow adding new entropy via base RNG interface +* Reseeding a X9.31 PRNG also reseeds the underlying PRNG + +Version 1.7.7, 2008-06-28 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Remove the global PRNG object +* The PK filter objects were removed +* Add a test suite for the ANSI X9.31 PRNG +* Much cleaner and (mostly) thread-safe reimplementation of es_ftw +* Remove both default arguments to ANSI_X931_RNG's constructor +* Remove the randomizing version of OctetString::change +* Make the cipher and MAC to use in Randpool configurable +* Move RandomNumberGenerator declaration to rng.h +* RSA_PrivateKey will not generate keys smaller than 1024 bits +* Fix an error decoding BER UNIVERSAL types with special taggings + +Version 1.7.6, 2008-05-05 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Initial support for Windows DLLs, from Joel Low +* Reset the position pointer when a new block is generated in X9.32 PRNG +* Timer objects are now treated as entropy sources +* Moved several ASN.1-related enums from enums.h to an appropriate header +* Removed the AEP module, due to inability to test +* Removed Global_RNG and rng.h +* Removed system_clock +* Removed Library_State::UI and the pulse callback logic + +Version 1.7.5, 2008-04-12 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* The API of X509_CA::sign_request was altered to avoid race conditions +* New type Pipe::message_id to represent the Pipe message number +* Remove the Named_Mutex_Holder for a small performance gain +* Removed several unused or rarely used functions from Config +* Ignore spaces inside of a decimal string in BigInt::decode +* Allow using a std::istream to initialize a DataSource_Stream object +* Fix compilation problem in zlib compression module +* The chunk sized used by Pooling_Allocator is now a compile time setting +* The size of random blinding factors is now a compile time setting +* The install target no longer tries to set a particular owner/group + +Version 1.7.4, 2008-03-10 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Use unaligned memory read/writes on systems that allow it, for performance +* Assembly for x86-64 for accessing the bswap instruction +* Use larger buffers in ARC4 and WiderWAKE for significant throughput increase +* Unroll loops in SHA-160 for a few percent increase in performance +* Fix compilation with GCC 3.2 in es_ftw and es_unix +* Build fix for NetBSD systems +* Prevent es_dev from being built except on Unix systems + +Version 1.6.4, 2008-03-08 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fix a compilation problem with Visual Studio C++ 2003 + +Version 1.7.3, 2008-01-23 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* New invocation syntax for configure.pl with several new options +* Support for IPv4 addresses in a subject alternative name +* New fast poll for the generic Unix entropy source (es_unix) +* The es_file entropy source has been replaced by the es_dev module +* The malloc allocator does not inherit from Pooling_Allocator anymore +* The path that es_unix will search in are now fully user-configurable +* Truncate X9.42 PRF output rather than allow counter overflow +* PowerPC is now assumed to be big-endian + +Version 1.7.2, 2007-10-13 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Initialize the global library state lazily +* Add plain CBC-MAC for backwards compatibility with old systems +* Clean up some of the self test code +* Throw a sensible exception if a DL_Group is not found +* Truncate KDF2 output rather than allowing counter overflow +* Add newly assigned OIDs for SHA-2 and DSA with SHA-224/256 +* Fix a Visual Studio compilation problem in x509stat.cpp + +Version 1.6.3, 2007-07-23 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fix a race condition in the algorithm lookup cache +* Fix problems building the memory pool on some versions of Visual C++ + +Version 1.7.1, 2007-07-23 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fix a race condition in the algorithm object cache +* HMAC key schedule optimization +* The build header sets a macro defining endianness, if known +* New word load/store abstraction allowing further optimization +* Modify most of the library to avoid use the C-style casts +* Use higher resolution timers in symmetric benchmarks + +Version 1.7.0, 2007-05-19 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* DSA parameter generation now follows FIPS 186-3 +* Added OIDs for Rabin-Williams and Nyberg-Rueppel +* Somewhat better support for out of tree builds +* Minor optimizations for RC2 and Tiger +* Documentation updates +* Update the todo list + +Version 1.6.2, 2007-03-24 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fix autodection on Athlon64s running Linux +* Fix builds on QNX and compilers using STLport +* Remove a call to abort() that crept into production + +Version 1.6.1, 2007-01-20 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fix some base64 decoder bugs +* Add a new option to base64 encoding, to always append a newline +* Fix some build problems under Visual Studio with debug enabled +* Fix a bug in BER_Decoder that was triggered under some compilers + +Version 1.6.0, 2006-12-17 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Minor cleanups versus 1.5.13 + +Version 1.5.13, 2006-12-10 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Compilation fixes for the bzip2, zlib, and GNU MP modules +* Better support for Intel C++ and EKOpath C++ on x86-64 + +Version 1.5.12, 2006-10-27 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Cleanups in the initialization routines +* Add some x86-64 assembly for multiply-add +* Fix problems generating very small (below 384 bit) RSA keys +* Support out of tree builds +* Bring some of the documentation up to date +* More improvements to the Python bindings + +Version 1.5.11, 2006-09-10 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Removed the Algorithm base class +* Various cleanups in the public key inheritance hierarchy +* Major overhaul of the configure/build setup +* Added x86 assembler implementations of Serpent and low-level MPI code +* Optimizations for the SHA-1 x86 assembler +* Various improvements to the Python wrappers +* Work around a Visual Studio compiler bug + +Version 1.5.10, 2006-08-13 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add x86 assembler versions of MD4, MD5, and SHA-1 +* Expand InitializerOptions' language to support on/off switches +* Fix definition of OID 2.5.4.8; was accidentally changed in 1.5.9 +* Fix possible resource leaks in the mmap allocator +* Slightly optimized buffering in MDx_HashFunction +* Initialization failures are dealt with somewhat better +* Add an example implementing Pollard's Rho algorithm +* Better option handling in the test/benchmark tool +* Expand the xor_ciph example to support longer keys +* Some updates to the documentation + +Version 1.5.9, 2006-07-12 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed bitrot in the AEP engine +* Fix support for marking certificate/CRL extensions as critical +* Significant cleanups in the library state / initialization code +* LibraryInitializer takes an explicit InitializerOptions object +* Make Mutex_Factory an abstract class, add Default_Mutex_Factory +* Change configuration access to using global_state() +* Add support for global named mutexes throughout the library +* Add some STL wrappers for the delete operator +* Change how certificates are created to be more flexible and general + +Version 1.5.8, 2006-06-23 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Many internal cleanups to the X.509 cert/CRL code +* Allow for application code to support new X.509 extensions +* Change the return type of X509_Certificate::{subject,issuer}_info +* Allow for alternate character set handling mechanisms +* Fix a bug that was slowing squaring performance somewhat +* Fix a very hard to hit overflow bug in the C version of word3_muladd +* Minor cleanups to the assembler modules +* Disable es_unix module on FreeBSD due to build problem on FreeBSD 6.1 +* Support for GCC 2.95.x has been dropped in this release + +Version 1.5.7, 2006-05-28 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Further, major changes to the BER/DER coding system +* Updated the Qt mutex module to use Mutex_Factory +* Moved the library global state object into an anonymous namespace +* Drop the Visual C++ x86 assembly module due to bugs + +Version 1.5.6, 2006-03-01 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* The low-level DER/BER coding system was redesigned and rewritten +* Portions of the certificate code were cleaned up internally +* Use macros to substantially clean up the GCC assembly code +* Added 32-bit x86 assembly for Visual C++ (by Luca Piccarreta) +* Avoid a couple of spurious warnings under Visual C++ +* Some slight cleanups in X509_PublicKey::key_id + +Version 1.5.5, 2006-02-04 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed a potential infinite loop in the memory pool code (Matt Johnston) +* Made Pooling_Allocator::Memory_Block an actual class of sorts +* Some small optimizations to the division and modulo computations +* Cleaned up the implementation of some of the BigInt operators +* Reduced use of dynamic memory allocation in low-level BigInt functions +* A few simplifications in the Randpool mixing function +* Removed power(), as it was not particularly useful (or fast) +* Fixed some annoying bugs in the benchmark code +* Added a real credits file + +Version 1.5.4, 2006-01-29 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Integrated x86 and amd64 assembly code, contributed by Luca Piccarreta +* Fixed a memory access off-by-one in the Karatsuba code +* Changed Pooling_Allocator's free list search to a log(N) algorithm +* Merged ModularReducer with its only subclass, Barrett_Reducer +* Fixed sign-handling bugs in some of the division and modulo code +* Renamed the module description files to modinfo.txt +* Further cleanups in the initialization code +* Removed BigInt::add and BigInt::sub +* Merged all the division-related functions into just divide() +* Modified the <mp_asmi.h> functions to allow for better optimizations +* Made the number of bits polled from an EntropySource user configurable +* Avoid including <algorithm> in <botan/secmem.h> +* Fixed some build problems with Sun Forte +* Removed some dead code from bigint_modop +* Fix the definition of same_mem + +Version 1.5.3, 2006-01-24 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Many optimizations in the low-level multiple precision integer code +* Added hooks for assembly implementations of the MPI code +* Support for the X.509 issuer alternative name extension in new certs +* Fixed a bug in the decompression modules; found and patched by Matt Johnston +* New Windows mutex module (mux_win32), by Luca Piccarreta +* Changed the Windows timer module to use QueryPerformanceCounter +* mem_pool.cpp was using std::set iterators instead of std::multiset ones +* Fixed a bug in X509_CA preventing users from disabling particular extensions +* Fixed the mp_asm64 module, which was entirely broken in 1.5.2 +* Fixed some module build problems on FreeBSD and Tru64 + +Version 1.4.12, 2006-01-15 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed an off-by-one memory read in MISTY1::key() +* Fixed a nasty memory leak in Output_Buffers::retire() +* Changed maximum HMAC keylength to 1024 bits +* Fixed a build problem in the hardware timer module on 64-bit PowerPC + +Version 1.5.2, 2006-01-15 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed an off-by-one memory read in MISTY1::key() +* Fixed a nasty memory leak in Output_Buffers::retire() +* Reimplemented the memory allocator from scratch +* Improved memory caching in Montgomery exponentiation +* Optimizations for multiple precision addition and subtraction +* Fixed a build problem in the hardware timer module on 64-bit PowerPC +* Changed default Karatsuba cutoff to 12 words (was 14) +* Removed MemoryRegion::bits(), which was unused and incorrect +* Changed maximum HMAC keylength to 1024 bits +* Various minor Makefile and build system changes +* Avoid using std::min in <secmem.h> to bypass Windows libc macro pollution +* Switched checks/clock.cpp back to using clock() by default +* Enabled the symmetric algorithm tests, which were accidentally off in 1.5.1 +* Removed the Default_Mutex's unused clone() member function + +Version 1.5.1, 2006-01-08 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Implemented Montgomery exponentiation +* Implemented generalized Karatsuba multiplication and squaring +* Implemented Comba squaring for 4, 6, and 8 word inputs +* Added new Modular_Exponentiator and Power_Mod classes +* Removed FixedBase_Exp and FixedExponent_Exp +* Fixed a performance regression in get_allocator introduced in 1.5.0 +* Engines can now offer S2K algorithms and block cipher padding methods +* Merged the remaining global 'algolist' code into Default_Engine +* The low-level MPI code is linked as C again +* Replaced BigInt's get_nibble with the more general get_substring +* Some documentation updates + +Version 1.5.0, 2006-01-01 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Moved all global/shared library state into a single object +* Mutex objects are created through mutex factories instead of a global +* Removed ::get_mutex(), ::initialize_mutex(), and Mutex::clone() +* Removed the RNG_Quality enum entirely +* There is now only a single global-use PRNG +* Removed the no_aliases and no_oids options for LibraryInitializer +* Removed the deprecated algorithms SEAL, ISAAC, and HAVAL +* Change es_ftw to use unbuffered I/O + +Version 1.4.11, 2005-12-31 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Changed Whirlpool diffusion matrix to match updated algorithm spec +* Fixed several engine module build errors introduced in 1.4.10 +* Fixed two build problems in es_capi; reported by Matthew Gregan +* Added a constructor to DataSource_Memory taking a std::string +* Placing the same Filter in multiple Pipes triggers an exception +* The configure script accepts --docdir and --libdir +* Merged doc/rngs.txt into the main API document +* Thanks to Joel Low for several bug reports on early tarballs of 1.4.11 + +Version 1.4.10, 2005-12-18 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added an implementation of KASUMI, the block cipher used in 3G phones +* Refactored Pipe; output queues are now managed by a distinct class +* Made certain Filter facilities only available to subclasses of Fanout_Filter +* There is no longer any overhead in Pipe for a message that has been read out +* It is now possible to generate RSA keys as small as 128 bits +* Changed some of the core classes to derive from Algorithm as a virtual base +* Changed Randpool to use HMAC instead of a plain hash as the mixing function +* Fixed a bug in the allocators; found and fixed by Matthew Gregan +* Enabled the use of binary file I/O, when requested by the application +* The OpenSSL engine's block cipher code was missing some deallocation calls +* Disabled the es_ftw module on NetBSD, due to header problems there +* Fixed a problem preventing tm_hard from building on MacOS X on PowerPC +* Some cleanups for the modules that use inline assembler +* config.h is now stored in build/ instead of build/include/botan/ +* The header util.h was split into bit_ops.h, parsing.h, and util.h +* Cleaned up some redundant include directives + +Version 1.4.9, 2005-11-06 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added the IBM-created AES candidate algorithm MARS +* Added the South Korean block cipher SEED +* Added the stream cipher Turing +* Added the new hash function FORK-256 +* Deprecated the ISAAC stream cipher +* Twofish and RC6 are significantly faster with GCC +* Much better support for 64-bit PowerPC +* Added support for high-resolution PowerPC timers +* Fixed a bug in the configure script causing problems on FreeBSD +* Changed ANSI X9.31 to support arbitrary block ciphers +* Make the configure script a bit less noisy +* Added more test vectors for some algorithms, including all the AES finalists +* Various cosmetic source code cleanups + +Version 1.4.8, 2005-10-16 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Resolved a bad performance problem in the allocators; fix by Matt Johnston +* Worked around a Visual Studio 2003 compilation problem introduced in 1.4.7 +* Renamed OMAC to CMAC to match the official NIST naming +* Added single byte versions of update() to PK_Signer and PK_Verifier +* Removed the unused reverse_bits and reverse_bytes functions + +Version 1.4.7, 2005-09-25 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed major performance problems with recent versions of GNU C++ +* Added an implementation of the X9.31 PRNG +* Removed the X9.17 and FIPS 186-2 PRNG algorithms +* Changed defaults to use X9.31 PRNGs as global PRNG objects +* Documentation updates to reflect the PRNG changes +* Some cleanups related to the engine code +* Removed two useless headers, base_eng.h and secalloc.h +* Removed PK_Verifier::valid_signature +* Fixed configure/build system bugs affecting MacOS X builds +* Added support for the EKOPath x86-64 compiler +* Added missing destructor for BlockCipherModePaddingMethod +* Fix some build problems with Visual C++ 2005 beta +* Fix some build problems with Visual C++ 2003 Workshop + +Version 1.4.6, 2005-03-13 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fix an error in the shutdown code introduced in 1.4.5 +* Setting base/pkcs8_tries to 0 disables the builtin fail-out +* Support for XMPP identifiers in X.509 certificates +* Duplicate entries in X.509 DNs are removed +* More fixes for Borland C++, from Friedemann Kleint +* Add a workaround for buggy iostreams + +Version 1.4.5, 2005-02-26 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add support for AES encryption of private keys +* Minor fixes for PBES2 parameter decoding +* Internal cleanups for global state variables +* GCC 3.x version detection was broken in non-English locales +* Work around a Sun Forte bug affecting mem_pool.h +* Several fixes for Borland C++ 5.5, from Friedemann Kleint +* Removed inclusion of init.h into base.h +* Fixed a major bug in reading from certificate stores +* Cleaned up a couple of mutex leaks +* Removed some left-over debugging code +* Removed SSL3_MAC, SSL3_PRF, and TLS_PRF + +Version 1.4.4, 2004-12-02 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Further tweaks to the pooling allocator +* Modified EMSA3 to support SSL/TLS signatures +* Changes to support Qt/QCA, from Justin Karneges +* Moved mux_qt module code into mod_qt +* Fixes for HP-UX from Mike Desjardins + +Version 1.4.3, 2004-11-06 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Split up SecureAllocator into Allocator and Pooling_Allocator +* Memory locking allocators are more likely to be used +* Fixed the placement of includes in some modules +* Fixed broken installation procedure +* Fixes in configure script to support alternate install programs +* Modules can specify the minimum version they support + +Version 1.4.2, 2004-10-31 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed a major CRL handling bug +* Cipher and hash operations can be offloaded to engines +* Added support for cipher and hash offload in OpenSSL engine +* Improvements for 64-bit CPUs without a widening multiply instruction +* Support for SHA2-* and Whirlpool with EMSA2 +* Fixed a long-standing build problem with conflicting include files +* Fixed some examples that hadn't been updated for 1.4.x +* Portability fixes for Solaris, BSD, HP-UX, and others +* Lots of fixes and cleanups in the configure script +* Updated the Gentoo ebuild file + +Version 1.4.1, 2004-10-10 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed major errors in the X.509 and PKCS #8 copy_key functions +* Added a LAST_MESSAGE meta-message number for Pipe +* Added new aliases (3DES and DES-EDE) for Triple-DES +* Added some new functions to PK_Verifier +* Cleaned up the KDF interface +* Disabled tm_posix on BSD due to header issues +* Fixed a build problem on PowerPC with GNU C++ pre-3.4 + +Version 1.4.0, 2004-06-26 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added the FIPS 186 RNG back +* Added copy_key functions for X.509 public keys and PKCS #8 private keys +* Fixed PKCS #1 signatures with RIPEMD-128 +* Moved some code around to avoid warnings with Sun ONE compiler +* Fixed a bug in botan-config affecting OpenBSD +* Fixed some build problems on Tru64, HP-UX +* Fixed compile problems with Intel C++, Compaq C++ + +Version 1.3.14, 2004-06-12 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added support for AEP's AEP1000/AEP2000 crypto cards +* Added a Mutex module using Qt, from Justin Karneges +* Added support for engine loading in LibraryInitializer +* Tweaked SecureAllocator, giving 20% better performance under heavy load +* Added timer and memory locking modules for Win32 (tm_win32, ml_win32) +* Renamed PK_Engine to Engine_Core +* Improved the Karatsuba cutoff points +* Fixes for compiling with GCC 3.4 and Sun C++ 5.5 +* Fixes for Linux/s390, OpenBSD, and Solaris +* Added support for Linux/s390x +* The configure script was totally broken for 'generic' OS +* Removed Montgomery reduction due to bugs +* Removed an unused header, pkcs8alg.h +* check --validate returns an error code if any tests failed +* Removed duplicate entry in Unix command list for es_unix +* Moved the Cert_Usage enumeration into X509_Store +* Added new timing methods for PK benchmarks, clock_gettime and RDTSC +* Fixed a few minor bugs in the configure script +* Removed some deprecated functions from x509cert.h and pkcs10.h +* Removed the 'minimal' module, has to be updated for Engine support +* Changed MP_WORD_BITS macro to BOTAN_MP_WORD_BITS to clean up namespace +* Documentation updates + +Version 1.3.13, 2004-05-15 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Major fixes for Cygwin builds +* Minor MacOS X install fixes +* The configure script is a little better at picking the right modules +* Removed ml_unix from the 'unix' module set for Cygwin compatibility +* Fixed a stupid compile problem in pkcs10.h + +Version 1.3.12, 2004-05-02 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added ability to remove old entries from CRLs +* Swapped the first two arguments of X509_CA::update_crl() +* Added an < operator for MemoryRegion, so it can be used as a std::map key +* Changed X.509 searching by DNS name from substring to full string compares +* Renamed a few X509_Certificate and PKCS10_Request member functions +* Fixed a problem when decoding some PKCS #10 requests +* Hex_Decoder would not check inputs, reported by Vaclav Ovsik +* Changed default CRL expire time from 30 days to 7 days +* X509_CRL's default PEM header is now "X509 CRL", for OpenSSL compatibility +* Corrected errors in the API doc, fixes from Ken Perano +* More documentation about the Pipe/Filter code + +Version 1.3.11, 2004-04-01 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed two show-stopping bugs in PKCS10_Request +* Added some sanity checks in Pipe/Filter +* The DNS and URI entries would get swapped in subjectAlternativeNames +* MAC_Filter is now willing to not take a key at creation time +* Setting the expiration times of certs and CRLs is more flexible +* Fixed problems building on AIX with GCC +* Fixed some problems in the tutorial pointed out by Dominik Vogt +* Documentation updates + +Version 1.3.10, 2004-03-27 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added support for OpenPGP's ASCII armor format +* Cleaned up the RNG system; seeding is much more flexible +* Added simple autoconfiguration abilities to configure.pl +* Fixed a GCC 2.95.x compile problem +* Updated the example configuration file +* Documentation updates + +Version 1.3.9, 2004-03-07 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added an engine using OpenSSL (requires 0.9.7 or later) +* X509_Certificate would lose email addresses stored in the DN +* Fixed a missing initialization in a BigInt constructor +* Fixed several Visual C++ compile problems +* Fixed some BeOS build problems +* Fixed the WiderWake benchmark + +Version 1.3.8, 2003-12-30 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Initial introduction of engine support, which separates PK keys from + the underlying operations. An engine using GNU MP was added. + +* DSA, DH, NR, and ElGamal constructors accept taking just the private + key again since the public key is easily derived from it. + +* Montgomery reduction support was added. +* ElGamal keys now support being imported/exported as ASN.1 objects +* Added Montgomery reductions +* Added an engine that uses GNU MP (requires 4.1 or later) +* Removed the obsolete mp_gmp module +* Moved several initialization/shutdown functions to init.h +* Major refactoring of the memory containers +* New non-locking container, MemoryVector +* Fixed 64-bit problems in BigInt::set_bit/clear_bit +* Renamed PK_Key::check_params() to check_key() +* Some incompatible changes to OctetString +* Added version checking macros in version.h +* Removed the fips140 module pending rewrite +* Added some functions and hooks to help GUIs +* Moved more shared code into MDx_HashFunction +* Added a policy hook for specifying the encoding of X.509 strings + +Version 1.3.7, 2003-12-12 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed a big security problem in es_unix +* Fixed several stability problems in es_unix +* Expanded the list of programs es_unix will try to use +* SecureAllocator now only preallocates blocks in special cases +* Added a special case in Global_RNG::seed for forcing a full poll +* Removed the FIPS 186 RNG added in 1.3.5 pending further testing +* Configure updates for PowerPC CPUs +* Removed the (never tested) VAX support +* Added support for S/390 Linux + +Version 1.3.6, 2003-12-07 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added a new module 'minimal', which disables most algorithms +* SecureAllocator allocates a few blocks at startup +* A few minor MPI cleanups +* RPM spec file cleanups and fixes + +Version 1.3.5, 2003-11-30 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Major improvements in ASN.1 string handling +* Added partial support for ASN.1 UTF8 STRINGs and BMP STRINGs +* Added partial support for the X.509v3 certificate policies extension +* Centralized the handling of character set information +* Added FIPS 140-2 startup self tests +* Added a module (fips140) for doing extra FIPS 140-2 tests +* Added FIPS 186-2 RNG +* Improved ASN.1 BIT STRING handling +* Removed a memory leak in PKCS10_Request +* The encoding of DirectoryString now follows PKIX guidelines +* Fixed some of the character set dependencies +* Fixed a DER encoding error for tags greater than 30 +* The BER decoder can now handle tags larger than 30 +* Fixed tm_hard.cpp to recognize SPARC on more systems +* Workarounds for a GCC 2.95.x bug in x509find.cpp +* RPM changed to install into /usr instead of /usr/local +* Added support for QNX + +Version 1.2.8, 2003-11-21 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Merged several important bug fixes from 1.3.x + +Version 1.3.4, 2003-11-21 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added a module that does certain MPI operations using GNU MP +* Added the X9.42 Diffie-Hellman PRF +* The Zlib and Bzip2 objects now use custom allocators +* Added member functions for directly hashing/MACing SecureVectors +* Minor optimizations to the MPI addition and subtraction algorithms +* Some cleanups in the low-level MPI code +* Created separate AES-{128,192,256} objects + +Version 1.3.3, 2003-11-17 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* The library can now be repeatedly initialized and shutdown without crashing +* Fixed an off-by-one error in the CTS code +* Fixed an error in the EMSA4 verification code +* Fixed a memory leak in mutex.cpp (pointed out by James Widener) +* Fixed a memory leak in Pthread_Mutex +* Fixed several memory leaks in the testing code +* Bulletproofed the EMSA/EME/KDF/MGF retrieval functions +* Minor cleanups in SecureAllocator +* Removed a needless mutex guarding the (stateless) global timer +* Fixed a piece of bash-specific code in botan-config +* X.509 objects report more information about decoding errors +* Cleaned up some of the exception handling +* Updated the example config file with new OIDSs +* Moved the build instructions into a separate document, building.tex + +Version 1.3.2, 2003-11-13 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed a bug preventing DSA signatures from verifying on X.509 objects +* Made the X509_Store search routines more efficient and flexible +* Added a function to X509_PublicKey to do easy public/private key matching +* Added support for decoding indefinite length BER data +* Changed Pipe's peek() to take an offset +* Removed Filter::set_owns in favor of the new incr_owns function +* Removed BigInt::zero() and BigInt::one() +* Renamed the PEM related options from base/pem_* to pem/* +* Added an option to specify the line width when encoding PEM +* Removed the "rng/safe_longterm" option; it's always on now +* Changed the cipher used for RNG super-encryption from ARC4 to WiderWake4+1 +* Cleaned up the base64/hex encoders and decoders +* Added an ASN.1/BER decoder as an example +* AES had its internals marked 'public' in previous versions +* Changed the value of the ASN.1 NO_OBJECT enum +* Various new hacks in the configure script +* Removed the already nominal support for SunOS + +Version 1.3.1, 2003-11-04 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Generalized a few pieces of the DER encoder +* PKCS8::load_key would fail if handed an unencrypted key +* Added a failsafe so PKCS #8 key decoding can't go into an infinite loop + +Version 1.3.0, 2003-11-02 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Major redesign of the PKCS #8 private key import/export system +* Added a small amount of UI interface code for getting passphrases +* Added heuristics that tell if a key, cert, etc is stored as PEM or BER +* Removed CS-Cipher, SHARK, ThreeWay, MD5-MAC, and EMAC +* Removed certain deprecated constructors of RSA, DSA, DH, RW, NR +* Made PEM decoding more forgiving of extra text before the header + +Version 1.2.7, 2003-10-31 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added support for reading configuration files +* Added constructors so NR and RW keys can be imported easily +* Fixed mp_asm64, which was completely broken in 1.2.6 +* Removed tm_hw_ia32 module; replaced by tm_hard +* Added support for loading certain oddly formed RSA certificates +* Fixed spelling of NON_REPUDIATION enum +* Renamed the option default_to_ca to v1_assume_ca +* Fixed a minor bug in X.509 certificate generation +* Fixed a latent bug in the OID lookup code +* Updated the RPM spec file +* Added to the tutorial + +Version 1.2.6, 2003-07-04 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Major performance increase for PK algorithms on most 64-bit systems +* Cleanups in the low-level MPI code to support asm implementations +* Fixed build problems with some versions of Compaq's C++ compiler +* Removed useless constructors for NR public and private keys +* Removed support for the patch_file directive in module files +* Removed several deprecated functions + +Version 1.2.5, 2003-06-22 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed a tricky and long-standing memory leak in Pipe +* Major cleanups and fixes in the memory allocation system +* Removed alloc_mlock, which has been superseded by the ml_unix module +* Removed a denial of service vulnerability in X509_Store +* Fixed compilation problems with VS .NET 2003 and Codewarrior 8 +* Added another variant of PKCS8::load_key, taking a memory buffer +* Fixed various minor/obscure bugs which occurred when MP_WORD_BITS != 32 +* BigInt::operator%=(word) was a no-op if the input was a power of 2 +* Fixed portability problems in BigInt::to_u32bit +* Fixed major bugs in SSL3-MAC +* Cleaned up some messes in the PK algorithms +* Cleanups and extensions for OMAC and EAX +* Made changes to the entropy estimation function +* Added a 'beos' module set for use on BeOS +* Officially deprecated a few X509:: and PKCS8:: functions +* Moved the contents of primes.h to numthry.h +* Moved the contents of x509opt.h to x509self.h +* Removed the (empty) desx.h header +* Documentation updates + +Version 1.2.4, 2003-05-29 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed a bug in EMSA1 affecting NR signature verification +* Fixed a few latent bugs in BigInt related to word size +* Removed an unused function, mp_add2_nc, from the MPI implementation +* Reorganized the core MPI files + +Version 1.2.3, 2003-05-20 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed a bug that prevented DSA/NR key generation +* Fixed a bug that prevented importing some root CA certs +* Fixed a bug in the BER decoder when handing optional bit or byte strings +* Fixed the encoding of authorityKeyIdentifier in X509_CA +* Added a sanity check in PBKDF2 for zero length passphrases +* Added versions of X509::load_key and PKCS8::load_key that take a file name +* X509_CA generates 128 bit serial numbers now +* Added tests to check PK key generation +* Added a simplistic X.509 CA example +* Cleaned up some of the examples + +Version 1.2.2, 2003-05-13 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add checks to prevent any BigInt bugs from revealing an RSA or RW key +* Changed the interface of Global_RNG::seed +* Major improvements for the es_unix module +* Added another Win32 entropy source, es_win32 +* The Win32 CryptoAPI entropy source can now poll multiple providers +* Improved the BeOS entropy source +* Renamed pipe_unixfd module to fd_unix +* Fixed a file descriptor leak in the EGD module +* Fixed a few locking bugs + +Version 1.2.1, 2003-05-06 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added ANSI X9.23 compatible CBC padding +* Added an entropy source using Win32 CryptoAPI +* Removed the Pipe I/O operators taking a FILE* +* Moved the BigInt encoding/decoding functions into the BigInt class +* Integrated several fixes for VC++ 7 (from Hany Greiss) +* Fixed the configure.pl script for Windows builds + +Version 1.2.0, 2003-04-28 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Tweaked the Karatsuba cut-off points +* Increased the allowed keylength of HMAC and Blowfish +* Removed the 'mpi_ia32' module, pending rewrite +* Workaround a GCC 2.95.x bug in eme1.cpp + +Version 1.1.13, 2003-04-22 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added OMAC +* Added EAX authenticated cipher mode +* Diffie-Hellman would not do blinding in some cases +* Optimized the OFB and CTR modes +* Corrected Skipjack's word ordering, as per NIST clarification +* Support for all subject/issuer attribute types required by RFC 3280 +* The removeFromCRL CRL reason code is now handled correctly +* Increased the flexibility of the allocators +* Renamed Rijndael to AES, created aes.h, deleted rijndael.h +* Removed support for the 'no_timer' LibraryInitializer option +* Removed 'es_pthr' module, pending further testing +* Cleaned up get_ciph.cpp + +Version 1.1.12, 2003-04-15 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed a ASN.1 string encoding bug +* Fixed a pair of X509_DN encoding problems +* Base64_Decoder and Hex_Decoder can now validate input +* Removed support for the LibraryInitializer option 'egd_path' +* Added tests for DSA X.509 and PKCS #8 key formats +* Removed a long deprecated feature of DH_PrivateKey's constructor +* Updated the RPM .spec file +* Major documentation updates + +Version 1.1.11, 2003-04-07 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added PKCS #10 certificate requests +* Changed X509_Store searching interface to be more flexible +* Added a generic Certificate_Store interface +* Added a function for generating self-signed X.509 certs +* Cleanups and changes to X509_CA +* New examples for PKCS #10 and self-signed certificates +* Some documentation updates + +Version 1.1.10, 2003-04-03 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* X509_CA can now generate new X.509 CRLs +* Added blinding for RSA, RW, DH, and ElGamal to prevent timing attacks +* More certificate and CRL extensions/attributes are supported +* Better DN handling in X.509 certificates/CRLs +* Added a DataSink hierarchy (suggested by Jim Darby) +* Consolidated SecureAllocator and ManagedAllocator +* Many cleanups and generalizations +* Added a (slow) pthreads based EntropySource +* Fixed some threading bugs + +Version 1.1.9, 2003-02-25 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added support for using X.509v2 CRLs +* Fixed several bugs in the path validation algorithm +* Certificates can be verified for a particular usage +* Algorithm for comparing distinguished names now follows X.509 +* Cleaned up the code for the es_beos, es_ftw, es_unix modules +* Documentation updates + +Version 1.1.8, 2003-01-29 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixes for the certificate path validation algorithm in X509_Store +* Fixed a bug affecting X509_Certificate::is_ca_cert() +* Added a general configuration interface for policy issues +* Cleanups and API changes in the X.509 CA, cert, and store code +* Made various options available for X509_CA users +* Changed X509_Time's interface to work around time_t problems +* Fixed a theoretical weakness in Randpool's entropy mixing function +* Fixed problems compiling with GCC 2.95.3 and GCC 2.96 +* Fixed a configure bug (reported by Jon Wilson) affecting MinGW + +Version 1.0.2, 2003-01-12 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed an obscure SEGFAULT causing bug in Pipe +* Fixed an obscure but dangerous bug in SecureVector::swap + +Version 1.1.7, 2003-01-12 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed an obscure but dangerous bug in SecureVector::swap +* Consolidated SHA-384 and SHA-512 to save code space +* Added SSL3-MAC and SSL3-PRF +* Documentation updates, including a new tutorial + +Version 1.1.6, 2002-12-10 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Initial support for X.509v3 certificates and CAs +* Major redesign/rewrite of the ASN.1 encoding/decoding code +* Added handling for DSA/NR signatures encoded as DER SEQUENCEs +* Documented the generic cipher lookup interface +* Added an (untested) entropy source for BeOS +* Various cleanups and bug fixes + +Version 1.1.5, 2002-11-17 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added the discrete logarithm integrated encryption system (DLIES) +* Various optimizations for BigInt +* Added support for assembler optimizations in modules +* Added BigInt x86 optimizations module (mpi_ia32) + +Version 1.1.4, 2002-11-10 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Speedup of 15-30% for PK algorithms +* Implemented the PBES2 encryption scheme +* Fixed a potential bug in decoding RSA and RW private keys +* Changed the DL_Group class interface to handle different formats better +* Added support for PKCS #3 encoded DH parameters +* X9.42 DH parameters use a PEM label of 'X942 DH PARAMETERS' +* Added key pair consistency checking +* Fixed a compatibility problem with gcc 2.96 (pointed out by Hany Greiss) +* A botan-config script is generated at configure time +* Documentation updates + +Version 1.1.3, 2002-11-03 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added a generic public/private key loading interface +* Fixed a small encoding bug in RSA, RW, and DH +* Changed the PK encryption/decryption interface classes +* ECB supports using padding methods +* Added a function-based interface for library initialization +* Added support for RIPEMD-128 and Tiger PKCS#1 v1.5 signatures +* The cipher mode benchmarks now use 128-bit AES instead of DES +* Removed some obsolete typedefs +* Removed OpenCL support (opencl.h, the OPENCL_* macros, etc) +* Added tests for PKCS #8 encoding/decoding +* Added more tests for ECB and CBC + +Version 1.1.2, 2002-10-21 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Support for PKCS #8 encoded RSA, DSA, and DH private keys +* Support for Diffie-Hellman X.509 public keys +* Major reorganization of how X.509 keys are handled +* Added PKCS #5 v2.0's PBES1 encryption scheme +* Added a generic cipher lookup interface +* Added the WiderWake4+1 stream cipher +* Added support for sync-able stream ciphers +* Added a 'paranoia level' option for the LibraryInitializer +* More security for RNG output meant for long term keys +* Added documentation for some of the new 1.1.x features +* CFB's feedback argument is now specified in bits +* Renamed CTR class to CTR_BE +* Updated the RSA and DSA examples to use X.509 and PKCS #8 key formats + +Version 1.1.1, 2002-10-15 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added the Korean hash function HAS-160 +* Partial support for RSA and DSA X.509 public keys +* Added a mostly functional BER encoder/decoder +* Added support for non-deterministic MAC functions +* Initial support for PEM encoding/decoding +* Internal cleanups in the PK algorithms +* Several new convenience functions in Pipe +* Fixed two nasty bugs in Pipe +* Messed with the entropy sources for es_unix +* Discrete logarithm groups are checked for safety more closely now +* For compatibility with GnuPG, ElGamal now supports DSA-style groups + +Version 1.0.1, 2002-09-14 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed a minor bug in Randpool::random() +* Added some new aliases and typedefs for 1.1.x compatibility +* The 4096-bit RSA benchmark key was decimal instead of hex +* EMAC was returning an incorrect name + +Version 1.1.0, 2002-09-14 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added entropy estimation to the RNGs +* Improved the overall design of both Randpool and ANSI_X917_RNG +* Added a separate RNG for nonce generation +* Added window exponentiation support in power_mod +* Added a get_s2k function and the PKCS #5 S2K algorithms +* Added the TLSv1 PRF +* Replaced BlockCipherModeIV typedef with InitializationVector class +* Renamed PK_Key_Agreement_Scheme to PK_Key_Agreement +* Renamed SHA1 -> SHA_160 and SHA2_x -> SHA_x +* Added support for RIPEMD-160 PKCS#1 v1.5 signatures +* Changed the key agreement scheme interface +* Changed the S2K and KDF interfaces +* Better SCAN compatibility for HAVAL, Tiger, MISTY1, SEAL, RC5, SAFER-SK +* Added support for variable-pass Tiger +* Major speedup for Rabin-Williams key generation + +Version 1.0.0, 2002-08-26 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Octal I/O of BigInt is now supported +* Fixed portability problems in the es_egd module +* Generalized IV handling in the block cipher modes +* Added Karatsuba multiplication and k-ary exponentiation +* Fixed a problem in the multiplication routines + +Version 0.9.2, 2002-08-18 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* DH_PrivateKey::public_value() was returning the wrong value +* Various BigInt optimizations +* The filters.h header now includes hex.h and base64.h +* Moved Counter mode to ctr.h +* Fixed a couple minor problems with VC++ 7 +* Fixed problems with the RPM spec file + +Version 0.9.1, 2002-08-10 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Grand rename from OpenCL to Botan +* Major optimizations for the PK algorithms +* Added ElGamal encryption +* Added Whirlpool +* Tweaked memory allocation parameters +* Improved the method of seeding the global RNG +* Moved pkcs1.h to eme_pkcs.h +* Added more test vectors for some algorithms +* Fixed error reporting in the BigInt tests +* Removed Default_Timer, it was pointless +* Added some new example applications +* Removed some old examples that weren't that interesting +* Documented the compression modules + +Version 0.9.0, 2002-08-03 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* EMSA4 supports variable salt size +* PK_* can take a string naming the encoding method to use +* Started writing some internals documentation + +Version 0.8.7, 2002-07-30 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed bugs in EME1 and EMSA4 +* Fixed a potential crash at shutdown +* Cipher modes returned an ill-formed name +* Removed various deprecated types and headers +* Cleaned up the Pipe interface a bit +* Minor additions to the documentation +* First stab at a Visual C++ makefile (doc/Makefile.vc7) + +Version 0.8.6, 2002-07-25 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added EMSA4 (aka PSS) +* Brought the manual up to date; many corrections and additions +* Added a parallel hash function construction +* Lookup supports all available algorithms now +* Lazy initialization of the lookup tables +* Made more discrete logarithm groups available through get_dl_group() +* StreamCipher_Filter supports seeking (if the underlying cipher does) +* Minor optimization for GCD calculations +* Renamed SAFER_SK128 to SAFER_SK +* Removed many previously deprecated functions +* Some now-obsolete functions, headers, and types have been deprecated +* Fixed some bugs in DSA prime generation +* DL_Group had a constructor for DSA-style prime gen but it wasn't defined +* Reversed the ordering of the two arguments to SEAL's constructor +* Fixed a threading problem in the PK algorithms +* Fixed a minor memory leak in lookup.cpp +* Fixed pk_types.h (it was broken in 0.8.5) +* Made validation tests more verbose +* Updated the check and example applications + +Version 0.8.5, 2002-07-21 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Major changes to constructors for DL-based cryptosystems (DSA, NR, DH) +* Added a DL_Group class +* Reworking of the pubkey internals +* Support in lookup for aliases and PK algorithms +* Renamed CAST5 to CAST_128 and CAST256 to CAST_256 +* Added EMSA1 +* Reorganization of header files +* LibraryInitializer will install new allocator types if requested +* Fixed a bug in Diffie-Hellman key generation +* Did a workaround in pipe.cpp for GCC 2.95.x on Linux +* Removed some debugging code from init.cpp that made FTW ES useless +* Better checking for invalid arguments in the PK algorithms +* Reduced Base64 and Hex default line length (if line breaking is used) +* Fixes for HP's aCC compiler +* Cleanups in BigInt + +Version 0.8.4, 2002-07-14 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added Nyberg-Rueppel signatures +* Added Diffie-Hellman key exchange (kex interface is subject to change) +* Added KDF2 +* Enhancements to the lookup API +* Many things formerly taking pointers to algorithms now take names +* Speedups for prime generation +* LibraryInitializer has support for seeding the global RNG +* Reduced SAFER-SK128 memory consumption +* Reversed the ordering of public and private key values in DSA constructor +* Fixed serious bugs in MemoryMapping_Allocator +* Fixed memory leak in Lion +* FTW_EntropySource was not closing the files it read +* Fixed line breaking problem in Hex_Encoder + +Version 0.8.3, 2002-06-09 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added DSA and Rabin-Williams signature schemes +* Added EMSA3 +* Added PKCS#1 v1.5 encryption padding +* Added Filters for PK algorithms +* Added a Keyed_Filter class +* LibraryInitializer processes arguments now +* Major revamp of the PK interface classes +* Changed almost all of the Filters for non-template operation +* Changed HMAC, Lion, Luby-Rackoff to non-template classes +* Some fairly minor BigInt optimizations +* Added simple benchmarking for PK algorithms +* Added hooks for fixed base and fixed exponent modular exponentiation +* Added some examples for using RSA +* Numerous bugfixes and cleanups +* Documentation updates + +Version 0.8.2, 2002-05-18 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added an (experimental) algorithm lookup interface +* Added code for directly testing BigInt +* Added SHA2-384 +* Optimized SHA2-512 +* Major optimization for Adler32 (thanks to Dan Nicolaescu) +* Various minor optimizations in BigInt and related areas +* Fixed two bugs in X9.19 MAC, both reported by Darren Starsmore +* Fixed a bug in BufferingFilter +* Made a few fixes for MacOS X +* Added a workaround in configure.pl for GCC 2.95.x +* Better support for PowerPC, ARM, and Alpha +* Some more cleanups + +Version 0.8.1, 2002-05-06 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Major code cleanup (check doc/deprecated.txt) +* Various bugs fixed, including several portability problems +* Renamed MessageAuthCode to MessageAuthenticationCode +* A replacement for X917 is in x917_rng.h +* Changed EMAC to non-template class +* Added ANSI X9.19 compatible CBC-MAC +* TripleDES now supports 128 bit keys + +Version 0.8.0, 2002-04-24 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Merged BigInt: many bugfixes and optimizations since alpha2 +* Added RSA (rsa.h) +* Added EMSA2 (emsa2.h) +* Lots of new interface code for public key algorithms (pk_base.h, pubkey.h) +* Changed some interfaces, including SymmetricKey, to support the global rng +* Fixed a serious bug in ManagedAllocator +* Renamed RIPEMD128 to RIPEMD_128 and RIPEMD160 to RIPEMD_160 +* Removed some deprecated stuff +* Added a global random number generator (rng.h) +* Added clone functions to most of the basic algorithms +* Added a library initializer class (init.h) +* Version macros in version.h +* Moved the base classes from opencl.h to base.h +* Renamed the bzip2 module to comp_bzip2 and zlib to comp_zlib +* Documentation updates for the new stuff (still incomplete) +* Many new deprecated things: check doc/deprecated.txt + +Version 0.7.10, 2002-04-07 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added EGD_EntropySource module (es_egd) +* Added a file tree walking EntropySource (es_ftw) +* Added MemoryLocking_Allocator module (alloc_mlock) +* Renamed the pthr_mux, unix_rnd, and mmap_mem modules +* Changed timer mechanism; the clock method can be switched on the fly. +* Renamed MmapDisk_Allocator to MemoryMapping_Allocator +* Renamed ent_file.h to es_file.h (ent_file.h is around, but deprecated) +* Fixed several bugs in MemoryMapping_Allocator +* Added more default sources for Unix_EntropySource +* Changed SecureBuffer to use same allocation methods as SecureVector +* Added bigint_divcore into mp_core to support BigInt alpha2 release +* Removed some Pipe functions deprecated since 0.7.8 +* Some fixes for the configure program + +Version 0.7.9, 2002-03-19 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Memory allocation substantially revamped +* Added memory allocation method based on mmap(2) in the mmap_mem module +* Added ECB and CTS block cipher modes (ecb.h, cts.h) +* Added a Mutex interface (mutex.h) +* Added module pthr_mux, implementing the Mutex interface +* Added Threaded Filter interface (thr_filt.h) +* All algorithms can now by keyed with SymmetricKey objects +* More testing occurs with --validate (expected failures) +* Fixed two bugs reported by Hany Greiss, in Luby-Rackoff and RC6 +* Fixed a buffering bug in Bzip_Decompress and Zlib_Decompress +* Made X917 safer (and about 1/3 as fast) +* Documentation updates + +Version 0.7.8, 2002-02-28 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* More capabilities for Pipe, inspired by SysV STREAMS, including peeking, + better buffering, and stack ops. NOT BACKWARDS COMPATIBLE: SEE DOCUMENTATION +* Added a BufferingFilter class +* Added popen() based EntropySource for generic Unix systems (unix_rnd) +* Moved 'devrand' module into main distribution (ent_file.h), renamed to + File_EntropySource, and changed interface somewhat. +* Made Randpool somewhat more conservative and also 25% faster +* Minor fixes and updates for the configure script +* Added some tweaks for memory allocation +* Documentation updates for the new Pipe interface +* Fixed various minor bugs +* Added a couple of new example programs (stack and hasher2) + +Version 0.7.7, 2001-11-24 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Filter::send now works in the constructor of a Filter subclass +* You may now have to include <opencl/pipe.h> explicitly in some code +* Added preliminary PK infrastructure classes in pubkey.h and pkbase.h +* Enhancements to SecureVector (append, destroy functions) +* New infrastructure for secure memory allocation +* Added IEEE P1363 primitives MGF1, EME1, KDF1 +* Rijndael optimizations and cleanups +* Changed CipherMode<B> to BlockCipherMode(B*) +* Fixed a nasty bug in pipe_unixfd +* Added portions of the BigInt code into the main library +* Support for VAX, SH, POWER, PowerPC-64, Intel C++ + +Version 0.7.6, 2001-10-14 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed several serious bugs in SecureVector created in 0.7.5 +* Square optimizations +* Fixed shared objects on MacOS X and HP-UX +* Fixed static libs for KCC 4.0; works with KCC 3.4g as well +* Full support for Athlon and K6 processors using GCC +* Added a table of prime numbers < 2**16 (primes.h) +* Some minor documentation updates + +Version 0.7.5, 2001-08-19 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Split checksum.h into adler32.h, crc24.h, and crc32.h +* Split modes.h into cbc.h, cfb.h, and ofb.h +* CBC_wPadding* has been replaced by CBC_Encryption and CBC_Decryption +* Added OneAndZeros and NoPadding methods for CBC +* Added Lion, a very fast block cipher construction +* Added an S2K base class (s2k.h) and an OpenPGP_S2K class (pgp_s2k.h) +* Basic types (ciphers, hashes, etc) know their names now (call name()) +* Changed the EntropySource type somewhat +* Big speed-ups for ISAAC, Adler32, CRC24, and CRC32 +* Optimized CAST-256, DES, SAFER-SK, Serpent, SEAL, MD2, and RIPEMD-160 +* Some semantics of SecureVector have changed slightly +* The mlock module has been removed for the time being +* Added string handling functions for hashes and MACs +* Various non-user-visible cleanups +* Shared library soname is now set to the full version number + +Version 0.7.4, 2001-07-15 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* New modules: Zlib, gettimeofday and x86 RTC timers, Unix I/O for Pipe +* Fixed a vast number of errors in the config script/makefile/specfile +* Pipe now has a stdio(3) interface as well as C++ iostreams +* ARC4 supports skipping the first N bytes of the cipher stream (ala MARK4) +* Bzip2 supports decompressing multiple concatenated streams, and flushing +* Added a simple 'overall average' score to the benchmarks +* Fixed a small bug in the POSIX timer module +* Removed a very-unlikely-to-occur bug in most of the hash functions +* filtbase.h now includes <iosfwd>, not <iostream> +* Minor documentation updates + +Version 0.7.3, 2001-06-08 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fix build problems on Solaris/SPARC +* Fix build problems with Perl versions < 5.6 +* Fixed some stupid code that broke on a few compilers +* Added string handling functions to Pipe +* MISTY1 optimizations + +Version 0.7.2, 2001-06-03 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Build system supports modules +* Added modules for mlock, a /dev/random EntropySource, POSIX1.b timers +* Added Bzip2 compression filter, contributed by Peter Jones +* GNU make no longer required (tested with 4.4BSD pmake and Solaris make) +* Fixed minor bug in several of the hash functions +* Various other minor fixes and changes +* Updates to the documentation + +Version 0.7.1, 2001-05-16 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Rewrote configure script: more consistent and complete +* Made it easier to find out parameters of types at run time (opencl.h) +* New functions for finding the version being used (version.h) +* New SymmetricKey interface for Filters (symkey.h) +* InvalidKeyLength now records what the invalid key length was +* Optimized DES, CS-Cipher, MISTY1, Skipjack, XTEA +* Changed GOST to use correct S-box ordering (incompatible change) +* Benchmark code was almost totally rewritten +* Many more entries in the test vector file +* Fixed minor and idiotic bug in check.cpp + +Version 0.7.0, 2001-03-01 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* First public release + + diff --git a/doc/relnotes/0_7_0.rst b/doc/relnotes/0_7_0.rst deleted file mode 100644 index 5339b7b10..000000000 --- a/doc/relnotes/0_7_0.rst +++ /dev/null @@ -1,5 +0,0 @@ -Version 0.7.0, 2001-03-01 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* First public release - diff --git a/doc/relnotes/0_7_1.rst b/doc/relnotes/0_7_1.rst deleted file mode 100644 index cc57ef0ee..000000000 --- a/doc/relnotes/0_7_1.rst +++ /dev/null @@ -1,14 +0,0 @@ -Version 0.7.1, 2001-05-16 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Rewrote configure script: more consistent and complete -* Made it easier to find out parameters of types at run time (opencl.h) -* New functions for finding the version being used (version.h) -* New SymmetricKey interface for Filters (symkey.h) -* InvalidKeyLength now records what the invalid key length was -* Optimized DES, CS-Cipher, MISTY1, Skipjack, XTEA -* Changed GOST to use correct S-box ordering (incompatible change) -* Benchmark code was almost totally rewritten -* Many more entries in the test vector file -* Fixed minor and idiotic bug in check.cpp - diff --git a/doc/relnotes/0_7_10.rst b/doc/relnotes/0_7_10.rst deleted file mode 100644 index df08df532..000000000 --- a/doc/relnotes/0_7_10.rst +++ /dev/null @@ -1,17 +0,0 @@ -Version 0.7.10, 2002-04-07 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added EGD_EntropySource module (es_egd) -* Added a file tree walking EntropySource (es_ftw) -* Added MemoryLocking_Allocator module (alloc_mlock) -* Renamed the pthr_mux, unix_rnd, and mmap_mem modules -* Changed timer mechanism; the clock method can be switched on the fly. -* Renamed MmapDisk_Allocator to MemoryMapping_Allocator -* Renamed ent_file.h to es_file.h (ent_file.h is around, but deprecated) -* Fixed several bugs in MemoryMapping_Allocator -* Added more default sources for Unix_EntropySource -* Changed SecureBuffer to use same allocation methods as SecureVector -* Added bigint_divcore into mp_core to support BigInt alpha2 release -* Removed some Pipe functions deprecated since 0.7.8 -* Some fixes for the configure program - diff --git a/doc/relnotes/0_7_2.rst b/doc/relnotes/0_7_2.rst deleted file mode 100644 index a9b6ae452..000000000 --- a/doc/relnotes/0_7_2.rst +++ /dev/null @@ -1,11 +0,0 @@ -Version 0.7.2, 2001-06-03 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Build system supports modules -* Added modules for mlock, a /dev/random EntropySource, POSIX1.b timers -* Added Bzip2 compression filter, contributed by Peter Jones -* GNU make no longer required (tested with 4.4BSD pmake and Solaris make) -* Fixed minor bug in several of the hash functions -* Various other minor fixes and changes -* Updates to the documentation - diff --git a/doc/relnotes/0_7_3.rst b/doc/relnotes/0_7_3.rst deleted file mode 100644 index 57b7a630a..000000000 --- a/doc/relnotes/0_7_3.rst +++ /dev/null @@ -1,9 +0,0 @@ -Version 0.7.3, 2001-06-08 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fix build problems on Solaris/SPARC -* Fix build problems with Perl versions < 5.6 -* Fixed some stupid code that broke on a few compilers -* Added string handling functions to Pipe -* MISTY1 optimizations - diff --git a/doc/relnotes/0_7_4.rst b/doc/relnotes/0_7_4.rst deleted file mode 100644 index 523a6bccc..000000000 --- a/doc/relnotes/0_7_4.rst +++ /dev/null @@ -1,14 +0,0 @@ -Version 0.7.4, 2001-07-15 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* New modules: Zlib, gettimeofday and x86 RTC timers, Unix I/O for Pipe -* Fixed a vast number of errors in the config script/makefile/specfile -* Pipe now has a stdio(3) interface as well as C++ iostreams -* ARC4 supports skipping the first N bytes of the cipher stream (ala MARK4) -* Bzip2 supports decompressing multiple concatenated streams, and flushing -* Added a simple 'overall average' score to the benchmarks -* Fixed a small bug in the POSIX timer module -* Removed a very-unlikely-to-occur bug in most of the hash functions -* filtbase.h now includes <iosfwd>, not <iostream> -* Minor documentation updates - diff --git a/doc/relnotes/0_7_5.rst b/doc/relnotes/0_7_5.rst deleted file mode 100644 index cb729d182..000000000 --- a/doc/relnotes/0_7_5.rst +++ /dev/null @@ -1,19 +0,0 @@ -Version 0.7.5, 2001-08-19 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Split checksum.h into adler32.h, crc24.h, and crc32.h -* Split modes.h into cbc.h, cfb.h, and ofb.h -* CBC_wPadding* has been replaced by CBC_Encryption and CBC_Decryption -* Added OneAndZeros and NoPadding methods for CBC -* Added Lion, a very fast block cipher construction -* Added an S2K base class (s2k.h) and an OpenPGP_S2K class (pgp_s2k.h) -* Basic types (ciphers, hashes, etc) know their names now (call name()) -* Changed the EntropySource type somewhat -* Big speed-ups for ISAAC, Adler32, CRC24, and CRC32 -* Optimized CAST-256, DES, SAFER-SK, Serpent, SEAL, MD2, and RIPEMD-160 -* Some semantics of SecureVector have changed slightly -* The mlock module has been removed for the time being -* Added string handling functions for hashes and MACs -* Various non-user-visible cleanups -* Shared library soname is now set to the full version number - diff --git a/doc/relnotes/0_7_6.rst b/doc/relnotes/0_7_6.rst deleted file mode 100644 index 13294e7a5..000000000 --- a/doc/relnotes/0_7_6.rst +++ /dev/null @@ -1,11 +0,0 @@ -Version 0.7.6, 2001-10-14 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed several serious bugs in SecureVector created in 0.7.5 -* Square optimizations -* Fixed shared objects on MacOS X and HP-UX -* Fixed static libs for KCC 4.0; works with KCC 3.4g as well -* Full support for Athlon and K6 processors using GCC -* Added a table of prime numbers < 2**16 (primes.h) -* Some minor documentation updates - diff --git a/doc/relnotes/0_7_7.rst b/doc/relnotes/0_7_7.rst deleted file mode 100644 index 83dfd2d2f..000000000 --- a/doc/relnotes/0_7_7.rst +++ /dev/null @@ -1,15 +0,0 @@ -Version 0.7.7, 2001-11-24 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Filter::send now works in the constructor of a Filter subclass -* You may now have to include <opencl/pipe.h> explicitly in some code -* Added preliminary PK infrastructure classes in pubkey.h and pkbase.h -* Enhancements to SecureVector (append, destroy functions) -* New infrastructure for secure memory allocation -* Added IEEE P1363 primitives MGF1, EME1, KDF1 -* Rijndael optimizations and cleanups -* Changed CipherMode<B> to BlockCipherMode(B*) -* Fixed a nasty bug in pipe_unixfd -* Added portions of the BigInt code into the main library -* Support for VAX, SH, POWER, PowerPC-64, Intel C++ - diff --git a/doc/relnotes/0_7_8.rst b/doc/relnotes/0_7_8.rst deleted file mode 100644 index 92b9291b1..000000000 --- a/doc/relnotes/0_7_8.rst +++ /dev/null @@ -1,16 +0,0 @@ -Version 0.7.8, 2002-02-28 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* More capabilities for Pipe, inspired by SysV STREAMS, including peeking, - better buffering, and stack ops. NOT BACKWARDS COMPATIBLE: SEE DOCUMENTATION -* Added a BufferingFilter class -* Added popen() based EntropySource for generic Unix systems (unix_rnd) -* Moved 'devrand' module into main distribution (ent_file.h), renamed to - File_EntropySource, and changed interface somewhat. -* Made Randpool somewhat more conservative and also 25% faster -* Minor fixes and updates for the configure script -* Added some tweaks for memory allocation -* Documentation updates for the new Pipe interface -* Fixed various minor bugs -* Added a couple of new example programs (stack and hasher2) - diff --git a/doc/relnotes/0_7_9.rst b/doc/relnotes/0_7_9.rst deleted file mode 100644 index cb48eef3e..000000000 --- a/doc/relnotes/0_7_9.rst +++ /dev/null @@ -1,16 +0,0 @@ -Version 0.7.9, 2002-03-19 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Memory allocation substantially revamped -* Added memory allocation method based on mmap(2) in the mmap_mem module -* Added ECB and CTS block cipher modes (ecb.h, cts.h) -* Added a Mutex interface (mutex.h) -* Added module pthr_mux, implementing the Mutex interface -* Added Threaded Filter interface (thr_filt.h) -* All algorithms can now by keyed with SymmetricKey objects -* More testing occurs with --validate (expected failures) -* Fixed two bugs reported by Hany Greiss, in Luby-Rackoff and RC6 -* Fixed a buffering bug in Bzip_Decompress and Zlib_Decompress -* Made X917 safer (and about 1/3 as fast) -* Documentation updates - diff --git a/doc/relnotes/0_8_0.rst b/doc/relnotes/0_8_0.rst deleted file mode 100644 index 62c3a0384..000000000 --- a/doc/relnotes/0_8_0.rst +++ /dev/null @@ -1,21 +0,0 @@ -Version 0.8.0, 2002-04-24 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Merged BigInt: many bugfixes and optimizations since alpha2 -* Added RSA (rsa.h) -* Added EMSA2 (emsa2.h) -* Lots of new interface code for public key algorithms (pk_base.h, pubkey.h) -* Changed some interfaces, including SymmetricKey, to support the global rng -* Fixed a serious bug in ManagedAllocator -* Renamed RIPEMD128 to RIPEMD_128 and RIPEMD160 to RIPEMD_160 -* Removed some deprecated stuff -* Added a global random number generator (rng.h) -* Added clone functions to most of the basic algorithms -* Added a library initializer class (init.h) -* Version macros in version.h -* Moved the base classes from opencl.h to base.h -* Renamed the bzip2 module to comp_bzip2 and zlib to comp_zlib -* Documentation updates for the new stuff (still incomplete) -* Many new deprecated things: check doc/deprecated.txt - - diff --git a/doc/relnotes/0_8_1.rst b/doc/relnotes/0_8_1.rst deleted file mode 100644 index 98175994e..000000000 --- a/doc/relnotes/0_8_1.rst +++ /dev/null @@ -1,11 +0,0 @@ -Version 0.8.1, 2002-05-06 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Major code cleanup (check doc/deprecated.txt) -* Various bugs fixed, including several portability problems -* Renamed MessageAuthCode to MessageAuthenticationCode -* A replacement for X917 is in x917_rng.h -* Changed EMAC to non-template class -* Added ANSI X9.19 compatible CBC-MAC -* TripleDES now supports 128 bit keys - diff --git a/doc/relnotes/0_8_2.rst b/doc/relnotes/0_8_2.rst deleted file mode 100644 index 1f4c540e8..000000000 --- a/doc/relnotes/0_8_2.rst +++ /dev/null @@ -1,16 +0,0 @@ -Version 0.8.2, 2002-05-18 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added an (experimental) algorithm lookup interface -* Added code for directly testing BigInt -* Added SHA2-384 -* Optimized SHA2-512 -* Major optimization for Adler32 (thanks to Dan Nicolaescu) -* Various minor optimizations in BigInt and related areas -* Fixed two bugs in X9.19 MAC, both reported by Darren Starsmore -* Fixed a bug in BufferingFilter -* Made a few fixes for MacOS X -* Added a workaround in configure.pl for GCC 2.95.x -* Better support for PowerPC, ARM, and Alpha -* Some more cleanups - diff --git a/doc/relnotes/0_8_3.rst b/doc/relnotes/0_8_3.rst deleted file mode 100644 index 88012db05..000000000 --- a/doc/relnotes/0_8_3.rst +++ /dev/null @@ -1,19 +0,0 @@ -Version 0.8.3, 2002-06-09 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added DSA and Rabin-Williams signature schemes -* Added EMSA3 -* Added PKCS#1 v1.5 encryption padding -* Added Filters for PK algorithms -* Added a Keyed_Filter class -* LibraryInitializer processes arguments now -* Major revamp of the PK interface classes -* Changed almost all of the Filters for non-template operation -* Changed HMAC, Lion, Luby-Rackoff to non-template classes -* Some fairly minor BigInt optimizations -* Added simple benchmarking for PK algorithms -* Added hooks for fixed base and fixed exponent modular exponentiation -* Added some examples for using RSA -* Numerous bugfixes and cleanups -* Documentation updates - diff --git a/doc/relnotes/0_8_4.rst b/doc/relnotes/0_8_4.rst deleted file mode 100644 index 9b73ca88e..000000000 --- a/doc/relnotes/0_8_4.rst +++ /dev/null @@ -1,17 +0,0 @@ -Version 0.8.4, 2002-07-14 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added Nyberg-Rueppel signatures -* Added Diffie-Hellman key exchange (kex interface is subject to change) -* Added KDF2 -* Enhancements to the lookup API -* Many things formerly taking pointers to algorithms now take names -* Speedups for prime generation -* LibraryInitializer has support for seeding the global RNG -* Reduced SAFER-SK128 memory consumption -* Reversed the ordering of public and private key values in DSA constructor -* Fixed serious bugs in MemoryMapping_Allocator -* Fixed memory leak in Lion -* FTW_EntropySource was not closing the files it read -* Fixed line breaking problem in Hex_Encoder - diff --git a/doc/relnotes/0_8_5.rst b/doc/relnotes/0_8_5.rst deleted file mode 100644 index eced09cc2..000000000 --- a/doc/relnotes/0_8_5.rst +++ /dev/null @@ -1,19 +0,0 @@ -Version 0.8.5, 2002-07-21 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Major changes to constructors for DL-based cryptosystems (DSA, NR, DH) -* Added a DL_Group class -* Reworking of the pubkey internals -* Support in lookup for aliases and PK algorithms -* Renamed CAST5 to CAST_128 and CAST256 to CAST_256 -* Added EMSA1 -* Reorganization of header files -* LibraryInitializer will install new allocator types if requested -* Fixed a bug in Diffie-Hellman key generation -* Did a workaround in pipe.cpp for GCC 2.95.x on Linux -* Removed some debugging code from init.cpp that made FTW ES useless -* Better checking for invalid arguments in the PK algorithms -* Reduced Base64 and Hex default line length (if line breaking is used) -* Fixes for HP's aCC compiler -* Cleanups in BigInt - diff --git a/doc/relnotes/0_8_6.rst b/doc/relnotes/0_8_6.rst deleted file mode 100644 index 18c95db10..000000000 --- a/doc/relnotes/0_8_6.rst +++ /dev/null @@ -1,23 +0,0 @@ -Version 0.8.6, 2002-07-25 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added EMSA4 (aka PSS) -* Brought the manual up to date; many corrections and additions -* Added a parallel hash function construction -* Lookup supports all available algorithms now -* Lazy initialization of the lookup tables -* Made more discrete logarithm groups available through get_dl_group() -* StreamCipher_Filter supports seeking (if the underlying cipher does) -* Minor optimization for GCD calculations -* Renamed SAFER_SK128 to SAFER_SK -* Removed many previously deprecated functions -* Some now-obsolete functions, headers, and types have been deprecated -* Fixed some bugs in DSA prime generation -* DL_Group had a constructor for DSA-style prime gen but it wasn't defined -* Reversed the ordering of the two arguments to SEAL's constructor -* Fixed a threading problem in the PK algorithms -* Fixed a minor memory leak in lookup.cpp -* Fixed pk_types.h (it was broken in 0.8.5) -* Made validation tests more verbose -* Updated the check and example applications - diff --git a/doc/relnotes/0_8_7.rst b/doc/relnotes/0_8_7.rst deleted file mode 100644 index 28d4bda56..000000000 --- a/doc/relnotes/0_8_7.rst +++ /dev/null @@ -1,11 +0,0 @@ -Version 0.8.7, 2002-07-30 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed bugs in EME1 and EMSA4 -* Fixed a potential crash at shutdown -* Cipher modes returned an ill-formed name -* Removed various deprecated types and headers -* Cleaned up the Pipe interface a bit -* Minor additions to the documentation -* First stab at a Visual C++ makefile (doc/Makefile.vc7) - diff --git a/doc/relnotes/0_9_0.rst b/doc/relnotes/0_9_0.rst deleted file mode 100644 index ef73f6ae2..000000000 --- a/doc/relnotes/0_9_0.rst +++ /dev/null @@ -1,8 +0,0 @@ -Version 0.9.0, 2002-08-03 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* EMSA4 supports variable salt size -* PK_* can take a string naming the encoding method to use -* Started writing some internals documentation - - diff --git a/doc/relnotes/0_9_1.rst b/doc/relnotes/0_9_1.rst deleted file mode 100644 index 8d6398d58..000000000 --- a/doc/relnotes/0_9_1.rst +++ /dev/null @@ -1,17 +0,0 @@ -Version 0.9.1, 2002-08-10 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Grand rename from OpenCL to Botan -* Major optimizations for the PK algorithms -* Added ElGamal encryption -* Added Whirlpool -* Tweaked memory allocation parameters -* Improved the method of seeding the global RNG -* Moved pkcs1.h to eme_pkcs.h -* Added more test vectors for some algorithms -* Fixed error reporting in the BigInt tests -* Removed Default_Timer, it was pointless -* Added some new example applications -* Removed some old examples that weren't that interesting -* Documented the compression modules - diff --git a/doc/relnotes/0_9_2.rst b/doc/relnotes/0_9_2.rst deleted file mode 100644 index 46eff06f5..000000000 --- a/doc/relnotes/0_9_2.rst +++ /dev/null @@ -1,10 +0,0 @@ -Version 0.9.2, 2002-08-18 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* DH_PrivateKey::public_value() was returning the wrong value -* Various BigInt optimizations -* The filters.h header now includes hex.h and base64.h -* Moved Counter mode to ctr.h -* Fixed a couple minor problems with VC++ 7 -* Fixed problems with the RPM spec file - diff --git a/doc/relnotes/1_0_0.rst b/doc/relnotes/1_0_0.rst deleted file mode 100644 index 322aa1472..000000000 --- a/doc/relnotes/1_0_0.rst +++ /dev/null @@ -1,10 +0,0 @@ -Version 1.0.0, 2002-08-26 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Octal I/O of BigInt is now supported -* Fixed portability problems in the es_egd module -* Generalized IV handling in the block cipher modes -* Added Karatsuba multiplication and k-ary exponentiation -* Fixed a problem in the multiplication routines - - diff --git a/doc/relnotes/1_0_1.rst b/doc/relnotes/1_0_1.rst deleted file mode 100644 index d496099ad..000000000 --- a/doc/relnotes/1_0_1.rst +++ /dev/null @@ -1,8 +0,0 @@ -Version 1.0.1, 2002-09-14 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed a minor bug in Randpool::random() -* Added some new aliases and typedefs for 1.1.x compatibility -* The 4096-bit RSA benchmark key was decimal instead of hex -* EMAC was returning an incorrect name - diff --git a/doc/relnotes/1_0_2.rst b/doc/relnotes/1_0_2.rst deleted file mode 100644 index 9e09f198a..000000000 --- a/doc/relnotes/1_0_2.rst +++ /dev/null @@ -1,6 +0,0 @@ -Version 1.0.2, 2003-01-12 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed an obscure SEGFAULT causing bug in Pipe -* Fixed an obscure but dangerous bug in SecureVector::swap - diff --git a/doc/relnotes/1_10_0.rst b/doc/relnotes/1_10_0.rst deleted file mode 100644 index 3b6ba56ac..000000000 --- a/doc/relnotes/1_10_0.rst +++ /dev/null @@ -1,10 +0,0 @@ -Version 1.10.0, 2011-06-20 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Detection for the rdrand instruction being added to upcoming Intel - Ivy Bridge processors has been added. - -* A template specialization of std::swap was added for the memory - container types. - - diff --git a/doc/relnotes/1_10_1.rst b/doc/relnotes/1_10_1.rst deleted file mode 100644 index 0620e59a3..000000000 --- a/doc/relnotes/1_10_1.rst +++ /dev/null @@ -1,21 +0,0 @@ -Version 1.10.1, 2011-07-11 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* A race condition in `Algorithm_Factory` could cause crashes in - multithreaded code. See - :botan-devel:`this thread on botan-devel <2011-July/001455>` - for details and workarounds. - -* The return value of ``name`` has changed for GOST 28147-89 and - Skein-512. GOST's ``name`` now includes the name of the sbox, and - Skein's includes the personalization string (if nonempty). This - allows an object to be properly roundtripped, which is necessary to - fix the race condition described above. - -* A new distribution script is now included, as - ``src/build-data/scripts/dist.py`` - -* The ``build.h`` header now includes, if available, an identifier of - the source revision that was used. This identifier is also included - in the result of ``version_string``. - diff --git a/doc/relnotes/1_10_2.rst b/doc/relnotes/1_10_2.rst deleted file mode 100644 index de52d1115..000000000 --- a/doc/relnotes/1_10_2.rst +++ /dev/null @@ -1,68 +0,0 @@ -Version 1.10.2, 2012-06-17 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Several TLS bugs were fixed in this release, including a major -omission that the renegotiation extension was not being used. As the -1.10 implementation of TLS does not properly support renegotiation, -the approach in this release is simply to send the renegotiation -extension SCSV, which should protect the client against any handshake -splicing. In addition renegotiation attempts are handled properly -instead of causing handshake failures - all hello requests, and all -client hellos after the initial negotiation, are ignored. Some -bugs affecting DSA server authentication were also fixed. - -By popular request, ``Pipe::reset`` no longer requires that message -processing be completed, a requirement that caused problems when a -Filter's end_msg call threw an exception, after which point the Pipe -object was no longer usable. - -Support for getting entropy using the rdrand instruction introduced in -Intel's Ivy Bridge processors has been added. In previous releases, -the ``CPUID::has_rdrand`` function was checking the wrong cpuid bit, -and would false positive on AMD Bulldozer processors. - -An implementation of SRP-6a compatible with the specification in RFC -5054 is now available in ``srp6.h``. In 1.11, this is being used for -TLS-SRP, but may be useful in other environments as well. - -An implementation of the Camellia block cipher was added, again largely -for use in TLS. - -If ``clock_gettime`` is available on the system, hres_timer will poll all -the available clock types. - -AltiVec is now detected on IBM POWER7 processors and on OpenBSD systems. -The OpenBSD support was contributed by Brad Smith. - -The Qt mutex wrapper was broken and would not compile with any recent -version of Qt. Taking this as a clear indication that it is not in use, -it has been removed. - -Avoid setting the soname on OpenBSD, as it doesn't support it (:pr:`158`) - -A compilation problem in the dynamic loader that prevented using -dyn_load under MinGW GCC has been fixed. - -A common error for people using MinGW is to target GCC on Windows, -however the 'Windows' target assumes the existence of Visual C++ -runtime functions which do not exist in MinGW. Now, configuring for -GCC on Windows will cause the configure.py to warn that likely you -wanted to configure for either MinGW or Cygwin, not the generic -Windows target. - -A bug in configure.py would cause it to interpret `--cpu=s390x` as -`s390`. This may have affected other CPUs as well. Now configure.py -searches for an exact match, and only if no exact match is found will -it search for substring matches. - -An incompatability in configure.py with the subprocess module included -in Python 3.1 has been fixed (:pr:`157`). - -The exception catching syntax of configure.py has been changed to the -Python 3.x syntax. This syntax also works with Python 2.6 and 2.7, but -not with any earlier Python 2 release. A simple search and replace -will allow running it under Python 2.5:: - - perl -pi -e 's/except (.*) as (.*):/except $1, $2:/g' configure.py - -Note that Python 2.4 is not supported at all. diff --git a/doc/relnotes/1_10_3.rst b/doc/relnotes/1_10_3.rst deleted file mode 100644 index 769f12a8f..000000000 --- a/doc/relnotes/1_10_3.rst +++ /dev/null @@ -1,11 +0,0 @@ -Version 1.10.3, 2012-07-10 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -A change in :doc:`1.10.2 <1_10_2>` accidentally broke ABI -compatibility with 1.10.1 and earlier versions, causing programs -compiled against 1.10.1 to crash if linked with 1.10.2 at runtime. - -Recent versions of OpenSSL include extra information in ECC private -keys, the presence of which caused an exception when such a key was -loaded by botan. The decoding of ECC private keys has been changed to -ignore these fields if they are set. diff --git a/doc/relnotes/1_10_4.rst b/doc/relnotes/1_10_4.rst deleted file mode 100644 index 14d1fb0f8..000000000 --- a/doc/relnotes/1_10_4.rst +++ /dev/null @@ -1,17 +0,0 @@ -Version 1.10.4, 2013-01-07 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Avoid a conditional operation in the power mod implementations on if - a nibble of the exponent was zero or not. This may help protect - against certain forms of side channel attacks. - -* The SRP6 code was checking for invalid values as specified in RFC - 5054, specifically values equal to zero mod p. However SRP would - accept negative A/B values, or ones larger than p, neither of which - should occur in a normal run of the protocol. These values are now - rejected. Credits to Timothy Prepscius for pointing out these values - are not normally used and probably signal something fishy. - -* The return value of version_string is now a compile time constant - string, so version information can be more easily extracted from - binaries. diff --git a/doc/relnotes/1_10_5.rst b/doc/relnotes/1_10_5.rst deleted file mode 100644 index c5603f0a3..000000000 --- a/doc/relnotes/1_10_5.rst +++ /dev/null @@ -1,13 +0,0 @@ -Version 1.10.5, 2013-03-02 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* A potential crash in the AES-NI implementation of the AES-192 key - schedule (caused by misaligned loads) has been fixed. - -* A previously conditional operation in Montgomery multiplication and - squaring is now always performed, removing a possible timing - channel. - -* Use correct flags for creating a shared library on OS X under Clang. - -* Fix a compile time incompatability with Visual C++ 2012. diff --git a/doc/relnotes/1_10_6.rst b/doc/relnotes/1_10_6.rst deleted file mode 100644 index 241ab801c..000000000 --- a/doc/relnotes/1_10_6.rst +++ /dev/null @@ -1,47 +0,0 @@ -Version 1.10.6, 2013-11-10 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* The device reading entropy source now attempts to read from all - available devices. Previously it would break out early if a partial - read from a blocking source occured, not continuing to read from a - non-blocking device. This would cause the library to fall back on - slower and less reliable techniques for collecting PRNG seed - material. Reported by Rickard Bellgrim. - -* HMAC_RNG (the default PRNG implementation) now automatically reseeds - itself periodically. Previously reseeds only occured on explicit - application request. - -* Fix an encoding error in EC_Group when encoding using EC_DOMPAR_ENC_OID. - Reported by fxdupont on github. - -* In EMSA2 and Randpool, avoid calling name() on objects after deleting them if - the provided algorithm objects are not suitable for use. Found by Clang - analyzer, reported by Jeffrey Walton. - -* If X509_Store was copied, the u32bit containing how long to cache validation - results was not initialized, potentially causing results to be cached for - significant amounts of time. This could allow a certificate to be considered - valid after its issuing CA's cert expired. Expiration of the end-entity cert - is always checked, and reading a CRL always causes the status to be reset, so - this issue does not affect revocation. Found by Coverity scanner. - -* Avoid off by one causing a potentially unterminated string to be passed to - the connect system call if the library was configured to use a very long path - name for the EGD socket. Found by Coverity Scanner. - -* In PK_Encryptor_EME, PK_Decryptor_EME, PK_Verifier, and PK_Key_Agreement, - avoid dereferencing an unitialized pointer if no engine supported operations - on the key object given. Found by Coverity scanner. - -* Avoid leaking a file descriptor in the /dev/random and EGD entropy sources if - stdin (file descriptor 0) was closed. Found by Coverity scanner. - -* Avoid a potentially undefined operation in the bit rotation operations. Not - known to have caused problems under any existing compiler, but might have - caused problems in the future. Caught by Clang sanitizer, reported by Jeffrey - Walton. - -* Increase default hash iterations from 10000 to 50000 in PBES1 and PBES2 - -* Add a fix for mips64el builds from Brad Smith. diff --git a/doc/relnotes/1_10_7.rst b/doc/relnotes/1_10_7.rst deleted file mode 100644 index 6f26bd82f..000000000 --- a/doc/relnotes/1_10_7.rst +++ /dev/null @@ -1,6 +0,0 @@ -Version 1.10.7, 2013-12-29 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* OAEP had two bugs, one of which allowed it to be used even if the - key was too small, and the other of which would cause a crash during - decryption if the EME data was too large for the associated key. diff --git a/doc/relnotes/1_10_8.rst b/doc/relnotes/1_10_8.rst deleted file mode 100644 index 5aaaceb93..000000000 --- a/doc/relnotes/1_10_8.rst +++ /dev/null @@ -1,12 +0,0 @@ -Version 1.10.8, 2014-04-10 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fix a bug in primality testing introduced in 1.8.3 which caused only - a single random base, rather than a sequence of random bases, to be - used in the Miller-Rabin test. This increased the probability that a - non-prime would be accepted, for instance a 1024 bit number would be - incorrectly classed as prime with probability around 2^-40. Reported - by Jeff Marrison. - -* The key length limit on HMAC has been raised to 512 bytes, allowing - the use of very long passphrases with PBKDF2. diff --git a/doc/relnotes/1_10_9.rst b/doc/relnotes/1_10_9.rst deleted file mode 100644 index 729e84cd7..000000000 --- a/doc/relnotes/1_10_9.rst +++ /dev/null @@ -1,20 +0,0 @@ -Version 1.10.9, 2014-12-13 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed EAX tag verification