diff options
author | Jack Lloyd <[email protected]> | 2017-04-04 16:35:46 -0400 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2017-04-04 16:35:46 -0400 |
commit | f998cf9ae48ee5d4220fc6f5f54563e3c2cab6d1 (patch) | |
tree | 7cab5510235f850a81998b929c3e05bc7e748e09 /news.rst | |
parent | 719b97b1cef9384f9cac001eb77cfb7643e86a9f (diff) |
Update release notes
[ci skip]
Diffstat (limited to 'news.rst')
-rw-r--r-- | news.rst | 53 |
1 files changed, 38 insertions, 15 deletions
@@ -4,18 +4,24 @@ Release Notes Version 2.1.0, Not Yet Released ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -* Fix incorrect truncation in Bcrypt. Passwords in length between 56 - and 72 characters were truncated at 56 characters. Found and - reported by Solar Designer. (CVE-2017-7252) +* Fix incorrect truncation in Bcrypt. Passwords in length between 56 and 72 + characters were truncated at 56 characters. Found and reported by Solar Designer. + (CVE-2017-7252) (GH #938) * Correct minimum work factor for Bcrypt password hashes. All other - implementations require the work factor be at least 4. Previously - Botan simply required it be greater than zero. + implementations require the work factor be at least 4. Previously Botan simply + required it be greater than zero. (GH #938) + +* Converge on a single side channel silent EC blinded multiply algorithm. + Uses Montgomery ladder with order/2 bits scalar blinding and point randomization + now by default. (GH #893) * Support a 0-length IV in ChaCha stream cipher. Such an IV is treated identically to an 8-byte IV of all zeros. -* New C89 API interfaces for testing key validity. (GH #944) +* Add new interfaces to the C API including multiple precision integers, key + validity tests, extracting algorithm specific key paramters (eg the modulus + and public exponent from RSA public keys). GH #899 #944 #946 #961 #964 * The PKCS11 module did not require any external dependencies, so it has been enabled by default. The ``-with-pkcs11`` and ``--without-pkcs11`` @@ -56,7 +62,12 @@ Version 2.1.0, Not Yet Released * Add command line util ``timing_test`` which enables running timing-based side channel analysis of TLS CBC decryption, ECC scalar multiplies, OAEP decoding, and other operations which are prone to - providing an oracle via side channel. + providing an oracle via side channel. This replaces the standalone + timing test suite added in 1.11.34, which has been removed. + +* Various cleanups and refactorings (GH #965) + +* Add wrapper of C++14 make_unique (GH #974) * Fix pkg-config output when --build-dir was used (GH #936) @@ -68,21 +79,33 @@ Version 2.1.0, Not Yet Released * Avoid a GCC warning that triggered on the public key types (GH #849) * Fix various warnings flagged by pylint and pyflakes linters in - configure.py and botan.py (GH #832 #836 #839) - + configure.py and botan.py (GH #832 #836 #839 #962 #975) + +* Improve support for OpenBSD including using getentropy (GH #954) + for PRNG seeding, and arc4random to access system RNG (GH #953) + +* Add ability to build through CMake. As of now this is only supported + for development rather than production builds. (GH #967) + * Rename python wrapper to botan2.py (GH #847) * Change name constraint test to use a fixed reference time. Test certs have expired. -* Increase miller-rabin iterations for DSA primes (FIPS-186-4) (GH #881) +* Increase Miller-Rabin iterations for DSA primes to match FIPS 186-4. (GH #881) -* Fix possible ISO 9796-2 padding side channel and add a length check (GH #891) +* Fix possible ISO 9796-2 padding side channel, and add a missing length check (GH #891) -* In CLI, if system RNG is available prefer it +* In command line utility, prefer the system RNG if it is available. -* Converge on a single side channel silent EC blinded multiply algorithm. - Uses montgomery ladder with order/2 bits scalar blinding and point randomization - now by default. (GH #893) +Version 1.10.16, 2017-04-04 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fix a bug in X509 DN string comparisons that could result in out of bound + reads. This could result in information leakage, denial of service, or + potentially incorrect certificate validation results. (CVE-2017-2801) + +* Avoid throwing during a destructor since this is undefined in C++11 + and rarely a good idea. (GH #930) Version 1.10.15, 2017-01-12 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |