diff options
189 files changed, 3223 insertions, 3581 deletions
diff --git a/doc/news.rst b/doc/news.rst new file mode 100644 index 000000000..658726f59 --- /dev/null +++ b/doc/news.rst @@ -0,0 +1,3223 @@ +Release Notes +======================================== + +Version 1.11.18, Not Yet Released +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* In this release Botan has switched VCS from `monotone` to `git`, + and is now hosted on github at https://github.com/randombt/botan + +Version 1.11.17, 2015-06-18 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* All support for the insecure RC4 stream cipher has been removed + from the TLS implementation. + +* Fix decoding of TLS maximum fragment length. Regardless of what + value was actually negotiated, TLS would treat it as a negotiated + limit of 4096. + +* Fix the configure.py flag `--disable-aes-ni` which did nothing of + the sort. + +* Fixed nmake clean target. GitHub #104 + +* Correct buffering logic in `Compression_Filter`. GitHub #93 and #95 + +Version 1.11.16, 2015-03-29 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* TLS has changed from using the non-standard NPN extension to the IETF + standardized ALPN extension for negotiating an application-level protocol. + Unfortunately the semantics of the exchange have changed with ALPN. Using + NPN, the server offered a list of protocols it advertised, and then the + client chose its favorite. With ALPN, the client offers a list of protocols + and the server chooses. The the signatures of both the TLS::Client and + TLS::Server constructors have changed to support this new flow. + +* Optimized ECDSA signature verification thanks to an observation by + Dr. Falko Strenzke. On some systems verifications are between 1.5 + and 2 times faster than in 1.11.15. + +* RSA encrypt and decrypt operations using OpenSSL have been added. + +* Public key operation types now handle all aspects of the operation, + such as hashing and padding for signatures. This change allows + supporting specialized implementations which only support particular + padding types. + +* Added global timeout to HMAC_RNG entropy reseed. The defaults are + the values set in the build.h macros `BOTAN_RNG_AUTO_RESEED_TIMEOUT` + and `BOTAN_RNG_RESEED_DEFAULT_TIMEOUT`, but can be overriden + on a specific poll with the new API call reseed_with_timeout. + +* Fixed Python cipher update_granularity() and default_nonce_length() + functions + +* The library now builds on Visual C++ 2013 + +* The GCM update granularity was reduced from 4096 to 16 bytes. + +* Fix a bug that prevented building the amalgamation until a non-amalgamation + configuration was performed first in the same directory. + +* Add Travis CI integration. Github pull 60. + +Version 1.11.15, 2015-03-08 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Support for RC4 in TLS, already disabled by default, is now deprecated. + The RC4 ciphersuites will be removed entirely in a future release. + +* A bug in ffi.cpp meant Python could only encrypt. Github issue 53. + +* When comparing two ASN.1 algorithm identifiers, consider empty and + NULL parameters the same. + +* Fixed memory leaks in TLS and cipher modes introduced in 1.11.14 + +* MARK-4 failed when OpenSSL was enabled in the build in 1.11.14 + because the OpenSSL version ignored the skip parameter. + +* Fix compilation problem on OS X/clang + +* Use BOTAN_NOEXCEPT macro to work around lack of noexcept in VS 2013 + +Version 1.11.14, 2015-02-27 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* The global state object previously used by the library has been removed. + This includes the global PRNG. The library can be safely initialized + multiple times without harm. + + The engine code has also been removed, replaced by a much lighter-weight + object registry system which provides lookups in faster time and with less + memory overhead than the previous approach. + + One caveat of the current system with regards to static linking: because only + symbols already mentioned elsewhere in the program are included in the final + link step, few algorithms will be available through the lookup system by + default, even though they were compiled into the library. Your application + must explicitly reference the types you require or they will not end up + being available in the final binary. See also Github issue #52 + + If you intend to build your application against a static library and don't + want to explicitly reference each algo object you might attempt to look up by + string, consider either building with `--via-amalgamation`, or else (much + simpler) using the amalgamation directly. + +* The new `ffi` submodule provides a simple C API/ABI for a number of useful + operations (hashing, ciphers, public key operations, etc) which is easily + accessed using the FFI modules included in many languages. + +* A new Python wrapper (in `src/lib/python/botan.py`) using `ffi` and the Python + `ctypes` module is available. The old Boost.Python wrapper has been removed. + +* Add specialized reducers for P-192, P-224, P-256, and P-384 + +* OCB mode, which provides a fast and constant time AEAD mode without requiring + hardware support, is now supported in TLS, following + draft-zauner-tls-aes-ocb-01. Because this specification is not yet finalized + is not yet enabled by the default policy, and the ciphersuite numbers used are + in the experimental range and may conflict with other uses. + +* Add ability to read TLS policy from a text file using `TLS::Text_Policy`. + +* The amalgamation now splits off any ISA specific code (for instance, that + requiring SSSE3 instruction sets) into a new file named (for instance) + `botan_all_ssse3.cpp`. This allows the main amalgamation file to be compiled + without any special flags, so `--via-amalgamation` builds actually work now. + This is disabled with the build option `--single-amalgamation-file` + +* PBKDF and KDF operations now provide a way to write the desired output + directly to an application-specified area rather than always allocating a new + heap buffer. + +* HKDF, previously provided using a non-standard interface, now uses the + standard KDF interface and is retrievable using get_kdf. + +* It is once again possible to build the complete test suite without requiring + any boost libraries. This is currently only supported on systems supporting + the readdir interface. + +* Remove use of memset_s which caused problems with amalgamation on OS X. + Github 42, 45 + +* The memory usage of the counter mode implementation has been reduced. + Previously it encrypted 256 blocks in parallel as this leads to a slightly + faster counter increment operation. Instead CTR_BE simply encrypts a buffer + equal in size to the advertised parallelism of the cipher implementation. + This is not measurably slower, and dramatically reduces the memory use of + CTR mode. + +* The memory allocator available on Unix systems which uses mmap and mlock to + lock a pool of memory now checks environment variable BOTAN_MLOCK_POOL_SIZE + and interprets it as an integer. If the value set to a smaller value then the + library would originally have allocated (based on resource limits) the user + specified size is used instead. You can also set the variable to 0 to + disable the pool entirely. Previously the allocator would consume all + available mlocked memory, this allows botan to coexist with an application + which wants to mlock memory for its own uses. + +* The botan-config script previously installed on Unix systems has been + removed. Its functionality is replaced by the `config` command of the + `botan` tool executable, for example `botan config cflags` instead of + `botan-config --cflags`. + +* Added a target for POWER8 processors + +Version 1.11.13, 2015-01-11 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* All support for the insecure SSLv3 protocol and the server support + for processing SSLv2 client hellos has been removed. + +* The command line tool now has `tls_proxy` which negotiates TLS with + clients and forwards the plaintext to a specified port. + +* Add MCEIES, a McEliece-based integrated encryption system using + AES-256 in OCB mode for message encryption/authentication. + +* Add DTLS-SRTP negotiation defined in RFC 5764 + +* Add SipHash + +* Add SHA-512/256 + +* The format of serialized TLS sessions has changed. Additiionally, PEM + formatted sessions now use the label of "TLS SESSION" instead of "SSL SESSION" + +* Serialized TLS sessions are now encrypted using AES-256/GCM instead of a + CBC+HMAC construction. + +* The cryptobox_psk module added in 1.11.4 and previously used for TLS session + encryption has been removed. + +* When sending a TLS heartbeat message, the number of pad bytes to use can now + be specified, making it easier to use for PMTU discovery. + +* If available, zero_mem now uses RtlSecureZeroMemory or memset_s instead of a + byte-at-a-time loop. + +* The functions base64_encode and base64_decode would erroneously + throw an exception if passed a zero-length input. Github issue 37. + +* The Python install script added in version 1.11.10 failed to place the + headers into a versioned subdirectory. + +* Fix the install script when running under Python3. + +* Avoid code that triggers iterator debugging asserts under MSVC 2013. Github + pull 36 from Simon Warta. + +Version 1.11.12, 2015-01-02 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add Curve25519. The implementation is based on curve25519-donna-c64.c + by Adam Langley. New (completely non-standard) OIDs and formats for + encrypting Curve25519 keys under PKCS #8 and including them in + certificates and CRLs have been defined. + +* Add Poly1305, based on the implementation poly1305-donna by Andrew Moon. + +* Add the ChaCha20Poly1305 AEADs defined in draft-irtf-cfrg-chacha20-poly1305-03 + and draft-agl-tls-chacha20poly1305-04. + +* Add ChaCha20Poly1305 ciphersuites for TLS compatible with Google's servers + following draft-agl-tls-chacha20poly1305-04 + +* When encrypted as PKCS #8 structures, Curve25519 and McEliece + private keys default to using AES-256/GCM instead of AES-256/CBC + +* Define OIDs for OCB mode with AES, Serpent and Twofish. + +Version 1.11.11, 2014-12-21 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* The Sqlite3 wrapper has been abstracted to a simple interface for + SQL dbs in general, though Sqlite3 remains the only implementation. + The main logic of the TLS session manager which stored encrypted + sessions to a Sqlite3 database (`TLS::Session_Manager_SQLite`) has + been moved to the new `TLS::Session_Manager_SQL`. The Sqlite3 + manager API remains the same but now just subclasses + `TLS::Session_Manager_SQL` and has a constructor instantiate the + concrete database instance. + + Applications which would like to use a different db can now do so + without having to reimplement the session cache logic simply by + implementing a database wrapper subtype. + +* The CryptGenRandom entropy source is now also used on MinGW. + +* The system_rng API is now also available on systems with CryptGenRandom + +* With GCC use -fstack-protector for linking as well as compiling, + as this is required on MinGW. Github issue 34. + +* Fix missing dependency in filters that caused compilation problem + in amalgamation builds. Github issue 33. + +* SSLv3 support is officially deprecated and will be removed in a + future release. + +Version 1.10.9, 2014-12-13 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed EAX tag verification to run in constant time + +* The default TLS policy now disables SSLv3. + +* A crash could occur when reading from a blocking random device if + the device initially indicated that entropy was available but + a concurrent process drained the entropy pool before the + read was initiated. + +* Fix decoding indefinite length BER constructs that contain a context + sensitive tag of zero. Github pull 26 from Janusz Chorko. + +* The `botan-config` script previously tried to guess its prefix from + the location of the binary. However this was error prone, and now + the script assumes the final installation prefix matches the value + set during the build. Github issue 29. + +Version 1.11.10, 2014-12-10 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* An implementation of McEliece code-based public key encryption based + on INRIA's HyMES and secured against a variety of side-channels was + contributed by cryptosource GmbH. The original version is LGPL but + cryptosource has secured permission to release an adaptation under a + BSD license. A CCA2-secure KEM scheme is also included. + + The implementation is further described in + http://www.cryptosource.de/docs/mceliece_in_botan.pdf and + http://cryptosource.de/news_mce_in_botan_en.html + +* DSA and ECDSA now create RFC 6979 deterministic signatures. + +* Add support for TLS fallback signaling (draft-ietf-tls-downgrade-scsv-00). + Clients will send a fallback SCSV if the version passed to the Client + constructor is less than the latest version supported by local policy, so + applications implementing fallback are protected. Servers always check the + SCSV. + +* In previous versions a TLS::Server could service either TLS or DTLS + connections depending on policy settings and what type of client hello it + received. This has changed and now a Server object is initialized for + either TLS or DTLS operation. The default policy previously prohibited + DTLS, precisely to prevent a TCP server from being surprised by a DTLS + connection. The default policy now allows TLS v1.0 or higher or DTLS v1.2. + +* Fixed a bug in CCM mode which caused it to produce incorrect tags when used + with a value of L other than 2. This affected CCM TLS ciphersuites, which + use L=3. Thanks to Manuel Pégourié-Gonnard for the anaylsis and patch. + Bugzilla 270. + +* DTLS now supports timeouts and handshake retransmits. Timeout checking + is triggered by the application calling the new TLS::Channel::timeout_check. + +* Add a TLS policy hook to disable putting the value of the local clock in hello + random fields. + +* All compression operations previously available as Filters are now + performed via the Transformation API, which minimizes memory copies. + Compression operations are still available through the Filter API + using new general compression/decompression filters in comp_filter.h + +* The zlib module now also supports gzip compression and decompression. + +* Avoid a crash in low-entropy situations when reading from /dev/random, when + select indicated the device was readable but by the time we start the read the + entropy pool had been depleted. + +* The Miller-Rabin primality test function now takes a parameter allowing the + user to directly specify the maximum false negative probability they are + willing to accept. + +* PKCS #8 private keys can now be encrypted using GCM mode instead of + unauthenticated CBC. The default remains CBC for compatability. + +* The default PKCS #8 encryption scheme has changed to use PBKDF2 with + SHA-256 instead of SHA-1 + +* A specialized reducer for P-521 was added. + +* On Linux the mlock allocator will use MADV_DONTDUMP on the pool so + that the contents are not included in coredumps. + +* A new interface for directly using a system-provided PRNG is + available in system_rng.h. Currently only systems with /dev/urandom + are supported. + +* Fix decoding indefinite length BER constructs that contain a context sensitive + tag of zero. Github pull 26 from Janusz Chorko. + +* The GNU MP engine has been removed. + +* Added AltiVec detection for POWER8 processors. + +* Add a new install script written in Python which replaces shell hackery in the + makefiles. + +* Various modifications to better support Visual C++ 2013 and 2015. Github + issues 11, 17, 18, 21, 22. + +Version 1.10.8, 2014-04-10 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fix a bug in primality testing introduced in 1.8.3 which caused only + a single random base, rather than a sequence of random bases, to be + used in the Miller-Rabin test. This increased the probability that a + non-prime would be accepted, for instance a 1024 bit number would be + incorrectly classed as prime with probability around 2^-40. Reported + by Jeff Marrison. + +* The key length limit on HMAC has been raised to 512 bytes, allowing + the use of very long passphrases with PBKDF2. + +Version 1.11.9, 2014-04-10 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fix a bug in primality testing introduced in 1.8.3 which caused + only a single random base, rather than a sequence of random bases, + to be used in the Miller-Rabin test. This increased the probability + that a non-prime would be accepted. Reported by Jeff Marrison. + +* X.509 path validation now returns a set of all errors that occurred + during validation, rather than immediately returning the first + detected error. This prevents a seemingly innocuous error (such as + an expired certificate) from hiding an obviously serious error + (such as an invalid signature). The Certificate_Status_Code enum is + now ordered by severity, and the most severe error is returned by + Path_Validation_Result::result(). The entire set of status codes is + available with the new all_statuses call. + +* Fixed a bug in OCSP response decoding which would cause an error + when attempting to decode responses from some widely used + responders. + +* An implementation of HMAC_DRBG RNG from NIST SP800-90A has been + added. Like the X9.31 PRNG implementation, it uses another + underlying RNG for seeding material. + +* An implementation of the RFC 6979 deterministic nonce generator has + been added. + +* Fix a bug in certificate path validation which prevented successful + validation if intermediate certificates were presented out of order. + +* Fix a bug introduced in 1.11.5 which could cause crashes or other + incorrect behavior when a cipher mode filter was followed in the + pipe by another filter, and that filter had a non-empty start_msg. + +* The types.h header now uses stdint.h rather than cstdint to avoid + problems with Clang on OS X. + +Version 1.11.8, 2014-02-13 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* The `botan` command line application introduced in 1.11.7 is now + installed along with the library. + +* A bug in certificate path validation introduced in 1.11.6 which + caused all CRL signature checks to fail has been corrected. + +* The ChaCha20 stream cipher has been added. + +* The ``Transformation`` class no longer implements an interface for keying, + this has been moved to a new subclass ``Keyed_Transformation``. + +* The ``Algorithm`` class, which previously acted as a global base for + various types (ciphers, hashes, etc) has been removed. + +* CMAC now supports 256 and 512 bit block ciphers, which also allows + the use of larger block ciphers with EAX mode. In particular this + allows using Threefish in EAX mode. + +* The antique PBES1 private key encryption scheme (which only supports + DES or 64-bit RC2) has been removed. + +* The Square, Skipjack, and Luby-Rackoff block ciphers have been removed. + +* The Blue Midnight Wish hash function has been removed. + +* Skein-512 no longer supports output lengths greater than 512 bits. + +* Skein did not reset its internal state properly if clear() was + called, causing it to produce incorrect results for the following + message. It was reset correctly in final() so most usages should not + be affected. + +* A number of public key padding schemes have been renamed to match + the most common notation; for instance EME1 is now called OAEP and + EMSA4 is now called PSSR. Aliases are set which should allow all + current applications to continue to work unmodified. + +* A bug in CFB encryption caused a few bytes past the end of the final + block to be read. The actual output was not affected. + +* Fix compilation errors in the tests that occured with minimized + builds. Contributed by Markus Wanner. + +* Add a new ``--destdir`` option to ``configure.py`` which controls + where the install target will place the output. The ``--prefix`` + option continues to set the location where the library expects to be + eventually installed. + +* Many class destructors which previously deleted memory have been + removed in favor of using ``unique_ptr``. + +* Various portability fixes for Clang, Windows, Visual C++ 2013, OS X, + and x86-32. + +Version 1.11.7, 2014-01-10 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Botan's basic numeric types are now defined in terms of the + C99/C++11 standard integer types. For instance `u32bit` is now a + typedef for `uint32_t`, and both names are included in the library + namespace. This should not result in any application-visible + changes. + +* There are now two executable outputs of the build, `botan-test`, + which runs the tests, and `botan` which is used as a driver to call + into various subcommands which can also act as examples of library + use, much in the manner of the `openssl` command. It understands the + commands `base64`, `asn1`, `x509`, `tls_client`, `tls_server`, + `bcrypt`, `keygen`, `speed`, and various others. As part of this + change many obsolete, duplicated, or one-off examples were removed, + while others were extended with new functionality. Contributions of + new subcommands, new bling for exising ones, or documentation in any + form is welcome. + +* Fix a bug in Lion, which was broken by a change in 1.11.0. The + problem was not noticed before as Lion was also missing a test vector + in previous releases. + +Version 1.10.7, 2013-12-29 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* OAEP had two bugs, one of which allowed it to be used even if the + key was too small, and the other of which would cause a crash during + decryption if the EME data was too large for the associated key. + +Version 1.11.6, 2013-12-29 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* The Boost filesystem and asio libraries are now being used by default. + Pass ``--without-boost`` to ``configure.py`` to disable. + +* The default TLS policy no longer allows SSLv3 or RC4. + +* OAEP had two bugs, one of which allowed it to be used even if the + key was too small, and the other of which would cause a crash during + decryption if the EME data was too large for the associated key. + +* GCM mode now uses the Intel clmul instruction when available + +* Add the Threefish-512 tweakable block cipher, including an AVX2 version + +* Add SIV (from :rfc:`5297`) as a nonce-based AEAD + +* Add HKDF (from :rfc:`5869`) using an experimental PRF interface + +* Add HTTP utility functions and OCSP online checking + +* Add TLS::Policy::acceptable_ciphersuite hook to disable ciphersuites + on an ad-hoc basis. + +* TLS::Session_Manager_In_Memory's constructor now requires a RNG + +Version 1.10.6, 2013-11-10 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* The device reading entropy source now attempts to read from all + available devices. Previously it would break out early if a partial + read from a blocking source occured, not continuing to read from a + non-blocking device. This would cause the library to fall back on + slower and less reliable techniques for collecting PRNG seed + material. Reported by Rickard Bellgrim. + +* HMAC_RNG (the default PRNG implementation) now automatically reseeds + itself periodically. Previously reseeds only occured on explicit + application request. + +* Fix an encoding error in EC_Group when encoding using EC_DOMPAR_ENC_OID. + Reported by fxdupont on github. + +* In EMSA2 and Randpool, avoid calling name() on objects after deleting them if + the provided algorithm objects are not suitable for use. Found by Clang + analyzer, reported by Jeffrey Walton. + +* If X509_Store was copied, the u32bit containing how long to cache validation + results was not initialized, potentially causing results to be cached for + significant amounts of time. This could allow a certificate to be considered + valid after its issuing CA's cert expired. Expiration of the end-entity cert + is always checked, and reading a CRL always causes the status to be reset, so + this issue does not affect revocation. Found by Coverity scanner. + +* Avoid off by one causing a potentially unterminated string to be passed to + the connect system call if the library was configured to use a very long path + name for the EGD socket. Found by Coverity Scanner. + +* In PK_Encryptor_EME, PK_Decryptor_EME, PK_Verifier, and PK_Key_Agreement, + avoid dereferencing an unitialized pointer if no engine supported operations + on the key object given. Found by Coverity scanner. + +* Avoid leaking a file descriptor in the /dev/random and EGD entropy sources if + stdin (file descriptor 0) was closed. Found by Coverity scanner. + +* Avoid a potentially undefined operation in the bit rotation operations. Not + known to have caused problems under any existing compiler, but might have + caused problems in the future. Caught by Clang sanitizer, reported by Jeffrey + Walton. + +* Increase default hash iterations from 10000 to 50000 in PBES1 and PBES2 + +* Add a fix for mips64el builds from Brad Smith. + +Version 1.11.5, 2013-11-10 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* The TLS callback signatures have changed - there are now two distinct + callbacks for application data and alerts. TLS::Client and TLS::Server have + constructors which continue to accept the old callback and use it for both + operations. + +* The entropy collector that read from randomness devices had two bugs - it + would break out of the poll as soon as any read succeeded, and it selected on + each device individually. When a blocking source was first in the device list + and the entropy pool was running low, the reader might either block in select + until eventually timing out (continuing on to read from /dev/urandom instead), + or read just a few bytes, skip /dev/urandom, fail to satisfy the entropy + target, and the poll would continue using other (slower) sources. This caused + substantial performance/latency problems in RNG heavy applications. Now all + devices are selected over at once, with the effect that a full read from + urandom always occurs, along with however much (if any) output is available + from blocking sources. + +* Previously AutoSeeded_RNG referenced a globally shared PRNG instance. + Now each instance has distinct state. + +* The entropy collector that runs Unix programs to collect statistical + data now runs multiple processes in parallel, greatly reducing poll + times on some systems. + +* The Randpool RNG implementation was removed. + +* All existing cipher mode implementations (such as CBC and XTS) have been + converted from filters to using the interface previously provided by + AEAD modes which allows for in-place message + processing. Code which directly references the filter objects will break, but + an adaptor filter allows usage through get_cipher as usual. + +* An implementation of CCM mode from RFC 3601 has been added, as well as CCM + ciphersuites for TLS. + +* The implementation of OCB mode now supports 64 and 96 bit tags + +* Optimized computation of XTS tweaks, producing a substantial speedup + +* Add support for negotiating Brainpool ECC curves in TLS + +* TLS v1.2 will not negotiate plain SHA-1 signatures by default. + +* TLS channels now support sending a ``std::vector`` + +* Add a generic 64x64->128 bit multiply instruction operation in mul128.h + +* Avoid potentially undefined operations in the bit rotation operations. Not + known to have caused problems under existing compilers but might break in the + future. Found by Clang sanitizer, reported by Jeffrey Walton. + +Version 1.11.4, 2013-07-25 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* CPU specific extensions are now always compiled if support for the + operations is available at build time, and flags enabling use of + extra operations (such as SSE2) are only included when compiling + files which specifically request support. This means, for instance, + that the SSSE3 and AES-NI implementations of AES are always included + in x86 builds, relying on runtime cpuid checking to prevent their + use on CPUs that do not support those operations. + +* The default TLS policy now only accepts TLS, to minimize surprise + for servers which might not expect to negotiate DTLS. Previously a + server would by default negotiate either protocol type (clients + would only accept the same protocol type as they + offered). Applications which use DTLS or combined TLS/DTLS need to + override :cpp:func:`Policy::acceptable_protocol_version`. + +* The TLS channels now accept a new parameter specifying how many + bytes to preallocate for the record handling buffers, which allows + an application some control over how much memory is used at runtime + for a particular connection. + +* Applications can now send arbitrary TLS alert messages using + :cpp:func:`TLS::Channel::send_alert` + +* A new TLS policy :cpp:class:`NSA_Suite_B_128` is available, which + will negotiate only the 128-bit security NSA Suite B. See + :rfc:`6460` for more information about Suite B. + +* Adds a new interface for benchmarking, :cpp:func:`time_algorithm_ops`, + which returns a map of operations to operations per second. For + instance now both encrypt and decrypt speed of a block cipher can be + checked, as well as the key schedule of all keyed algorithms. It + additionally supports AEAD modes. + +* Rename ARC4 to RC4 + +Version 1.11.3, 2013-04-11 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add a new interface for AEAD modes (:cpp:class:`AEAD_Mode`). + +* Implementations of the OCB and GCM authenticated cipher modes are + now included. + +* Support for TLS GCM ciphersuites is now available. + +* A new TLS policy mechanism + :cpp:func:`TLS::Policy::server_uses_own_ciphersuite_preferences` + controls how a server chooses a ciphersuite. Previously it always + chose its most preferred cipher out of the client's list, but this + can allow configuring a server to choose by the client's preferences + instead. + +* :cpp:class:`Keyed_Filter` now supports returning a + :cpp:class:`Key_Length_Specification` so the full details of what + keylengths are supported is now available in keyed filters. + +* The experimental and rarely used Turing and WiderWAKE stream ciphers + have been removed + +* New functions for symmetric encryption are included in cryptobox.h + though interfaces and formats are subject to change. + +* A new function :cpp:func:`algorithm_kat_detailed` returns a string + providing information about failures, instead of just a pass/fail + indicator as in :cpp:func:`algorithm_kat`. + +Version 1.10.5, 2013-03-02 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* A potential crash in the AES-NI implementation of the AES-192 key + schedule (caused by misaligned loads) has been fixed. + +* A previously conditional operation in Montgomery multiplication and + squaring is now always performed, removing a possible timing + channel. + +* Use correct flags for creating a shared library on OS X under Clang. + +* Fix a compile time incompatability with Visual C++ 2012. + +Version 1.11.2, 2013-03-02 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* A bug in the release script caused the `botan_version.py` included + in 1.11.1` to be invalid, which required a manual edit to fix + (Bugzilla 226) + +Memory Zeroization Changes +"""""""""""""""""""""""""""""""""""""""" + +* Previously `clear_mem` was implemented by an inlined call to + `std::memset`. However an optimizing compiler might notice cases + where the memset could be skipped in cases allowed by the standard. + Now `clear_mem` calls `zero_mem` which is compiled separately and + which zeros out the array through a volatile pointer. It is possible + some compiler with some optimization setting (especially with + something like LTO) might still skip the writes. It would be nice if + there was an automated way to test this. + +New Parallel Filter +"""""""""""""""""""""""""""""""""""""""" + +* The new filter :cpp:class:`Threaded_Fork` acts like a normal + :cpp:class:`Fork`, sending its input to a number of different + filters, but each subchain of filters in the fork runs in its own + thread. Contributed by Joel Low. + +TLS Enhancements and Bug Fixes +"""""""""""""""""""""""""""""""""""""""" + +* The default TLS policy formerly preferred AES over RC4, and allowed + 3DES by default. Now the default policy is to negotiate only either + AES or RC4, and to prefer RC4. + +* New TLS :cpp:class:`Blocking_Client` provides a thread per + connection style API similar to that provided in 1.10 + +Other API Changes +"""""""""""""""""""""""""""""""""""""""" + +* The API of `Credentials_Manager::trusted_certificate_authorities` + has changed to return a vector of `Certificate_Store*` instead of + `X509_Certificate`. This allows the list of trusted CAs to be + more easily updated dynamically or loaded lazily. + +* The `asn1_int.h` header was split into `asn1_alt_name.h`, + `asn1_attribute.h` and `asn1_time.h`. + +Version 1.10.4, 2013-01-07 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Avoid a conditional operation in the power mod implementations on if + a nibble of the exponent was zero or not. This may help protect + against certain forms of side channel attacks. + +* The SRP6 code was checking for invalid values as specified in RFC + 5054, specifically values equal to zero mod p. However SRP would + accept negative A/B values, or ones larger than p, neither of which + should occur in a normal run of the protocol. These values are now + rejected. Credits to Timothy Prepscius for pointing out these values + are not normally used and probably signal something fishy. + +* The return value of version_string is now a compile time constant + string, so version information can be more easily extracted from + binaries. + +Version 1.11.1, 2012-10-30 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +TLS Enhancements and Bug Fixes +"""""""""""""""""""""""""""""""""""""""" + +Initial support for DTLS (both v1.0 and v1.2) is available in this +release, though it should be considered highly experimental. Currently +timeouts and retransmissions are not handled. + +The :cpp:class:`TLS::Client` constructor now takes the version to +offer to the server. The policy hook :cpp:class:`TLS::Policy` function +`pref_version`, which previously controlled this, has been removed. + +:cpp:class:`TLS::Session_Manager_In_Memory` now chooses a random +256-bit key at startup and encrypts all sessions (using the existing +:cpp:func:`TLS::Session::encrypt` mechanism) while they are stored in +memory. This is primarily to reduce pressure on locked memory, as each +session normally requires 48 bytes of locked memory for the master +secret, whereas now only 32 bytes are needed total. This change may +also make it slightly harder for an attacker to extract session data +from memory dumps (eg with a cold boot attack). + +The keys used in :cpp:func:`session encryption <TLS::Session::encrypt>` +were previously uniquely determined by the master key. Now the +encrypted session blob includes two 80 bit salts which are used in the +derivation of the cipher and MAC keys. + +The ``secure_renegotiation`` flag is now considered an aspect of the +connection rather than the session, which matches the behavior of +other implementations. As the format has changed, sessions saved to +persistent storage by 1.11.0 will not load in this version and vice +versa. In either case this will not cause any errors, the session will +simply not resume and instead a full handshake will occur. + +New policy hooks :cpp:func:`TLS::Policy::acceptable_protocol_version`, +:cpp:func:`TLS::Policy::allow_server_initiated_renegotiation`, and +:cpp:func:`TLS::Policy::negotiate_heartbeat_support` were added. + +TLS clients were not sending a next protocol message during a session +resumption, which would cause resumption failures with servers that +support NPN if NPN was being offered by the client. + +A bug caused heartbeat requests sent by the counterparty during a +handshake to be passed to the application callback as if they were +heartbeat responses. + +Support for TLS key material export as specified in :rfc:`5705` has +been added, available via :cpp:func:`TLS::Channel::key_material_export` + +New Feature: Public Key Strength Checking +"""""""""""""""""""""""""""""""""""""""""" + +A new function :cpp:func:`Public_Key::estimated_strength` returns +an estimate for the upper bound of the strength of the key. For +instance for an RSA key, it will return an estimate of how many +operations GNFS would take to factor the key. + +A new :cpp:class:`Path_Validation_Result` code has been added +``SIGNATURE_METHOD_TOO_WEAK``. By default signatures created with keys +below 80 bits of strength (as estimated by ``estimated_strength``) are +rejected. This level can be modified using a parameter to the +:cpp:class:`Path_Validation_Restrictions` constructor. + +SRP6 Is Picker About Values +"""""""""""""""""""""""""""""""""""""""" + +The SRP6 code was checking for invalid values as specified in +:rfc:`5054`, ones equal to zero mod p, however it would accept +negative A/B values, or ones larger than p, neither of which should +occur in a normal run of the protocol. These values are now +rejected. Credits to Timothy Prepscius for pointing out these values +are not normally used and probably signal something fishy. + +Removal of Various BigInt Functions +"""""""""""""""""""""""""""""""""""""""" + +Several :cpp:class:`BigInt` functions have been removed, including +``operator[]``, ``assign``, ``get_reg``, and ``grow_reg``. The version +of ``data`` that returns a mutable pointer has been renamed +``mutable_data``. Support for octal conversions has been removed. + +The constructor ``BigInt(NumberType type, size_t n)`` has been +removed, replaced by ``BigInt::power_of_2``. + +AES-NI Crash Fixed +"""""""""""""""""""""""""""""""""""""""" + +In 1.11.0, when compiled by GCC, the AES-NI implementation of AES-192 +would crash if the mlock-based allocator was used due to an alignment +issue. + +Version 1.11.0, 2012-07-19 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +.. note:: + + In this release, many new features of C++11 are being used in the + library. Currently GCC 4.7 and Clang 3.1 are known to work well. + This version of the library cannot be compiled by or used with a + C++98 compiler. + +TLS and PKI Changes +"""""""""""""""""""""""""""""""""""""""" + +There have been many changes and improvements to TLS. The interface +is now purely event driven and does not directly interact with +sockets. New TLS features include TLS v1.2 support, client +certificate authentication, renegotiation, session tickets, and +session resumption. Session information can be saved in memory or to +an encrypted SQLite3 database. Newly supported TLS ciphersuite +algorithms include using SHA-2 for message authentication, pre shared +keys and SRP for authentication and key exchange, ECC algorithms for +key exchange and signatures, and anonymous DH/ECDH key exchange. + +Support for OCSP has been added. Currently only client-side support +exists. + +The API for X.509 path validation has changed, with +``x509_path_validate`` in x509path.h now handles path validation and +``Certificate_Store`` handles storage of certificates and CRLs. + +Memory Container Changes +"""""""""""""""""""""""""""""""""""""""" + +The memory container types have changed substantially. The +``MemoryVector`` and ``SecureVector`` container types have been +removed, and an alias of ``std::vector`` using an allocator that +clears memory named ``secure_vector`` is used for key material, with +plain ``std::vector`` being used for everything else. + +The technique used for mlock'ing memory on Linux and BSD systems is +much improved. Now a single page-aligned block of memory (the exact +limit of what we can mlock) is mmap'ed, with allocations being done +using a best-fit allocator and all metadata held outside the mmap'ed +range, in an effort to make best use of the very limited amount of +memory current Linux kernels allow unpriveledged users to lock. + +New LZMA Compression Filter +"""""""""""""""""""""""""""""""""""""""" + +A filter using LZMA was contributed by Vojtech Kral. It is available +if LZMA support was enabled at compilation time by passing +``--with-lzma`` to ``configure.py``. + +ECC Key Decoding Problem Resolved +"""""""""""""""""""""""""""""""""""""""" + +:rfc:`5915` adds some extended information which can be included in +ECC private keys which the ECC key decoder did not expect, causing an +exception when such a key was loaded. In particular, recent versions +of OpenSSL use these fields. Now these fields are decoded properly, +and if the public key value is included it is used, as otherwise the +public key needs to be rederived from the private key. However the +library does not include these fields on encoding keys for +compatability with software that does not expect them (including older +versions of botan). + +Version 1.8.14, 2012-07-18 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* The malloc allocator would return null instead of throwing in the + event of an allocation failure, which could cause an application + crash due to null pointer dereference where normally an exception + would occur. + +* Recent versions of OpenSSL include extra information in ECC private + keys, the presence of which caused an exception when such a key was + loaded by botan. The decoding of ECC private keys has been changed to + ignore these fields if they are set. + +* AutoSeeded_RNG has been changed to prefer ``/dev/random`` over + ``/dev/urandom`` + +* Fix detection of s390x (Debian bug 638347) + +Version 1.10.3, 2012-07-10 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +A change in 1.10.2 accidentally broke ABI compatibility with 1.10.1 +and earlier versions, causing programs compiled against 1.10.1 to +crash if linked with 1.10.2 at runtime. + +Recent versions of OpenSSL include extra information in ECC private +keys, the presence of which caused an exception when such a key was +loaded by botan. The decoding of ECC private keys has been changed to +ignore these fields if they are set. + +Version 1.10.2, 2012-06-17 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Several TLS bugs were fixed in this release, including a major +omission that the renegotiation extension was not being used. As the +1.10 implementation of TLS does not properly support renegotiation, +the approach in this release is simply to send the renegotiation +extension SCSV, which should protect the client against any handshake +splicing. In addition renegotiation attempts are handled properly +instead of causing handshake failures - all hello requests, and all +client hellos after the initial negotiation, are ignored. Some +bugs affecting DSA server authentication were also fixed. + +By popular request, ``Pipe::reset`` no longer requires that message +processing be completed, a requirement that caused problems when a +Filter's end_msg call threw an exception, after which point the Pipe +object was no longer usable. + +Support for getting entropy using the rdrand instruction introduced in +Intel's Ivy Bridge processors has been added. In previous releases, +the ``CPUID::has_rdrand`` function was checking the wrong cpuid bit, +and would false positive on AMD Bulldozer processors. + +An implementation of SRP-6a compatible with the specification in RFC +5054 is now available in ``srp6.h``. In 1.11, this is being used for +TLS-SRP, but may be useful in other environments as well. + +An implementation of the Camellia block cipher was added, again largely +for use in TLS. + +If ``clock_gettime`` is available on the system, hres_timer will poll all +the available clock types. + +AltiVec is now detected on IBM POWER7 processors and on OpenBSD systems. +The OpenBSD support was contributed by Brad Smith. + +The Qt mutex wrapper was broken and would not compile with any recent +version of Qt. Taking this as a clear indication that it is not in use, +it has been removed. + +Avoid setting the soname on OpenBSD, as it doesn't support it (Bugzilla 158) + +A compilation problem in the dynamic loader that prevented using +dyn_load under MinGW GCC has been fixed. + +A common error for people using MinGW is to target GCC on Windows, +however the 'Windows' target assumes the existence of Visual C++ +runtime functions which do not exist in MinGW. Now, configuring for +GCC on Windows will cause the configure.py to warn that likely you +wanted to configure for either MinGW or Cygwin, not the generic +Windows target. + +A bug in configure.py would cause it to interpret `--cpu=s390x` as +`s390`. This may have affected other CPUs as well. Now configure.py +searches for an exact match, and only if no exact match is found will +it search for substring matches. + +An incompatability in configure.py with the subprocess module included +in Python 3.1 has been fixed (Bugzilla 157). + +The exception catching syntax of configure.py has been changed to the +Python 3.x syntax. This syntax also works with Python 2.6 and 2.7, but +not with any earlier Python 2 release. A simple search and replace +will allow running it under Python 2.5:: + + perl -pi -e 's/except (.*) as (.*):/except $1, $2:/g' configure.py + +Note that Python 2.4 is not supported at all. + +Version 1.10.1, 2011-07-11 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* A race condition in `Algorithm_Factory` could cause crashes in + multithreaded code. See + :botan-devel:`this thread on botan-devel <2011-July/001455>` + for details and workarounds. + +* The return value of ``name`` has changed for GOST 28147-89 and + Skein-512. GOST's ``name`` now includes the name of the sbox, and + Skein's includes the personalization string (if nonempty). This + allows an object to be properly roundtripped, which is necessary to + fix the race condition described above. + +* A new distribution script is now included, as + ``src/build-data/scripts/dist.py`` + +* The ``build.h`` header now includes, if available, an identifier of + the source revision that was used. This identifier is also included + in the result of ``version_string``. + +Version 1.8.13, 2011-07-02 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* A race condition in `Algorithm_Factory` could cause crashes in + multithreaded code. See :botan-devel:`this thread on botan-devel + <2011-July/001455>` for details and workarounds. + +Version 1.10.0, 2011-06-20 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Detection for the rdrand instruction being added to upcoming Intel + Ivy Bridge processors has been added. + +* A template specialization of std::swap was added for the memory + container types. + +Version 1.8.12, 2011-06-20 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +* If EMSA3(Raw) was used for more than one signature, it would produce + incorrect output. + +* Fix the --enable-debug option to configure.py + +* Improve OS detection on Cygwin + +* Fix compilation under Sun Studio 12 on Solaris + +* Fix a memory leak in the constructors of DataSource_Stream and + DataSink_Stream which would occur if opening the file failed (Bugzilla 144) + +Version 1.9.18, 2011-06-03 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fourth release candidate for 1.10.0 + +* The GOST 34.10 verification operation was not ensuring that s and r + were both greater than zero. This could potentially have meant it + would have accepted an invalid all-zero signature as valid for any + message. Due to how ECC points are internally represented it instead + resulted in an exception being thrown. + +* A simple multiexponentation algorithm is now used in ECDSA and + GOST-34.10 signature verification, leading to 20 to 25% improvements + in ECDSA and 25% to 40% improvements in GOST-34.10 verification + performance. + +* The internal representation of elliptic curve points has been + modified to use Montgomery representation exclusively, resulting in + reduced memory usage and a 10 to 20% performance improvement for + ECDSA and ECDH. + +* In OAEP decoding, scan for the delimiter bytes using a loop that is + written without conditionals so as to help avoid timing analysis. + Unfortunately GCC at least is 'smart' enough to compile it to + jumps anyway. + +* The SSE2 implementation of IDEA did not work correctly when compiled + by Clang, because the trick it used to emulate a 16 bit unsigned + compare in SSE (which doesn't contain one natively) relied on signed + overflow working in the 'usual' way. A different method that doesn't + rely on signed overflow is now used. + +* Add support for compiling SSL using Visual C++ 2010's TR1 + implementation. + +* Fix a bug under Visual C++ 2010 which would cause ``hex_encode`` to + crash if given a zero-sized input to encode. + +* A new build option ``--via-amalgamation`` will first generate the + single-file amalgamation, then build the library from that single + file. This option requires a lot of memory and does not parallelize, + but the resulting library is smaller and may be faster. + +* On Unix, the library and header paths have been changed to allow + parallel installation of different versions of the library. Headers + are installed into ``<prefix>/include/botan-1.9/botan``, libraries + are named ``libbotan-1.9``, and ``botan-config`` is now namespaced + (so in this release ``botan-config-1.9``). All of these embedded + versions will be 1.10 in the upcoming stable release. + +* The soname system has been modified. In this release the library + soname is ``libbotan-1.9.so.0``, with the full library being named + ``libbotan-1.9.so.0.18``. The ``0`` is the ABI version, and will be + incremented whenever a breaking ABI change is made. + +* TR1 support is not longer automatically assumed under older versions + of GCC + +* Functions for base64 decoding that work standalone (without needing + to use a pipe) have been added to ``base64.h`` + +* The function ``BigInt::to_u32bit`` was inadvertently removed in 1.9.11 + and has been added back. + +* The function ``BigInt::get_substring`` did not work correctly with a + *length* argument of 32. + +* The implementation of ``FD_ZERO`` on Solaris uses ``memset`` and + assumes the caller included ``string.h`` on its behalf. Do so to + fix compilation in the ``dev_random`` and ``unix_procs`` entropy + sources. Patch from Jeremy C. Reed. + +* Add two different configuration targets for Atom, since some are + 32-bit and some are 64-bit. The 'atom' target now refers to the + 64-bit implementations, use 'atom32' to target the 32-bit + processors. + +* The (incomplete) support for CMS and card verifiable certificates + are disabled by default; add ``--enable-modules=cms`` or + ``--enable-modules=cvc`` during configuration to turn them back on. + +Version 1.9.17, 2011-04-29 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Third release candidate for 1.10.0 + +* The format preserving encryption method currently available was + presented in the header ``fpe.h`` and the functions ``fpe_encrypt`` + and ``fpe_decrypt``. These were renamed as it is likely that other + FPE schemes will be included in the future. The header is now + ``fpe_fe1.h``, and the functions are named ``fe1_encrypt`` and + ``fe1_decrypt``. + +* New options to ``configure.py`` control what tools are used for + documentation generation. The ``--with-sphinx`` option enables using + Sphinx to convert ReST into HTML; otherwise the ReST sources are + installed directly. If ``--with-doxygen`` is used, Doxygen will run + as well. Documentation generation can be triggered via the ``docs`` + target in the makefile; it will also be installed by the install + target on Unix. + +* A bug in 1.9.16 effectively disabled support for runtime CPU feature + detection on x86 under GCC in that release. + +* A mostly internal change, all references to "ia32" and "amd64" have + been changed to the vendor neutral and probably easier to understand + "x86-32" and "x86-64". For instance, the "mp_amd64" module has been + renamed "mp_x86_64", and the macro indicating x86-32 has changed + from ``BOTAN_TARGET_ARCH_IS_IA32`` to + ``BOTAN_TARGET_ARCH_IS_X86_32``. The classes calling assembly have + also been renamed. + +* Similiarly to the above change, the AES implemenations using the + AES-NI instruction set have been renamed from AES_XXX_Intel to + AES_XXX_NI. + +* Systems that are identified as `sun4u` will default to compiling for + 32-bit SPARCv9 code rather than 64-bit. This matches the still + common convention for 32-bit SPARC userspaces. If you want 64-bit + code on such as system, use ``--cpu=sparc64``. + +* Some minor fixes for compiling botan under the BeOS + clone/continuation `Haiku <http://haiku-os.org>`_. + +* Further updates to the documentation + +Version 1.9.16, 2011-04-11 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Second release candidate for 1.10.0 + +* The documentation, previously written in LaTeX, is now in + reStructuredText suitable for processing by `Sphinx + <http://sphinx.pocoo.org>`_, which can generate nicely formatted + HTML and PDFs. The documentation has also been greatly updated and + expanded. + +* The class ``EC_Domain_Params`` has been renamed ``EC_Group``, with a + typedef for backwards compatability. + +* ``EC_Group``'s string constructor didn't understand the standard + names like "secp160r1", forcing use of the OIDs. + +* Two constructors for ECDSA private keys, the one that creates a new + random key, and the one that provides a preset private key as a + ``BigInt``, have been merged. This matches the existing interface + for DSA and DH keys. If you previously used the version taking a + ``BigInt`` private key, you'll have to additionally pass in a + ``RandomNumberGenerator`` object starting in this release. + +* It is now possible to create ECDH keys with a preset ``BigInt`` + private key; previously no method for this was available. + +* The overload of ``generate_passhash9`` that takes an explicit + algorithm identifier has been merged with the one that does not. + The algorithm identifier code has been moved from the second + parameter to the fourth. + +* Change shared library versioning to match the normal Unix + conventions. Instead of ``libbotan-X.Y.Z.so``, the shared lib is + named ``libbotan-X.Y.so.Z``; this allows the runtime linker to do + its runtime linky magic. It can be safely presumed that any change + in the major or minor version indicates ABI incompatability. + +* Remove the socket wrapper code; it was not actually used by anything + in the library, only in the examples, and you can use whatever kind + of (blocking) socket interface you like with the SSL/TLS code. It's + available as socket.h in the examples directory if you want to use + it. + +* Disable the by-default 'strong' checking of private keys that are + loaded from storage. You can always request key material sanity + checking using Private_Key::check_key. + +* Bring back removed functions ``min_keylength_of``, + ``max_keylength_of``, ``keylength_multiple_of`` in ``lookup.h`` to + avoid breaking applications written against 1.8 + +Version 1.9.15, 2011-03-21 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* First release candidate for 1.10.0 + +* Modify how message expansion is done in SHA-256 and SHA-512. + Instead of expanding the entire message at the start, compute them + in the minimum number of registers. Values are computed 15 rounds + before they are needed. On a Core i7-860, GCC 4.5.2, went from 143 + to 157 MiB/s in SHA-256, and 211 to 256 MiB/s in SHA-512. + +* Pipe will delete empty output queues as soon as they are no longer + needed, even if earlier messages still have data unread. However an + (empty) entry in a deque of pointers will remain until all prior + messages are completely emptied. + +* Avoid reading the SPARC ``%tick`` register on OpenBSD as unlike the + Linux and NetBSD kernels, it will not trap and emulate it for us, + causing a illegal instruction crash. + +* Improve detection and autoconfiguration for ARM processors. Thanks + go out to the the `Tahoe-LAFS Software Foundation + <http://tahoe-lafs.org>`_, who donated a Sheevaplug that I'll be + using to figure out how to make the cryptographic primitives + Tahoe-LAFS relies on faster, particularly targeting the ARMv5TE. + +Version 1.9.14, 2011-03-01 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add support for bcrypt, OpenBSD's password hashing scheme. + +* Add support for NIST's AES key wrapping algorithm, as described in + :rfc:`3394`. It is available by including ``rfc3394.h``. + +* Fix an infinite loop in zlib filters introduced in 1.9.11 (Bugzilla 142) + +Version 1.9.13, 2011-02-19 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +GOST 34.10 signatures were being formatted in a way that was not +compatible with other implemenations, and specifically how GOST is +used in DNSSEC. + +The Keccak hash function was updated to the tweaked variant proposed +for round 3 of the NIST hash competition. This version is not +compatible with the previous algorithm. + +A new option ``--distribution-info`` was added to the configure +script. It allows the user building the library to set any +distribution-specific notes on the build, which are available as a +macro ``BOTAN_DISTRIBUTION_INFO``. The default value is +'unspecified'. If you are building an unmodified version of botan +(especially for distribution), and want to indicate to applications +that this is the case, consider using +``--distribution-info=pristine``. If you are making any patches or +modifications, it is recommended to use +``--distribution-info=[Distribution Name] [Version]``, for instance +'FooNix 1.9.13-r3'. + +Some bugs preventing compilation under Clang 2.9 and Sun Studio 12 +were fixed. + +The DER/BER codecs use ``size_t`` instead of ``u32bit`` for small +integers + +Version 1.9.12, 2010-12-13 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add the Keccak hash function +* Fix compilation problems in Python wrappers +* Fix compilation problem in OpenSSL engine +* Update SQLite3 database encryption codec + +Version 1.9.11, 2010-11-29 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* The TLS API has changed substantially and now relies heavily on + TR1's ``std::function`` is now required. Additionally, it is + required that all callers derive a subclass of TLS_Policy and pass + it to a client or server object. Please remember that the TLS + interface/API is currently unstable and will very likely change + further before TLS is included in a stable release. A handshake + failure that occured when RC4 was negotiated has also been fixed. + +* Some possible timing channels in the implementations of Montgomery + reduction and the IDEA key schedule were removed. The table-based + AES implementation uses smaller tables in the first round to help + make some timing/cache attacks harder. + +* The library now uses size_t instead of u32bit to represent + lengths. Also the interfaces for the memory containers have changed + substantially to better match STL container interfaces; + MemoryRegion::append, MemoryRegion::destroy, and MemoryRegion::set + were all removed, and several other functions, like clear and + resize, have changed meaning. + +* Update Skein-512 to match the v1.3 specification +* Fix a number of CRL encoding and decoding bugs +* Counter mode now always encrypts 256 blocks in parallel +* Use small tables in the first round of AES +* Removed AES class: app must choose AES-128, AES-192, or AES-256 +* Add hex encoding/decoding functions that can be used without a Pipe +* Add base64 encoding functions that can be used without a Pipe +* Add to_string function to X509_Certificate +* Add support for dynamic engine loading on Windows +* Replace BlockCipher::BLOCK_SIZE attribute with function block_size() +* Replace HashFunction::HASH_BLOCK_SIZE attribute with hash_block_size() +* Move PBKDF lookup to engine system +* The IDEA key schedule has been changed to run in constant time +* Add Algorithm and Key_Length_Specification classes +* Switch default PKCS #8 encryption algorithm from AES-128 to AES-256 +* Allow using PBKDF2 with empty passphrases +* Add compile-time deprecation warnings for GCC, Clang, and MSVC +* Support use of HMAC(SHA-256) and CMAC(Blowfish) in passhash9 +* Improve support for Intel Atom processors +* Fix compilation problems under Sun Studio and Clang + +Version 1.8.11, 2010-11-02 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fix a number of CRL encoding and decoding bugs +* When building a debug library under VC++, use the debug runtime +* Fix compilation under Sun Studio on Linux and Solaris +* Add several functions for compatability with 1.9 +* In the examples, read most input files as binary +* The Perl build script has been removed in this release + +Version 1.8.10, 2010-08-31 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Switch default PKCS #8 encryption algorithm from 3DES to AES-256 +* Increase default hash iterations from 2048 to 10000 in PBES1 and PBES2 +* Use small tables in the first round of AES +* Add PBKDF typedef and get_pbkdf for better compatability with 1.9 +* Add version of S2K::derive_key taking salt and iteration count +* Enable the /proc-walking entropy source on NetBSD +* Fix the doxygen makefile target + +Version 1.9.10, 2010-08-12 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add a constant-time AES implementation using SSSE3. This code is + based on public domain assembly written by `Mike Hamburg + <http://crypto.stanford.edu/vpaes/>`_, and described in his CHES + 2009 paper "Accelerating AES with Vector Permute Instructions". In + addition to being constant time, it is also significantly faster + than the table-based implementation on some processors. The current + code has been tested with GCC 4.5, Visual C++ 2008, and Clang 2.8. + + +* Support for dynamically loading Engine objects at runtime was also + added. Currently only system that use ``dlopen``-style dynamic + linking are supported. + +* On GCC 4.3 and later, use the byteswap intrinsic functions. + +* Drop support for building with Python 2.4 + +* Fix benchmarking of block ciphers in ECB mode + +* Consolidate the two x86 assembly engines + +* Rename S2K to PBKDF + +Version 1.9.9, 2010-06-28 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +A new pure virtual function has been added to ``Filter``, ``name`` +which simply returns some useful identifier for the object. Any +out-of-tree ``Filter`` implementations will need to be updated. + +Add ``Keyed_Filter::valid_iv_length`` which makes it possible to query +as to what IV length(s) a particular filter allows. Previously, +partially because there was no such query mechanism, if a filter did +not support IVs at all, then calls to ``set_iv`` would be silently +ignored. Now an exception about the invalid IV length will be thrown. + +The default iteration count for the password based encryption schemes +has been increased from 2048 to 10000. This should make +password-guessing attacks against private keys encrypted with versions +after this release somewhat harder. + +New functions for encoding public and private keys to binary, +``X509::BER_encode`` and ``PKCS8::BER_encode`` have been added. + +Problems compiling under Apple's version of GCC 4.2.1 and on 64-bit +MIPS systems using GCC 4.4 or later were fixed. + +The coverage of Doxygen documentation comments has significantly +improved in this release. + +Version 1.8.9, 2010-06-16 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Use constant time multiplication in IDEA + +* Avoid possible timing attack against OAEP decoding + +* Add new X509::BER_encode and PKCS8::BER_encode + +* Enable DLL builds under Windows + +* Add Win32 installer support + +* Add support for the Clang compiler + +* Fix problem in semcem.h preventing build under Clang or GCC 3.4 + +* Fix bug that prevented creation of DSA groups under 1024 bits + +* Fix crash in GMP_Engine if library is shutdown and reinitialized and + a PK algorithm was used after the second init + +* Work around problem with recent binutils in x86-64 SHA-1 + +* The Perl build script is no longer supported and refuses to run by + default. If you really want to use it, pass + ``--i-know-this-is-broken`` to the script. + +Version 1.9.8, 2010-06-14 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add support for wide multiplications on 64-bit Windows +* Use constant time multiplication in IDEA +* Avoid possible timing attack against OAEP decoding +* Removed FORK-256; rarely used and it has been broken +* Rename ``--use-boost-python`` to ``--with-boost-python`` +* Skip building shared libraries on MinGW/Cygwin +* Fix creation of 512 and 768 bit DL groups using the DSA kosherizer +* Fix compilation on GCC versions before 4.3 (missing cpuid.h) +* Fix compilation under the Clang compiler + +Version 1.9.7, 2010-04-27 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* TLS: Support reading SSLv2 client hellos +* TLS: Add support for SEED ciphersuites (RFC 4162) +* Add Comb4P hash combiner function + +* Fix checking of EMSA_Raw signatures with leading 0 bytes, valid + signatures could be rejected in certain scenarios. + +Version 1.9.6, 2010-04-09 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* TLS: Add support for TLS v1.1 +* TLS: Support server name indicator extension +* TLS: Fix server handshake +* TLS: Fix server using DSA certificates +* TLS: Avoid timing channel between CBC padding check and MAC verification + +Version 1.9.5, 2010-03-29 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Numerous ECC optimizations +* Fix GOST 34.10-2001 X.509 key loading +* Allow PK_Signer's fault protection checks to be toggled off +* Avoid using pool-based locking allocator if we can't mlock +* Remove all runtime options +* New BER_Decoder::{decode_and_check, decode_octet_string_bigint} +* Remove SecureBuffer in favor of SecureVector length parameter +* HMAC_RNG: Perform a poll along with user-supplied entropy +* Fix crash in MemoryRegion if Allocator::get failed +* Fix small compilation problem on FreeBSD + +Version 1.9.4, 2010-03-09 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add the Ajisai SSLv3/TLSv1.0 implementation + +* Add GOST 34.10-2001 public key signature scheme +* Add SIMD implementation of Noekeon + +* Add SSE2 implementation of IDEA + +* Extend Salsa20 to support longer IVs (XSalsa20) + +* Perform XTS encryption and decryption in parallel where possible + +* Perform CBC decryption in parallel where possible + +* Add SQLite3 db encryption codec, contributed by Olivier de Gaalon + +* Add a block cipher cascade construction + +* Add support for password hashing for authentication (passhash9.h) + +* Add support for Win32 high resolution system timers + +* Major refactoring and API changes in the public key code + +* PK_Signer class now verifies all signatures before releasing them to + the caller; this should help prevent a wide variety of fault + attacks, though it does have the downside of hurting signature + performance, particularly for DSA/ECDSA. + +* Changed S2K interface: derive_key now takes salt, iteration count + +* Remove dependency on TR1 shared_ptr in ECC and CVC code + +* Renamed ECKAEG to its more usual name, ECDH + +* Fix crash in GMP_Engine if library is shutdown and reinitialized + +* Fix an invalid memory read in MD4 + +* Fix Visual C++ static builds + +* Remove Timer class entirely + +* Switch default PKCS #8 encryption algorithm from 3DES to AES-128 + +* New configuration option, ``--gen-amalgamation``, creates a pair of + files (``botan_all.cpp`` and ``botan_all.h``) which contain the + contents of the library as it would have normally been compiled + based on the set configuration. + +* Many headers are now explicitly internal-use-only and are not installed + +* Greatly improve the Win32 installer + +* Several fixes for Visual C++ debug builds + +Version 1.9.3, 2009-11-19 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add new AES implementation using Intel's AES instruction intrinsics +* Add an implementation of format preserving encryption +* Allow use of any hash function in X.509 certificate creation +* Optimizations for MARS, Skipjack, and AES +* Set macros for available SIMD instructions in build.h +* Add support for using InnoSetup to package Windows builds +* By default build a DLL on Windows + +Version 1.8.8, 2009-11-03 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Alter Skein-512 to match the tweaked 1.2 specification +* Fix use of inline asm for access to x86 bswap function +* Allow building the library without AES enabled +* Add 'powerpc64' alias to ppc64 arch for Gentoo ebuild + +Version 1.9.2, 2009-11-03 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add SIMD version of XTEA +* Support both SSE2 and AltiVec SIMD for Serpent and XTEA +* Optimizations for SHA-1 and SHA-2 +* Add AltiVec runtime detection +* Fix x86 CPU identification with Intel C++ and Visual C++ + +Version 1.9.1, 2009-10-23 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Better support for Python and Perl wrappers +* Add an implementation of Blue Midnight Wish (Round 2 tweak version) +* Modify Skein-512 to match the tweaked 1.2 specification +* Add threshold secret sharing (draft-mcgrew-tss-02) +* Add runtime cpu feature detection for x86/x86-64 +* Add code for general runtime self testing for hashes, MACs, and ciphers +* Optimize XTEA; twice as fast as before on Core2 and Opteron +* Convert CTR_BE and OFB from filters to stream ciphers +* New parsing code for SCAN algorithm names +* Enable SSE2 optimizations under Visual C++ +* Remove all use of C++ exception specifications +* Add support for GNU/Hurd and Clang/LLVM + +Version 1.8.7, 2009-09-09 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fix processing multiple messages in XTS mode +* Add --no-autoload option to configure.py, for minimized builds + +Version 1.9.0, 2009-09-09 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add support for parallel invocation of block ciphers where possible +* Add SSE2 implementation of Serpent +* Add Rivest's package transform (an all or nothing transform) +* Minor speedups to the Turing key schedule +* Fix processing multiple messages in XTS mode +* Add --no-autoload option to configure.py, for minimized builds +* The previously used configure.pl script is no longer supported + +Version 1.8.6, 2009-08-13 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add Cryptobox, a set of simple password-based encryption routines +* Only read world-readable files when walking /proc for entropy +* Fix building with TR1 disabled +* Fix x86 bswap support for Visual C++ +* Fixes for compilation under Sun C++ +* Add support for Dragonfly BSD (contributed by Patrick Georgi) +* Add support for the Open64 C++ compiler +* Build fixes for MIPS systems running Linux +* Minor changes to license, now equivalent to the FreeBSD/NetBSD license + +Version 1.8.5, 2009-07-23 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Change configure.py to work on stock Python 2.4 +* Avoid a crash in Skein_512::add_data processing a zero-length input +* Small build fixes for SPARC, ARM, and HP-PA processors +* The test suite now returns an error code from main() if any tests failed + +Version 1.8.4, 2009-07-12 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fix a bug in nonce generation in the Miller-Rabin test + +Version 1.8.3, 2009-07-11 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add a new Python configuration script +* Add the Skein-512 SHA-3 candidate hash function +* Add the XTS block cipher mode from IEEE P1619 +* Fix random_prime when generating a prime of less than 7 bits +* Improve handling of low-entropy situations during PRNG seeding +* Change random device polling to prefer /dev/urandom over /dev/random +* Use an input insensitive implementation of same_mem instead of memcmp +* Correct DataSource::discard_next to return the number of discarded bytes +* Provide a default value for AutoSeeded_RNG::reseed +* Fix Gentoo bug 272242 + +Version 1.8.2, 2009-04-07 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Make entropy polling more flexible and in most cases faster +* GOST 28147 now supports multiple sbox parameters +* Added the GOST 34.11 hash function +* Fix botan-config problems on MacOS X + +Version 1.8.1, 2009-01-20 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Avoid a valgrind warning in es_unix.cpp on 32-bit Linux +* Fix memory leak in PKCS8 load_key and encrypt_key +* Relicense api.tex from CC-By-SA 2.5 to BSD +* Fix botan-config on MacOS X, Solaris + +Version 1.8.0, 2008-12-08 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fix compilation on Solaris with GCC + +Version 1.7.24, 2008-12-01 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fix a compatibility problem with SHA-512/EMSA3 signature padding +* Fix bug preventing EGD/PRNGD entropy poller from working +* Fix integer overflow in Pooling_Allocator::get_more_core (bug id #27) +* Add EMSA3_Raw, a variant of EMSA3 called CKM_RSA_PKCS in PKCS #11 +* Add support for SHA-224 in EMSA2 and EMSA3 PK signature padding schemes +* Add many more test vectors for RSA with EMSA2, EMSA3, and EMSA4 +* Wrap private structs in SSE2 SHA-1 code in anonymous namespace +* Change configure.pl's CPU autodetection output to be more consistent +* Disable using OpenSSL's AES due to crashes of unknown cause +* Fix warning in /proc walking entropy poller +* Fix compilation with IBM XLC for Cell 0.9-200709 + +Version 1.7.23, 2008-11-23 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Change to use TR1 (thus enabling ECDSA) with GCC and ICC +* Optimize almost all hash functions, especially MD4 and Tiger +* Add configure.pl options --{with,without}-{bzip2,zlib,openssl,gnump} +* Change Timer to be pure virtual, and add ANSI_Clock_Timer +* Cache socket descriptors in the EGD entropy source +* Avoid bogging down startup in /proc walking entropy source +* Remove Buffered_EntropySource helper class +* Add a Default_Benchmark_Timer typedef in benchmark.h +* Add examples using benchmark.h and Algorithm_Factory +* Add ECC tests from InSiTo +* Minor documentation updates + +Version 1.7.22, 2008-11-17 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add provider preferences to Algorithm_Factory +* Fix memory leaks in PBE_PKCS5v20 and get_pbe introduced in 1.7.21 +* Optimize AES encryption and decryption (about 10% faster) +* Enable SSE2 optimized SHA-1 implementation on Intel Prescott CPUs +* Fix nanoseconds overflow in benchmark code +* Remove Engine::add_engine + +Version 1.7.21, 2008-11-11 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Make algorithm lookup much more configuable +* Add facilities for runtime performance testing of algorithms +* Drop use of entropy estimation in the PRNGs +* Increase intervals between HMAC_RNG automatic reseeding +* Drop InitializerOptions class, all options but thread safety + +Version 1.7.20, 2008-11-09 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Namespace pkg-config file by major and minor versions +* Cache device descriptors in Device_EntropySource +* Split base.h into {block_cipher,stream_cipher,mac,hash}.h +* Removed get_mgf function from lookup.h + +Version 1.7.19, 2008-11-06 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add HMAC_RNG, based on a design by Hugo Krawczyk +* Optimized the Turing stream cipher (about 20% faster on x86-64) +* Modify Randpool's reseeding algorithm to poll more sources +* Add a new AutoSeeded_RNG in auto_rng.h +* OpenPGP_S2K changed to take hash object instead of name +* Add automatic identification for Intel's Prescott processors + +Version 1.7.18, 2008-10-22 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add Doxygen comments from InSiTo +* Add ECDSA and ECKAEG benchmarks +* Add configure.pl switch --with-tr1-implementation +* Fix configure.pl's --with-endian and --with-unaligned-mem options +* Added support for pkg-config +* Optimize byteswap with x86 inline asm for Visual C++ by Yves Jerschow +* Use const references to avoid copying overhead in CurveGFp, GFpModulus + +Version 1.7.17, 2008-10-12 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add missing ECDSA object identifiers +* Fix error in x86 and x86-64 assembler affecting GF(p) math +* Remove Boost dependency from GF(p) math +* Modify botan-config to not print -L/usr/lib or -L/usr/local/lib +* Add BOTAN_DLL macro to over 30 classes missing it +* Rename the two SHA-2 base classes for consistency + +Version 1.7.16, 2008-10-09 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add several missing pieces needed for ECDSA and ECKAEG +* Add Card Verifiable Certificates from InSiTo +* Add SHA-224 from InSiTo +* Add BSI variant of EMSA1 from InSiTo +* Add GF(p) and ECDSA tests from InSiTo +* Split ECDSA and ECKAEG into distinct modules +* Allow OpenSSL and GNU MP engines to be built with public key algos disabled +* Rename sha256.h to sha2_32.h and sha_64.h to sha2_64.h + +Version 1.7.15, 2008-10-07 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add GF(p) arithmetic from InSiTo +* Add ECDSA and ECKAEG implementations from InSiTo +* Minimize internal dependencies, allowing for smaller build configurations +* Add new User Manual and Architecture Guide from FlexSecure GmbH +* Alter configure.pl options for better autotools compatibility +* Update build instructions for recent changes to configure.pl +* Fix CPU detection using /proc/cpuinfo + +Version 1.7.14, 2008-09-30 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Split library into parts allowing modular builds +* Add (very preliminary) CMS support to the main library +* Some constructors now require object pointers instead of names +* Support multiple implementations of the same algorithm +* Build support for Pentium-M processors, from Derek Scherger +* Build support for MinGW/MSYS, from Zbigniew Zagorski +* Use inline assembly for bswap on 32-bit x86 + +Version 1.7.13, 2008-09-27 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add SSLv3 MAC, SSLv3 PRF, and TLS v1.0 PRF from Ajisai +* Allow all examples to compile even if compression not enabled +* Make CMAC's polynomial doubling operation a public class method +* Use the -m64 flag when compiling with Sun Forte on x86-64 +* Clean up and slightly optimize CMAC::final_result + +Version 1.7.12, 2008-09-18 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add x86 assembly for Visual Studio C++, by Luca Piccarreta +* Add a Perl XS module, by Vaclav Ovsik +* Add SWIG-based wrapper for Botan +* Add SSE2 implementation of SHA-1, by Dean Gaudet +* Remove the BigInt::sig_words cache due to bugs +* Combined the 4 Blowfish sboxes, suggested by Yves Jerschow +* Changed BigInt::grow_by and BigInt::grow_to to be non-const +* Add private assignment operators to classes that don't support assignment +* Benchmark RSA encryption and signatures +* Added test programs for random_prime and ressol +* Add high resolution timers for IA-64, HP-PA, S390x +* Reduce use of the RNG during benchmarks +* Fix builds on STI Cell PPU +* Add support for IBM's XLC compiler +* Add IETF 8192 bit MODP group + +Version 1.7.11, 2008-09-11 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added the Salsa20 stream cipher +* Optimized Montgomery reduction, Karatsuba squaring +* Added 16x16->32 word Comba multiplication and squaring +* Use a much larger Karatsuba cutoff point +* Remove bigint_mul_add_words +* Inlined several BigInt functions +* Add useful information to the generated build.h +* Rename alg_{ia32,amd64} modules to asm_{ia32,amd64} +* Fix the Windows build + +Version 1.7.10, 2008-09-05 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Public key benchmarks run using a selection of random keys +* New benchmark timer options are clock_gettime, gettimeofday, times, clock +* Including reinterpret_cast optimization for xor_buf in default header +* Split byte swapping and word rotation functions into distinct headers +* Add IETF modp 6144 group and 2048 and 3072 bit DSS groups +* Optimizes BigInt right shift +* Add aliases in DL_Group::Format enum +* BigInt now caches the significant word count + +Version 1.6.5, 2008-08-27 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add noexec stack marker for GNU linker in assembly code +* Fix autoconfiguration problem on x86 with GCC 4.2 and 4.3 + +Version 1.7.9, 2008-08-27 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Make clear() in most algorithm base classes a pure virtual +* Add noexec stack marker for GNU linker in assembly code +* Avoid string operations in ressol +* Compilation fixes for MinGW and Visual Studio C++ 2008 +* Some autoconfiguration fixes for Windows + +Version 1.7.8, 2008-07-15 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added the block cipher Noekeon +* Remove global deref_alias function +* X509_Store takes timeout options as constructor arguments +* Add Shanks-Tonelli algorithm, contributed by FlexSecure GmbH +* Extend random_prime() for generating primes of any bit length +* Remove Config class +* Allow adding new entropy via base RNG interface +* Reseeding a X9.31 PRNG also reseeds the underlying PRNG + +Version 1.7.7, 2008-06-28 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Remove the global PRNG object +* The PK filter objects were removed +* Add a test suite for the ANSI X9.31 PRNG +* Much cleaner and (mostly) thread-safe reimplementation of es_ftw +* Remove both default arguments to ANSI_X931_RNG's constructor +* Remove the randomizing version of OctetString::change +* Make the cipher and MAC to use in Randpool configurable +* Move RandomNumberGenerator declaration to rng.h +* RSA_PrivateKey will not generate keys smaller than 1024 bits +* Fix an error decoding BER UNIVERSAL types with special taggings + +Version 1.7.6, 2008-05-05 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Initial support for Windows DLLs, from Joel Low +* Reset the position pointer when a new block is generated in X9.32 PRNG +* Timer objects are now treated as entropy sources +* Moved several ASN.1-related enums from enums.h to an appropriate header +* Removed the AEP module, due to inability to test +* Removed Global_RNG and rng.h +* Removed system_clock +* Removed Library_State::UI and the pulse callback logic + +Version 1.7.5, 2008-04-12 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* The API of X509_CA::sign_request was altered to avoid race conditions +* New type Pipe::message_id to represent the Pipe message number +* Remove the Named_Mutex_Holder for a small performance gain +* Removed several unused or rarely used functions from Config +* Ignore spaces inside of a decimal string in BigInt::decode +* Allow using a std::istream to initialize a DataSource_Stream object +* Fix compilation problem in zlib compression module +* The chunk sized used by Pooling_Allocator is now a compile time setting +* The size of random blinding factors is now a compile time setting +* The install target no longer tries to set a particular owner/group + +Version 1.7.4, 2008-03-10 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Use unaligned memory read/writes on systems that allow it, for performance +* Assembly for x86-64 for accessing the bswap instruction +* Use larger buffers in ARC4 and WiderWAKE for significant throughput increase +* Unroll loops in SHA-160 for a few percent increase in performance +* Fix compilation with GCC 3.2 in es_ftw and es_unix +* Build fix for NetBSD systems +* Prevent es_dev from being built except on Unix systems + +Version 1.6.4, 2008-03-08 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fix a compilation problem with Visual Studio C++ 2003 + +Version 1.7.3, 2008-01-23 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* New invocation syntax for configure.pl with several new options +* Support for IPv4 addresses in a subject alternative name +* New fast poll for the generic Unix entropy source (es_unix) +* The es_file entropy source has been replaced by the es_dev module +* The malloc allocator does not inherit from Pooling_Allocator anymore +* The path that es_unix will search in are now fully user-configurable +* Truncate X9.42 PRF output rather than allow counter overflow +* PowerPC is now assumed to be big-endian + +Version 1.7.2, 2007-10-13 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Initialize the global library state lazily +* Add plain CBC-MAC for backwards compatibility with old systems +* Clean up some of the self test code +* Throw a sensible exception if a DL_Group is not found +* Truncate KDF2 output rather than allowing counter overflow +* Add newly assigned OIDs for SHA-2 and DSA with SHA-224/256 +* Fix a Visual Studio compilation problem in x509stat.cpp + +Version 1.6.3, 2007-07-23 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fix a race condition in the algorithm lookup cache +* Fix problems building the memory pool on some versions of Visual C++ + +Version 1.7.1, 2007-07-23 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fix a race condition in the algorithm object cache +* HMAC key schedule optimization +* The build header sets a macro defining endianness, if known +* New word load/store abstraction allowing further optimization +* Modify most of the library to avoid use the C-style casts +* Use higher resolution timers in symmetric benchmarks + +Version 1.7.0, 2007-05-19 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* DSA parameter generation now follows FIPS 186-3 +* Added OIDs for Rabin-Williams and Nyberg-Rueppel +* Somewhat better support for out of tree builds +* Minor optimizations for RC2 and Tiger +* Documentation updates +* Update the todo list + +Version 1.6.2, 2007-03-24 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fix autodection on Athlon64s running Linux +* Fix builds on QNX and compilers using STLport +* Remove a call to abort() that crept into production + +Version 1.6.1, 2007-01-20 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fix some base64 decoder bugs +* Add a new option to base64 encoding, to always append a newline +* Fix some build problems under Visual Studio with debug enabled +* Fix a bug in BER_Decoder that was triggered under some compilers + +Version 1.6.0, 2006-12-17 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Minor cleanups versus 1.5.13 + +Version 1.5.13, 2006-12-10 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Compilation fixes for the bzip2, zlib, and GNU MP modules +* Better support for Intel C++ and EKOpath C++ on x86-64 + +Version 1.5.12, 2006-10-27 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Cleanups in the initialization routines +* Add some x86-64 assembly for multiply-add +* Fix problems generating very small (below 384 bit) RSA keys +* Support out of tree builds +* Bring some of the documentation up to date +* More improvements to the Python bindings + +Version 1.5.11, 2006-09-10 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Removed the Algorithm base class +* Various cleanups in the public key inheritance hierarchy +* Major overhaul of the configure/build setup +* Added x86 assembler implementations of Serpent and low-level MPI code +* Optimizations for the SHA-1 x86 assembler +* Various improvements to the Python wrappers +* Work around a Visual Studio compiler bug + +Version 1.5.10, 2006-08-13 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add x86 assembler versions of MD4, MD5, and SHA-1 +* Expand InitializerOptions' language to support on/off switches +* Fix definition of OID 2.5.4.8; was accidentally changed in 1.5.9 +* Fix possible resource leaks in the mmap allocator +* Slightly optimized buffering in MDx_HashFunction +* Initialization failures are dealt with somewhat better +* Add an example implementing Pollard's Rho algorithm +* Better option handling in the test/benchmark tool +* Expand the xor_ciph example to support longer keys +* Some updates to the documentation + +Version 1.5.9, 2006-07-12 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed bitrot in the AEP engine +* Fix support for marking certificate/CRL extensions as critical +* Significant cleanups in the library state / initialization code +* LibraryInitializer takes an explicit InitializerOptions object +* Make Mutex_Factory an abstract class, add Default_Mutex_Factory +* Change configuration access to using global_state() +* Add support for global named mutexes throughout the library +* Add some STL wrappers for the delete operator +* Change how certificates are created to be more flexible and general + +Version 1.5.8, 2006-06-23 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Many internal cleanups to the X.509 cert/CRL code +* Allow for application code to support new X.509 extensions +* Change the return type of X509_Certificate::{subject,issuer}_info +* Allow for alternate character set handling mechanisms +* Fix a bug that was slowing squaring performance somewhat +* Fix a very hard to hit overflow bug in the C version of word3_muladd +* Minor cleanups to the assembler modules +* Disable es_unix module on FreeBSD due to build problem on FreeBSD 6.1 +* Support for GCC 2.95.x has been dropped in this release + +Version 1.5.7, 2006-05-28 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Further, major changes to the BER/DER coding system +* Updated the Qt mutex module to use Mutex_Factory +* Moved the library global state object into an anonymous namespace +* Drop the Visual C++ x86 assembly module due to bugs + +Version 1.5.6, 2006-03-01 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* The low-level DER/BER coding system was redesigned and rewritten +* Portions of the certificate code were cleaned up internally +* Use macros to substantially clean up the GCC assembly code +* Added 32-bit x86 assembly for Visual C++ (by Luca Piccarreta) +* Avoid a couple of spurious warnings under Visual C++ +* Some slight cleanups in X509_PublicKey::key_id + +Version 1.5.5, 2006-02-04 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed a potential infinite loop in the memory pool code (Matt Johnston) +* Made Pooling_Allocator::Memory_Block an actual class of sorts +* Some small optimizations to the division and modulo computations +* Cleaned up the implementation of some of the BigInt operators +* Reduced use of dynamic memory allocation in low-level BigInt functions +* A few simplifications in the Randpool mixing function +* Removed power(), as it was not particularly useful (or fast) +* Fixed some annoying bugs in the benchmark code +* Added a real credits file + +Version 1.5.4, 2006-01-29 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Integrated x86 and amd64 assembly code, contributed by Luca Piccarreta +* Fixed a memory access off-by-one in the Karatsuba code +* Changed Pooling_Allocator's free list search to a log(N) algorithm +* Merged ModularReducer with its only subclass, Barrett_Reducer +* Fixed sign-handling bugs in some of the division and modulo code +* Renamed the module description files to modinfo.txt +* Further cleanups in the initialization code +* Removed BigInt::add and BigInt::sub +* Merged all the division-related functions into just divide() +* Modified the <mp_asmi.h> functions to allow for better optimizations +* Made the number of bits polled from an EntropySource user configurable +* Avoid including <algorithm> in <botan/secmem.h> +* Fixed some build problems with Sun Forte +* Removed some dead code from bigint_modop +* Fix the definition of same_mem + +Version 1.5.3, 2006-01-24 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Many optimizations in the low-level multiple precision integer code +* Added hooks for assembly implementations of the MPI code +* Support for the X.509 issuer alternative name extension in new certs +* Fixed a bug in the decompression modules; found and patched by Matt Johnston +* New Windows mutex module (mux_win32), by Luca Piccarreta +* Changed the Windows timer module to use QueryPerformanceCounter +* mem_pool.cpp was using std::set iterators instead of std::multiset ones +* Fixed a bug in X509_CA preventing users from disabling particular extensions +* Fixed the mp_asm64 module, which was entirely broken in 1.5.2 +* Fixed some module build problems on FreeBSD and Tru64 + +Version 1.4.12, 2006-01-15 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed an off-by-one memory read in MISTY1::key() +* Fixed a nasty memory leak in Output_Buffers::retire() +* Changed maximum HMAC keylength to 1024 bits +* Fixed a build problem in the hardware timer module on 64-bit PowerPC + +Version 1.5.2, 2006-01-15 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed an off-by-one memory read in MISTY1::key() +* Fixed a nasty memory leak in Output_Buffers::retire() +* Reimplemented the memory allocator from scratch +* Improved memory caching in Montgomery exponentiation +* Optimizations for multiple precision addition and subtraction +* Fixed a build problem in the hardware timer module on 64-bit PowerPC +* Changed default Karatsuba cutoff to 12 words (was 14) +* Removed MemoryRegion::bits(), which was unused and incorrect +* Changed maximum HMAC keylength to 1024 bits +* Various minor Makefile and build system changes +* Avoid using std::min in <secmem.h> to bypass Windows libc macro pollution +* Switched checks/clock.cpp back to using clock() by default +* Enabled the symmetric algorithm tests, which were accidentally off in 1.5.1 +* Removed the Default_Mutex's unused clone() member function + +Version 1.5.1, 2006-01-08 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Implemented Montgomery exponentiation +* Implemented generalized Karatsuba multiplication and squaring +* Implemented Comba squaring for 4, 6, and 8 word inputs +* Added new Modular_Exponentiator and Power_Mod classes +* Removed FixedBase_Exp and FixedExponent_Exp +* Fixed a performance regression in get_allocator introduced in 1.5.0 +* Engines can now offer S2K algorithms and block cipher padding methods +* Merged the remaining global 'algolist' code into Default_Engine +* The low-level MPI code is linked as C again +* Replaced BigInt's get_nibble with the more general get_substring +* Some documentation updates + +Version 1.5.0, 2006-01-01 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Moved all global/shared library state into a single object +* Mutex objects are created through mutex factories instead of a global +* Removed ::get_mutex(), ::initialize_mutex(), and Mutex::clone() +* Removed the RNG_Quality enum entirely +* There is now only a single global-use PRNG +* Removed the no_aliases and no_oids options for LibraryInitializer +* Removed the deprecated algorithms SEAL, ISAAC, and HAVAL +* Change es_ftw to use unbuffered I/O + +Version 1.4.11, 2005-12-31 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Changed Whirlpool diffusion matrix to match updated algorithm spec +* Fixed several engine module build errors introduced in 1.4.10 +* Fixed two build problems in es_capi; reported by Matthew Gregan +* Added a constructor to DataSource_Memory taking a std::string +* Placing the same Filter in multiple Pipes triggers an exception +* The configure script accepts --docdir and --libdir +* Merged doc/rngs.txt into the main API document +* Thanks to Joel Low for several bug reports on early tarballs of 1.4.11 + +Version 1.4.10, 2005-12-18 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added an implementation of KASUMI, the block cipher used in 3G phones +* Refactored Pipe; output queues are now managed by a distinct class +* Made certain Filter facilities only available to subclasses of Fanout_Filter +* There is no longer any overhead in Pipe for a message that has been read out +* It is now possible to generate RSA keys as small as 128 bits +* Changed some of the core classes to derive from Algorithm as a virtual base +* Changed Randpool to use HMAC instead of a plain hash as the mixing function +* Fixed a bug in the allocators; found and fixed by Matthew Gregan +* Enabled the use of binary file I/O, when requested by the application +* The OpenSSL engine's block cipher code was missing some deallocation calls +* Disabled the es_ftw module on NetBSD, due to header problems there +* Fixed a problem preventing tm_hard from building on MacOS X on PowerPC +* Some cleanups for the modules that use inline assembler +* config.h is now stored in build/ instead of build/include/botan/ +* The header util.h was split into bit_ops.h, parsing.h, and util.h +* Cleaned up some redundant include directives + +Version 1.4.9, 2005-11-06 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added the IBM-created AES candidate algorithm MARS +* Added the South Korean block cipher SEED +* Added the stream cipher Turing +* Added the new hash function FORK-256 +* Deprecated the ISAAC stream cipher +* Twofish and RC6 are significantly faster with GCC +* Much better support for 64-bit PowerPC +* Added support for high-resolution PowerPC timers +* Fixed a bug in the configure script causing problems on FreeBSD +* Changed ANSI X9.31 to support arbitrary block ciphers +* Make the configure script a bit less noisy +* Added more test vectors for some algorithms, including all the AES finalists +* Various cosmetic source code cleanups + +Version 1.4.8, 2005-10-16 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Resolved a bad performance problem in the allocators; fix by Matt Johnston +* Worked around a Visual Studio 2003 compilation problem introduced in 1.4.7 +* Renamed OMAC to CMAC to match the official NIST naming +* Added single byte versions of update() to PK_Signer and PK_Verifier +* Removed the unused reverse_bits and reverse_bytes functions + +Version 1.4.7, 2005-09-25 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed major performance problems with recent versions of GNU C++ +* Added an implementation of the X9.31 PRNG +* Removed the X9.17 and FIPS 186-2 PRNG algorithms +* Changed defaults to use X9.31 PRNGs as global PRNG objects +* Documentation updates to reflect the PRNG changes +* Some cleanups related to the engine code +* Removed two useless headers, base_eng.h and secalloc.h +* Removed PK_Verifier::valid_signature +* Fixed configure/build system bugs affecting MacOS X builds +* Added support for the EKOPath x86-64 compiler +* Added missing destructor for BlockCipherModePaddingMethod +* Fix some build problems with Visual C++ 2005 beta +* Fix some build problems with Visual C++ 2003 Workshop + +Version 1.4.6, 2005-03-13 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fix an error in the shutdown code introduced in 1.4.5 +* Setting base/pkcs8_tries to 0 disables the builtin fail-out +* Support for XMPP identifiers in X.509 certificates +* Duplicate entries in X.509 DNs are removed +* More fixes for Borland C++, from Friedemann Kleint +* Add a workaround for buggy iostreams + +Version 1.4.5, 2005-02-26 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add support for AES encryption of private keys +* Minor fixes for PBES2 parameter decoding +* Internal cleanups for global state variables +* GCC 3.x version detection was broken in non-English locales +* Work around a Sun Forte bug affecting mem_pool.h +* Several fixes for Borland C++ 5.5, from Friedemann Kleint +* Removed inclusion of init.h into base.h +* Fixed a major bug in reading from certificate stores +* Cleaned up a couple of mutex leaks +* Removed some left-over debugging code +* Removed SSL3_MAC, SSL3_PRF, and TLS_PRF + +Version 1.4.4, 2004-12-02 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Further tweaks to the pooling allocator +* Modified EMSA3 to support SSL/TLS signatures +* Changes to support Qt/QCA, from Justin Karneges +* Moved mux_qt module code into mod_qt +* Fixes for HP-UX from Mike Desjardins + +Version 1.4.3, 2004-11-06 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Split up SecureAllocator into Allocator and Pooling_Allocator +* Memory locking allocators are more likely to be used +* Fixed the placement of includes in some modules +* Fixed broken installation procedure +* Fixes in configure script to support alternate install programs +* Modules can specify the minimum version they support + +Version 1.4.2, 2004-10-31 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed a major CRL handling bug +* Cipher and hash operations can be offloaded to engines +* Added support for cipher and hash offload in OpenSSL engine +* Improvements for 64-bit CPUs without a widening multiply instruction +* Support for SHA2-* and Whirlpool with EMSA2 +* Fixed a long-standing build problem with conflicting include files +* Fixed some examples that hadn't been updated for 1.4.x +* Portability fixes for Solaris, BSD, HP-UX, and others +* Lots of fixes and cleanups in the configure script +* Updated the Gentoo ebuild file + +Version 1.4.1, 2004-10-10 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed major errors in the X.509 and PKCS #8 copy_key functions +* Added a LAST_MESSAGE meta-message number for Pipe +* Added new aliases (3DES and DES-EDE) for Triple-DES +* Added some new functions to PK_Verifier +* Cleaned up the KDF interface +* Disabled tm_posix on BSD due to header issues +* Fixed a build problem on PowerPC with GNU C++ pre-3.4 + +Version 1.4.0, 2004-06-26 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added the FIPS 186 RNG back +* Added copy_key functions for X.509 public keys and PKCS #8 private keys +* Fixed PKCS #1 signatures with RIPEMD-128 +* Moved some code around to avoid warnings with Sun ONE compiler +* Fixed a bug in botan-config affecting OpenBSD +* Fixed some build problems on Tru64, HP-UX +* Fixed compile problems with Intel C++, Compaq C++ + +Version 1.3.14, 2004-06-12 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added support for AEP's AEP1000/AEP2000 crypto cards +* Added a Mutex module using Qt, from Justin Karneges +* Added support for engine loading in LibraryInitializer +* Tweaked SecureAllocator, giving 20% better performance under heavy load +* Added timer and memory locking modules for Win32 (tm_win32, ml_win32) +* Renamed PK_Engine to Engine_Core +* Improved the Karatsuba cutoff points +* Fixes for compiling with GCC 3.4 and Sun C++ 5.5 +* Fixes for Linux/s390, OpenBSD, and Solaris +* Added support for Linux/s390x +* The configure script was totally broken for 'generic' OS +* Removed Montgomery reduction due to bugs +* Removed an unused header, pkcs8alg.h +* check --validate returns an error code if any tests failed +* Removed duplicate entry in Unix command list for es_unix +* Moved the Cert_Usage enumeration into X509_Store +* Added new timing methods for PK benchmarks, clock_gettime and RDTSC +* Fixed a few minor bugs in the configure script +* Removed some deprecated functions from x509cert.h and pkcs10.h +* Removed the 'minimal' module, has to be updated for Engine support +* Changed MP_WORD_BITS macro to BOTAN_MP_WORD_BITS to clean up namespace +* Documentation updates + +Version 1.3.13, 2004-05-15 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Major fixes for Cygwin builds +* Minor MacOS X install fixes +* The configure script is a little better at picking the right modules +* Removed ml_unix from the 'unix' module set for Cygwin compatibility +* Fixed a stupid compile problem in pkcs10.h + +Version 1.3.12, 2004-05-02 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added ability to remove old entries from CRLs +* Swapped the first two arguments of X509_CA::update_crl() +* Added an < operator for MemoryRegion, so it can be used as a std::map key +* Changed X.509 searching by DNS name from substring to full string compares +* Renamed a few X509_Certificate and PKCS10_Request member functions +* Fixed a problem when decoding some PKCS #10 requests +* Hex_Decoder would not check inputs, reported by Vaclav Ovsik +* Changed default CRL expire time from 30 days to 7 days +* X509_CRL's default PEM header is now "X509 CRL", for OpenSSL compatibility +* Corrected errors in the API doc, fixes from Ken Perano +* More documentation about the Pipe/Filter code + +Version 1.3.11, 2004-04-01 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed two show-stopping bugs in PKCS10_Request +* Added some sanity checks in Pipe/Filter +* The DNS and URI entries would get swapped in subjectAlternativeNames +* MAC_Filter is now willing to not take a key at creation time +* Setting the expiration times of certs and CRLs is more flexible +* Fixed problems building on AIX with GCC +* Fixed some problems in the tutorial pointed out by Dominik Vogt +* Documentation updates + +Version 1.3.10, 2004-03-27 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added support for OpenPGP's ASCII armor format +* Cleaned up the RNG system; seeding is much more flexible +* Added simple autoconfiguration abilities to configure.pl +* Fixed a GCC 2.95.x compile problem +* Updated the example configuration file +* Documentation updates + +Version 1.3.9, 2004-03-07 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added an engine using OpenSSL (requires 0.9.7 or later) +* X509_Certificate would lose email addresses stored in the DN +* Fixed a missing initialization in a BigInt constructor +* Fixed several Visual C++ compile problems +* Fixed some BeOS build problems +* Fixed the WiderWake benchmark + +Version 1.3.8, 2003-12-30 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Initial introduction of engine support, which separates PK keys from + the underlying operations. An engine using GNU MP was added. + +* DSA, DH, NR, and ElGamal constructors accept taking just the private + key again since the public key is easily derived from it. + +* Montgomery reduction support was added. +* ElGamal keys now support being imported/exported as ASN.1 objects +* Added Montgomery reductions +* Added an engine that uses GNU MP (requires 4.1 or later) +* Removed the obsolete mp_gmp module +* Moved several initialization/shutdown functions to init.h +* Major refactoring of the memory containers +* New non-locking container, MemoryVector +* Fixed 64-bit problems in BigInt::set_bit/clear_bit +* Renamed PK_Key::check_params() to check_key() +* Some incompatible changes to OctetString +* Added version checking macros in version.h +* Removed the fips140 module pending rewrite +* Added some functions and hooks to help GUIs +* Moved more shared code into MDx_HashFunction +* Added a policy hook for specifying the encoding of X.509 strings + +Version 1.3.7, 2003-12-12 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed a big security problem in es_unix +* Fixed several stability problems in es_unix +* Expanded the list of programs es_unix will try to use +* SecureAllocator now only preallocates blocks in special cases +* Added a special case in Global_RNG::seed for forcing a full poll +* Removed the FIPS 186 RNG added in 1.3.5 pending further testing +* Configure updates for PowerPC CPUs +* Removed the (never tested) VAX support +* Added support for S/390 Linux + +Version 1.3.6, 2003-12-07 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added a new module 'minimal', which disables most algorithms +* SecureAllocator allocates a few blocks at startup +* A few minor MPI cleanups +* RPM spec file cleanups and fixes + +Version 1.3.5, 2003-11-30 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Major improvements in ASN.1 string handling +* Added partial support for ASN.1 UTF8 STRINGs and BMP STRINGs +* Added partial support for the X.509v3 certificate policies extension +* Centralized the handling of character set information +* Added FIPS 140-2 startup self tests +* Added a module (fips140) for doing extra FIPS 140-2 tests +* Added FIPS 186-2 RNG +* Improved ASN.1 BIT STRING handling +* Removed a memory leak in PKCS10_Request +* The encoding of DirectoryString now follows PKIX guidelines +* Fixed some of the character set dependencies +* Fixed a DER encoding error for tags greater than 30 +* The BER decoder can now handle tags larger than 30 +* Fixed tm_hard.cpp to recognize SPARC on more systems +* Workarounds for a GCC 2.95.x bug in x509find.cpp +* RPM changed to install into /usr instead of /usr/local +* Added support for QNX + +Version 1.2.8, 2003-11-21 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Merged several important bug fixes from 1.3.x + +Version 1.3.4, 2003-11-21 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added a module that does certain MPI operations using GNU MP +* Added the X9.42 Diffie-Hellman PRF +* The Zlib and Bzip2 objects now use custom allocators +* Added member functions for directly hashing/MACing SecureVectors +* Minor optimizations to the MPI addition and subtraction algorithms +* Some cleanups in the low-level MPI code +* Created separate AES-{128,192,256} objects + +Version 1.3.3, 2003-11-17 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* The library can now be repeatedly initialized and shutdown without crashing +* Fixed an off-by-one error in the CTS code +* Fixed an error in the EMSA4 verification code +* Fixed a memory leak in mutex.cpp (pointed out by James Widener) +* Fixed a memory leak in Pthread_Mutex +* Fixed several memory leaks in the testing code +* Bulletproofed the EMSA/EME/KDF/MGF retrieval functions +* Minor cleanups in SecureAllocator +* Removed a needless mutex guarding the (stateless) global timer +* Fixed a piece of bash-specific code in botan-config +* X.509 objects report more information about decoding errors +* Cleaned up some of the exception handling +* Updated the example config file with new OIDSs +* Moved the build instructions into a separate document, building.tex + +Version 1.3.2, 2003-11-13 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed a bug preventing DSA signatures from verifying on X.509 objects +* Made the X509_Store search routines more efficient and flexible +* Added a function to X509_PublicKey to do easy public/private key matching +* Added support for decoding indefinite length BER data +* Changed Pipe's peek() to take an offset +* Removed Filter::set_owns in favor of the new incr_owns function +* Removed BigInt::zero() and BigInt::one() +* Renamed the PEM related options from base/pem_* to pem/* +* Added an option to specify the line width when encoding PEM +* Removed the "rng/safe_longterm" option; it's always on now +* Changed the cipher used for RNG super-encryption from ARC4 to WiderWake4+1 +* Cleaned up the base64/hex encoders and decoders +* Added an ASN.1/BER decoder as an example +* AES had its internals marked 'public' in previous versions +* Changed the value of the ASN.1 NO_OBJECT enum +* Various new hacks in the configure script +* Removed the already nominal support for SunOS + +Version 1.3.1, 2003-11-04 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Generalized a few pieces of the DER encoder +* PKCS8::load_key would fail if handed an unencrypted key +* Added a failsafe so PKCS #8 key decoding can't go into an infinite loop + +Version 1.3.0, 2003-11-02 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Major redesign of the PKCS #8 private key import/export system +* Added a small amount of UI interface code for getting passphrases +* Added heuristics that tell if a key, cert, etc is stored as PEM or BER +* Removed CS-Cipher, SHARK, ThreeWay, MD5-MAC, and EMAC +* Removed certain deprecated constructors of RSA, DSA, DH, RW, NR +* Made PEM decoding more forgiving of extra text before the header + +Version 1.2.7, 2003-10-31 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added support for reading configuration files +* Added constructors so NR and RW keys can be imported easily +* Fixed mp_asm64, which was completely broken in 1.2.6 +* Removed tm_hw_ia32 module; replaced by tm_hard +* Added support for loading certain oddly formed RSA certificates +* Fixed spelling of NON_REPUDIATION enum +* Renamed the option default_to_ca to v1_assume_ca +* Fixed a minor bug in X.509 certificate generation +* Fixed a latent bug in the OID lookup code +* Updated the RPM spec file +* Added to the tutorial + +Version 1.2.6, 2003-07-04 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Major performance increase for PK algorithms on most 64-bit systems +* Cleanups in the low-level MPI code to support asm implementations +* Fixed build problems with some versions of Compaq's C++ compiler +* Removed useless constructors for NR public and private keys +* Removed support for the patch_file directive in module files +* Removed several deprecated functions + +Version 1.2.5, 2003-06-22 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed a tricky and long-standing memory leak in Pipe +* Major cleanups and fixes in the memory allocation system +* Removed alloc_mlock, which has been superseded by the ml_unix module +* Removed a denial of service vulnerability in X509_Store +* Fixed compilation problems with VS .NET 2003 and Codewarrior 8 +* Added another variant of PKCS8::load_key, taking a memory buffer +* Fixed various minor/obscure bugs which occurred when MP_WORD_BITS != 32 +* BigInt::operator%=(word) was a no-op if the input was a power of 2 +* Fixed portability problems in BigInt::to_u32bit +* Fixed major bugs in SSL3-MAC +* Cleaned up some messes in the PK algorithms +* Cleanups and extensions for OMAC and EAX +* Made changes to the entropy estimation function +* Added a 'beos' module set for use on BeOS +* Officially deprecated a few X509:: and PKCS8:: functions +* Moved the contents of primes.h to numthry.h +* Moved the contents of x509opt.h to x509self.h +* Removed the (empty) desx.h header +* Documentation updates + +Version 1.2.4, 2003-05-29 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed a bug in EMSA1 affecting NR signature verification +* Fixed a few latent bugs in BigInt related to word size +* Removed an unused function, mp_add2_nc, from the MPI implementation +* Reorganized the core MPI files + +Version 1.2.3, 2003-05-20 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed a bug that prevented DSA/NR key generation +* Fixed a bug that prevented importing some root CA certs +* Fixed a bug in the BER decoder when handing optional bit or byte strings +* Fixed the encoding of authorityKeyIdentifier in X509_CA +* Added a sanity check in PBKDF2 for zero length passphrases +* Added versions of X509::load_key and PKCS8::load_key that take a file name +* X509_CA generates 128 bit serial numbers now +* Added tests to check PK key generation +* Added a simplistic X.509 CA example +* Cleaned up some of the examples + +Version 1.2.2, 2003-05-13 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Add checks to prevent any BigInt bugs from revealing an RSA or RW key +* Changed the interface of Global_RNG::seed +* Major improvements for the es_unix module +* Added another Win32 entropy source, es_win32 +* The Win32 CryptoAPI entropy source can now poll multiple providers +* Improved the BeOS entropy source +* Renamed pipe_unixfd module to fd_unix +* Fixed a file descriptor leak in the EGD module +* Fixed a few locking bugs + +Version 1.2.1, 2003-05-06 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added ANSI X9.23 compatible CBC padding +* Added an entropy source using Win32 CryptoAPI +* Removed the Pipe I/O operators taking a FILE* +* Moved the BigInt encoding/decoding functions into the BigInt class +* Integrated several fixes for VC++ 7 (from Hany Greiss) +* Fixed the configure.pl script for Windows builds + +Version 1.2.0, 2003-04-28 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Tweaked the Karatsuba cut-off points +* Increased the allowed keylength of HMAC and Blowfish +* Removed the 'mpi_ia32' module, pending rewrite +* Workaround a GCC 2.95.x bug in eme1.cpp + +Version 1.1.13, 2003-04-22 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added OMAC +* Added EAX authenticated cipher mode +* Diffie-Hellman would not do blinding in some cases +* Optimized the OFB and CTR modes +* Corrected Skipjack's word ordering, as per NIST clarification +* Support for all subject/issuer attribute types required by RFC 3280 +* The removeFromCRL CRL reason code is now handled correctly +* Increased the flexibility of the allocators +* Renamed Rijndael to AES, created aes.h, deleted rijndael.h +* Removed support for the 'no_timer' LibraryInitializer option +* Removed 'es_pthr' module, pending further testing +* Cleaned up get_ciph.cpp + +Version 1.1.12, 2003-04-15 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed a ASN.1 string encoding bug +* Fixed a pair of X509_DN encoding problems +* Base64_Decoder and Hex_Decoder can now validate input +* Removed support for the LibraryInitializer option 'egd_path' +* Added tests for DSA X.509 and PKCS #8 key formats +* Removed a long deprecated feature of DH_PrivateKey's constructor +* Updated the RPM .spec file +* Major documentation updates + +Version 1.1.11, 2003-04-07 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added PKCS #10 certificate requests +* Changed X509_Store searching interface to be more flexible +* Added a generic Certificate_Store interface +* Added a function for generating self-signed X.509 certs +* Cleanups and changes to X509_CA +* New examples for PKCS #10 and self-signed certificates +* Some documentation updates + +Version 1.1.10, 2003-04-03 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* X509_CA can now generate new X.509 CRLs +* Added blinding for RSA, RW, DH, and ElGamal to prevent timing attacks +* More certificate and CRL extensions/attributes are supported +* Better DN handling in X.509 certificates/CRLs +* Added a DataSink hierarchy (suggested by Jim Darby) +* Consolidated SecureAllocator and ManagedAllocator +* Many cleanups and generalizations +* Added a (slow) pthreads based EntropySource +* Fixed some threading bugs + +Version 1.1.9, 2003-02-25 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added support for using X.509v2 CRLs +* Fixed several bugs in the path validation algorithm +* Certificates can be verified for a particular usage +* Algorithm for comparing distinguished names now follows X.509 +* Cleaned up the code for the es_beos, es_ftw, es_unix modules +* Documentation updates + +Version 1.1.8, 2003-01-29 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixes for the certificate path validation algorithm in X509_Store +* Fixed a bug affecting X509_Certificate::is_ca_cert() +* Added a general configuration interface for policy issues +* Cleanups and API changes in the X.509 CA, cert, and store code +* Made various options available for X509_CA users +* Changed X509_Time's interface to work around time_t problems +* Fixed a theoretical weakness in Randpool's entropy mixing function +* Fixed problems compiling with GCC 2.95.3 and GCC 2.96 +* Fixed a configure bug (reported by Jon Wilson) affecting MinGW + +Version 1.0.2, 2003-01-12 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed an obscure SEGFAULT causing bug in Pipe +* Fixed an obscure but dangerous bug in SecureVector::swap + +Version 1.1.7, 2003-01-12 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed an obscure but dangerous bug in SecureVector::swap +* Consolidated SHA-384 and SHA-512 to save code space +* Added SSL3-MAC and SSL3-PRF +* Documentation updates, including a new tutorial + +Version 1.1.6, 2002-12-10 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Initial support for X.509v3 certificates and CAs +* Major redesign/rewrite of the ASN.1 encoding/decoding code +* Added handling for DSA/NR signatures encoded as DER SEQUENCEs +* Documented the generic cipher lookup interface +* Added an (untested) entropy source for BeOS +* Various cleanups and bug fixes + +Version 1.1.5, 2002-11-17 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added the discrete logarithm integrated encryption system (DLIES) +* Various optimizations for BigInt +* Added support for assembler optimizations in modules +* Added BigInt x86 optimizations module (mpi_ia32) + +Version 1.1.4, 2002-11-10 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Speedup of 15-30% for PK algorithms +* Implemented the PBES2 encryption scheme +* Fixed a potential bug in decoding RSA and RW private keys +* Changed the DL_Group class interface to handle different formats better +* Added support for PKCS #3 encoded DH parameters +* X9.42 DH parameters use a PEM label of 'X942 DH PARAMETERS' +* Added key pair consistency checking +* Fixed a compatibility problem with gcc 2.96 (pointed out by Hany Greiss) +* A botan-config script is generated at configure time +* Documentation updates + +Version 1.1.3, 2002-11-03 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added a generic public/private key loading interface +* Fixed a small encoding bug in RSA, RW, and DH +* Changed the PK encryption/decryption interface classes +* ECB supports using padding methods +* Added a function-based interface for library initialization +* Added support for RIPEMD-128 and Tiger PKCS#1 v1.5 signatures +* The cipher mode benchmarks now use 128-bit AES instead of DES +* Removed some obsolete typedefs +* Removed OpenCL support (opencl.h, the OPENCL_* macros, etc) +* Added tests for PKCS #8 encoding/decoding +* Added more tests for ECB and CBC + +Version 1.1.2, 2002-10-21 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Support for PKCS #8 encoded RSA, DSA, and DH private keys +* Support for Diffie-Hellman X.509 public keys +* Major reorganization of how X.509 keys are handled +* Added PKCS #5 v2.0's PBES1 encryption scheme +* Added a generic cipher lookup interface +* Added the WiderWake4+1 stream cipher +* Added support for sync-able stream ciphers +* Added a 'paranoia level' option for the LibraryInitializer +* More security for RNG output meant for long term keys +* Added documentation for some of the new 1.1.x features +* CFB's feedback argument is now specified in bits +* Renamed CTR class to CTR_BE +* Updated the RSA and DSA examples to use X.509 and PKCS #8 key formats + +Version 1.1.1, 2002-10-15 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added the Korean hash function HAS-160 +* Partial support for RSA and DSA X.509 public keys +* Added a mostly functional BER encoder/decoder +* Added support for non-deterministic MAC functions +* Initial support for PEM encoding/decoding +* Internal cleanups in the PK algorithms +* Several new convenience functions in Pipe +* Fixed two nasty bugs in Pipe +* Messed with the entropy sources for es_unix +* Discrete logarithm groups are checked for safety more closely now +* For compatibility with GnuPG, ElGamal now supports DSA-style groups + +Version 1.0.1, 2002-09-14 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed a minor bug in Randpool::random() +* Added some new aliases and typedefs for 1.1.x compatibility +* The 4096-bit RSA benchmark key was decimal instead of hex +* EMAC was returning an incorrect name + +Version 1.1.0, 2002-09-14 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added entropy estimation to the RNGs +* Improved the overall design of both Randpool and ANSI_X917_RNG +* Added a separate RNG for nonce generation +* Added window exponentiation support in power_mod +* Added a get_s2k function and the PKCS #5 S2K algorithms +* Added the TLSv1 PRF +* Replaced BlockCipherModeIV typedef with InitializationVector class +* Renamed PK_Key_Agreement_Scheme to PK_Key_Agreement +* Renamed SHA1 -> SHA_160 and SHA2_x -> SHA_x +* Added support for RIPEMD-160 PKCS#1 v1.5 signatures +* Changed the key agreement scheme interface +* Changed the S2K and KDF interfaces +* Better SCAN compatibility for HAVAL, Tiger, MISTY1, SEAL, RC5, SAFER-SK +* Added support for variable-pass Tiger +* Major speedup for Rabin-Williams key generation + +Version 1.0.0, 2002-08-26 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Octal I/O of BigInt is now supported +* Fixed portability problems in the es_egd module +* Generalized IV handling in the block cipher modes +* Added Karatsuba multiplication and k-ary exponentiation +* Fixed a problem in the multiplication routines + +Version 0.9.2, 2002-08-18 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* DH_PrivateKey::public_value() was returning the wrong value +* Various BigInt optimizations +* The filters.h header now includes hex.h and base64.h +* Moved Counter mode to ctr.h +* Fixed a couple minor problems with VC++ 7 +* Fixed problems with the RPM spec file + +Version 0.9.1, 2002-08-10 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Grand rename from OpenCL to Botan +* Major optimizations for the PK algorithms +* Added ElGamal encryption +* Added Whirlpool +* Tweaked memory allocation parameters +* Improved the method of seeding the global RNG +* Moved pkcs1.h to eme_pkcs.h +* Added more test vectors for some algorithms +* Fixed error reporting in the BigInt tests +* Removed Default_Timer, it was pointless +* Added some new example applications +* Removed some old examples that weren't that interesting +* Documented the compression modules + +Version 0.9.0, 2002-08-03 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* EMSA4 supports variable salt size +* PK_* can take a string naming the encoding method to use +* Started writing some internals documentation + +Version 0.8.7, 2002-07-30 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed bugs in EME1 and EMSA4 +* Fixed a potential crash at shutdown +* Cipher modes returned an ill-formed name +* Removed various deprecated types and headers +* Cleaned up the Pipe interface a bit +* Minor additions to the documentation +* First stab at a Visual C++ makefile (doc/Makefile.vc7) + +Version 0.8.6, 2002-07-25 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added EMSA4 (aka PSS) +* Brought the manual up to date; many corrections and additions +* Added a parallel hash function construction +* Lookup supports all available algorithms now +* Lazy initialization of the lookup tables +* Made more discrete logarithm groups available through get_dl_group() +* StreamCipher_Filter supports seeking (if the underlying cipher does) +* Minor optimization for GCD calculations +* Renamed SAFER_SK128 to SAFER_SK +* Removed many previously deprecated functions +* Some now-obsolete functions, headers, and types have been deprecated +* Fixed some bugs in DSA prime generation +* DL_Group had a constructor for DSA-style prime gen but it wasn't defined +* Reversed the ordering of the two arguments to SEAL's constructor +* Fixed a threading problem in the PK algorithms +* Fixed a minor memory leak in lookup.cpp +* Fixed pk_types.h (it was broken in 0.8.5) +* Made validation tests more verbose +* Updated the check and example applications + +Version 0.8.5, 2002-07-21 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Major changes to constructors for DL-based cryptosystems (DSA, NR, DH) +* Added a DL_Group class +* Reworking of the pubkey internals +* Support in lookup for aliases and PK algorithms +* Renamed CAST5 to CAST_128 and CAST256 to CAST_256 +* Added EMSA1 +* Reorganization of header files +* LibraryInitializer will install new allocator types if requested +* Fixed a bug in Diffie-Hellman key generation +* Did a workaround in pipe.cpp for GCC 2.95.x on Linux +* Removed some debugging code from init.cpp that made FTW ES useless +* Better checking for invalid arguments in the PK algorithms +* Reduced Base64 and Hex default line length (if line breaking is used) +* Fixes for HP's aCC compiler +* Cleanups in BigInt + +Version 0.8.4, 2002-07-14 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added Nyberg-Rueppel signatures +* Added Diffie-Hellman key exchange (kex interface is subject to change) +* Added KDF2 +* Enhancements to the lookup API +* Many things formerly taking pointers to algorithms now take names +* Speedups for prime generation +* LibraryInitializer has support for seeding the global RNG +* Reduced SAFER-SK128 memory consumption +* Reversed the ordering of public and private key values in DSA constructor +* Fixed serious bugs in MemoryMapping_Allocator +* Fixed memory leak in Lion +* FTW_EntropySource was not closing the files it read +* Fixed line breaking problem in Hex_Encoder + +Version 0.8.3, 2002-06-09 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added DSA and Rabin-Williams signature schemes +* Added EMSA3 +* Added PKCS#1 v1.5 encryption padding +* Added Filters for PK algorithms +* Added a Keyed_Filter class +* LibraryInitializer processes arguments now +* Major revamp of the PK interface classes +* Changed almost all of the Filters for non-template operation +* Changed HMAC, Lion, Luby-Rackoff to non-template classes +* Some fairly minor BigInt optimizations +* Added simple benchmarking for PK algorithms +* Added hooks for fixed base and fixed exponent modular exponentiation +* Added some examples for using RSA +* Numerous bugfixes and cleanups +* Documentation updates + +Version 0.8.2, 2002-05-18 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added an (experimental) algorithm lookup interface +* Added code for directly testing BigInt +* Added SHA2-384 +* Optimized SHA2-512 +* Major optimization for Adler32 (thanks to Dan Nicolaescu) +* Various minor optimizations in BigInt and related areas +* Fixed two bugs in X9.19 MAC, both reported by Darren Starsmore +* Fixed a bug in BufferingFilter +* Made a few fixes for MacOS X +* Added a workaround in configure.pl for GCC 2.95.x +* Better support for PowerPC, ARM, and Alpha +* Some more cleanups + +Version 0.8.1, 2002-05-06 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Major code cleanup (check doc/deprecated.txt) +* Various bugs fixed, including several portability problems +* Renamed MessageAuthCode to MessageAuthenticationCode +* A replacement for X917 is in x917_rng.h +* Changed EMAC to non-template class +* Added ANSI X9.19 compatible CBC-MAC +* TripleDES now supports 128 bit keys + +Version 0.8.0, 2002-04-24 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Merged BigInt: many bugfixes and optimizations since alpha2 +* Added RSA (rsa.h) +* Added EMSA2 (emsa2.h) +* Lots of new interface code for public key algorithms (pk_base.h, pubkey.h) +* Changed some interfaces, including SymmetricKey, to support the global rng +* Fixed a serious bug in ManagedAllocator +* Renamed RIPEMD128 to RIPEMD_128 and RIPEMD160 to RIPEMD_160 +* Removed some deprecated stuff +* Added a global random number generator (rng.h) +* Added clone functions to most of the basic algorithms +* Added a library initializer class (init.h) +* Version macros in version.h +* Moved the base classes from opencl.h to base.h +* Renamed the bzip2 module to comp_bzip2 and zlib to comp_zlib +* Documentation updates for the new stuff (still incomplete) +* Many new deprecated things: check doc/deprecated.txt + +Version 0.7.10, 2002-04-07 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Added EGD_EntropySource module (es_egd) +* Added a file tree walking EntropySource (es_ftw) +* Added MemoryLocking_Allocator module (alloc_mlock) +* Renamed the pthr_mux, unix_rnd, and mmap_mem modules +* Changed timer mechanism; the clock method can be switched on the fly. +* Renamed MmapDisk_Allocator to MemoryMapping_Allocator +* Renamed ent_file.h to es_file.h (ent_file.h is around, but deprecated) +* Fixed several bugs in MemoryMapping_Allocator +* Added more default sources for Unix_EntropySource +* Changed SecureBuffer to use same allocation methods as SecureVector +* Added bigint_divcore into mp_core to support BigInt alpha2 release +* Removed some Pipe functions deprecated since 0.7.8 +* Some fixes for the configure program + +Version 0.7.9, 2002-03-19 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Memory allocation substantially revamped +* Added memory allocation method based on mmap(2) in the mmap_mem module +* Added ECB and CTS block cipher modes (ecb.h, cts.h) +* Added a Mutex interface (mutex.h) +* Added module pthr_mux, implementing the Mutex interface +* Added Threaded Filter interface (thr_filt.h) +* All algorithms can now by keyed with SymmetricKey objects +* More testing occurs with --validate (expected failures) +* Fixed two bugs reported by Hany Greiss, in Luby-Rackoff and RC6 +* Fixed a buffering bug in Bzip_Decompress and Zlib_Decompress +* Made X917 safer (and about 1/3 as fast) +* Documentation updates + +Version 0.7.8, 2002-02-28 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* More capabilities for Pipe, inspired by SysV STREAMS, including peeking, + better buffering, and stack ops. NOT BACKWARDS COMPATIBLE: SEE DOCUMENTATION +* Added a BufferingFilter class +* Added popen() based EntropySource for generic Unix systems (unix_rnd) +* Moved 'devrand' module into main distribution (ent_file.h), renamed to + File_EntropySource, and changed interface somewhat. +* Made Randpool somewhat more conservative and also 25% faster +* Minor fixes and updates for the configure script +* Added some tweaks for memory allocation +* Documentation