to run in constant time - -* The default TLS policy now disables SSLv3. - -* A crash could occur when reading from a blocking random device if - the device initially indicated that entropy was available but - a concurrent process drained the entropy pool before the - read was initiated. - -* Fix decoding indefinite length BER constructs that contain a context - sensitive tag of zero. Github pull 26 from Janusz Chorko. - -* The `botan-config` script previously tried to guess its prefix from - the location of the binary. However this was error prone, and now - the script assumes the final installation prefix matches the value - set during the build. Github issue 29. - diff --git a/doc/relnotes/1_11_0.rst b/doc/relnotes/1_11_0.rst deleted file mode 100644 index 9662afca9..000000000 --- a/doc/relnotes/1_11_0.rst +++ /dev/null @@ -1,65 +0,0 @@ -Version 1.11.0, 2012-07-19 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -.. note:: - - In this release, many new features of C++11 are being used in the - library. Currently GCC 4.7 and Clang 3.1 are known to work well. - This version of the library cannot be compiled by or used with a - C++98 compiler. - -TLS and PKI Changes -"""""""""""""""""""""""""""""""""""""""" - -There have been many changes and improvements to TLS. The interface -is now purely event driven and does not directly interact with -sockets. New TLS features include TLS v1.2 support, client -certificate authentication, renegotiation, session tickets, and -session resumption. Session information can be saved in memory or to -an encrypted SQLite3 database. Newly supported TLS ciphersuite -algorithms include using SHA-2 for message authentication, pre shared -keys and SRP for authentication and key exchange, ECC algorithms for -key exchange and signatures, and anonymous DH/ECDH key exchange. - -Support for OCSP has been added. Currently only client-side support -exists. - -The API for X.509 path validation has changed, with -``x509_path_validate`` in x509path.h now handles path validation and -``Certificate_Store`` handles storage of certificates and CRLs. - -Memory Container Changes -"""""""""""""""""""""""""""""""""""""""" - -The memory container types have changed substantially. The -``MemoryVector`` and ``SecureVector`` container types have been -removed, and an alias of ``std::vector`` using an allocator that -clears memory named ``secure_vector`` is used for key material, with -plain ``std::vector`` being used for everything else. - -The technique used for mlock'ing memory on Linux and BSD systems is -much improved. Now a single page-aligned block of memory (the exact -limit of what we can mlock) is mmap'ed, with allocations being done -using a best-fit allocator and all metadata held outside the mmap'ed -range, in an effort to make best use of the very limited amount of -memory current Linux kernels allow unpriveledged users to lock. - -New LZMA Compression Filter -"""""""""""""""""""""""""""""""""""""""" - -A filter using LZMA was contributed by Vojtech Kral. It is available -if LZMA support was enabled at compilation time by passing -``--with-lzma`` to ``configure.py``. - -ECC Key Decoding Problem Resolved -"""""""""""""""""""""""""""""""""""""""" - -:rfc:`5915` adds some extended information which can be included in -ECC private keys which the ECC key decoder did not expect, causing an -exception when such a key was loaded. In particular, recent versions -of OpenSSL use these fields. Now these fields are decoded properly, -and if the public key value is included it is used, as otherwise the -public key needs to be rederived from the private key. However the -library does not include these fields on encoding keys for -compatability with software that does not expect them (including older -versions of botan). diff --git a/doc/relnotes/1_11_1.rst b/doc/relnotes/1_11_1.rst deleted file mode 100644 index 0e1fba4dc..000000000 --- a/doc/relnotes/1_11_1.rst +++ /dev/null @@ -1,91 +0,0 @@ -Version 1.11.1, 2012-10-30 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -TLS Enhancements and Bug Fixes -"""""""""""""""""""""""""""""""""""""""" - -Initial support for DTLS (both v1.0 and v1.2) is available in this -release, though it should be considered highly experimental. Currently -timeouts and retransmissions are not handled. - -The :cpp:class:`TLS::Client` constructor now takes the version to -offer to the server. The policy hook :cpp:class:`TLS::Policy` function -`pref_version`, which previously controlled this, has been removed. - -:cpp:class:`TLS::Session_Manager_In_Memory` now chooses a random -256-bit key at startup and encrypts all sessions (using the existing -:cpp:func:`TLS::Session::encrypt` mechanism) while they are stored in -memory. This is primarily to reduce pressure on locked memory, as each -session normally requires 48 bytes of locked memory for the master -secret, whereas now only 32 bytes are needed total. This change may -also make it slightly harder for an attacker to extract session data -from memory dumps (eg with a cold boot attack). - -The keys used in :cpp:func:`session encryption <TLS::Session::encrypt>` -were previously uniquely determined by the master key. Now the -encrypted session blob includes two 80 bit salts which are used in the -derivation of the cipher and MAC keys. - -The ``secure_renegotiation`` flag is now considered an aspect of the -connection rather than the session, which matches the behavior of -other implementations. As the format has changed, sessions saved to -persistent storage by 1.11.0 will not load in this version and vice -versa. In either case this will not cause any errors, the session will -simply not resume and instead a full handshake will occur. - -New policy hooks :cpp:func:`TLS::Policy::acceptable_protocol_version`, -:cpp:func:`TLS::Policy::allow_server_initiated_renegotiation`, and -:cpp:func:`TLS::Policy::negotiate_heartbeat_support` were added. - -TLS clients were not sending a next protocol message during a session -resumption, which would cause resumption failures with servers that -support NPN if NPN was being offered by the client. - -A bug caused heartbeat requests sent by the counterparty during a -handshake to be passed to the application callback as if they were -heartbeat responses. - -Support for TLS key material export as specified in :rfc:`5705` has -been added, available via :cpp:func:`TLS::Channel::key_material_export` - -New Feature: Public Key Strength Checking -"""""""""""""""""""""""""""""""""""""""""" - -A new function :cpp:func:`Public_Key::estimated_strength` returns -an estimate for the upper bound of the strength of the key. For -instance for an RSA key, it will return an estimate of how many -operations GNFS would take to factor the key. - -A new :cpp:class:`Path_Validation_Result` code has been added -``SIGNATURE_METHOD_TOO_WEAK``. By default signatures created with keys -below 80 bits of strength (as estimated by ``estimated_strength``) are -rejected. This level can be modified using a parameter to the -:cpp:class:`Path_Validation_Restrictions` constructor. - -SRP6 Is Picker About Values -"""""""""""""""""""""""""""""""""""""""" - -The SRP6 code was checking for invalid values as specified in -:rfc:`5054`, ones equal to zero mod p, however it would accept -negative A/B values, or ones larger than p, neither of which should -occur in a normal run of the protocol. These values are now -rejected. Credits to Timothy Prepscius for pointing out these values -are not normally used and probably signal something fishy. - -Removal of Various BigInt Functions -"""""""""""""""""""""""""""""""""""""""" - -Several :cpp:class:`BigInt` functions have been removed, including -``operator[]``, ``assign``, ``get_reg``, and ``grow_reg``. The version -of ``data`` that returns a mutable pointer has been renamed -``mutable_data``. Support for octal conversions has been removed. - -The constructor ``BigInt(NumberType type, size_t n)`` has been -removed, replaced by ``BigInt::power_of_2``. - -AES-NI Crash Fixed -"""""""""""""""""""""""""""""""""""""""" - -In 1.11.0, when compiled by GCC, the AES-NI implementation of AES-192 -would crash if the mlock-based allocator was used due to an alignment -issue. diff --git a/doc/relnotes/1_11_10.rst b/doc/relnotes/1_11_10.rst deleted file mode 100644 index 9297a2278..000000000 --- a/doc/relnotes/1_11_10.rst +++ /dev/null @@ -1,81 +0,0 @@ -Version 1.11.10, 2014-12-10 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* An implementation of McEliece code-based public key encryption based - on INRIA's HyMES and secured against a variety of side-channels was - contributed by cryptosource GmbH. The original version is LGPL but - cryptosource has secured permission to release an adaptation under a - BSD license. A CCA2-secure KEM scheme is also included. - - The implementation is further described in - http://www.cryptosource.de/docs/mceliece_in_botan.pdf and - http://cryptosource.de/news_mce_in_botan_en.html - -* DSA and ECDSA now create RFC 6979 deterministic signatures. - -* Add support for TLS fallback signaling (draft-ietf-tls-downgrade-scsv-00). - Clients will send a fallback SCSV if the version passed to the Client - constructor is less than the latest version supported by local policy, so - applications implementing fallback are protected. Servers always check the - SCSV. - -* In previous versions a TLS::Server could service either TLS or DTLS - connections depending on policy settings and what type of client hello it - received. This has changed and now a Server object is initialized for - either TLS or DTLS operation. The default policy previously prohibited - DTLS, precisely to prevent a TCP server from being surprised by a DTLS - connection. The default policy now allows TLS v1.0 or higher or DTLS v1.2. - -* Fixed a bug in CCM mode which caused it to produce incorrect tags when used - with a value of L other than 2. This affected CCM TLS ciphersuites, which - use L=3. Thanks to Manuel Pégourié-Gonnard for the anaylsis and patch. - Bugzilla 270. - -* DTLS now supports timeouts and handshake retransmits. Timeout checking - is triggered by the application calling the new TLS::Channel::timeout_check. - -* Add a TLS policy hook to disable putting the value of the local clock in hello - random fields. - -* All compression operations previously available as Filters are now - performed via the Transformation API, which minimizes memory copies. - Compression operations are still available through the Filter API - using new general compression/decompression filters in comp_filter.h - -* The zlib module now also supports gzip compression and decompression. - -* Avoid a crash in low-entropy situations when reading from /dev/random, when - select indicated the device was readable but by the time we start the read the - entropy pool had been depleted. - -* The Miller-Rabin primality test function now takes a parameter allowing the - user to directly specify the maximum false negative probability they are - willing to accept. - -* PKCS #8 private keys can now be encrypted using GCM mode instead of - unauthenticated CBC. The default remains CBC for compatability. - -* The default PKCS #8 encryption scheme has changed to use PBKDF2 with - SHA-256 instead of SHA-1 - -* A specialized reducer for P-521 was added. - -* On Linux the mlock allocator will use MADV_DONTDUMP on the pool so - that the contents are not included in coredumps. - -* A new interface for directly using a system-provided PRNG is - available in system_rng.h. Currently only systems with /dev/urandom - are supported. - -* Fix decoding indefinite length BER constructs that contain a context sensitive - tag of zero. Github pull 26 from Janusz Chorko. - -* The GNU MP engine has been removed. - -* Added AltiVec detection for POWER8 processors. - -* Add a new install script written in Python which replaces shell hackery in the - makefiles. - -* Various modifications to better support Visual C++ 2013 and 2015. Github - issues 11, 17, 18, 21, 22. diff --git a/doc/relnotes/1_11_11.rst b/doc/relnotes/1_11_11.rst deleted file mode 100644 index bd9706d1f..000000000 --- a/doc/relnotes/1_11_11.rst +++ /dev/null @@ -1,28 +0,0 @@ -Version 1.11.11, 2014-12-21 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* The Sqlite3 wrapper has been abstracted to a simple interface for - SQL dbs in general, though Sqlite3 remains the only implementation. - The main logic of the TLS session manager which stored encrypted - sessions to a Sqlite3 database (`TLS::Session_Manager_SQLite`) has - been moved to the new `TLS::Session_Manager_SQL`. The Sqlite3 - manager API remains the same but now just subclasses - `TLS::Session_Manager_SQL` and has a constructor instantiate the - concrete database instance. - - Applications which would like to use a different db can now do so - without having to reimplement the session cache logic simply by - implementing a database wrapper subtype. - -* The CryptGenRandom entropy source is now also used on MinGW. - -* The system_rng API is now also available on systems with CryptGenRandom - -* With GCC use -fstack-protector for linking as well as compiling, - as this is required on MinGW. Github issue 34. - -* Fix missing dependency in filters that caused compilation problem - in amalgamation builds. Github issue 33. - -* SSLv3 support is officially deprecated and will be removed in a - future release. diff --git a/doc/relnotes/1_11_12.rst b/doc/relnotes/1_11_12.rst deleted file mode 100644 index cc304b824..000000000 --- a/doc/relnotes/1_11_12.rst +++ /dev/null @@ -1,21 +0,0 @@ -Version 1.11.12, 2015-01-02 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add Curve25519. The implementation is based on curve25519-donna-c64.c - by Adam Langley. New (completely non-standard) OIDs and formats for - encrypting Curve25519 keys under PKCS #8 and including them in - certificates and CRLs have been defined. - -* Add Poly1305, based on the implementation poly1305-donna by Andrew Moon. - -* Add the ChaCha20Poly1305 AEADs defined in draft-irtf-cfrg-chacha20-poly1305-03 - and draft-agl-tls-chacha20poly1305-04. - -* Add ChaCha20Poly1305 ciphersuites for TLS compatible with Google's servers - following draft-agl-tls-chacha20poly1305-04 - -* When encrypted as PKCS #8 structures, Curve25519 and McEliece - private keys default to using AES-256/GCM instead of AES-256/CBC - -* Define OIDs for OCB mode with AES, Serpent and Twofish. - diff --git a/doc/relnotes/1_11_13.rst b/doc/relnotes/1_11_13.rst deleted file mode 100644 index 7eaac8f37..000000000 --- a/doc/relnotes/1_11_13.rst +++ /dev/null @@ -1,43 +0,0 @@ -Version 1.11.13, 2015-01-11 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* All support for the insecure SSLv3 protocol and the server support - for processing SSLv2 client hellos has been removed. - -* The command line tool now has `tls_proxy` which negotiates TLS with - clients and forwards the plaintext to a specified port. - -* Add MCEIES, a McEliece-based integrated encryption system using - AES-256 in OCB mode for message encryption/authentication. - -* Add DTLS-SRTP negotiation defined in RFC 5764 - -* Add SipHash - -* Add SHA-512/256 - -* The format of serialized TLS sessions has changed. Additiionally, PEM - formatted sessions now use the label of "TLS SESSION" instead of "SSL SESSION" - -* Serialized TLS sessions are now encrypted using AES-256/GCM instead of a - CBC+HMAC construction. - -* The cryptobox_psk module added in 1.11.4 and previously used for TLS session - encryption has been removed. - -* When sending a TLS heartbeat message, the number of pad bytes to use can now - be specified, making it easier to use for PMTU discovery. - -* If available, zero_mem now uses RtlSecureZeroMemory or memset_s instead of a - byte-at-a-time loop. - -* The functions base64_encode and base64_decode would erroneously - throw an exception if passed a zero-length input. Github issue 37. - -* The Python install script added in version 1.11.10 failed to place the - headers into a versioned subdirectory. - -* Fix the install script when running under Python3. - -* Avoid code that triggers iterator debugging asserts under MSVC 2013. Github - pull 36 from Simon Warta. diff --git a/doc/relnotes/1_11_14.rst b/doc/relnotes/1_11_14.rst deleted file mode 100644 index 320a5f221..000000000 --- a/doc/relnotes/1_11_14.rst +++ /dev/null @@ -1,83 +0,0 @@ -Version 1.11.14, 2015-02-27 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* The global state object previously used by the library has been removed. - This includes the global PRNG. The library can be safely initialized - multiple times without harm. - - The engine code has also been removed, replaced by a much lighter-weight - object registry system which provides lookups in faster time and with less - memory overhead than the previous approach. - - One caveat of the current system with regards to static linking: because only - symbols already mentioned elsewhere in the program are included in the final - link step, few algorithms will be available through the lookup system by - default, even though they were compiled into the library. Your application - must explicitly reference the types you require or they will not end up - being available in the final binary. See also Github issue #52 - - If you intend to build your application against a static library and don't - want to explicitly reference each algo object you might attempt to look up by - string, consider either building with `--via-amalgamation`, or else (much - simpler) using the amalgamation directly. - -* The new `ffi` submodule provides a simple C API/ABI for a number of useful - operations (hashing, ciphers, public key operations, etc) which is easily - accessed using the FFI modules included in many languages. - -* A new Python wrapper (in `src/lib/python/botan.py`) using `ffi` and the Python - `ctypes` module is available. The old Boost.Python wrapper has been removed. - -* Add specialized reducers for P-192, P-224, P-256, and P-384 - -* OCB mode, which provides a fast and constant time AEAD mode without requiring - hardware support, is now supported in TLS, following - draft-zauner-tls-aes-ocb-01. Because this specification is not yet finalized - is not yet enabled by the default policy, and the ciphersuite numbers used are - in the experimental range and may conflict with other uses. - -* Add ability to read TLS policy from a text file using `TLS::Text_Policy`. - -* The amalgamation now splits off any ISA specific code (for instance, that - requiring SSSE3 instruction sets) into a new file named (for instance) - `botan_all_ssse3.cpp`. This allows the main amalgamation file to be compiled - without any special flags, so `--via-amalgamation` builds actually work now. - This is disabled with the build option `--single-amalgamation-file` - -* PBKDF and KDF operations now provide a way to write the desired output - directly to an application-specified area rather than always allocating a new - heap buffer. - -* HKDF, previously provided using a non-standard interface, now uses the - standard KDF interface and is retrievable using get_kdf. - -* It is once again possible to build the complete test suite without requiring - any boost libraries. This is currently only supported on systems supporting - the readdir interface. - -* Remove use of memset_s which caused problems with amalgamation on OS X. - Github 42, 45 - -* The memory usage of the counter mode implementation has been reduced. - Previously it encrypted 256 blocks in parallel as this leads to a slightly - faster counter increment operation. Instead CTR_BE simply encrypts a buffer - equal in size to the advertised parallelism of the cipher implementation. - This is not measurably slower, and dramatically reduces the memory use of - CTR mode. - -* The memory allocator available on Unix systems which uses mmap and mlock to - lock a pool of memory now checks environment variable BOTAN_MLOCK_POOL_SIZE - and interprets it as an integer. If the value set to a smaller value then the - library would originally have allocated (based on resource limits) the user - specified size is used instead. You can also set the variable to 0 to - disable the pool entirely. Previously the allocator would consume all - available mlocked memory, this allows botan to coexist with an application - which wants to mlock memory for its own uses. - -* The botan-config script previously installed on Unix systems has been - removed. Its functionality is replaced by the `config` command of the - `botan` tool executable, for example `botan config cflags` instead of - `botan-config --cflags`. - -* Added a target for POWER8 processors - diff --git a/doc/relnotes/1_11_15.rst b/doc/relnotes/1_11_15.rst deleted file mode 100644 index 028965eaf..000000000 --- a/doc/relnotes/1_11_15.rst +++ /dev/null @@ -1,19 +0,0 @@ -Version 1.11.15, 2015-03-08 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Support for RC4 in TLS, already disabled by default, is now deprecated. - The RC4 ciphersuites will be removed entirely in a future release. - -* A bug in ffi.cpp meant Python could only encrypt. Github issue 53. - -* When comparing two ASN.1 algorithm identifiers, consider empty and - NULL parameters the same. - -* Fixed memory leaks in TLS and cipher modes introduced in 1.11.14 - -* MARK-4 failed when OpenSSL was enabled in the build in 1.11.14 - because the OpenSSL version ignored the skip parameter. - -* Fix compilation problem on OS X/clang - -* Use BOTAN_NOEXCEPT macro to work around lack of noexcept in VS 2013 diff --git a/doc/relnotes/1_11_16.rst b/doc/relnotes/1_11_16.rst deleted file mode 100644 index c27e5a204..000000000 --- a/doc/relnotes/1_11_16.rst +++ /dev/null @@ -1,38 +0,0 @@ -Version 1.11.16, 2015-03-29 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* TLS has changed from using the non-standard NPN extension to the IETF - standardized ALPN extension for negotiating an application-level protocol. - Unfortunately the semantics of the exchange have changed with ALPN. Using - NPN, the server offered a list of protocols it advertised, and then the - client chose its favorite. With ALPN, the client offers a list of protocols - and the server chooses. The the signatures of both the TLS::Client and - TLS::Server constructors have changed to support this new flow. - -* Optimized ECDSA signature verification thanks to an observation by - Dr. Falko Strenzke. On some systems verifications are between 1.5 - and 2 times faster than in 1.11.15. - -* RSA encrypt and decrypt operations using OpenSSL have been added. - -* Public key operation types now handle all aspects of the operation, - such as hashing and padding for signatures. This change allows - supporting specialized implementations which only support particular - padding types. - -* Added global timeout to HMAC_RNG entropy reseed. The defaults are - the values set in the build.h macros `BOTAN_RNG_AUTO_RESEED_TIMEOUT` - and `BOTAN_RNG_RESEED_DEFAULT_TIMEOUT`, but can be overriden - on a specific poll with the new API call reseed_with_timeout. - -* Fixed Python cipher update_granularity() and default_nonce_length() - functions - -* The library now builds on Visual C++ 2013 - -* The GCM update granularity was reduced from 4096 to 16 bytes. - -* Fix a bug that prevented building the amalgamation until a non-amalgamation - configuration was performed first in the same directory. - -* Add Travis CI integration. Github pull 60. diff --git a/doc/relnotes/1_11_17.rst b/doc/relnotes/1_11_17.rst deleted file mode 100644 index 646bbf34c..000000000 --- a/doc/relnotes/1_11_17.rst +++ /dev/null @@ -1,16 +0,0 @@ -Version 1.11.17, 2015-06-18 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* All support for the insecure RC4 stream cipher has been removed - from the TLS implementation. - -* Fix decoding of TLS maximum fragment length. Regardless of what - value was actually negotiated, TLS would treat it as a negotiated - limit of 4096. - -* Fix the configure.py flag `--disable-aes-ni` which did nothing of - the sort. - -* Fixed nmake clean target. GitHub #104 - -* Correct buffering logic in `Compression_Filter`. GitHub #93 and #95 diff --git a/doc/relnotes/1_11_18.rst b/doc/relnotes/1_11_18.rst deleted file mode 100644 index eb980b95e..000000000 --- a/doc/relnotes/1_11_18.rst +++ /dev/null @@ -1,5 +0,0 @@ -Version 1.11.18, Not Yet Released -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* In this release Botan has switched VCS from `monotone` to `git`, - and is now hosted on github at https://github.com/randombt/botan diff --git a/doc/relnotes/1_11_2.rst b/doc/relnotes/1_11_2.rst deleted file mode 100644 index 767fbf624..000000000 --- a/doc/relnotes/1_11_2.rst +++ /dev/null @@ -1,47 +0,0 @@ -Version 1.11.2, 2013-03-02 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* A bug in the release script caused the `botan_version.py` included - in :doc:`1.11.1 <1_11_1>` to be invalid, which required a manual - edit to fix (:pr:`226`) - -Memory Zeroization Changes -"""""""""""""""""""""""""""""""""""""""" - -* Previously `clear_mem` was implemented by an inlined call to - `std::memset`. However an optimizing compiler might notice cases - where the memset could be skipped in cases allowed by the standard. - Now `clear_mem` calls `zero_mem` which is compiled separately and - which zeros out the array through a volatile pointer. It is possible - some compiler with some optimization setting (especially with - something like LTO) might still skip the writes. It would be nice if - there was an automated way to test this. - -New Parallel Filter -"""""""""""""""""""""""""""""""""""""""" - -* The new filter :cpp:class:`Threaded_Fork` acts like a normal - :cpp:class:`Fork`, sending its input to a number of different - filters, but each subchain of filters in the fork runs in its own - thread. Contributed by Joel Low. - -TLS Enhancements and Bug Fixes -"""""""""""""""""""""""""""""""""""""""" - -* The default TLS policy formerly preferred AES over RC4, and allowed - 3DES by default. Now the default policy is to negotiate only either - AES or RC4, and to prefer RC4. - -* New TLS :cpp:class:`Blocking_Client` provides a thread per - connection style API similar to that provided in 1.10 - -Other API Changes -"""""""""""""""""""""""""""""""""""""""" - -* The API of `Credentials_Manager::trusted_certificate_authorities` - has changed to return a vector of `Certificate_Store*` instead of - `X509_Certificate`. This allows the list of trusted CAs to be - more easily updated dynamically or loaded lazily. - -* The `asn1_int.h` header was split into `asn1_alt_name.h`, - `asn1_attribute.h` and `asn1_time.h`. diff --git a/doc/relnotes/1_11_3.rst b/doc/relnotes/1_11_3.rst deleted file mode 100644 index fc8eebe14..000000000 --- a/doc/relnotes/1_11_3.rst +++ /dev/null @@ -1,30 +0,0 @@ -Version 1.11.3, 2013-04-11 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add a new interface for AEAD modes (:cpp:class:`AEAD_Mode`). - -* Implementations of the OCB and GCM authenticated cipher modes are - now included. - -* Support for TLS GCM ciphersuites is now available. - -* A new TLS policy mechanism - :cpp:func:`TLS::Policy::server_uses_own_ciphersuite_preferences` - controls how a server chooses a ciphersuite. Previously it always - chose its most preferred cipher out of the client's list, but this - can allow configuring a server to choose by the client's preferences - instead. - -* :cpp:class:`Keyed_Filter` now supports returning a - :cpp:class:`Key_Length_Specification` so the full details of what - keylengths are supported is now available in keyed filters. - -* The experimental and rarely used Turing and WiderWAKE stream ciphers - have been removed - -* New functions for symmetric encryption are included in cryptobox.h - though interfaces and formats are subject to change. - -* A new function :cpp:func:`algorithm_kat_detailed` returns a string - providing information about failures, instead of just a pass/fail - indicator as in :cpp:func:`algorithm_kat`. diff --git a/doc/relnotes/1_11_4.rst b/doc/relnotes/1_11_4.rst deleted file mode 100644 index a635531a7..000000000 --- a/doc/relnotes/1_11_4.rst +++ /dev/null @@ -1,37 +0,0 @@ -Version 1.11.4, 2013-07-25 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* CPU specific extensions are now always compiled if support for the - operations is available at build time, and flags enabling use of - extra operations (such as SSE2) are only included when compiling - files which specifically