diff options
-rw-r--r-- | doc/contributing.rst | 23 | ||||
-rw-r--r-- | doc/news.rst | 61 | ||||
-rwxr-xr-x | src/scripts/ci/travis/build.sh | 26 | ||||
-rwxr-xr-x | src/scripts/ci/travis/install.sh | 17 | ||||
-rw-r--r-- | src/tests/test_rng.cpp | 2 |
5 files changed, 101 insertions, 28 deletions
diff --git a/doc/contributing.rst b/doc/contributing.rst index 0d160c680..64b609af5 100644 --- a/doc/contributing.rst +++ b/doc/contributing.rst @@ -112,9 +112,11 @@ Sending patches ======================================== All contributions should be submitted as pull requests via GitHub -(https://github.com/randombit/botan). If you are planning a large change email -the mailing list or open a discussion ticket on github before starting out to -make sure you are on the right path. +(https://github.com/randombit/botan). If you are planning a large +change email the mailing list or open a discussion ticket on github +before starting out to make sure you are on the right path. And once +you have something written, free to open a [WIP] PR for early review +and comment. If possible please sign your git commits using a PGP key. See https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work for @@ -136,6 +138,21 @@ Also, try building and testing it on whatever hardware you have handy, especially non-x86 platforms, or especially C++11 compilers other than the regularly tested GCC, Clang, and Visual Studio compilers. +Git Usage +======================================== + +Do *NOT* merge ``master`` into your topic branch, this creates +needless commits and noise in history. Instead, as needed, rebase your +branch against master (``git rebase -i master``) and force push the +branch to update the PR. If the GitHub PR page does not report any +merge conflicts and nobody asks you to rebase, you don't need to +rebase. + +Try to keep your history clean and use rebase to squash your commits +as needed. If your diff is less than roughly 100 lines, it should +probably be a single commit. Only split commits as needed to help with +review/understanding of the change. + External Dependencies ======================================== diff --git a/doc/news.rst b/doc/news.rst index 6e9b88479..b5cfa86ab 100644 --- a/doc/news.rst +++ b/doc/news.rst @@ -36,20 +36,56 @@ Version 1.11.31, Not Yet Released * Add FRP256v1 curve (GH #551) * RNG changes: NIST SP900-80's HMAC_DRBG is now the default generator - for userspace RNG (AutoSeeded_RNG). HMAC_DRBG now attempts to detect - use of fork (via pid checks) + for userspace RNG (in AutoSeeded_RNG). HMAC_DRBG now attempts to detect + use of fork via pid checks and perform automatic reseeding. + GH #520 -* The X9.31 and HMAC_RNG RNGs are deprecated and will be removed in a - future release. If you need a userspace PRNG switch to HMAC_DRBG - (or AutoSeeded_RNG which is HMAC_DRBG with useful defaults). +* Add RDRAND_RNG which directly exposes the CPU RNG (GH #543) + +* Add PKCS #1 v1.5 id for SHA-512/256 (GH #554) + +* Add X509_Time::to_std_timepoint (GH #560) * Fix a bug in ANSI X9.23 padding mode, which returned one byte more than the given block size (GH #529). -* Fixes for FreeBSD (GH #517) and OpenBSD (GH #523) +* Fix bug in SipHash::clear, which did not reset all state (GH #547) + +* Fixes for FreeBSD (GH #517) and OpenBSD (GH #523). The compiler defaults + to Clang on FreeBSD now. + +* SonarQube static analysis integration (GH #592) + +* Switched Travis CI to Ubuntu 14.04 LTS (GH #592) + +* Clean up in TLS ciphersuite handling (GH #583) + +* Threefish-512 AVX2 optimization work (GH #581) + +* Remove build configuration host and timestamp from build.h + This makes this header reproducible and allows using ccache's direct mode + (GH #586 see also #587) + +* Prevent building for x86-64 with x86-32 compiler and the reverse (GH #585) + +* Avoid build problem on 32-bit userspace ARMv8 (GH #563) + +* Refactor of internal MP headers (GH #549) + +* Avoid MSVC C4100 warning (GH #525) + +* More tests for RSA-KEM (GH #538), DH (GH #556), EME (GH #553), + cipher mode padding (GH #529), CTS mode (GH #531), + KDF1/ISO18033 (GH #537), OctetString (GH #545), OIDs (GH #546), + parallel hash (GH #548), charset handling (GH #555), + BigInt (GH #558) * New deprecations. See the full list in doc/deprecated.txt + The X9.31 and HMAC_RNG RNGs are deprecated. + If you need a userspace PRNG, use HMAC_DRBG (or AutoSeeded_RNG + which is HMAC_DRBG with defaults). + Support for getting entropy from EGD is deprecated, and will be removed in a future release. The developers believe that it is unlikely that any modern system requires EGD and so the code is now @@ -296,6 +332,19 @@ Version 1.11.29, 2016-03-20 * Support for locking allocator on Windows using VirtualLock. GH #450 +Version 1.18.15, 2016-02-13 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +* NOTE WELL: Botan 1.8 is not supported for security issues anymore. + Moving to 1.10 or 1.11 is certainly recommended. +* Fix CVE-2014-9742: Insufficient randomness in Miller-Rabin primality check +* Fix CVE-2016-2194: Infinite loop in modulur square root algorithm +* Fix CVE-2015-5726: Crash in BER decoder +* Fix CVE-2015-5727: Excess memory allocation in BER decoder + Note: Unlike the fix in 1.10 which checks that the source actually + contains enough data to satisfy the read before allocating the + memory, 1.8.15 simply rejects all ASN.1 blocks larger than 1 MiB. + This simpler check avoids the problem without breaking ABI. + Version 1.10.12, 2016-02-03 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/src/scripts/ci/travis/build.sh b/src/scripts/ci/travis/build.sh index 78fd75c52..8cdb6ccc9 100755 --- a/src/scripts/ci/travis/build.sh +++ b/src/scripts/ci/travis/build.sh @@ -20,30 +20,27 @@ if [ "$BOOST" = "y" ]; then CFG_FLAGS+=(--with-boost) fi +CFG_FLAGS+=(--with-pkcs11 --prefix=/tmp/botan-installation) + # enable ccache -if [ "$TRAVIS_OS_NAME" = "linux" ] && [ "$BUILD_MODE" != "sonarqube" ]; then - ccache --max-size=30M +if [ "$BUILD_MODE" != "sonarqube" ]; then + ccache --max-size=100M ccache --show-stats - export CXX="ccache $CXX" fi # configure if [ "$TARGETOS" = "ios32" ]; then - ./configure.py "${CFG_FLAGS[@]}" --cpu=armv7 --cc=clang \ - --cc-abi-flags="-arch armv7 -arch armv7s -stdlib=libc++" \ - --with-pkcs11 --prefix=/tmp/botan-installation + ./configure.py "${CFG_FLAGS[@]}" --cpu=armv7 --cc=clang --cc-bin="$CXX" \ + --cc-abi-flags="-arch armv7 -arch armv7s -stdlib=libc++" elif [ "$TARGETOS" = "ios64" ]; then - ./configure.py "${CFG_FLAGS[@]}" --cpu=armv8-a --cc=clang \ - --cc-abi-flags="-arch arm64 -stdlib=libc++" \ - --with-pkcs11 --prefix=/tmp/botan-installation + ./configure.py "${CFG_FLAGS[@]}" --cpu=armv8-a --cc=clang --cc-bin="$CXX" \ + --cc-abi-flags="-arch arm64 -stdlib=libc++" else - $CXX --version ./configure.py "${CFG_FLAGS[@]}" --cc="$CC" --cc-bin="$CXX" \ - --with-bzip2 --with-lzma --with-openssl --with-sqlite --with-zlib \ - --with-pkcs11 --prefix=/tmp/botan-installation + --with-bzip2 --with-lzma --with-openssl --with-sqlite --with-zlib fi # build @@ -55,6 +52,11 @@ else make -j 2 fi +# Show post-build ccache stats +if [ "$BUILD_MODE" != "sonarqube" ]; then + ccache --show-stats +fi + # Run SonarQube analysis if [ "$TRAVIS_BRANCH" = "master" ] && [ "$TRAVIS_PULL_REQUEST" = "false" ] && [ "$BUILD_MODE" = "sonarqube" ]; then # => This will run a full analysis of the project and push results to the SonarQube server. diff --git a/src/scripts/ci/travis/install.sh b/src/scripts/ci/travis/install.sh index 387ccef6c..a9d38ed80 100755 --- a/src/scripts/ci/travis/install.sh +++ b/src/scripts/ci/travis/install.sh @@ -18,14 +18,19 @@ if [ "$BUILD_MODE" = "sonarqube" ]; then unzip build-wrapper-linux-x86.zip fi -if [ "$TRAVIS_OS_NAME" = "osx" ] && [ "$TARGETOS" != "ios" ]; then +if [ "$TRAVIS_OS_NAME" = "osx" ]; then # Workaround for https://github.com/Homebrew/homebrew/issues/42553 brew update || brew update - brew install xz - brew install python # python2 - brew install python3 + brew install ccache + + if [ "$TARGETOS" = "native" ]; then + brew install xz + brew install python # python2 + brew install python3 + + # Boost 1.58 is installed on Travis OS X images + # brew install boost + fi - # Boost 1.58 is installed on Travis OS X images - # brew install boost fi diff --git a/src/tests/test_rng.cpp b/src/tests/test_rng.cpp index 7b75eca01..920afef67 100644 --- a/src/tests/test_rng.cpp +++ b/src/tests/test_rng.cpp @@ -353,7 +353,7 @@ class HMAC_DRBG_Unit_Tests : public Test return result; } - // set max_output_before_reseed = 1, forcing a reseed on every request + // set reseed_interval = 1, forcing a reseed for every RNG request Request_Counting_RNG counting_rng; Botan::HMAC_DRBG rng(std::move(mac), counting_rng, 1); |