request support. This means, for instance, - that the SSSE3 and AES-NI implementations of AES are always included - in x86 builds, relying on runtime cpuid checking to prevent their - use on CPUs that do not support those operations. - -* The default TLS policy now only accepts TLS, to minimize surprise - for servers which might not expect to negotiate DTLS. Previously a - server would by default negotiate either protocol type (clients - would only accept the same protocol type as they - offered). Applications which use DTLS or combined TLS/DTLS need to - override :cpp:func:`Policy::acceptable_protocol_version`. - -* The TLS channels now accept a new parameter specifying how many - bytes to preallocate for the record handling buffers, which allows - an application some control over how much memory is used at runtime - for a particular connection. - -* Applications can now send arbitrary TLS alert messages using - :cpp:func:`TLS::Channel::send_alert` - -* A new TLS policy :cpp:class:`NSA_Suite_B_128` is available, which - will negotiate only the 128-bit security NSA Suite B. See - :rfc:`6460` for more information about Suite B. - -* Adds a new interface for benchmarking, :cpp:func:`time_algorithm_ops`, - which returns a map of operations to operations per second. For - instance now both encrypt and decrypt speed of a block cipher can be - checked, as well as the key schedule of all keyed algorithms. It - additionally supports AEAD modes. - -* Rename ARC4 to RC4 diff --git a/doc/relnotes/1_11_5.rst b/doc/relnotes/1_11_5.rst deleted file mode 100644 index b327bfd82..000000000 --- a/doc/relnotes/1_11_5.rst +++ /dev/null @@ -1,53 +0,0 @@ -Version 1.11.5, 2013-11-10 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* The TLS callback signatures have changed - there are now two distinct - callbacks for application data and alerts. TLS::Client and TLS::Server have - constructors which continue to accept the old callback and use it for both - operations. - -* The entropy collector that read from randomness devices had two bugs - it - would break out of the poll as soon as any read succeeded, and it selected on - each device individually. When a blocking source was first in the device list - and the entropy pool was running low, the reader might either block in select - until eventually timing out (continuing on to read from /dev/urandom instead), - or read just a few bytes, skip /dev/urandom, fail to satisfy the entropy - target, and the poll would continue using other (slower) sources. This caused - substantial performance/latency problems in RNG heavy applications. Now all - devices are selected over at once, with the effect that a full read from - urandom always occurs, along with however much (if any) output is available - from blocking sources. - -* Previously AutoSeeded_RNG referenced a globally shared PRNG instance. - Now each instance has distinct state. - -* The entropy collector that runs Unix programs to collect statistical - data now runs multiple processes in parallel, greatly reducing poll - times on some systems. - -* The Randpool RNG implementation was removed. - -* All existing cipher mode implementations (such as CBC and XTS) have been - converted from filters to using the interface previously provided by - AEAD modes which allows for in-place message - processing. Code which directly references the filter objects will break, but - an adaptor filter allows usage through get_cipher as usual. - -* An implementation of CCM mode from RFC 3601 has been added, as well as CCM - ciphersuites for TLS. - -* The implementation of OCB mode now supports 64 and 96 bit tags - -* Optimized computation of XTS tweaks, producing a substantial speedup - -* Add support for negotiating Brainpool ECC curves in TLS - -* TLS v1.2 will not negotiate plain SHA-1 signatures by default. - -* TLS channels now support sending a ``std::vector`` - -* Add a generic 64x64->128 bit multiply instruction operation in mul128.h - -* Avoid potentially undefined operations in the bit rotation operations. Not - known to have caused problems under existing compilers but might break in the - future. Found by Clang sanitizer, reported by Jeffrey Walton. diff --git a/doc/relnotes/1_11_6.rst b/doc/relnotes/1_11_6.rst deleted file mode 100644 index 8282e9e28..000000000 --- a/doc/relnotes/1_11_6.rst +++ /dev/null @@ -1,27 +0,0 @@ -Version 1.11.6, 2013-12-29 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* The Boost filesystem and asio libraries are now being used by default. - Pass ``--without-boost`` to ``configure.py`` to disable. - -* The default TLS policy no longer allows SSLv3 or RC4. - -* OAEP had two bugs, one of which allowed it to be used even if the - key was too small, and the other of which would cause a crash during - decryption if the EME data was too large for the associated key. - -* GCM mode now uses the Intel clmul instruction when available - -* Add the Threefish-512 tweakable block cipher, including an AVX2 version - -* Add SIV (from :rfc:`5297`) as a nonce-based AEAD - -* Add HKDF (from :rfc:`5869`) using an experimental PRF interface - -* Add HTTP utility functions and OCSP online checking - -* Add TLS::Policy::acceptable_ciphersuite hook to disable ciphersuites - on an ad-hoc basis. - -* TLS::Session_Manager_In_Memory's constructor now requires a RNG - diff --git a/doc/relnotes/1_11_7.rst b/doc/relnotes/1_11_7.rst deleted file mode 100644 index 7d4703448..000000000 --- a/doc/relnotes/1_11_7.rst +++ /dev/null @@ -1,23 +0,0 @@ -Version 1.11.7, 2014-01-10 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Botan's basic numeric types are now defined in terms of the - C99/C++11 standard integer types. For instance `u32bit` is now a - typedef for `uint32_t`, and both names are included in the library - namespace. This should not result in any application-visible - changes. - -* There are now two executable outputs of the build, `botan-test`, - which runs the tests, and `botan` which is used as a driver to call - into various subcommands which can also act as examples of library - use, much in the manner of the `openssl` command. It understands the - commands `base64`, `asn1`, `x509`, `tls_client`, `tls_server`, - `bcrypt`, `keygen`, `speed`, and various others. As part of this - change many obsolete, duplicated, or one-off examples were removed, - while others were extended with new functionality. Contributions of - new subcommands, new bling for exising ones, or documentation in any - form is welcome. - -* Fix a bug in Lion, which was broken by a change in 1.11.0. The - problem was not noticed before as Lion was also missing a test vector - in previous releases. diff --git a/doc/relnotes/1_11_8.rst b/doc/relnotes/1_11_8.rst deleted file mode 100644 index 7189cff26..000000000 --- a/doc/relnotes/1_11_8.rst +++ /dev/null @@ -1,56 +0,0 @@ -Version 1.11.8, 2014-02-13 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* The `botan` command line application introduced in 1.11.7 is now - installed along with the library. - -* A bug in certificate path validation introduced in 1.11.6 which - caused all CRL signature checks to fail has been corrected. - -* The ChaCha20 stream cipher has been added. - -* The ``Transformation`` class no longer implements an interface for keying, - this has been moved to a new subclass ``Keyed_Transformation``. - -* The ``Algorithm`` class, which previously acted as a global base for - various types (ciphers, hashes, etc) has been removed. - -* CMAC now supports 256 and 512 bit block ciphers, which also allows - the use of larger block ciphers with EAX mode. In particular this - allows using Threefish in EAX mode. - -* The antique PBES1 private key encryption scheme (which only supports - DES or 64-bit RC2) has been removed. - -* The Square, Skipjack, and Luby-Rackoff block ciphers have been removed. - -* The Blue Midnight Wish hash function has been removed. - -* Skein-512 no longer supports output lengths greater than 512 bits. - -* Skein did not reset its internal state properly if clear() was - called, causing it to produce incorrect results for the following - message. It was reset correctly in final() so most usages should not - be affected. - -* A number of public key padding schemes have been renamed to match - the most common notation; for instance EME1 is now called OAEP and - EMSA4 is now called PSSR. Aliases are set which should allow all - current applications to continue to work unmodified. - -* A bug in CFB encryption caused a few bytes past the end of the final - block to be read. The actual output was not affected. - -* Fix compilation errors in the tests that occured with minimized - builds. Contributed by Markus Wanner. - -* Add a new ``--destdir`` option to ``configure.py`` which controls - where the install target will place the output. The ``--prefix`` - option continues to set the location where the library expects to be - eventually installed. - -* Many class destructors which previously deleted memory have been - removed in favor of using ``unique_ptr``. - -* Various portability fixes for Clang, Windows, Visual C++ 2013, OS X, - and x86-32. diff --git a/doc/relnotes/1_11_9.rst b/doc/relnotes/1_11_9.rst deleted file mode 100644 index a18a0b49d..000000000 --- a/doc/relnotes/1_11_9.rst +++ /dev/null @@ -1,37 +0,0 @@ -Version 1.11.9, 2014-04-10 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fix a bug in primality testing introduced in 1.8.3 which caused - only a single random base, rather than a sequence of random bases, - to be used in the Miller-Rabin test. This increased the probability - that a non-prime would be accepted. Reported by Jeff Marrison. - -* X.509 path validation now returns a set of all errors that occurred - during validation, rather than immediately returning the first - detected error. This prevents a seemingly innocuous error (such as - an expired certificate) from hiding an obviously serious error - (such as an invalid signature). The Certificate_Status_Code enum is - now ordered by severity, and the most severe error is returned by - Path_Validation_Result::result(). The entire set of status codes is - available with the new all_statuses call. - -* Fixed a bug in OCSP response decoding which would cause an error - when attempting to decode responses from some widely used - responders. - -* An implementation of HMAC_DRBG RNG from NIST SP800-90A has been - added. Like the X9.31 PRNG implementation, it uses another - underlying RNG for seeding material. - -* An implementation of the RFC 6979 deterministic nonce generator has - been added. - -* Fix a bug in certificate path validation which prevented successful - validation if intermediate certificates were presented out of order. - -* Fix a bug introduced in 1.11.5 which could cause crashes or other - incorrect behavior when a cipher mode filter was followed in the - pipe by another filter, and that filter had a non-empty start_msg. - -* The types.h header now uses stdint.h rather than cstdint to avoid - problems with Clang on OS X. diff --git a/doc/relnotes/1_1_0.rst b/doc/relnotes/1_1_0.rst deleted file mode 100644 index 09a08860b..000000000 --- a/doc/relnotes/1_1_0.rst +++ /dev/null @@ -1,20 +0,0 @@ -Version 1.1.0, 2002-09-14 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added entropy estimation to the RNGs -* Improved the overall design of both Randpool and ANSI_X917_RNG -* Added a separate RNG for nonce generation -* Added window exponentiation support in power_mod -* Added a get_s2k function and the PKCS #5 S2K algorithms -* Added the TLSv1 PRF -* Replaced BlockCipherModeIV typedef with InitializationVector class -* Renamed PK_Key_Agreement_Scheme to PK_Key_Agreement -* Renamed SHA1 -> SHA_160 and SHA2_x -> SHA_x -* Added support for RIPEMD-160 PKCS#1 v1.5 signatures -* Changed the key agreement scheme interface -* Changed the S2K and KDF interfaces -* Better SCAN compatibility for HAVAL, Tiger, MISTY1, SEAL, RC5, SAFER-SK -* Added support for variable-pass Tiger -* Major speedup for Rabin-Williams key generation - - diff --git a/doc/relnotes/1_1_1.rst b/doc/relnotes/1_1_1.rst deleted file mode 100644 index bdb13f3ff..000000000 --- a/doc/relnotes/1_1_1.rst +++ /dev/null @@ -1,15 +0,0 @@ -Version 1.1.1, 2002-10-15 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added the Korean hash function HAS-160 -* Partial support for RSA and DSA X.509 public keys -* Added a mostly functional BER encoder/decoder -* Added support for non-deterministic MAC functions -* Initial support for PEM encoding/decoding -* Internal cleanups in the PK algorithms -* Several new convenience functions in Pipe -* Fixed two nasty bugs in Pipe -* Messed with the entropy sources for es_unix -* Discrete logarithm groups are checked for safety more closely now -* For compatibility with GnuPG, ElGamal now supports DSA-style groups - diff --git a/doc/relnotes/1_1_10.rst b/doc/relnotes/1_1_10.rst deleted file mode 100644 index adc295152..000000000 --- a/doc/relnotes/1_1_10.rst +++ /dev/null @@ -1,13 +0,0 @@ -Version 1.1.10, 2003-04-03 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* X509_CA can now generate new X.509 CRLs -* Added blinding for RSA, RW, DH, and ElGamal to prevent timing attacks -* More certificate and CRL extensions/attributes are supported -* Better DN handling in X.509 certificates/CRLs -* Added a DataSink hierarchy (suggested by Jim Darby) -* Consolidated SecureAllocator and ManagedAllocator -* Many cleanups and generalizations -* Added a (slow) pthreads based EntropySource -* Fixed some threading bugs - diff --git a/doc/relnotes/1_1_11.rst b/doc/relnotes/1_1_11.rst deleted file mode 100644 index ef05a42a0..000000000 --- a/doc/relnotes/1_1_11.rst +++ /dev/null @@ -1,11 +0,0 @@ -Version 1.1.11, 2003-04-07 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added PKCS #10 certificate requests -* Changed X509_Store searching interface to be more flexible -* Added a generic Certificate_Store interface -* Added a function for generating self-signed X.509 certs -* Cleanups and changes to X509_CA -* New examples for PKCS #10 and self-signed certificates -* Some documentation updates - diff --git a/doc/relnotes/1_1_12.rst b/doc/relnotes/1_1_12.rst deleted file mode 100644 index 5f652af52..000000000 --- a/doc/relnotes/1_1_12.rst +++ /dev/null @@ -1,12 +0,0 @@ -Version 1.1.12, 2003-04-15 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed a ASN.1 string encoding bug -* Fixed a pair of X509_DN encoding problems -* Base64_Decoder and Hex_Decoder can now validate input -* Removed support for the LibraryInitializer option 'egd_path' -* Added tests for DSA X.509 and PKCS #8 key formats -* Removed a long deprecated feature of DH_PrivateKey's constructor -* Updated the RPM .spec file -* Major documentation updates - diff --git a/doc/relnotes/1_1_13.rst b/doc/relnotes/1_1_13.rst deleted file mode 100644 index b7379ceb8..000000000 --- a/doc/relnotes/1_1_13.rst +++ /dev/null @@ -1,16 +0,0 @@ -Version 1.1.13, 2003-04-22 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added OMAC -* Added EAX authenticated cipher mode -* Diffie-Hellman would not do blinding in some cases -* Optimized the OFB and CTR modes -* Corrected Skipjack's word ordering, as per NIST clarification -* Support for all subject/issuer attribute types required by RFC 3280 -* The removeFromCRL CRL reason code is now handled correctly -* Increased the flexibility of the allocators -* Renamed Rijndael to AES, created aes.h, deleted rijndael.h -* Removed support for the 'no_timer' LibraryInitializer option -* Removed 'es_pthr' module, pending further testing -* Cleaned up get_ciph.cpp - diff --git a/doc/relnotes/1_1_2.rst b/doc/relnotes/1_1_2.rst deleted file mode 100644 index 088d66804..000000000 --- a/doc/relnotes/1_1_2.rst +++ /dev/null @@ -1,17 +0,0 @@ -Version 1.1.2, 2002-10-21 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Support for PKCS #8 encoded RSA, DSA, and DH private keys -* Support for Diffie-Hellman X.509 public keys -* Major reorganization of how X.509 keys are handled -* Added PKCS #5 v2.0's PBES1 encryption scheme -* Added a generic cipher lookup interface -* Added the WiderWake4+1 stream cipher -* Added support for sync-able stream ciphers -* Added a 'paranoia level' option for the LibraryInitializer -* More security for RNG output meant for long term keys -* Added documentation for some of the new 1.1.x features -* CFB's feedback argument is now specified in bits -* Renamed CTR class to CTR_BE -* Updated the RSA and DSA examples to use X.509 and PKCS #8 key formats - diff --git a/doc/relnotes/1_1_3.rst b/doc/relnotes/1_1_3.rst deleted file mode 100644 index f8c7fc3fc..000000000 --- a/doc/relnotes/1_1_3.rst +++ /dev/null @@ -1,15 +0,0 @@ -Version 1.1.3, 2002-11-03 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added a generic public/private key loading interface -* Fixed a small encoding bug in RSA, RW, and DH -* Changed the PK encryption/decryption interface classes -* ECB supports using padding methods -* Added a function-based interface for library initialization -* Added support for RIPEMD-128 and Tiger PKCS#1 v1.5 signatures -* The cipher mode benchmarks now use 128-bit AES instead of DES -* Removed some obsolete typedefs -* Removed OpenCL support (opencl.h, the OPENCL_* macros, etc) -* Added tests for PKCS #8 encoding/decoding -* Added more tests for ECB and CBC - diff --git a/doc/relnotes/1_1_4.rst b/doc/relnotes/1_1_4.rst deleted file mode 100644 index 9d74c3ae5..000000000 --- a/doc/relnotes/1_1_4.rst +++ /dev/null @@ -1,14 +0,0 @@ -Version 1.1.4, 2002-11-10 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Speedup of 15-30% for PK algorithms -* Implemented the PBES2 encryption scheme -* Fixed a potential bug in decoding RSA and RW private keys -* Changed the DL_Group class interface to handle different formats better -* Added support for PKCS #3 encoded DH parameters -* X9.42 DH parameters use a PEM label of 'X942 DH PARAMETERS' -* Added key pair consistency checking -* Fixed a compatibility problem with gcc 2.96 (pointed out by Hany Greiss) -* A botan-config script is generated at configure time -* Documentation updates - diff --git a/doc/relnotes/1_1_5.rst b/doc/relnotes/1_1_5.rst deleted file mode 100644 index 90101dedb..000000000 --- a/doc/relnotes/1_1_5.rst +++ /dev/null @@ -1,8 +0,0 @@ -Version 1.1.5, 2002-11-17 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added the discrete logarithm integrated encryption system (DLIES) -* Various optimizations for BigInt -* Added support for assembler optimizations in modules -* Added BigInt x86 optimizations module (mpi_ia32) - diff --git a/doc/relnotes/1_1_6.rst b/doc/relnotes/1_1_6.rst deleted file mode 100644 index 4c638b7e3..000000000 --- a/doc/relnotes/1_1_6.rst +++ /dev/null @@ -1,10 +0,0 @@ -Version 1.1.6, 2002-12-10 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Initial support for X.509v3 certificates and CAs -* Major redesign/rewrite of the ASN.1 encoding/decoding code -* Added handling for DSA/NR signatures encoded as DER SEQUENCEs -* Documented the generic cipher lookup interface -* Added an (untested) entropy source for BeOS -* Various cleanups and bug fixes - diff --git a/doc/relnotes/1_1_7.rst b/doc/relnotes/1_1_7.rst deleted file mode 100644 index bd73607e6..000000000 --- a/doc/relnotes/1_1_7.rst +++ /dev/null @@ -1,8 +0,0 @@ -Version 1.1.7, 2003-01-12 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed an obscure but dangerous bug in SecureVector::swap -* Consolidated SHA-384 and SHA-512 to save code space -* Added SSL3-MAC and SSL3-PRF -* Documentation updates, including a new tutorial - diff --git a/doc/relnotes/1_1_8.rst b/doc/relnotes/1_1_8.rst deleted file mode 100644 index 2ed517ece..000000000 --- a/doc/relnotes/1_1_8.rst +++ /dev/null @@ -1,13 +0,0 @@ -Version 1.1.8, 2003-01-29 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixes for the certificate path validation algorithm in X509_Store -* Fixed a bug affecting X509_Certificate::is_ca_cert() -* Added a general configuration interface for policy issues -* Cleanups and API changes in the X.509 CA, cert, and store code -* Made various options available for X509_CA users -* Changed X509_Time's interface to work around time_t problems -* Fixed a theoretical weakness in Randpool's entropy mixing function -* Fixed problems compiling with GCC 2.95.3 and GCC 2.96 -* Fixed a configure bug (reported by Jon Wilson) affecting MinGW - diff --git a/doc/relnotes/1_1_9.rst b/doc/relnotes/1_1_9.rst deleted file mode 100644 index 2ed18080d..000000000 --- a/doc/relnotes/1_1_9.rst +++ /dev/null @@ -1,10 +0,0 @@ -Version 1.1.9, 2003-02-25 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added support for using X.509v2 CRLs -* Fixed several bugs in the path validation algorithm -* Certificates can be verified for a particular usage -* Algorithm for comparing distinguished names now follows X.509 -* Cleaned up the code for the es_beos, es_ftw, es_unix modules -* Documentation updates - diff --git a/doc/relnotes/1_2_0.rst b/doc/relnotes/1_2_0.rst deleted file mode 100644 index 2372919fb..000000000 --- a/doc/relnotes/1_2_0.rst +++ /dev/null @@ -1,9 +0,0 @@ -Version 1.2.0, 2003-04-28 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Tweaked the Karatsuba cut-off points -* Increased the allowed keylength of HMAC and Blowfish -* Removed the 'mpi_ia32' module, pending rewrite -* Workaround a GCC 2.95.x bug in eme1.cpp - - diff --git a/doc/relnotes/1_2_1.rst b/doc/relnotes/1_2_1.rst deleted file mode 100644 index 885d6a10a..000000000 --- a/doc/relnotes/1_2_1.rst +++ /dev/null @@ -1,10 +0,0 @@ -Version 1.2.1, 2003-05-06 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added ANSI X9.23 compatible CBC padding -* Added an entropy source using Win32 CryptoAPI -* Removed the Pipe I/O operators taking a FILE* -* Moved the BigInt encoding/decoding functions into the BigInt class -* Integrated several fixes for VC++ 7 (from Hany Greiss) -* Fixed the configure.pl script for Windows builds - diff --git a/doc/relnotes/1_2_2.rst b/doc/relnotes/1_2_2.rst deleted file mode 100644 index 6732daffb..000000000 --- a/doc/relnotes/1_2_2.rst +++ /dev/null @@ -1,13 +0,0 @@ -Version 1.2.2, 2003-05-13 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add checks to prevent any BigInt bugs from revealing an RSA or RW key -* Changed the interface of Global_RNG::seed -* Major improvements for the es_unix module -* Added another Win32 entropy source, es_win32 -* The Win32 CryptoAPI entropy source can now poll multiple providers -* Improved the BeOS entropy source -* Renamed pipe_unixfd module to fd_unix -* Fixed a file descriptor leak in the EGD module -* Fixed a few locking bugs - diff --git a/doc/relnotes/1_2_3.rst b/doc/relnotes/1_2_3.rst deleted file mode 100644 index fd12fc09c..000000000 --- a/doc/relnotes/1_2_3.rst +++ /dev/null @@ -1,14 +0,0 @@ -Version 1.2.3, 2003-05-20 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed a bug that prevented DSA/NR key generation -* Fixed a bug that prevented importing some root CA certs -* Fixed a bug in the BER decoder when handing optional bit or byte strings -* Fixed the encoding of authorityKeyIdentifier in X509_CA -* Added a sanity check in PBKDF2 for zero length passphrases -* Added versions of X509::load_key and PKCS8::load_key that take a file name -* X509_CA generates 128 bit serial numbers now -* Added tests to check PK key generation -* Added a simplistic X.509 CA example -* Cleaned up some of the examples - diff --git a/doc/relnotes/1_2_4.rst b/doc/relnotes/1_2_4.rst deleted file mode 100644 index 600d030c4..000000000 --- a/doc/relnotes/1_2_4.rst +++ /dev/null @@ -1,8 +0,0 @@ -Version 1.2.4, 2003-05-29 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed a bug in EMSA1 affecting NR signature verification -* Fixed a few latent bugs in BigInt related to word size -* Removed an unused function, mp_add2_nc, from the MPI implementation -* Reorganized the core MPI files - diff --git a/doc/relnotes/1_2_5.rst b/doc/relnotes/1_2_5.rst deleted file mode 100644 index b88c37e7e..000000000 --- a/doc/relnotes/1_2_5.rst +++ /dev/null @@ -1,23 +0,0 @@ -Version 1.2.5, 2003-06-22 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed a tricky and long-standing memory leak in Pipe -* Major cleanups and fixes in the memory allocation system -* Removed alloc_mlock, which has been superseded by the ml_unix module -* Removed a denial of service vulnerability in X509_Store -* Fixed compilation problems with VS .NET 2003 and Codewarrior 8 -* Added another variant of PKCS8::load_key, taking a memory buffer -* Fixed various minor/obscure bugs which occurred when MP_WORD_BITS != 32 -* BigInt::operator%=(word) was a no-op if the input was a power of 2 -* Fixed portability problems in BigInt::to_u32bit -* Fixed major bugs in SSL3-MAC -* Cleaned up some messes in the PK algorithms -* Cleanups and extensions for OMAC and EAX -* Made changes to the entropy estimation function -* Added a 'beos' module set for use on BeOS -* Officially deprecated a few X509:: and PKCS8:: functions -* Moved the contents of primes.h to numthry.h -* Moved the contents of x509opt.h to x509self.h -* Removed the (empty) desx.h header -* Documentation updates - diff --git a/doc/relnotes/1_2_6.rst b/doc/relnotes/1_2_6.rst deleted file mode 100644 index 9a22648d5..000000000 --- a/doc/relnotes/1_2_6.rst +++ /dev/null @@ -1,10 +0,0 @@ -Version 1.2.6, 2003-07-04 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Major performance increase for PK algorithms on most 64-bit systems -* Cleanups in the low-level MPI code to support asm implementations -* Fixed build problems with some versions of Compaq's C++ compiler -* Removed useless constructors for NR public and private keys -* Removed support for the patch_file directive in module files -* Removed several deprecated functions - diff --git a/doc/relnotes/1_2_7.rst b/doc/relnotes/1_2_7.rst deleted file mode 100644 index 8121bbef8..000000000 --- a/doc/relnotes/1_2_7.rst +++ /dev/null @@ -1,15 +0,0 @@ -Version 1.2.7, 2003-10-31 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added support for reading configuration files -* Added constructors so NR and RW keys can be imported easily -* Fixed mp_asm64, which was completely broken in 1.2.6 -* Removed tm_hw_ia32 module; replaced by tm_hard -* Added support for loading certain oddly formed RSA certificates -* Fixed spelling of NON_REPUDIATION enum -* Renamed the option default_to_ca to v1_assume_ca -* Fixed a minor bug in X.509 certificate generation -* Fixed a latent bug in the OID lookup code -* Updated the RPM spec file -* Added to the tutorial - diff --git a/doc/relnotes/1_2_8.rst b/doc/relnotes/1_2_8.rst deleted file mode 100644 index e234b5ccd..000000000 --- a/doc/relnotes/1_2_8.rst +++ /dev/null @@ -1,5 +0,0 @@ -Version 1.2.8, 2003-11-21 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Merged several important bug fixes from 1.3.x - diff --git a/doc/relnotes/1_3_0.rst b/doc/relnotes/1_3_0.rst deleted file mode 100644 index c1229e8d2..000000000 --- a/doc/relnotes/1_3_0.rst +++ /dev/null @@ -1,11 +0,0 @@ -Version 1.3.0, 2003-11-02 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Major redesign of the PKCS #8 private key import/export system -* Added a small amount of UI interface code for getting passphrases -* Added heuristics that tell if a key, cert, etc is stored as PEM or BER -* Removed CS-Cipher, SHARK, ThreeWay, MD5-MAC, and EMAC -* Removed certain deprecated constructors of RSA, DSA, DH, RW, NR -* Made PEM decoding more forgiving of extra text before the header - - diff --git a/doc/relnotes/1_3_1.rst b/doc/relnotes/1_3_1.rst deleted file mode 100644 index 70bc79d02..000000000 --- a/doc/relnotes/1_3_1.rst +++ /dev/null @@ -1,7 +0,0 @@ -Version 1.3.1, 2003-11-04 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Generalized a few pieces of the DER encoder -* PKCS8::load_key would fail if handed an unencrypted key -* Added a failsafe so PKCS #8 key decoding can't go into an infinite loop - diff --git a/doc/relnotes/1_3_10.rst b/doc/relnotes/1_3_10.rst deleted file mode 100644 index f99d11bc2..000000000 --- a/doc/relnotes/1_3_10.rst +++ /dev/null @@ -1,10 +0,0 @@ -Version 1.3.10, 2004-03-27 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added support for OpenPGP's ASCII armor format -* Cleaned up the RNG system; seeding is much more flexible -* Added simple autoconfiguration abilities to configure.pl -* Fixed a GCC 2.95.x compile problem -* Updated the example configuration file -* Documentation updates - diff --git a/doc/relnotes/1_3_11.rst b/doc/relnotes/1_3_11.rst deleted file mode 100644 index 86c1f13a1..000000000 --- a/doc/relnotes/1_3_11.rst +++ /dev/null @@ -1,12 +0,0 @@ -Version 1.3.11, 2004-04-01 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed two show-stopping bugs in PKCS10_Request -* Added some sanity checks in Pipe/Filter -* The DNS and URI entries would get swapped in subjectAlternativeNames -* MAC_Filter is now willing to not take a key at creation time -* Setting the expiration times of certs and CRLs is more flexible -* Fixed problems building on AIX with GCC -* Fixed some problems in the tutorial pointed out by Dominik Vogt -* Documentation updates - diff --git a/doc/relnotes/1_3_12.rst b/doc/relnotes/1_3_12.rst deleted file mode 100644 index 0a5ef7901..000000000 --- a/doc/relnotes/1_3_12.rst +++ /dev/null @@ -1,15 +0,0 @@ -Version 1.3.12, 2004-05-02 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added ability to remove old entries from CRLs -* Swapped the first two arguments of X509_CA::update_crl() -* Added an < operator for MemoryRegion, so it can be used as a std::map key -* Changed X.509 searching by DNS name from substring to full string compares -* Renamed a few X509_Certificate and PKCS10_Request member functions -* Fixed a problem when decoding some PKCS #10 requests -* Hex_Decoder would not check inputs, reported by Vaclav Ovsik -* Changed default CRL expire time from 30 days to 7 days -* X509_CRL's default PEM header is now "X509 CRL", for OpenSSL compatibility -* Corrected errors in the API doc, fixes from Ken Perano -* More documentation about the Pipe/Filter code - diff --git a/doc/relnotes/1_3_13.rst b/doc/relnotes/1_3_13.rst deleted file mode 100644 index 6b6726aea..000000000 --- a/doc/relnotes/1_3_13.rst +++ /dev/null @@ -1,9 +0,0 @@ -Version 1.3.13, 2004-05-15 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Major fixes for Cygwin builds -* Minor MacOS X install fixes -* The configure script is a little better at picking the right modules -* Removed ml_unix from the 'unix' module set for Cygwin compatibility -* Fixed a stupid compile problem in pkcs10.h - diff --git a/doc/relnotes/1_3_14.rst b/doc/relnotes/1_3_14.rst deleted file mode 100644 index 330a4690b..000000000 --- a/doc/relnotes/1_3_14.rst +++ /dev/null @@ -1,26 +0,0 @@ -Version 1.3.14, 2004-06-12 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added support for AEP's AEP1000/AEP2000 crypto cards -* Added a Mutex module using Qt, from Justin Karneges -* Added support for engine loading in LibraryInitializer -* Tweaked SecureAllocator, giving 20% better performance under heavy load -* Added timer and memory locking modules for Win32 (tm_win32, ml_win32) -* Renamed PK_Engine to Engine_Core -* Improved the Karatsuba cutoff points -* Fixes for compiling with GCC 3.4 and Sun C++ 5.5 -* Fixes for Linux/s390, OpenBSD, and Solaris -* Added support for Linux/s390x -* The configure script was totally broken for 'generic' OS -* Removed Montgomery reduction due to bugs -* Removed an unused header, pkcs8alg.h -* check --validate returns an error code if any tests failed -* Removed duplicate entry in Unix command list for es_unix -* Moved the Cert_Usage enumeration into X509_Store -* Added new timing methods for PK benchmarks, clock_gettime and RDTSC -* Fixed a few minor bugs in the configure script -* Removed some deprecated functions from x509cert.h and pkcs10.h -* Removed the 'minimal' module, has to be updated for Engine support -* Changed MP_WORD_BITS macro to BOTAN_MP_WORD_BITS to clean up namespace -* Documentation updates - diff --git a/doc/relnotes/1_3_2.rst b/doc/relnotes/1_3_2.rst deleted file mode 100644 index c4a99be88..000000000 --- a/doc/relnotes/1_3_2.rst +++ /dev/null @@ -1,21 +0,0 @@ -Version 1.3.2, 2003-11-13 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed a bug preventing DSA signatures from verifying on X.509 objects -* Made the X509_Store search routines more efficient and flexible -* Added a function to X509_PublicKey to do easy public/private key matching -* Added support for decoding indefinite length BER data -* Changed Pipe's peek() to take an offset -* Removed Filter::set_owns in favor of the new incr_owns function -* Removed BigInt::zero() and BigInt::one() -* Renamed the PEM related options from base/pem_* to pem/* -* Added an option to specify the line width when encoding PEM -* Removed the "rng/safe_longterm" option; it's always on now -* Changed the cipher used for RNG super-encryption from ARC4 to WiderWake4+1 -* Cleaned up the base64/hex encoders and decoders -* Added an ASN.1/BER decoder as an example -* AES had its internals marked 'public' in previous versions -* Changed the value of the ASN.1 NO_OBJECT enum -* Various new hacks in the configure script -* Removed the already nominal support for SunOS - diff --git a/doc/relnotes/1_3_3.rst b/doc/relnotes/1_3_3.rst deleted file mode 100644 index 236fbec85..000000000 --- a/doc/relnotes/1_3_3.rst +++ /dev/null @@ -1,18 +0,0 @@ -Version 1.3.3, 2003-11-17 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* The library can now be repeatedly initialized and shutdown without crashing -* Fixed an off-by-one error in the CTS code -* Fixed an error in the EMSA4 verification code -* Fixed a memory leak in mutex.cpp (pointed out by James Widener) -* Fixed a memory leak in Pthread_Mutex -* Fixed several memory leaks in the testing code -* Bulletproofed the EMSA/EME/KDF/MGF retrieval functions -* Minor cleanups in SecureAllocator -* Removed a needless mutex guarding the (stateless) global timer -* Fixed a piece of bash-specific code in botan-config -* X.509 objects report more information about decoding errors -* Cleaned up some of the exception handling -* Updated the example config file with new OIDSs -* Moved the build instructions into a separate document, building.tex - diff --git a/doc/relnotes/1_3_4.rst b/doc/relnotes/1_3_4.rst deleted file mode 100644 index 54a12d818..000000000 --- a/doc/relnotes/1_3_4.rst +++ /dev/null @@ -1,11 +0,0 @@ -Version 1.3.4, 2003-11-21 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added a module that does certain MPI operations using GNU MP -* Added the X9.42 Diffie-Hellman PRF -* The Zlib and Bzip2 objects now use custom allocators -* Added member functions for directly hashing/MACing SecureVectors -* Minor optimizations to the MPI addition and subtraction algorithms -* Some cleanups in the low-level MPI code -* Created separate AES-{128,192,256} objects - diff --git a/doc/relnotes/1_3_5.rst b/doc/relnotes/1_3_5.rst deleted file mode 100644 index f94df7bd9..000000000 --- a/doc/relnotes/1_3_5.rst +++ /dev/null @@ -1,21 +0,0 @@ -Version 1.3.5, 2003-11-30 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Major improvements in ASN.1 string handling -* Added partial support for ASN.1 UTF8 STRINGs and BMP STRINGs -* Added partial support for the X.509v3 certificate policies extension -* Centralized the handling of character set information -* Added FIPS 140-2 startup self tests -* Added a module (fips140) for doing extra FIPS 140-2 tests -* Added FIPS 186-2 RNG -* Improved ASN.1 BIT STRING handling -* Removed a memory leak in PKCS10_Request -* The encoding of DirectoryString now follows PKIX guidelines -* Fixed some of the character set dependencies -* Fixed a DER encoding error for tags greater than 30 -* The BER decoder can now handle tags larger than 30 -* Fixed tm_hard.cpp to recognize SPARC on more systems -* Workarounds for a GCC 2.95.x bug in x509find.cpp -* RPM changed to install into /usr instead of /usr/local -* Added support for QNX - diff --git a/doc/relnotes/1_3_6.rst b/doc/relnotes/1_3_6.rst deleted file mode 100644 index f8310d315..000000000 --- a/doc/relnotes/1_3_6.rst +++ /dev/null @@ -1,8 +0,0 @@ -Version 1.3.6, 2003-12-07 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added a new module 'minimal', which disables most algorithms -* SecureAllocator allocates a few blocks at startup -* A few minor MPI cleanups -* RPM spec file cleanups and fixes - diff --git a/doc/relnotes/1_3_7.rst b/doc/relnotes/1_3_7.rst deleted file mode 100644 index 8cbb431f5..000000000 --- a/doc/relnotes/1_3_7.rst +++ /dev/null @@ -1,13 +0,0 @@ -Version 1.3.7, 2003-12-12 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed a big security problem in es_unix -* Fixed several stability problems in es_unix -* Expanded the list of programs es_unix will try to use -* SecureAllocator now only preallocates blocks in special cases -* Added a special case in Global_RNG::seed for forcing a full poll -* Removed the FIPS 186 RNG added in 1.3.5 pending further testing -* Configure updates for PowerPC CPUs -* Removed the (never tested) VAX support -* Added support for S/390 Linux - diff --git a/doc/relnotes/1_3_8.rst b/doc/relnotes/1_3_8.rst deleted file mode 100644 index 7fac2566a..000000000 --- a/doc/relnotes/1_3_8.rst +++ /dev/null @@ -1,26 +0,0 @@ -Version 1.3.8, 2003-12-30 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Initial introduction of engine support, which separates PK keys from - the underlying operations. An engine using GNU MP was added. - -* DSA, DH, NR, and ElGamal constructors accept taking just the private - key again since the public key is easily derived from it. - -* Montgomery reduction support was added. -* ElGamal keys now support being imported/exported as ASN.1 objects -* Added Montgomery reductions -* Added an engine that uses GNU MP (requires 4.1 or later) -* Removed the obsolete mp_gmp module -* Moved several initialization/shutdown functions to init.h -* Major refactoring of the memory containers -* New non-locking container, MemoryVector -* Fixed 64-bit problems in BigInt::set_bit/clear_bit -* Renamed PK_Key::check_params() to check_key() -* Some incompatible changes to OctetString -* Added version checking macros in version.h -* Removed the fips140 module pending rewrite -* Added some functions and hooks to help GUIs -* Moved more shared code into MDx_HashFunction -* Added a policy hook for specifying the encoding of X.509 strings - diff --git a/doc/relnotes/1_3_9.rst b/doc/relnotes/1_3_9.rst deleted file mode 100644 index 1867b8231..000000000 --- a/doc/relnotes/1_3_9.rst +++ /dev/null @@ -1,10 +0,0 @@ -Version 1.3.9, 2004-03-07 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added an engine using OpenSSL (requires 0.9.7 or later) -* X509_Certificate would lose email addresses stored in the DN -* Fixed a missing initialization in a BigInt constructor -* Fixed several Visual C++ compile problems -* Fixed some BeOS build problems -* Fixed the WiderWake benchmark - diff --git a/doc/relnotes/1_4_0.rst b/doc/relnotes/1_4_0.rst deleted file mode 100644 index c1cc5ea88..000000000 --- a/doc/relnotes/1_4_0.rst +++ /dev/null @@ -1,12 +0,0 @@ -Version 1.4.0, 2004-06-26 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added the FIPS 186 RNG back -* Added copy_key functions for X.509 public keys and PKCS #8 private keys -* Fixed PKCS #1 signatures with RIPEMD-128 -* Moved some code around to avoid warnings with Sun ONE compiler -* Fixed a bug in botan-config affecting OpenBSD -* Fixed some build problems on Tru64, HP-UX -* Fixed compile problems with Intel C++, Compaq C++ - - diff --git a/doc/relnotes/1_4_1.rst b/doc/relnotes/1_4_1.rst deleted file mode 100644 index 10f45b8b1..000000000 --- a/doc/relnotes/1_4_1.rst +++ /dev/null @@ -1,11 +0,0 @@ -Version 1.4.1, 2004-10-10 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed major errors in the X.509 and PKCS #8 copy_key functions -* Added a LAST_MESSAGE meta-message number for Pipe -* Added new aliases (3DES and DES-EDE) for Triple-DES -* Added some new functions to PK_Verifier -* Cleaned up the KDF interface -* Disabled tm_posix on BSD due to header issues -* Fixed a build problem on PowerPC with GNU C++ pre-3.4 - diff --git a/doc/relnotes/1_4_10.rst b/doc/relnotes/1_4_10.rst deleted file mode 100644 index 277245284..000000000 --- a/doc/relnotes/1_4_10.rst +++ /dev/null @@ -1,20 +0,0 @@ -Version 1.4.10, 2005-12-18 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added an implementation of KASUMI, the block cipher used in 3G phones -* Refactored Pipe; output queues are now managed by a distinct class -* Made certain Filter facilities only available to subclasses of Fanout_Filter -* There is no longer any overhead in Pipe for a message that has been read out -* It is now possible to generate RSA keys as small as 128 bits -* Changed some of the core classes to derive from Algorithm as a virtual base -* Changed Randpool to use HMAC instead of a plain hash as the mixing function -* Fixed a bug in the allocators; found and fixed by Matthew Gregan -* Enabled the use of binary file I/O, when requested by the application -* The OpenSSL engine's block cipher code was missing some deallocation calls -* Disabled the es_ftw module on NetBSD, due to header problems there -* Fixed a problem preventing tm_hard from building on MacOS X on PowerPC -* Some cleanups for the modules that use inline assembler -* config.h is now stored in build/ instead of build/include/botan/ -* The header util.h was split into bit_ops.h, parsing.h, and util.h -* Cleaned up some redundant include directives - diff --git a/doc/relnotes/1_4_11.rst b/doc/relnotes/1_4_11.rst deleted file mode 100644 index 1bfb5d059..000000000 --- a/doc/relnotes/1_4_11.rst +++ /dev/null @@ -1,12 +0,0 @@ -Version 1.4.11, 2005-12-31 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Changed Whirlpool diffusion matrix to match updated algorithm spec -* Fixed several engine module build errors introduced in 1.4.10 -* Fixed two build problems in es_capi; reported by Matthew Gregan -* Added a constructor to DataSource_Memory taking a std::string -* Placing the same Filter in multiple Pipes triggers an exception -* The configure script accepts --docdir and --libdir -* Merged doc/rngs.txt into the main API document -* Thanks to Joel Low for several bug reports on early tarballs of 1.4.11 - diff --git a/doc/relnotes/1_4_12.rst b/doc/relnotes/1_4_12.rst deleted file mode 100644 index d2c134884..000000000 --- a/doc/relnotes/1_4_12.rst +++ /dev/null @@ -1,8 +0,0 @@ -Version 1.4.12, 2006-01-15 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed an off-by-one memory read in MISTY1::key() -* Fixed a nasty memory leak in Output_Buffers::retire() -* Changed maximum HMAC keylength to 1024 bits -* Fixed a build problem in the hardware timer module on 64-bit PowerPC - diff --git a/doc/relnotes/1_4_2.rst b/doc/relnotes/1_4_2.rst deleted file mode 100644 index 43cc25a42..000000000 --- a/doc/relnotes/1_4_2.rst +++ /dev/null @@ -1,14 +0,0 @@ -Version 1.4.2, 2004-10-31 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed a major CRL handling bug -* Cipher and hash operations can be offloaded to engines -* Added support for cipher and hash offload in OpenSSL engine -* Improvements for 64-bit CPUs without a widening multiply instruction -* Support for SHA2-* and Whirlpool with EMSA2 -* Fixed a long-standing build problem with conflicting include files -* Fixed some examples that hadn't been updated for 1.4.x -* Portability fixes for Solaris, BSD, HP-UX, and others -* Lots of fixes and cleanups in the configure script -* Updated the Gentoo ebuild file - diff --git a/doc/relnotes/1_4_3.rst b/doc/relnotes/1_4_3.rst deleted file mode 100644 index 016221c6c..000000000 --- a/doc/relnotes/1_4_3.rst +++ /dev/null @@ -1,10 +0,0 @@ -Version 1.4.3, 2004-11-06 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Split up SecureAllocator into Allocator and Pooling_Allocator -* Memory locking allocators are more likely to be used -* Fixed the placement of includes in some modules -* Fixed broken installation procedure -* Fixes in configure script to support alternate install programs -* Modules can specify the minimum version they support - diff --git a/doc/relnotes/1_4_4.rst b/doc/relnotes/1_4_4.rst deleted file mode 100644 index f633751f5..000000000 --- a/doc/relnotes/1_4_4.rst +++ /dev/null @@ -1,9 +0,0 @@ -Version 1.4.4, 2004-12-02 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Further tweaks to the pooling allocator -* Modified EMSA3 to support SSL/TLS signatures -* Changes to support Qt/QCA, from Justin Karneges -* Moved mux_qt module code into mod_qt -* Fixes for HP-UX from Mike Desjardins - diff --git a/doc/relnotes/1_4_5.rst b/doc/relnotes/1_4_5.rst deleted file mode 100644 index cfc8b3455..000000000 --- a/doc/relnotes/1_4_5.rst +++ /dev/null @@ -1,15 +0,0 @@ -Version 1.4.5, 2005-02-26 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add support for AES encryption of private keys -* Minor fixes for PBES2 parameter decoding -* Internal cleanups for global state variables -* GCC 3.x version detection was broken in non-English locales -* Work around a Sun Forte bug affecting mem_pool.h -* Several fixes for Borland C++ 5.5, from Friedemann Kleint -* Removed inclusion of init.h into base.h -* Fixed a major bug in reading from certificate stores -* Cleaned up a couple of mutex leaks -* Removed some left-over debugging code -* Removed SSL3_MAC, SSL3_PRF, and TLS_PRF - diff --git a/doc/relnotes/1_4_6.rst b/doc/relnotes/1_4_6.rst deleted file mode 100644 index a4450928d..000000000 --- a/doc/relnotes/1_4_6.rst +++ /dev/null @@ -1,10 +0,0 @@ -Version 1.4.6, 2005-03-13 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fix an error in the shutdown code introduced in 1.4.5 -* Setting base/pkcs8_tries to 0 disables the builtin fail-out -* Support for XMPP identifiers in X.509 certificates -* Duplicate entries in X.509 DNs are removed -* More fixes for Borland C++, from Friedemann Kleint -* Add a workaround for buggy iostreams - diff --git a/doc/relnotes/1_4_7.rst b/doc/relnotes/1_4_7.rst deleted file mode 100644 index 1531b1cfe..000000000 --- a/doc/relnotes/1_4_7.rst +++ /dev/null @@ -1,17 +0,0 @@ -Version 1.4.7, 2005-09-25 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed major performance problems with recent versions of GNU C++ -* Added an implementation of the X9.31 PRNG -* Removed the X9.17 and FIPS 186-2 PRNG algorithms -* Changed defaults to use X9.31 PRNGs as global PRNG objects -* Documentation updates to reflect the PRNG changes -* Some cleanups related to the engine code -* Removed two useless headers, base_eng.h and secalloc.h -* Removed PK_Verifier::valid_signature -* Fixed configure/build system bugs affecting MacOS X builds -* Added support for the EKOPath x86-64 compiler -* Added missing destructor for BlockCipherModePaddingMethod -* Fix some build problems with Visual C++ 2005 beta -* Fix some build problems with Visual C++ 2003 Workshop - diff --git a/doc/relnotes/1_4_8.rst b/doc/relnotes/1_4_8.rst deleted file mode 100644 index 694138ecc..000000000 --- a/doc/relnotes/1_4_8.rst +++ /dev/null @@ -1,9 +0,0 @@ -Version 1.4.8, 2005-10-16 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Resolved a bad performance problem in the allocators; fix by Matt Johnston -* Worked around a Visual Studio 2003 compilation problem introduced in 1.4.7 -* Renamed OMAC to CMAC to match the official NIST naming -* Added single byte versions of update() to PK_Signer and PK_Verifier -* Removed the unused reverse_bits and reverse_bytes functions - diff --git a/doc/relnotes/1_4_9.rst b/doc/relnotes/1_4_9.rst deleted file mode 100644 index ff663a0a5..000000000 --- a/doc/relnotes/1_4_9.rst +++ /dev/null @@ -1,17 +0,0 @@ -Version 1.4.9, 2005-11-06 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added the IBM-created AES candidate algorithm MARS -* Added the South Korean block cipher SEED -* Added the stream cipher Turing -* Added the new hash function FORK-256 -* Deprecated the ISAAC stream cipher -* Twofish and RC6 are significantly faster with GCC -* Much better support for 64-bit PowerPC -* Added support for high-resolution PowerPC timers -* Fixed a bug in the configure script causing problems on FreeBSD -* Changed ANSI X9.31 to support arbitrary block ciphers -* Make the configure script a bit less noisy -* Added more test vectors for some algorithms, including all the AES finalists -* Various cosmetic source code cleanups - diff --git a/doc/relnotes/1_5_0.rst b/doc/relnotes/1_5_0.rst deleted file mode 100644 index 6b2926510..000000000 --- a/doc/relnotes/1_5_0.rst +++ /dev/null @@ -1,13 +0,0 @@ -Version 1.5.0, 2006-01-01 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Moved all global/shared library state into a single object -* Mutex objects are created through mutex factories instead of a global -* Removed ::get_mutex(), ::initialize_mutex(), and Mutex::clone() -* Removed the RNG_Quality enum entirely -* There is now only a single global-use PRNG -* Removed the no_aliases and no_oids options for LibraryInitializer -* Removed the deprecated algorithms SEAL, ISAAC, and HAVAL -* Change es_ftw to use unbuffered I/O - - diff --git a/doc/relnotes/1_5_1.rst b/doc/relnotes/1_5_1.rst deleted file mode 100644 index 69ba5c6fa..000000000 --- a/doc/relnotes/1_5_1.rst +++ /dev/null @@ -1,15 +0,0 @@ -Version 1.5.1, 2006-01-08 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Implemented Montgomery exponentiation -* Implemented generalized Karatsuba multiplication and squaring -* Implemented Comba squaring for 4, 6, and 8 word inputs -* Added new Modular_Exponentiator and Power_Mod classes -* Removed FixedBase_Exp and FixedExponent_Exp -* Fixed a performance regression in get_allocator introduced in 1.5.0 -* Engines can now offer S2K algorithms and block cipher padding methods -* Merged the remaining global 'algolist' code into Default_Engine -* The low-level MPI code is linked as C again -* Replaced BigInt's get_nibble with the more general get_substring -* Some documentation updates - diff --git a/doc/relnotes/1_5_10.rst b/doc/relnotes/1_5_10.rst deleted file mode 100644 index e4af64bb8..000000000 --- a/doc/relnotes/1_5_10.rst +++ /dev/null @@ -1,14 +0,0 @@ -Version 1.5.10, 2006-08-13 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add x86 assembler versions of MD4, MD5, and SHA-1 -* Expand InitializerOptions' language to support on/off switches -* Fix definition of OID 2.5.4.8; was accidentally changed in 1.5.9 -* Fix possible resource leaks in the mmap allocator -* Slightly optimized buffering in MDx_HashFunction -* Initialization failures are dealt with somewhat better -* Add an example implementing Pollard's Rho algorithm -* Better option handling in the test/benchmark tool -* Expand the xor_ciph example to support longer keys -* Some updates to the documentation - diff --git a/doc/relnotes/1_5_11.rst b/doc/relnotes/1_5_11.rst deleted file mode 100644 index 144d8be66..000000000 --- a/doc/relnotes/1_5_11.rst +++ /dev/null @@ -1,11 +0,0 @@ -Version 1.5.11, 2006-09-10 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Removed the Algorithm base class -* Various cleanups in the public key inheritance hierarchy -* Major overhaul of the configure/build setup -* Added x86 assembler implementations of Serpent and low-level MPI code -* Optimizations for the SHA-1 x86 assembler -* Various improvements to the Python wrappers -* Work around a Visual Studio compiler bug - diff --git a/doc/relnotes/1_5_12.rst b/doc/relnotes/1_5_12.rst deleted file mode 100644 index 4e57fd99a..000000000 --- a/doc/relnotes/1_5_12.rst +++ /dev/null @@ -1,10 +0,0 @@ -Version 1.5.12, 2006-10-27 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Cleanups in the initialization routines -* Add some x86-64 assembly for multiply-add -* Fix problems generating very small (below 384 bit) RSA keys -* Support out of tree builds -* Bring some of the documentation up to date -* More improvements to the Python bindings - diff --git a/doc/relnotes/1_5_13.rst b/doc/relnotes/1_5_13.rst deleted file mode 100644 index b8bcf7684..000000000 --- a/doc/relnotes/1_5_13.rst +++ /dev/null @@ -1,6 +0,0 @@ -Version 1.5.13, 2006-12-10 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Compilation fixes for the bzip2, zlib, and GNU MP modules -* Better support for Intel C++ and EKOpath C++ on x86-64 - diff --git a/doc/relnotes/1_5_2.rst b/doc/relnotes/1_5_2.rst deleted file mode 100644 index 5e5a68d44..000000000 --- a/doc/relnotes/1_5_2.rst +++ /dev/null @@ -1,18 +0,0 @@ -Version 1.5.2, 2006-01-15 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed an off-by-one memory read in MISTY1::key() -* Fixed a nasty memory leak in Output_Buffers::retire() -* Reimplemented the memory allocator from scratch -* Improved memory caching in Montgomery exponentiation -* Optimizations for multiple precision addition and subtraction -* Fixed a build problem in the hardware timer module on 64-bit PowerPC -* Changed default Karatsuba cutoff to 12 words (was 14) -* Removed MemoryRegion::bits(), which was unused and incorrect -* Changed maximum HMAC keylength to 1024 bits -* Various minor Makefile and build system changes -* Avoid using std::min in <secmem.h> to bypass Windows libc macro pollution -* Switched checks/clock.cpp back to using clock() by default -* Enabled the symmetric algorithm tests, which were accidentally off in 1.5.1 -* Removed the Default_Mutex's unused clone() member function - diff --git a/doc/relnotes/1_5_3.rst b/doc/relnotes/1_5_3.rst deleted file mode 100644 index 60f5f9009..000000000 --- a/doc/relnotes/1_5_3.rst +++ /dev/null @@ -1,14 +0,0 @@ -Version 1.5.3, 2006-01-24 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Many optimizations in the low-level multiple precision integer code -* Added hooks for assembly implementations of the MPI code -* Support for the X.509 issuer alternative name extension in new certs -* Fixed a bug in the decompression modules; found and patched by Matt Johnston -* New Windows mutex module (mux_win32), by Luca Piccarreta -* Changed the Windows timer module to use QueryPerformanceCounter -* mem_pool.cpp was using std::set iterators instead of std::multiset ones -* Fixed a bug in X509_CA preventing users from disabling particular extensions -* Fixed the mp_asm64 module, which was entirely broken in 1.5.2 -* Fixed some module build problems on FreeBSD and Tru64 - diff --git a/doc/relnotes/1_5_4.rst b/doc/relnotes/1_5_4.rst deleted file mode 100644 index 44eae0598..000000000 --- a/doc/relnotes/1_5_4.rst +++ /dev/null @@ -1,19 +0,0 @@ -Version 1.5.4, 2006-01-29 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Integrated x86 and amd64 assembly code, contributed by Luca Piccarreta -* Fixed a memory access off-by-one in the Karatsuba code -* Changed Pooling_Allocator's free list search to a log(N) algorithm -* Merged ModularReducer with its only subclass, Barrett_Reducer -* Fixed sign-handling bugs in some of the division and modulo code -* Renamed the module description files to modinfo.txt -* Further cleanups in the initialization code -* Removed BigInt::add and BigInt::sub -* Merged all the division-related functions into just divide() -* Modified the <mp_asmi.h> functions to allow for better optimizations -* Made the number of bits polled from an EntropySource user configurable -* Avoid including <algorithm> in <botan/secmem.h> -* Fixed some build problems with Sun Forte -* Removed some dead code from bigint_modop -* Fix the definition of same_mem - diff --git a/doc/relnotes/1_5_5.rst b/doc/relnotes/1_5_5.rst deleted file mode 100644 index e4ab22fb5..000000000 --- a/doc/relnotes/1_5_5.rst +++ /dev/null @@ -1,13 +0,0 @@ -Version 1.5.5, 2006-02-04 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed a potential infinite loop in the memory pool code (Matt Johnston) -* Made Pooling_Allocator::Memory_Block an actual class of sorts -* Some small optimizations to the division and modulo computations -* Cleaned up the implementation of some of the BigInt operators -* Reduced use of dynamic memory allocation in low-level BigInt functions -* A few simplifications in the Randpool mixing function -* Removed power(), as it was not particularly useful (or fast) -* Fixed some annoying bugs in the benchmark code -* Added a real credits file - diff --git a/doc/relnotes/1_5_6.rst b/doc/relnotes/1_5_6.rst deleted file mode 100644 index 8925a8003..000000000 --- a/doc/relnotes/1_5_6.rst +++ /dev/null @@ -1,10 +0,0 @@ -Version 1.5.6, 2006-03-01 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* The low-level DER/BER coding system was redesigned and rewritten -* Portions of the certificate code were cleaned up internally -* Use macros to substantially clean up the GCC assembly code -* Added 32-bit x86 assembly for Visual C++ (by Luca Piccarreta) -* Avoid a couple of spurious warnings under Visual C++ -* Some slight cleanups in X509_PublicKey::key_id - diff --git a/doc/relnotes/1_5_7.rst b/doc/relnotes/1_5_7.rst deleted file mode 100644 index 45ded103f..000000000 --- a/doc/relnotes/1_5_7.rst +++ /dev/null @@ -1,8 +0,0 @@ -Version 1.5.7, 2006-05-28 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Further, major changes to the BER/DER coding system -* Updated the Qt mutex module to use Mutex_Factory -* Moved the library global state object into an anonymous namespace -* Drop the Visual C++ x86 assembly module due to bugs - diff --git a/doc/relnotes/1_5_8.rst b/doc/relnotes/1_5_8.rst deleted file mode 100644 index c7a2c549d..000000000 --- a/doc/relnotes/1_5_8.rst +++ /dev/null @@ -1,13 +0,0 @@ -Version 1.5.8, 2006-06-23 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Many internal cleanups to the X.509 cert/CRL code -* Allow for application code to support new X.509 extensions -* Change the return type of X509_Certificate::{subject,issuer}_info -* Allow for alternate character set handling mechanisms -* Fix a bug that was slowing squaring performance somewhat -* Fix a very hard to hit overflow bug in the C version of word3_muladd -* Minor cleanups to the assembler modules -* Disable es_unix module on FreeBSD due to build problem on FreeBSD 6.1 -* Support for GCC 2.95.x has been dropped in this release - diff --git a/doc/relnotes/1_5_9.rst b/doc/relnotes/1_5_9.rst deleted file mode 100644 index fa7c130fa..000000000 --- a/doc/relnotes/1_5_9.rst +++ /dev/null @@ -1,13 +0,0 @@ -Version 1.5.9, 2006-07-12 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed bitrot in the AEP engine -* Fix support for marking certificate/CRL extensions as critical -* Significant cleanups in the library state / initialization code -* LibraryInitializer takes an explicit InitializerOptions object -* Make Mutex_Factory an abstract class, add Default_Mutex_Factory -* Change configuration access to using global_state() -* Add support for global named mutexes throughout the library -* Add some STL wrappers for the delete operator -* Change how certificates are created to be more flexible and general - diff --git a/doc/relnotes/1_6_0.rst b/doc/relnotes/1_6_0.rst deleted file mode 100644 index 32b4d7ae8..000000000 --- a/doc/relnotes/1_6_0.rst +++ /dev/null @@ -1,6 +0,0 @@ -Version 1.6.0, 2006-12-17 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Minor cleanups versus 1.5.13 - - diff --git a/doc/relnotes/1_6_1.rst b/doc/relnotes/1_6_1.rst deleted file mode 100644 index cf1de29a0..000000000 --- a/doc/relnotes/1_6_1.rst +++ /dev/null @@ -1,8 +0,0 @@ -Version 1.6.1, 2007-01-20 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fix some base64 decoder bugs -* Add a new option to base64 encoding, to always append a newline -* Fix some build problems under Visual Studio with debug enabled -* Fix a bug in BER_Decoder that was triggered under some compilers - diff --git a/doc/relnotes/1_6_2.rst b/doc/relnotes/1_6_2.rst deleted file mode 100644 index 3fdea578f..000000000 --- a/doc/relnotes/1_6_2.rst +++ /dev/null @@ -1,7 +0,0 @@ -Version 1.6.2, 2007-03-24 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fix autodection on Athlon64s running Linux -* Fix builds on QNX and compilers using STLport -* Remove a call to abort() that crept into production - diff --git a/doc/relnotes/1_6_3.rst b/doc/relnotes/1_6_3.rst deleted file mode 100644 index c6d9f4364..000000000 --- a/doc/relnotes/1_6_3.rst +++ /dev/null @@ -1,6 +0,0 @@ -Version 1.6.3, 2007-07-23 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fix a race condition in the algorithm lookup cache -* Fix problems building the memory pool on some versions of Visual C++ - diff --git a/doc/relnotes/1_6_4.rst b/doc/relnotes/1_6_4.rst deleted file mode 100644 index 8f5295bcc..000000000 --- a/doc/relnotes/1_6_4.rst +++ /dev/null @@ -1,5 +0,0 @@ -Version 1.6.4, 2008-03-08 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fix a compilation problem with Visual Studio C++ 2003 - diff --git a/doc/relnotes/1_6_5.rst b/doc/relnotes/1_6_5.rst deleted file mode 100644 index 827adff95..000000000 --- a/doc/relnotes/1_6_5.rst +++ /dev/null @@ -1,6 +0,0 @@ -Version 1.6.5, 2008-08-27 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add noexec stack marker for GNU linker in assembly code -* Fix autoconfiguration problem on x86 with GCC 4.2 and 4.3 - diff --git a/doc/relnotes/1_7_0.rst b/doc/relnotes/1_7_0.rst deleted file mode 100644 index b9ad37914..000000000 --- a/doc/relnotes/1_7_0.rst +++ /dev/null @@ -1,11 +0,0 @@ -Version 1.7.0, 2007-05-19 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* DSA parameter generation now follows FIPS 186-3 -* Added OIDs for Rabin-Williams and Nyberg-Rueppel -* Somewhat better support for out of tree builds -* Minor optimizations for RC2 and Tiger -* Documentation updates -* Update the todo list - - diff --git a/doc/relnotes/1_7_1.rst b/doc/relnotes/1_7_1.rst deleted file mode 100644 index e53bf66d9..000000000 --- a/doc/relnotes/1_7_1.rst +++ /dev/null @@ -1,10 +0,0 @@ -Version 1.7.1, 2007-07-23 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fix a race condition in the algorithm object cache -* HMAC key schedule optimization -* The build header sets a macro defining endianness, if known -* New word load/store abstraction allowing further optimization -* Modify most of the library to avoid use the C-style casts -* Use higher resolution timers in symmetric benchmarks - diff --git a/doc/relnotes/1_7_10.rst b/doc/relnotes/1_7_10.rst deleted file mode 100644 index edaec7b71..000000000 --- a/doc/relnotes/1_7_10.rst +++ /dev/null @@ -1,12 +0,0 @@ -Version 1.7.10, 2008-09-05 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Public key benchmarks run using a selection of random keys -* New benchmark timer options are clock_gettime, gettimeofday, times, clock -* Including reinterpret_cast optimization for xor_buf in default header -* Split byte swapping and word rotation functions into distinct headers -* Add IETF modp 6144 group and 2048 and 3072 bit DSS groups -* Optimizes BigInt right shift -* Add aliases in DL_Group::Format enum -* BigInt now caches the significant word count - diff --git a/doc/relnotes/1_7_11.rst b/doc/relnotes/1_7_11.rst deleted file mode 100644 index be23f0d72..000000000 --- a/doc/relnotes/1_7_11.rst +++ /dev/null @@ -1,13 +0,0 @@ -Version 1.7.11, 2008-09-11 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added the Salsa20 stream cipher -* Optimized Montgomery reduction, Karatsuba squaring -* Added 16x16->32 word Comba multiplication and squaring -* Use a much larger Karatsuba cutoff point -* Remove bigint_mul_add_words -* Inlined several BigInt functions -* Add useful information to the generated build.h -* Rename alg_{ia32,amd64} modules to asm_{ia32,amd64} -* Fix the Windows build - diff --git a/doc/relnotes/1_7_12.rst b/doc/relnotes/1_7_12.rst deleted file mode 100644 index 21bd3da8c..000000000 --- a/doc/relnotes/1_7_12.rst +++ /dev/null @@ -1,19 +0,0 @@ -Version 1.7.12, 2008-09-18 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add x86 assembly for Visual Studio C++, by Luca Piccarreta -* Add a Perl XS module, by Vaclav Ovsik -* Add SWIG-based wrapper for Botan -* Add SSE2 implementation of SHA-1, by Dean Gaudet -* Remove the BigInt::sig_words cache due to bugs -* Combined the 4 Blowfish sboxes, suggested by Yves Jerschow -* Changed BigInt::grow_by and BigInt::grow_to to be non-const -* Add private assignment operators to classes that don't support assignment -* Benchmark RSA encryption and signatures -* Added test programs for random_prime and ressol -* Add high resolution timers for IA-64, HP-PA, S390x -* Reduce use of the RNG during benchmarks -* Fix builds on STI Cell PPU -* Add support for IBM's XLC compiler -* Add IETF 8192 bit MODP group - diff --git a/doc/relnotes/1_7_13.rst b/doc/relnotes/1_7_13.rst deleted file mode 100644 index 66591df88..000000000 --- a/doc/relnotes/1_7_13.rst +++ /dev/null @@ -1,9 +0,0 @@ -Version 1.7.13, 2008-09-27 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add SSLv3 MAC, SSLv3 PRF, and TLS v1.0 PRF from Ajisai -* Allow all examples to compile even if compression not enabled -* Make CMAC's polynomial doubling operation a public class method -* Use the -m64 flag when compiling with Sun Forte on x86-64 -* Clean up and slightly optimize CMAC::final_result - diff --git a/doc/relnotes/1_7_14.rst b/doc/relnotes/1_7_14.rst deleted file mode 100644 index 6bf5c50d2..000000000 --- a/doc/relnotes/1_7_14.rst +++ /dev/null @@ -1,11 +0,0 @@ -Version 1.7.14, 2008-09-30 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Split library into parts allowing modular builds -* Add (very preliminary) CMS support to the main library -* Some constructors now require object pointers instead of names -* Support multiple implementations of the same algorithm -* Build support for Pentium-M processors, from Derek Scherger -* Build support for MinGW/MSYS, from Zbigniew Zagorski -* Use inline assembly for bswap on 32-bit x86 - diff --git a/doc/relnotes/1_7_15.rst b/doc/relnotes/1_7_15.rst deleted file mode 100644 index 9cd34ab64..000000000 --- a/doc/relnotes/1_7_15.rst +++ /dev/null @@ -1,11 +0,0 @@ -Version 1.7.15, 2008-10-07 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add GF(p) arithmetic from InSiTo -* Add ECDSA and ECKAEG implementations from InSiTo -* Minimize internal dependencies, allowing for smaller build configurations -* Add new User Manual and Architecture Guide from FlexSecure GmbH -* Alter configure.pl options for better autotools compatibility -* Update build instructions for recent changes to configure.pl -* Fix CPU detection using /proc/cpuinfo - diff --git a/doc/relnotes/1_7_16.rst b/doc/relnotes/1_7_16.rst deleted file mode 100644 index 8b964da3f..000000000 --- a/doc/relnotes/1_7_16.rst +++ /dev/null @@ -1,12 +0,0 @@ -Version 1.7.16, 2008-10-09 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add several missing pieces needed for ECDSA and ECKAEG -* Add Card Verifiable Certificates from InSiTo -* Add SHA-224 from InSiTo -* Add BSI variant of EMSA1 from InSiTo -* Add GF(p) and ECDSA tests from InSiTo -* Split ECDSA and ECKAEG into distinct modules -* Allow OpenSSL and GNU MP engines to be built with public key algos disabled -* Rename sha256.h to sha2_32.h and sha_64.h to sha2_64.h - diff --git a/doc/relnotes/1_7_17.rst b/doc/relnotes/1_7_17.rst deleted file mode 100644 index b364d6112..000000000 --- a/doc/relnotes/1_7_17.rst +++ /dev/null @@ -1,10 +0,0 @@ -Version 1.7.17, 2008-10-12 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add missing ECDSA object identifiers -* Fix error in x86 and x86-64 assembler affecting GF(p) math -* Remove Boost dependency from GF(p) math -* Modify botan-config to not print -L/usr/lib or -L/usr/local/lib -* Add BOTAN_DLL macro to over 30 classes missing it -* Rename the two SHA-2 base classes for consistency - diff --git a/doc/relnotes/1_7_18.rst b/doc/relnotes/1_7_18.rst deleted file mode 100644 index 2bc1bf970..000000000 --- a/doc/relnotes/1_7_18.rst +++ /dev/null @@ -1,11 +0,0 @@ -Version 1.7.18, 2008-10-22 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add Doxygen comments from InSiTo -* Add ECDSA and ECKAEG benchmarks -* Add configure.pl switch --with-tr1-implementation -* Fix configure.pl's --with-endian and --with-unaligned-mem options -* Added support for pkg-config -* Optimize byteswap with x86 inline asm for Visual C++ by Yves Jerschow -* Use const references to avoid copying overhead in CurveGFp, GFpModulus - diff --git a/doc/relnotes/1_7_19.rst b/doc/relnotes/1_7_19.rst deleted file mode 100644 index c54ce354d..000000000 --- a/doc/relnotes/1_7_19.rst +++ /dev/null @@ -1,10 +0,0 @@ -Version 1.7.19, 2008-11-06 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add HMAC_RNG, based on a design by Hugo Krawczyk -* Optimized the Turing stream cipher (about 20% faster on x86-64) -* Modify Randpool's reseeding algorithm to poll more sources -* Add a new AutoSeeded_RNG in auto_rng.h -* OpenPGP_S2K changed to take hash object instead of name -* Add automatic identification for Intel's Prescott processors - diff --git a/doc/relnotes/1_7_2.rst b/doc/relnotes/1_7_2.rst deleted file mode 100644 index 3b182d246..000000000 --- a/doc/relnotes/1_7_2.rst +++ /dev/null @@ -1,11 +0,0 @@ -Version 1.7.2, 2007-10-13 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Initialize the global library state lazily -* Add plain CBC-MAC for backwards compatibility with old systems -* Clean up some of the self test code -* Throw a sensible exception if a DL_Group is not found -* Truncate KDF2 output rather than allowing counter overflow -* Add newly assigned OIDs for SHA-2 and DSA with SHA-224/256 -* Fix a Visual Studio compilation problem in x509stat.cpp - diff --git a/doc/relnotes/1_7_20.rst b/doc/relnotes/1_7_20.rst deleted file mode 100644 index 38a4b6b1c..000000000 --- a/doc/relnotes/1_7_20.rst +++ /dev/null @@ -1,8 +0,0 @@ -Version 1.7.20, 2008-11-09 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Namespace pkg-config file by major and minor versions -* Cache device descriptors in Device_EntropySource -* Split base.h into {block_cipher,stream_cipher,mac,hash}.h -* Removed get_mgf function from lookup.h - diff --git a/doc/relnotes/1_7_21.rst b/doc/relnotes/1_7_21.rst deleted file mode 100644 index d3eaf48f8..000000000 --- a/doc/relnotes/1_7_21.rst +++ /dev/null @@ -1,9 +0,0 @@ -Version 1.7.21, 2008-11-11 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Make algorithm lookup much more configuable -* Add facilities for runtime performance testing of algorithms -* Drop use of entropy estimation in the PRNGs -* Increase intervals between HMAC_RNG automatic reseeding -* Drop InitializerOptions class, all options but thread safety - diff --git a/doc/relnotes/1_7_22.rst b/doc/relnotes/1_7_22.rst deleted file mode 100644 index 52a286e83..000000000 --- a/doc/relnotes/1_7_22.rst +++ /dev/null @@ -1,10 +0,0 @@ -Version 1.7.22, 2008-11-17 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add provider preferences to Algorithm_Factory -* Fix memory leaks in PBE_PKCS5v20 and get_pbe introduced in 1.7.21 -* Optimize AES encryption and decryption (about 10% faster) -* Enable SSE2 optimized SHA-1 implementation on Intel Prescott CPUs -* Fix nanoseconds overflow in benchmark code -* Remove Engine::add_engine - diff --git a/doc/relnotes/1_7_23.rst b/doc/relnotes/1_7_23.rst deleted file mode 100644 index bd30238d2..000000000 --- a/doc/relnotes/1_7_23.rst +++ /dev/null @@ -1,15 +0,0 @@ -Version 1.7.23, 2008-11-23 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Change to use TR1 (thus enabling ECDSA) with GCC and ICC -* Optimize almost all hash functions, especially MD4 and Tiger -* Add configure.pl options --{with,without}-{bzip2,zlib,openssl,gnump} -* Change Timer to be pure virtual, and add ANSI_Clock_Timer -* Cache socket descriptors in the EGD entropy source -* Avoid bogging down startup in /proc walking entropy source -* Remove Buffered_EntropySource helper class -* Add a Default_Benchmark_Timer typedef in benchmark.h -* Add examples using benchmark.h and Algorithm_Factory -* Add ECC tests from InSiTo -* Minor documentation updates - diff --git a/doc/relnotes/1_7_24.rst b/doc/relnotes/1_7_24.rst deleted file mode 100644 index f43c752ff..000000000 --- a/doc/relnotes/1_7_24.rst +++ /dev/null @@ -1,15 +0,0 @@ -Version 1.7.24, 2008-12-01 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fix a compatibility problem with SHA-512/EMSA3 signature padding -* Fix bug preventing EGD/PRNGD entropy poller from working -* Fix integer overflow in Pooling_Allocator::get_more_core (bug id #27) -* Add EMSA3_Raw, a variant of EMSA3 called CKM_RSA_PKCS in PKCS #11 -* Add support for SHA-224 in EMSA2 and EMSA3 PK signature padding schemes -* Add many more test vectors for RSA with EMSA2, EMSA3, and EMSA4 -* Wrap private structs in SSE2 SHA-1 code in anonymous namespace -* Change configure.pl's CPU autodetection output to be more consistent -* Disable using OpenSSL's AES due to crashes of unknown cause -* Fix warning in /proc walking entropy poller -* Fix compilation with IBM XLC for Cell 0.9-200709 - diff --git a/doc/relnotes/1_7_3.rst b/doc/relnotes/1_7_3.rst deleted file mode 100644 index 8426978cd..000000000 --- a/doc/relnotes/1_7_3.rst +++ /dev/null @@ -1,12 +0,0 @@ -Version 1.7.3, 2008-01-23 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* New invocation syntax for configure.pl with several new options -* Support for IPv4 addresses in a subject alternative name -* New fast poll for the generic Unix entropy source (es_unix) -* The es_file entropy source has been replaced by the es_dev module -* The malloc allocator does not inherit from Pooling_Allocator anymore -* The path that es_unix will search in are now fully user-configurable -* Truncate X9.42 PRF output rather than allow counter overflow -* PowerPC is now assumed to be big-endian - diff --git a/doc/relnotes/1_7_4.rst b/doc/relnotes/1_7_4.rst deleted file mode 100644 index 608b7ffb1..000000000 --- a/doc/relnotes/1_7_4.rst +++ /dev/null @@ -1,11 +0,0 @@ -Version 1.7.4, 2008-03-10 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Use unaligned memory read/writes on systems that allow it, for performance -* Assembly for x86-64 for accessing the bswap instruction -* Use larger buffers in ARC4 and WiderWAKE for significant throughput increase -* Unroll loops in SHA-160 for a few percent increase in performance -* Fix compilation with GCC 3.2 in es_ftw and es_unix -* Build fix for NetBSD systems -* Prevent es_dev from being built except on Unix systems - diff --git a/doc/relnotes/1_7_5.rst b/doc/relnotes/1_7_5.rst deleted file mode 100644 index f5ec97e14..000000000 --- a/doc/relnotes/1_7_5.rst +++ /dev/null @@ -1,14 +0,0 @@ -Version 1.7.5, 2008-04-12 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* The API of X509_CA::sign_request was altered to avoid race conditions -* New type Pipe::message_id to represent the Pipe message number -* Remove the Named_Mutex_Holder for a small performance gain -* Removed several unused or rarely used functions from Config -* Ignore spaces inside of a decimal string in BigInt::decode -* Allow using a std::istream to initialize a DataSource_Stream object -* Fix compilation problem in zlib compression module -* The chunk sized used by Pooling_Allocator is now a compile time setting -* The size of random blinding factors is now a compile time setting -* The install target no longer tries to set a particular owner/group - diff --git a/doc/relnotes/1_7_6.rst b/doc/relnotes/1_7_6.rst deleted file mode 100644 index 3fb6064fd..000000000 --- a/doc/relnotes/1_7_6.rst +++ /dev/null @@ -1,12 +0,0 @@ -Version 1.7.6, 2008-05-05 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Initial support for Windows DLLs, from Joel Low -* Reset the position pointer when a new block is generated in X9.32 PRNG -* Timer objects are now treated as entropy sources -* Moved several ASN.1-related enums from enums.h to an appropriate header -* Removed the AEP module, due to inability to test -* Removed Global_RNG and rng.h -* Removed system_clock -* Removed Library_State::UI and the pulse callback logic - diff --git a/doc/relnotes/1_7_7.rst b/doc/relnotes/1_7_7.rst deleted file mode 100644 index 9934959e0..000000000 --- a/doc/relnotes/1_7_7.rst +++ /dev/null @@ -1,14 +0,0 @@ -Version 1.7.7, 2008-06-28 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Remove the global PRNG object -* The PK filter objects were removed -* Add a test suite for the ANSI X9.31 PRNG -* Much cleaner and (mostly) thread-safe reimplementation of es_ftw -* Remove both default arguments to ANSI_X931_RNG's constructor -* Remove the randomizing version of OctetString::change -* Make the cipher and MAC to use in Randpool configurable -* Move RandomNumberGenerator declaration to rng.h -* RSA_PrivateKey will not generate keys smaller than 1024 bits -* Fix an error decoding BER UNIVERSAL types with special taggings - diff --git a/doc/relnotes/1_7_8.rst b/doc/relnotes/1_7_8.rst deleted file mode 100644 index b02451214..000000000 --- a/doc/relnotes/1_7_8.rst +++ /dev/null @@ -1,12 +0,0 @@ -Version 1.7.8, 2008-07-15 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added the block cipher Noekeon -* Remove global deref_alias function -* X509_Store takes timeout options as constructor arguments -* Add Shanks-Tonelli algorithm, contributed by FlexSecure GmbH -* Extend random_prime() for generating primes of any bit length -* Remove Config class -* Allow adding new entropy via base RNG interface -* Reseeding a X9.31 PRNG also reseeds the underlying PRNG - diff --git a/doc/relnotes/1_7_9.rst b/doc/relnotes/1_7_9.rst deleted file mode 100644 index 039106d71..000000000 --- a/doc/relnotes/1_7_9.rst +++ /dev/null @@ -1,9 +0,0 @@ -Version 1.7.9, 2008-08-27 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Make clear() in most algorithm base classes a pure virtual -* Add noexec stack marker for GNU linker in assembly code -* Avoid string operations in ressol -* Compilation fixes for MinGW and Visual Studio C++ 2008 -* Some autoconfiguration fixes for Windows - diff --git a/doc/relnotes/1_8_0.rst b/doc/relnotes/1_8_0.rst deleted file mode 100644 index e9ebbe43f..000000000 --- a/doc/relnotes/1_8_0.rst +++ /dev/null @@ -1,6 +0,0 @@ -Version 1.8.0, 2008-12-08 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fix compilation on Solaris with GCC - - diff --git a/doc/relnotes/1_8_1.rst b/doc/relnotes/1_8_1.rst deleted file mode 100644 index 532842fba..000000000 --- a/doc/relnotes/1_8_1.rst +++ /dev/null @@ -1,8 +0,0 @@ -Version 1.8.1, 2009-01-20 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Avoid a valgrind warning in es_unix.cpp on 32-bit Linux -* Fix memory leak in PKCS8 load_key and encrypt_key -* Relicense api.tex from CC-By-SA 2.5 to BSD -* Fix botan-config on MacOS X, Solaris - diff --git a/doc/relnotes/1_8_10.rst b/doc/relnotes/1_8_10.rst deleted file mode 100644 index 3c4f62b09..000000000 --- a/doc/relnotes/1_8_10.rst +++ /dev/null @@ -1,11 +0,0 @@ -Version 1.8.10, 2010-08-31 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Switch default PKCS #8 encryption algorithm from 3DES to AES-256 -* Increase default hash iterations from 2048 to 10000 in PBES1 and PBES2 -* Use small tables in the first round of AES -* Add PBKDF typedef and get_pbkdf for better compatability with 1.9 -* Add version of S2K::derive_key taking salt and iteration count -* Enable the /proc-walking entropy source on NetBSD -* Fix the doxygen makefile target - diff --git a/doc/relnotes/1_8_11.rst b/doc/relnotes/1_8_11.rst deleted file mode 100644 index 688023ab4..000000000 --- a/doc/relnotes/1_8_11.rst +++ /dev/null @@ -1,10 +0,0 @@ -Version 1.8.11, 2010-11-02 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fix a number of CRL encoding and decoding bugs -* When building a debug library under VC++, use the debug runtime -* Fix compilation under Sun Studio on Linux and Solaris -* Add several functions for compatability with 1.9 -* In the examples, read most input files as binary -* The Perl build script has been removed in this release - diff --git a/doc/relnotes/1_8_12.rst b/doc/relnotes/1_8_12.rst deleted file mode 100644 index 14d29325e..000000000 --- a/doc/relnotes/1_8_12.rst +++ /dev/null @@ -1,14 +0,0 @@ -Version 1.8.12, 2011-06-20 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -* If EMSA3(Raw) was used for more than one signature, it would produce - incorrect output. - -* Fix the --enable-debug option to configure.py - -* Improve OS detection on Cygwin - -* Fix compilation under Sun Studio 12 on Solaris - -* Fix a memory leak in the constructors of DataSource_Stream and - DataSink_Stream which would occur if opening the file failed (:pr:`144`) - diff --git a/doc/relnotes/1_8_13.rst b/doc/relnotes/1_8_13.rst deleted file mode 100644 index e96f6e449..000000000 --- a/doc/relnotes/1_8_13.rst +++ /dev/null @@ -1,7 +0,0 @@ -Version 1.8.13, 2011-07-02 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* A race condition in `Algorithm_Factory` could cause crashes in - multithreaded code. See :botan-devel:`this thread on botan-devel - <2011-July/001455>` for details and workarounds. - diff --git a/doc/relnotes/1_8_14.rst b/doc/relnotes/1_8_14.rst deleted file mode 100644 index cf48e3cc7..000000000 --- a/doc/relnotes/1_8_14.rst +++ /dev/null @@ -1,17 +0,0 @@ -Version 1.8.14, 2012-07-18 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* The malloc allocator would return null instead of throwing in the - event of an allocation failure, which could cause an application - crash due to null pointer dereference where normally an exception - would occur. - -* Recent versions of OpenSSL include extra information in ECC private - keys, the presence of which caused an exception when such a key was - loaded by botan. The decoding of ECC private keys has been changed to - ignore these fields if they are set. - -* AutoSeeded_RNG has been changed to prefer ``/dev/random`` over - ``/dev/urandom`` - -* Fix detection of s390x (Debian bug 638347) diff --git a/doc/relnotes/1_8_2.rst b/doc/relnotes/1_8_2.rst deleted file mode 100644 index 8ba19973b..000000000 --- a/doc/relnotes/1_8_2.rst +++ /dev/null @@ -1,8 +0,0 @@ -Version 1.8.2, 2009-04-07 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Make entropy polling more flexible and in most cases faster -* GOST 28147 now supports multiple sbox parameters -* Added the GOST 34.11 hash function -* Fix botan-config problems on MacOS X - diff --git a/doc/relnotes/1_8_3.rst b/doc/relnotes/1_8_3.rst deleted file mode 100644 index 3bfe7bde0..000000000 --- a/doc/relnotes/1_8_3.rst +++ /dev/null @@ -1,14 +0,0 @@ -Version 1.8.3, 2009-07-11 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add a new Python configuration script -* Add the Skein-512 SHA-3 candidate hash function -* Add the XTS block cipher mode from IEEE P1619 -* Fix random_prime when generating a prime of less than 7 bits -* Improve handling of low-entropy situations during PRNG seeding -* Change random device polling to prefer /dev/urandom over /dev/random -* Use an input insensitive implementation of same_mem instead of memcmp -* Correct DataSource::discard_next to return the number of discarded bytes -* Provide a default value for AutoSeeded_RNG::reseed -* Fix Gentoo bug 272242 - diff --git a/doc/relnotes/1_8_4.rst b/doc/relnotes/1_8_4.rst deleted file mode 100644 index b103db11f..000000000 --- a/doc/relnotes/1_8_4.rst +++ /dev/null @@ -1,5 +0,0 @@ -Version 1.8.4, 2009-07-12 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fix a bug in nonce generation in the Miller-Rabin test - diff --git a/doc/relnotes/1_8_5.rst b/doc/relnotes/1_8_5.rst deleted file mode 100644 index f2675de99..000000000 --- a/doc/relnotes/1_8_5.rst +++ /dev/null @@ -1,8 +0,0 @@ -Version 1.8.5, 2009-07-23 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Change configure.py to work on stock Python 2.4 -* Avoid a crash in Skein_512::add_data processing a zero-length input -* Small build fixes for SPARC, ARM, and HP-PA processors -* The test suite now returns an error code from main() if any tests failed - diff --git a/doc/relnotes/1_8_6.rst b/doc/relnotes/1_8_6.rst deleted file mode 100644 index 6e4fa8c56..000000000 --- a/doc/relnotes/1_8_6.rst +++ /dev/null @@ -1,13 +0,0 @@ -Version 1.8.6, 2009-08-13 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add Cryptobox, a set of simple password-based encryption routines -* Only read world-readable files when walking /proc for entropy -* Fix building with TR1 disabled -* Fix x86 bswap support for Visual C++ -* Fixes for compilation under Sun C++ -* Add support for Dragonfly BSD (contributed by Patrick Georgi) -* Add support for the Open64 C++ compiler -* Build fixes for MIPS systems running Linux -* Minor changes to license, now equivalent to the FreeBSD/NetBSD license - diff --git a/doc/relnotes/1_8_7.rst b/doc/relnotes/1_8_7.rst deleted file mode 100644 index e5bf54649..000000000 --- a/doc/relnotes/1_8_7.rst +++ /dev/null @@ -1,6 +0,0 @@ -Version 1.8.7, 2009-09-09 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fix processing multiple messages in XTS mode -* Add --no-autoload option to configure.py, for minimized builds - diff --git a/doc/relnotes/1_8_8.rst b/doc/relnotes/1_8_8.rst deleted file mode 100644 index a46032c20..000000000 --- a/doc/relnotes/1_8_8.rst +++ /dev/null @@ -1,8 +0,0 @@ -Version 1.8.8, 2009-11-03 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Alter Skein-512 to match the tweaked 1.2 specification -* Fix use of inline asm for access to x86 bswap function -* Allow building the library without AES enabled -* Add 'powerpc64' alias to ppc64 arch for Gentoo ebuild - diff --git a/doc/relnotes/1_8_9.rst b/doc/relnotes/1_8_9.rst deleted file mode 100644 index c66198364..000000000 --- a/doc/relnotes/1_8_9.rst +++ /dev/null @@ -1,27 +0,0 @@ -Version 1.8.9, 2010-06-16 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Use constant time multiplication in IDEA - -* Avoid possible timing attack against OAEP decoding - -* Add new X509::BER_encode and PKCS8::BER_encode - -* Enable DLL builds under Windows - -* Add Win32 installer support - -* Add support for the Clang compiler - -* Fix problem in semcem.h preventing build under Clang or GCC 3.4 - -* Fix bug that prevented creation of DSA groups under 1024 bits - -* Fix crash in GMP_Engine if library is shutdown and reinitialized and - a PK algorithm was used after the second init - -* Work around problem with recent binutils in x86-64 SHA-1 - -* The Perl build script is no longer supported and refuses to run by - default. If you really want to use it, pass - ``--i-know-this-is-broken`` to the script. diff --git a/doc/relnotes/1_9_0.rst b/doc/relnotes/1_9_0.rst deleted file mode 100644 index 3e0407887..000000000 --- a/doc/relnotes/1_9_0.rst +++ /dev/null @@ -1,12 +0,0 @@ -Version 1.9.0, 2009-09-09 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add support for parallel invocation of block ciphers where possible -* Add SSE2 implementation of Serpent -* Add Rivest's package transform (an all or nothing transform) -* Minor speedups to the Turing key schedule -* Fix processing multiple messages in XTS mode -* Add --no-autoload option to configure.py, for minimized builds -* The previously used configure.pl script is no longer supported - - diff --git a/doc/relnotes/1_9_1.rst b/doc/relnotes/1_9_1.rst deleted file mode 100644 index e044f1d3c..000000000 --- a/doc/relnotes/1_9_1.rst +++ /dev/null @@ -1,16 +0,0 @@ -Version 1.9.1, 2009-10-23 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Better support for Python and Perl wrappers -* Add an implementation of Blue Midnight Wish (Round 2 tweak version) -* Modify Skein-512 to match the tweaked 1.2 specification -* Add threshold secret sharing (draft-mcgrew-tss-02) -* Add runtime cpu feature detection for x86/x86-64 -* Add code for general runtime self testing for hashes, MACs, and ciphers -* Optimize XTEA; twice as fast as before on Core2 and Opteron -* Convert CTR_BE and OFB from filters to stream ciphers -* New parsing code for SCAN algorithm names -* Enable SSE2 optimizations under Visual C++ -* Remove all use of C++ exception specifications -* Add support for GNU/Hurd and Clang/LLVM - diff --git a/doc/relnotes/1_9_10.rst b/doc/relnotes/1_9_10.rst deleted file mode 100644 index 296c34ca3..000000000 --- a/doc/relnotes/1_9_10.rst +++ /dev/null @@ -1,26 +0,0 @@ -Version 1.9.10, 2010-08-12 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add a constant-time AES implementation using SSSE3. This code is - based on public domain assembly written by `Mike Hamburg - <http://crypto.stanford.edu/vpaes/>`_, and described in his CHES - 2009 paper "Accelerating AES with Vector Permute Instructions". In - addition to being constant time, it is also significantly faster - than the table-based implementation on some processors. The current - code has been tested with GCC 4.5, Visual C++ 2008, and Clang 2.8. - - -* Support for dynamically loading Engine objects at runtime was also - added. Currently only system that use ``dlopen``-style dynamic - linking are supported. - -* On GCC 4.3 and later, use the byteswap intrinsic functions. - -* Drop support for building with Python 2.4 - -* Fix benchmarking of block ciphers in ECB mode - -* Consolidate the two x86 assembly engines - -* Rename S2K to PBKDF - diff --git a/doc/relnotes/1_9_11.rst b/doc/relnotes/1_9_11.rst deleted file mode 100644 index ea48fb9e5..000000000 --- a/doc/relnotes/1_9_11.rst +++ /dev/null @@ -1,44 +0,0 @@ -Version 1.9.11, 2010-11-29 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* The TLS API has changed substantially and now relies heavily on - TR1's ``std::function`` is now required. Additionally, it is - required that all callers derive a subclass of TLS_Policy and pass - it to a client or server object. Please remember that the TLS - interface/API is currently unstable and will very likely change - further before TLS is included in a stable release. A handshake - failure that occured when RC4 was negotiated has also been fixed. - -* Some possible timing channels in the implementations of Montgomery - reduction and the IDEA key schedule were removed. The table-based - AES implementation uses smaller tables in the first round to help - make some timing/cache attacks harder. - -* The library now uses size_t instead of u32bit to represent - lengths. Also the interfaces for the memory containers have changed - substantially to better match STL container interfaces; - MemoryRegion::append, MemoryRegion::destroy, and MemoryRegion::set - were all removed, and several other functions, like clear and - resize, have changed meaning. - -* Update Skein-512 to match the v1.3 specification -* Fix a number of CRL encoding and decoding bugs -* Counter mode now always encrypts 256 blocks in parallel -* Use small tables in the first round of AES -* Removed AES class: app must choose AES-128, AES-192, or AES-256 -* Add hex encoding/decoding functions that can be used without a Pipe -* Add base64 encoding functions that can be used without a Pipe -* Add to_string function to X509_Certificate -* Add support for dynamic engine loading on Windows -* Replace BlockCipher::BLOCK_SIZE attribute with function block_size() -* Replace HashFunction::HASH_BLOCK_SIZE attribute with hash_block_size() -* Move PBKDF lookup to engine system -* The IDEA key schedule has been changed to run in constant time -* Add Algorithm and Key_Length_Specification classes -* Switch default PKCS #8 encryption algorithm from AES-128 to AES-256 -* Allow using PBKDF2 with empty passphrases -* Add compile-time deprecation warnings for GCC, Clang, and MSVC -* Support use of HMAC(SHA-256) and CMAC(Blowfish) in passhash9 -* Improve support for Intel Atom processors -* Fix compilation problems under Sun Studio and Clang - diff --git a/doc/relnotes/1_9_12.rst b/doc/relnotes/1_9_12.rst deleted file mode 100644 index 21ad561d5..000000000 --- a/doc/relnotes/1_9_12.rst +++ /dev/null @@ -1,7 +0,0 @@ -Version 1.9.12, 2010-12-13 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add the Keccak hash function -* Fix compilation problems in Python wrappers -* Fix compilation problem in OpenSSL engine -* Update SQLite3 database encryption codec diff --git a/doc/relnotes/1_9_13.rst b/doc/relnotes/1_9_13.rst deleted file mode 100644 index 701b6e5f0..000000000 --- a/doc/relnotes/1_9_13.rst +++ /dev/null @@ -1,30 +0,0 @@ -Version 1.9.13, 2011-02-19 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -GOST 34.10 signatures were being formatted in a way that was not -compatible with other implemenations, and specifically how GOST is -used in DNSSEC. - -The Keccak hash function was updated to the tweaked variant proposed -for round 3 of the NIST hash competition. This version is not -compatible with the previous algorithm. - -A new option ``--distribution-info`` was added to the configure -script. It allows the user building the library to set any -distribution-specific notes on the build, which are available as a -macro ``BOTAN_DISTRIBUTION_INFO``. The default value is -'unspecified'. If you are building an unmodified version of botan -(especially for distribution), and want to indicate to applications -that this is the case, consider using -``--distribution-info=pristine``. If you are making any patches or -modifications, it is recommended to use -``--distribution-info=[Distribution Name] [Version]``, for instance -'FooNix 1.9.13-r3'. - -Some bugs preventing compilation under Clang 2.9 and Sun Studio 12 -were fixed. - -The DER/BER codecs use ``size_t`` instead of ``u32bit`` for small -integers - - diff --git a/doc/relnotes/1_9_14.rst b/doc/relnotes/1_9_14.rst deleted file mode 100644 index 318d7b53d..000000000 --- a/doc/relnotes/1_9_14.rst +++ /dev/null @@ -1,10 +0,0 @@ -Version 1.9.14, 2011-03-01 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add support for bcrypt, OpenBSD's password hashing scheme. - -* Add support for NIST's AES key wrapping algorithm, as described in - :rfc:`3394`. It is available by including ``rfc3394.h``. - -* Fix an infinite loop in zlib filters introduced in 1.9.11 (:pr:`142`) - diff --git a/doc/relnotes/1_9_15.rst b/doc/relnotes/1_9_15.rst deleted file mode 100644 index 77b8dbde9..000000000 --- a/doc/relnotes/1_9_15.rst +++ /dev/null @@ -1,25 +0,0 @@ -Version 1.9.15, 2011-03-21 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* First release candidate for 1.10.0 - -* Modify how message expansion is done in SHA-256 and SHA-512. - Instead of expanding the entire message at the start, compute them - in the minimum number of registers. Values are computed 15 rounds - before they are needed. On a Core i7-860, GCC 4.5.2, went from 143 - to 157 MiB/s in SHA-256, and 211 to 256 MiB/s in SHA-512. - -* Pipe will delete empty output queues as soon as they are no longer - needed, even if earlier messages still have data unread. However an - (empty) entry in a deque of pointers will remain until all prior - messages are completely emptied. - -* Avoid reading the SPARC ``%tick`` register on OpenBSD as unlike the - Linux and NetBSD kernels, it will not trap and emulate it for us, - causing a illegal instruction crash. - -* Improve detection and autoconfiguration for ARM processors. Thanks - go out to the the `Tahoe-LAFS Software Foundation - <http://tahoe-lafs.org>`_, who donated a Sheevaplug that I'll be - using to figure out how to make the cryptographic primitives - Tahoe-LAFS relies on faster, particularly targeting the ARMv5TE. diff --git a/doc/relnotes/1_9_16.rst b/doc/relnotes/1_9_16.rst deleted file mode 100644 index fe7441be8..000000000 --- a/doc/relnotes/1_9_16.rst +++ /dev/null @@ -1,52 +0,0 @@ -Version 1.9.16, 2011-04-11 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Second release candidate for 1.10.0 - -* The documentation, previously written in LaTeX, is now in - reStructuredText suitable for processing by `Sphinx - <http://sphinx.pocoo.org>`_, which can generate nicely formatted - HTML and PDFs. The documentation has also been greatly updated and - expanded. - -* The class ``EC_Domain_Params`` has been renamed ``EC_Group``, with a - typedef for backwards compatability. - -* ``EC_Group``'s string constructor didn't understand the standard - names like "secp160r1", forcing use of the OIDs. - -* Two constructors for ECDSA private keys, the one that creates a new - random key, and the one that provides a preset private key as a - ``BigInt``, have been merged. This matches the existing interface - for DSA and DH keys. If you previously used the version taking a - ``BigInt`` private key, you'll have to additionally pass in a - ``RandomNumberGenerator`` object starting in this release. - -* It is now possible to create ECDH keys with a preset ``BigInt`` - private key; previously no method for this was available. - -* The overload of ``generate_passhash9`` that takes an explicit - algorithm identifier has been merged with the one that does not. - The algorithm identifier code has been moved from the second - parameter to the fourth. - -* Change shared library versioning to match the normal Unix - conventions. Instead of ``libbotan-X.Y.Z.so``, the shared lib is - named ``libbotan-X.Y.so.Z``; this allows the runtime linker to do - its runtime linky magic. It can be safely presumed that any change - in the major or minor version indicates ABI incompatability. - -* Remove the socket wrapper code; it was not actually used by anything - in the library, only in the examples, and you can use whatever kind - of (blocking) socket interface you like with the SSL/TLS code. It's - available as socket.h in the examples directory if you want to use - it. - -* Disable the by-default 'strong' checking of private keys that are - loaded from storage. You can always request key material sanity - checking using Private_Key::check_key. - -* Bring back removed functions ``min_keylength_of``, - ``max_keylength_of``, ``keylength_multiple_of`` in ``lookup.h`` to - avoid breaking applications written against 1.8 - diff --git a/doc/relnotes/1_9_17.rst b/doc/relnotes/1_9_17.rst deleted file mode 100644 index 794120be3..000000000 --- a/doc/relnotes/1_9_17.rst +++ /dev/null @@ -1,45 +0,0 @@ -Version 1.9.17, 2011-04-29 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Third release candidate for 1.10.0 - -* The format preserving encryption method currently available was - presented in the header ``fpe.h`` and the functions ``fpe_encrypt`` - and ``fpe_decrypt``. These were renamed as it is likely that other - FPE schemes will be included in the future. The header is now - ``fpe_fe1.h``, and the functions are named ``fe1_encrypt`` and - ``fe1_decrypt``. - -* New options to ``configure.py`` control what tools are used for - documentation generation. The ``--with-sphinx`` option enables using - Sphinx to convert ReST into HTML; otherwise the ReST sources are - installed directly. If ``--with-doxygen`` is used, Doxygen will run - as well. Documentation generation can be triggered via the ``docs`` - target in the makefile; it will also be installed by the install - target on Unix. - -* A bug in 1.9.16 effectively disabled support for runtime CPU feature - detection on x86 under GCC in that release. - -* A mostly internal change, all references to "ia32" and "amd64" have - been changed to the vendor neutral and probably easier to understand - "x86-32" and "x86-64". For instance, the "mp_amd64" module has been - renamed "mp_x86_64", and the macro indicating x86-32 has changed - from ``BOTAN_TARGET_ARCH_IS_IA32`` to - ``BOTAN_TARGET_ARCH_IS_X86_32``. The classes calling assembly have - also been renamed. - -* Similiarly to the above change, the AES implemenations using the - AES-NI instruction set have been renamed from AES_XXX_Intel to - AES_XXX_NI. - -* Systems that are identified as `sun4u` will default to compiling for - 32-bit SPARCv9 code rather than 64-bit. This matches the still - common convention for 32-bit SPARC userspaces. If you want 64-bit - code on such as system, use ``--cpu=sparc64``. - -* Some minor fixes for compiling botan under the BeOS - clone/continuation `Haiku <http://haiku-os.org>`_. - -* Further updates to the documentation - diff --git a/doc/relnotes/1_9_18.rst b/doc/relnotes/1_9_18.rst deleted file mode 100644 index b82167bdf..000000000 --- a/doc/relnotes/1_9_18.rst +++ /dev/null @@ -1,81 +0,0 @@ -Version 1.9.18, 2011-06-03 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fourth release candidate for 1.10.0 - -* The GOST 34.10 verification operation was not ensuring that s and r - were both greater than zero. This could potentially have meant it - would have accepted an invalid all-zero signature as valid for any - message. Due to how ECC points are internally represented it instead - resulted in an exception being thrown. - -* A simple multiexponentation algorithm is now used in ECDSA and - GOST-34.10 signature verification, leading to 20 to 25% improvements - in ECDSA and 25% to 40% improvements in GOST-34.10 verification - performance. - -* The internal representation of elliptic curve points has been - modified to use Montgomery representation exclusively, resulting in - reduced memory usage and a 10 to 20% performance improvement for - ECDSA and ECDH. - -* In OAEP decoding, scan for the delimiter bytes using a loop that is - written without conditionals so as to help avoid timing analysis. - Unfortunately GCC at least is 'smart' enough to compile it to - jumps anyway. - -* The SSE2 implementation of IDEA did not work correctly when compiled - by Clang, because the trick it used to emulate a 16 bit unsigned - compare in SSE (which doesn't contain one natively) relied on signed - overflow working in the 'usual' way. A different method that doesn't - rely on signed overflow is now used. - -* Add support for compiling SSL using Visual C++ 2010's TR1 - implementation. - -* Fix a bug under Visual C++ 2010 which would cause ``hex_encode`` to - crash if given a zero-sized input to encode. - -* A new build option ``--via-amalgamation`` will first generate the - single-file amalgamation, then build the library from that single - file. This option requires a lot of memory and does not parallelize, - but the resulting library is smaller and may be faster. - -* On Unix, the library and header paths have been changed to allow - parallel installation of different versions of the library. Headers - are installed into ``<prefix>/include/botan-1.9/botan``, libraries - are named ``libbotan-1.9``, and ``botan-config`` is now namespaced - (so in this release ``botan-config-1.9``). All of these embedded - versions will be 1.10 in the upcoming stable release. - -* The soname system has been modified. In this release the library - soname is ``libbotan-1.9.so.0``, with the full library being named - ``libbotan-1.9.so.0.18``. The ``0`` is the ABI version, and will be - incremented whenever a breaking ABI change is made. - -* TR1 support is not longer automatically assumed under older versions - of GCC - -* Functions for base64 decoding that work standalone (without needing - to use a pipe) have been added to ``base64.h`` - -* The function ``BigInt::to_u32bit`` was inadvertently removed in 1.9.11 - and has been added back. - -* The function ``BigInt::get_substring`` did not work correctly with a - *length* argument of 32. - -* The implementation of ``FD_ZERO`` on Solaris uses ``memset`` and - assumes the caller included ``string.h`` on its behalf. Do so to - fix compilation in the ``dev_random`` and ``unix_procs`` entropy - sources. Patch from Jeremy C. Reed. - -* Add two different configuration targets for Atom, since some are - 32-bit and some are 64-bit. The 'atom' target now refers to the - 64-bit implementations, use 'atom32' to target the 32-bit - processors. - -* The (incomplete) support for CMS and card verifiable certificates - are disabled by default; add ``--enable-modules=cms`` or - ``--enable-modules=cvc`` during configuration to turn them back on. - diff --git a/doc/relnotes/1_9_2.rst b/doc/relnotes/1_9_2.rst deleted file mode 100644 index e3a46b770..000000000 --- a/doc/relnotes/1_9_2.rst +++ /dev/null @@ -1,9 +0,0 @@ -Version 1.9.2, 2009-11-03 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add SIMD version of XTEA -* Support both SSE2 and AltiVec SIMD for Serpent and XTEA -* Optimizations for SHA-1 and SHA-2 -* Add AltiVec runtime detection -* Fix x86 CPU identification with Intel C++ and Visual C++ - diff --git a/doc/relnotes/1_9_3.rst b/doc/relnotes/1_9_3.rst deleted file mode 100644 index 7e7b27efc..000000000 --- a/doc/relnotes/1_9_3.rst +++ /dev/null @@ -1,11 +0,0 @@ -Version 1.9.3, 2009-11-19 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add new AES implementation using Intel's AES instruction intrinsics -* Add an implementation of format preserving encryption -* Allow use of any hash function in X.509 certificate creation -* Optimizations for MARS, Skipjack, and AES -* Set macros for available SIMD instructions in build.h -* Add support for using InnoSetup to package Windows builds -* By default build a DLL on Windows - diff --git a/doc/relnotes/1_9_4.rst b/doc/relnotes/1_9_4.rst deleted file mode 100644 index 60e02ffd6..000000000 --- a/doc/relnotes/1_9_4.rst +++ /dev/null @@ -1,57 +0,0 @@ -Version 1.9.4, 2010-03-09 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add the Ajisai SSLv3/TLSv1.0 implementation - -* Add GOST 34.10-2001 public key signature scheme -* Add SIMD implementation of Noekeon - -* Add SSE2 implementation of IDEA - -* Extend Salsa20 to support longer IVs (XSalsa20) - -* Perform XTS encryption and decryption in parallel where possible - -* Perform CBC decryption in parallel where possible - -* Add SQLite3 db encryption codec, contributed by Olivier de Gaalon - -* Add a block cipher cascade construction - -* Add support for password hashing for authentication (passhash9.h) - -* Add support for Win32 high resolution system timers - -* Major refactoring and API changes in the public key code - -* PK_Signer class now verifies all signatures before releasing them to - the caller; this should help prevent a wide variety of fault - attacks, though it does have the downside of hurting signature - performance, particularly for DSA/ECDSA. - -* Changed S2K interface: derive_key now takes salt, iteration count - -* Remove dependency on TR1 shared_ptr in ECC and CVC code - -* Renamed ECKAEG to its more usual name, ECDH - -* Fix crash in GMP_Engine if library is shutdown and reinitialized - -* Fix an invalid memory read in MD4 - -* Fix Visual C++ static builds - -* Remove Timer class entirely - -* Switch default PKCS #8 encryption algorithm from 3DES to AES-128 - -* New configuration option, ``--gen-amalgamation``, creates a pair of - files (``botan_all.cpp`` and ``botan_all.h``) which contain the - contents of the library as it would have normally been compiled - based on the set configuration. - -* Many headers are now explicitly internal-use-only and are not installed - -* Greatly improve the Win32 installer - -* Several fixes for Visual C++ debug builds diff --git a/doc/relnotes/1_9_5.rst b/doc/relnotes/1_9_5.rst deleted file mode 100644 index cdcd8db4b..000000000 --- a/doc/relnotes/1_9_5.rst +++ /dev/null @@ -1,14 +0,0 @@ -Version 1.9.5, 2010-03-29 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Numerous ECC optimizations -* Fix GOST 34.10-2001 X.509 key loading -* Allow PK_Signer's fault protection checks to be toggled off -* Avoid using pool-based locking allocator if we can't mlock -* Remove all runtime options -* New BER_Decoder::{decode_and_check, decode_octet_string_bigint} -* Remove SecureBuffer in favor of SecureVector length parameter -* HMAC_RNG: Perform a poll along with user-supplied entropy -* Fix crash in MemoryRegion if Allocator::get failed -* Fix small compilation problem on FreeBSD - diff --git a/doc/relnotes/1_9_6.rst b/doc/relnotes/1_9_6.rst deleted file mode 100644 index 971da7bca..000000000 --- a/doc/relnotes/1_9_6.rst +++ /dev/null @@ -1,9 +0,0 @@ -Version 1.9.6, 2010-04-09 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* TLS: Add support for TLS v1.1 -* TLS: Support server name indicator extension -* TLS: Fix server handshake -* TLS: Fix server using DSA certificates -* TLS: Avoid timing channel between CBC padding check and MAC verification - diff --git a/doc/relnotes/1_9_7.rst b/doc/relnotes/1_9_7.rst deleted file mode 100644 index 4c6e2c21d..000000000 --- a/doc/relnotes/1_9_7.rst +++ /dev/null @@ -1,11 +0,0 @@ -Version 1.9.7, 2010-04-27 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* TLS: Support reading SSLv2 client hellos -* TLS: Add support for SEED ciphersuites (RFC 4162) -* Add Comb4P hash combiner function - -* Fix checking of EMSA_Raw signatures with leading 0 bytes, valid - signatures could be rejected in certain scenarios. - - diff --git a/doc/relnotes/1_9_8.rst b/doc/relnotes/1_9_8.rst deleted file mode 100644 index a671d946c..000000000 --- a/doc/relnotes/1_9_8.rst +++ /dev/null @@ -1,13 +0,0 @@ -Version 1.9.8, 2010-06-14 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add support for wide multiplications on 64-bit Windows -* Use constant time multiplication in IDEA -* Avoid possible timing attack against OAEP decoding -* Removed FORK-256; rarely used and it has been broken -* Rename ``--use-boost-python`` to ``--with-boost-python`` -* Skip building shared libraries on MinGW/Cygwin -* Fix creation of 512 and 768 bit DL groups using the DSA kosherizer -* Fix compilation on GCC versions before 4.3 (missing cpuid.h) -* Fix compilation under the Clang compiler - diff --git a/doc/relnotes/1_9_9.rst b/doc/relnotes/1_9_9.rst deleted file mode 100644 index 4ff1a9c0c..000000000 --- a/doc/relnotes/1_9_9.rst +++ /dev/null @@ -1,26 +0,0 @@ -Version 1.9.9, 2010-06-28 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -A new pure virtual function has been added to ``Filter``, ``name`` -which simply returns some useful identifier for the object. Any -out-of-tree ``Filter`` implementations will need to be updated. - -Add ``Keyed_Filter::valid_iv_length`` which makes it possible to query -as to what IV length(s) a particular filter allows. Previously, -partially because there was no such query mechanism, if a filter did -not support IVs at all, then calls to ``set_iv`` would be silently -ignored. Now an exception about the invalid IV length will be thrown. - -The default iteration count for the password based encryption schemes -has been increased from 2048 to 10000. This should make -password-guessing attacks against private keys encrypted with versions -after this release somewhat harder. - -New functions for encoding public and private keys to binary, -``X509::BER_encode`` and ``PKCS8::BER_encode`` have been added. - -Problems compiling under Apple's version of GCC 4.2.1 and on 64-bit -MIPS systems using GCC 4.4 or later were fixed. - -The coverage of Doxygen documentation comments has significantly -improved in this release. diff --git a/doc/relnotes/contents.rst b/doc/relnotes/contents.rst deleted file mode 100644 index 406fc4133..000000000 --- a/doc/relnotes/contents.rst +++ /dev/null @@ -1,8 +0,0 @@ - -Release Notes -======================================== - -.. toctree:: - :maxdepth: 2 - - index diff --git a/doc/relnotes/index.rst b/doc/relnotes/index.rst deleted file mode 100644 index b93b327f5..000000000 --- a/doc/relnotes/index.rst +++ /dev/null @@ -1,278 +0,0 @@ - -Release Notes -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Series 1.11 ----------------------------------------- - -.. toctree:: - :maxdepth: 1 - - 1_11_18 - 1_11_17 - 1_11_16 - 1_11_15 - 1_11_14 - 1_11_13 - 1_11_12 - 1_11_11 - 1_11_10 - 1_11_9 - 1_11_8 - 1_11_7 - 1_11_6 - 1_11_5 - 1_11_4 - 1_11_3 - 1_11_2 - 1_11_1 - 1_11_0 - -Series 1.10 ----------------------------------------- - -.. toctree:: - - 1_10_9 - 1_10_8 - 1_10_7 - 1_10_6 - 1_10_5 - 1_10_4 - 1_10_3 - 1_10_2 - 1_10_1 - 1_10_0 - -Series 1.9 ----------------------------------------- - -.. toctree:: - - 1_9_18 - 1_9_17 - 1_9_16 - 1_9_15 - 1_9_14 - 1_9_13 - 1_9_12 - 1_9_11 - 1_9_10 - 1_9_9 - 1_9_8 - 1_9_7 - 1_9_6 - 1_9_5 - 1_9_4 - 1_9_3 - 1_9_2 - 1_9_1 - 1_9_0 - -Series 1.8 ----------------------------------------- - -.. toctree:: - - 1_8_14 - 1_8_13 - 1_8_12 - 1_8_11 - 1_8_10 - 1_8_9 - 1_8_8 - 1_8_7 - 1_8_6 - 1_8_5 - 1_8_4 - 1_8_3 - 1_8_2 - 1_8_1 - 1_8_0 - -Series 1.7 ----------------------------------------- - -.. toctree:: - - 1_7_24 - 1_7_23 - 1_7_22 - 1_7_21 - 1_7_20 - 1_7_19 - 1_7_18 - 1_7_17 - 1_7_16 - 1_7_15 - 1_7_14 - 1_7_13 - 1_7_12 - 1_7_11 - 1_7_10 - 1_7_9 - 1_7_8 - 1_7_7 - 1_7_6 - 1_7_5 - 1_7_4 - 1_7_3 - 1_7_2 - 1_7_1 - 1_7_0 - -Series 1.6 ----------------------------------------- - -.. toctree:: - - 1_6_5 - 1_6_4 - 1_6_3 - 1_6_2 - 1_6_1 - 1_6_0 - -Series 1.5 ----------------------------------------- - -.. toctree:: - - 1_5_13 - 1_5_12 - 1_5_11 - 1_5_10 - 1_5_9 - 1_5_8 - 1_5_7 - 1_5_6 - 1_5_5 - 1_5_4 - 1_5_3 - 1_5_2 - 1_5_1 - 1_5_0 - -Series 1.4 ----------------------------------------- - -.. toctree:: - - 1_4_12 - 1_4_11 - 1_4_10 - 1_4_9 - 1_4_8 - 1_4_7 - 1_4_6 - 1_4_5 - 1_4_4 - 1_4_3 - 1_4_2 - 1_4_1 - 1_4_0 - -Series 1.3 ----------------------------------------- - -.. toctree:: - - 1_3_14 - 1_3_13 - 1_3_12 - 1_3_11 - 1_3_10 - 1_3_9 - 1_3_8 - 1_3_7 - 1_3_6 - 1_3_5 - 1_3_4 - 1_3_3 - 1_3_2 - 1_3_1 - 1_3_0 - -Series 1.2 ----------------------------------------- - -.. toctree:: - - 1_2_8 - 1_2_7 - 1_2_6 - 1_2_5 - 1_2_4 - 1_2_3 - 1_2_2 - 1_2_1 - 1_2_0 - -Series 1.1 ----------------------------------------- - -.. toctree:: - - 1_1_13 - 1_1_12 - 1_1_11 - 1_1_10 - 1_1_9 - 1_1_8 - 1_1_7 - 1_1_6 - 1_1_5 - 1_1_4 - 1_1_3 - 1_1_2 - 1_1_1 - 1_1_0 - -Series 1.0 ----------------------------------------- - -.. toctree:: - - 1_0_2 - 1_0_1 - 1_0_0 - -Series 0.9 ----------------------------------------- - -.. toctree:: - - 0_9_2 - 0_9_1 - 0_9_0 - -Series 0.8 ----------------------------------------- - -.. toctree:: - - 0_8_7 - 0_8_6 - 0_8_5 - 0_8_4 - 0_8_3 - 0_8_2 - 0_8_1 - 0_8_0 - -Series 0.7 ----------------------------------------- - -.. toctree:: - - 0_7_10 - 0_7_9 - 0_7_8 - 0_7_7 - 0_7_6 - 0_7_5 - 0_7_4 - 0_7_3 - 0_7_2 - 0_7_1 - 0_7_0 |