updates for the new Pipe interface +* Fixed various minor bugs +* Added a couple of new example programs (stack and hasher2) + +Version 0.7.7, 2001-11-24 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Filter::send now works in the constructor of a Filter subclass +* You may now have to include <opencl/pipe.h> explicitly in some code +* Added preliminary PK infrastructure classes in pubkey.h and pkbase.h +* Enhancements to SecureVector (append, destroy functions) +* New infrastructure for secure memory allocation +* Added IEEE P1363 primitives MGF1, EME1, KDF1 +* Rijndael optimizations and cleanups +* Changed CipherMode<B> to BlockCipherMode(B*) +* Fixed a nasty bug in pipe_unixfd +* Added portions of the BigInt code into the main library +* Support for VAX, SH, POWER, PowerPC-64, Intel C++ + +Version 0.7.6, 2001-10-14 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fixed several serious bugs in SecureVector created in 0.7.5 +* Square optimizations +* Fixed shared objects on MacOS X and HP-UX +* Fixed static libs for KCC 4.0; works with KCC 3.4g as well +* Full support for Athlon and K6 processors using GCC +* Added a table of prime numbers < 2**16 (primes.h) +* Some minor documentation updates + +Version 0.7.5, 2001-08-19 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Split checksum.h into adler32.h, crc24.h, and crc32.h +* Split modes.h into cbc.h, cfb.h, and ofb.h +* CBC_wPadding* has been replaced by CBC_Encryption and CBC_Decryption +* Added OneAndZeros and NoPadding methods for CBC +* Added Lion, a very fast block cipher construction +* Added an S2K base class (s2k.h) and an OpenPGP_S2K class (pgp_s2k.h) +* Basic types (ciphers, hashes, etc) know their names now (call name()) +* Changed the EntropySource type somewhat +* Big speed-ups for ISAAC, Adler32, CRC24, and CRC32 +* Optimized CAST-256, DES, SAFER-SK, Serpent, SEAL, MD2, and RIPEMD-160 +* Some semantics of SecureVector have changed slightly +* The mlock module has been removed for the time being +* Added string handling functions for hashes and MACs +* Various non-user-visible cleanups +* Shared library soname is now set to the full version number + +Version 0.7.4, 2001-07-15 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* New modules: Zlib, gettimeofday and x86 RTC timers, Unix I/O for Pipe +* Fixed a vast number of errors in the config script/makefile/specfile +* Pipe now has a stdio(3) interface as well as C++ iostreams +* ARC4 supports skipping the first N bytes of the cipher stream (ala MARK4) +* Bzip2 supports decompressing multiple concatenated streams, and flushing +* Added a simple 'overall average' score to the benchmarks +* Fixed a small bug in the POSIX timer module +* Removed a very-unlikely-to-occur bug in most of the hash functions +* filtbase.h now includes <iosfwd>, not <iostream> +* Minor documentation updates + +Version 0.7.3, 2001-06-08 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Fix build problems on Solaris/SPARC +* Fix build problems with Perl versions < 5.6 +* Fixed some stupid code that broke on a few compilers +* Added string handling functions to Pipe +* MISTY1 optimizations + +Version 0.7.2, 2001-06-03 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Build system supports modules +* Added modules for mlock, a /dev/random EntropySource, POSIX1.b timers +* Added Bzip2 compression filter, contributed by Peter Jones +* GNU make no longer required (tested with 4.4BSD pmake and Solaris make) +* Fixed minor bug in several of the hash functions +* Various other minor fixes and changes +* Updates to the documentation + +Version 0.7.1, 2001-05-16 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Rewrote configure script: more consistent and complete +* Made it easier to find out parameters of types at run time (opencl.h) +* New functions for finding the version being used (version.h) +* New SymmetricKey interface for Filters (symkey.h) +* InvalidKeyLength now records what the invalid key length was +* Optimized DES, CS-Cipher, MISTY1, Skipjack, XTEA +* Changed GOST to use correct S-box ordering (incompatible change) +* Benchmark code was almost totally rewritten +* Many more entries in the test vector file +* Fixed minor and idiotic bug in check.cpp + +Version 0.7.0, 2001-03-01 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* First public release + + diff --git a/doc/relnotes/0_7_0.rst b/doc/relnotes/0_7_0.rst deleted file mode 100644 index 5339b7b10..000000000 --- a/doc/relnotes/0_7_0.rst +++ /dev/null @@ -1,5 +0,0 @@ -Version 0.7.0, 2001-03-01 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* First public release - diff --git a/doc/relnotes/0_7_1.rst b/doc/relnotes/0_7_1.rst deleted file mode 100644 index cc57ef0ee..000000000 --- a/doc/relnotes/0_7_1.rst +++ /dev/null @@ -1,14 +0,0 @@ -Version 0.7.1, 2001-05-16 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Rewrote configure script: more consistent and complete -* Made it easier to find out parameters of types at run time (opencl.h) -* New functions for finding the version being used (version.h) -* New SymmetricKey interface for Filters (symkey.h) -* InvalidKeyLength now records what the invalid key length was -* Optimized DES, CS-Cipher, MISTY1, Skipjack, XTEA -* Changed GOST to use correct S-box ordering (incompatible change) -* Benchmark code was almost totally rewritten -* Many more entries in the test vector file -* Fixed minor and idiotic bug in check.cpp - diff --git a/doc/relnotes/0_7_10.rst b/doc/relnotes/0_7_10.rst deleted file mode 100644 index df08df532..000000000 --- a/doc/relnotes/0_7_10.rst +++ /dev/null @@ -1,17 +0,0 @@ -Version 0.7.10, 2002-04-07 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added EGD_EntropySource module (es_egd) -* Added a file tree walking EntropySource (es_ftw) -* Added MemoryLocking_Allocator module (alloc_mlock) -* Renamed the pthr_mux, unix_rnd, and mmap_mem modules -* Changed timer mechanism; the clock method can be switched on the fly. -* Renamed MmapDisk_Allocator to MemoryMapping_Allocator -* Renamed ent_file.h to es_file.h (ent_file.h is around, but deprecated) -* Fixed several bugs in MemoryMapping_Allocator -* Added more default sources for Unix_EntropySource -* Changed SecureBuffer to use same allocation methods as SecureVector -* Added bigint_divcore into mp_core to support BigInt alpha2 release -* Removed some Pipe functions deprecated since 0.7.8 -* Some fixes for the configure program - diff --git a/doc/relnotes/0_7_2.rst b/doc/relnotes/0_7_2.rst deleted file mode 100644 index a9b6ae452..000000000 --- a/doc/relnotes/0_7_2.rst +++ /dev/null @@ -1,11 +0,0 @@ -Version 0.7.2, 2001-06-03 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Build system supports modules -* Added modules for mlock, a /dev/random EntropySource, POSIX1.b timers -* Added Bzip2 compression filter, contributed by Peter Jones -* GNU make no longer required (tested with 4.4BSD pmake and Solaris make) -* Fixed minor bug in several of the hash functions -* Various other minor fixes and changes -* Updates to the documentation - diff --git a/doc/relnotes/0_7_3.rst b/doc/relnotes/0_7_3.rst deleted file mode 100644 index 57b7a630a..000000000 --- a/doc/relnotes/0_7_3.rst +++ /dev/null @@ -1,9 +0,0 @@ -Version 0.7.3, 2001-06-08 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fix build problems on Solaris/SPARC -* Fix build problems with Perl versions < 5.6 -* Fixed some stupid code that broke on a few compilers -* Added string handling functions to Pipe -* MISTY1 optimizations - diff --git a/doc/relnotes/0_7_4.rst b/doc/relnotes/0_7_4.rst deleted file mode 100644 index 523a6bccc..000000000 --- a/doc/relnotes/0_7_4.rst +++ /dev/null @@ -1,14 +0,0 @@ -Version 0.7.4, 2001-07-15 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* New modules: Zlib, gettimeofday and x86 RTC timers, Unix I/O for Pipe -* Fixed a vast number of errors in the config script/makefile/specfile -* Pipe now has a stdio(3) interface as well as C++ iostreams -* ARC4 supports skipping the first N bytes of the cipher stream (ala MARK4) -* Bzip2 supports decompressing multiple concatenated streams, and flushing -* Added a simple 'overall average' score to the benchmarks -* Fixed a small bug in the POSIX timer module -* Removed a very-unlikely-to-occur bug in most of the hash functions -* filtbase.h now includes <iosfwd>, not <iostream> -* Minor documentation updates - diff --git a/doc/relnotes/0_7_5.rst b/doc/relnotes/0_7_5.rst deleted file mode 100644 index cb729d182..000000000 --- a/doc/relnotes/0_7_5.rst +++ /dev/null @@ -1,19 +0,0 @@ -Version 0.7.5, 2001-08-19 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Split checksum.h into adler32.h, crc24.h, and crc32.h -* Split modes.h into cbc.h, cfb.h, and ofb.h -* CBC_wPadding* has been replaced by CBC_Encryption and CBC_Decryption -* Added OneAndZeros and NoPadding methods for CBC -* Added Lion, a very fast block cipher construction -* Added an S2K base class (s2k.h) and an OpenPGP_S2K class (pgp_s2k.h) -* Basic types (ciphers, hashes, etc) know their names now (call name()) -* Changed the EntropySource type somewhat -* Big speed-ups for ISAAC, Adler32, CRC24, and CRC32 -* Optimized CAST-256, DES, SAFER-SK, Serpent, SEAL, MD2, and RIPEMD-160 -* Some semantics of SecureVector have changed slightly -* The mlock module has been removed for the time being -* Added string handling functions for hashes and MACs -* Various non-user-visible cleanups -* Shared library soname is now set to the full version number - diff --git a/doc/relnotes/0_7_6.rst b/doc/relnotes/0_7_6.rst deleted file mode 100644 index 13294e7a5..000000000 --- a/doc/relnotes/0_7_6.rst +++ /dev/null @@ -1,11 +0,0 @@ -Version 0.7.6, 2001-10-14 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed several serious bugs in SecureVector created in 0.7.5 -* Square optimizations -* Fixed shared objects on MacOS X and HP-UX -* Fixed static libs for KCC 4.0; works with KCC 3.4g as well -* Full support for Athlon and K6 processors using GCC -* Added a table of prime numbers < 2**16 (primes.h) -* Some minor documentation updates - diff --git a/doc/relnotes/0_7_7.rst b/doc/relnotes/0_7_7.rst deleted file mode 100644 index 83dfd2d2f..000000000 --- a/doc/relnotes/0_7_7.rst +++ /dev/null @@ -1,15 +0,0 @@ -Version 0.7.7, 2001-11-24 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Filter::send now works in the constructor of a Filter subclass -* You may now have to include <opencl/pipe.h> explicitly in some code -* Added preliminary PK infrastructure classes in pubkey.h and pkbase.h -* Enhancements to SecureVector (append, destroy functions) -* New infrastructure for secure memory allocation -* Added IEEE P1363 primitives MGF1, EME1, KDF1 -* Rijndael optimizations and cleanups -* Changed CipherMode<B> to BlockCipherMode(B*) -* Fixed a nasty bug in pipe_unixfd -* Added portions of the BigInt code into the main library -* Support for VAX, SH, POWER, PowerPC-64, Intel C++ - diff --git a/doc/relnotes/0_7_8.rst b/doc/relnotes/0_7_8.rst deleted file mode 100644 index 92b9291b1..000000000 --- a/doc/relnotes/0_7_8.rst +++ /dev/null @@ -1,16 +0,0 @@ -Version 0.7.8, 2002-02-28 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* More capabilities for Pipe, inspired by SysV STREAMS, including peeking, - better buffering, and stack ops. NOT BACKWARDS COMPATIBLE: SEE DOCUMENTATION -* Added a BufferingFilter class -* Added popen() based EntropySource for generic Unix systems (unix_rnd) -* Moved 'devrand' module into main distribution (ent_file.h), renamed to - File_EntropySource, and changed interface somewhat. -* Made Randpool somewhat more conservative and also 25% faster -* Minor fixes and updates for the configure script -* Added some tweaks for memory allocation -* Documentation updates for the new Pipe interface -* Fixed various minor bugs -* Added a couple of new example programs (stack and hasher2) - diff --git a/doc/relnotes/0_7_9.rst b/doc/relnotes/0_7_9.rst deleted file mode 100644 index cb48eef3e..000000000 --- a/doc/relnotes/0_7_9.rst +++ /dev/null @@ -1,16 +0,0 @@ -Version 0.7.9, 2002-03-19 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Memory allocation substantially revamped -* Added memory allocation method based on mmap(2) in the mmap_mem module -* Added ECB and CTS block cipher modes (ecb.h, cts.h) -* Added a Mutex interface (mutex.h) -* Added module pthr_mux, implementing the Mutex interface -* Added Threaded Filter interface (thr_filt.h) -* All algorithms can now by keyed with SymmetricKey objects -* More testing occurs with --validate (expected failures) -* Fixed two bugs reported by Hany Greiss, in Luby-Rackoff and RC6 -* Fixed a buffering bug in Bzip_Decompress and Zlib_Decompress -* Made X917 safer (and about 1/3 as fast) -* Documentation updates - diff --git a/doc/relnotes/0_8_0.rst b/doc/relnotes/0_8_0.rst deleted file mode 100644 index 62c3a0384..000000000 --- a/doc/relnotes/0_8_0.rst +++ /dev/null @@ -1,21 +0,0 @@ -Version 0.8.0, 2002-04-24 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Merged BigInt: many bugfixes and optimizations since alpha2 -* Added RSA (rsa.h) -* Added EMSA2 (emsa2.h) -* Lots of new interface code for public key algorithms (pk_base.h, pubkey.h) -* Changed some interfaces, including SymmetricKey, to support the global rng -* Fixed a serious bug in ManagedAllocator -* Renamed RIPEMD128 to RIPEMD_128 and RIPEMD160 to RIPEMD_160 -* Removed some deprecated stuff -* Added a global random number generator (rng.h) -* Added clone functions to most of the basic algorithms -* Added a library initializer class (init.h) -* Version macros in version.h -* Moved the base classes from opencl.h to base.h -* Renamed the bzip2 module to comp_bzip2 and zlib to comp_zlib -* Documentation updates for the new stuff (still incomplete) -* Many new deprecated things: check doc/deprecated.txt - - diff --git a/doc/relnotes/0_8_1.rst b/doc/relnotes/0_8_1.rst deleted file mode 100644 index 98175994e..000000000 --- a/doc/relnotes/0_8_1.rst +++ /dev/null @@ -1,11 +0,0 @@ -Version 0.8.1, 2002-05-06 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Major code cleanup (check doc/deprecated.txt) -* Various bugs fixed, including several portability problems -* Renamed MessageAuthCode to MessageAuthenticationCode -* A replacement for X917 is in x917_rng.h -* Changed EMAC to non-template class -* Added ANSI X9.19 compatible CBC-MAC -* TripleDES now supports 128 bit keys - diff --git a/doc/relnotes/0_8_2.rst b/doc/relnotes/0_8_2.rst deleted file mode 100644 index 1f4c540e8..000000000 --- a/doc/relnotes/0_8_2.rst +++ /dev/null @@ -1,16 +0,0 @@ -Version 0.8.2, 2002-05-18 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added an (experimental) algorithm lookup interface -* Added code for directly testing BigInt -* Added SHA2-384 -* Optimized SHA2-512 -* Major optimization for Adler32 (thanks to Dan Nicolaescu) -* Various minor optimizations in BigInt and related areas -* Fixed two bugs in X9.19 MAC, both reported by Darren Starsmore -* Fixed a bug in BufferingFilter -* Made a few fixes for MacOS X -* Added a workaround in configure.pl for GCC 2.95.x -* Better support for PowerPC, ARM, and Alpha -* Some more cleanups - diff --git a/doc/relnotes/0_8_3.rst b/doc/relnotes/0_8_3.rst deleted file mode 100644 index 88012db05..000000000 --- a/doc/relnotes/0_8_3.rst +++ /dev/null @@ -1,19 +0,0 @@ -Version 0.8.3, 2002-06-09 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added DSA and Rabin-Williams signature schemes -* Added EMSA3 -* Added PKCS#1 v1.5 encryption padding -* Added Filters for PK algorithms -* Added a Keyed_Filter class -* LibraryInitializer processes arguments now -* Major revamp of the PK interface classes -* Changed almost all of the Filters for non-template operation -* Changed HMAC, Lion, Luby-Rackoff to non-template classes -* Some fairly minor BigInt optimizations -* Added simple benchmarking for PK algorithms -* Added hooks for fixed base and fixed exponent modular exponentiation -* Added some examples for using RSA -* Numerous bugfixes and cleanups -* Documentation updates - diff --git a/doc/relnotes/0_8_4.rst b/doc/relnotes/0_8_4.rst deleted file mode 100644 index 9b73ca88e..000000000 --- a/doc/relnotes/0_8_4.rst +++ /dev/null @@ -1,17 +0,0 @@ -Version 0.8.4, 2002-07-14 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added Nyberg-Rueppel signatures -* Added Diffie-Hellman key exchange (kex interface is subject to change) -* Added KDF2 -* Enhancements to the lookup API -* Many things formerly taking pointers to algorithms now take names -* Speedups for prime generation -* LibraryInitializer has support for seeding the global RNG -* Reduced SAFER-SK128 memory consumption -* Reversed the ordering of public and private key values in DSA constructor -* Fixed serious bugs in MemoryMapping_Allocator -* Fixed memory leak in Lion -* FTW_EntropySource was not closing the files it read -* Fixed line breaking problem in Hex_Encoder - diff --git a/doc/relnotes/0_8_5.rst b/doc/relnotes/0_8_5.rst deleted file mode 100644 index eced09cc2..000000000 --- a/doc/relnotes/0_8_5.rst +++ /dev/null @@ -1,19 +0,0 @@ -Version 0.8.5, 2002-07-21 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Major changes to constructors for DL-based cryptosystems (DSA, NR, DH) -* Added a DL_Group class -* Reworking of the pubkey internals -* Support in lookup for aliases and PK algorithms -* Renamed CAST5 to CAST_128 and CAST256 to CAST_256 -* Added EMSA1 -* Reorganization of header files -* LibraryInitializer will install new allocator types if requested -* Fixed a bug in Diffie-Hellman key generation -* Did a workaround in pipe.cpp for GCC 2.95.x on Linux -* Removed some debugging code from init.cpp that made FTW ES useless -* Better checking for invalid arguments in the PK algorithms -* Reduced Base64 and Hex default line length (if line breaking is used) -* Fixes for HP's aCC compiler -* Cleanups in BigInt - diff --git a/doc/relnotes/0_8_6.rst b/doc/relnotes/0_8_6.rst deleted file mode 100644 index 18c95db10..000000000 --- a/doc/relnotes/0_8_6.rst +++ /dev/null @@ -1,23 +0,0 @@ -Version 0.8.6, 2002-07-25 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added EMSA4 (aka PSS) -* Brought the manual up to date; many corrections and additions -* Added a parallel hash function construction -* Lookup supports all available algorithms now -* Lazy initialization of the lookup tables -* Made more discrete logarithm groups available through get_dl_group() -* StreamCipher_Filter supports seeking (if the underlying cipher does) -* Minor optimization for GCD calculations -* Renamed SAFER_SK128 to SAFER_SK -* Removed many previously deprecated functions -* Some now-obsolete functions, headers, and types have been deprecated -* Fixed some bugs in DSA prime generation -* DL_Group had a constructor for DSA-style prime gen but it wasn't defined -* Reversed the ordering of the two arguments to SEAL's constructor -* Fixed a threading problem in the PK algorithms -* Fixed a minor memory leak in lookup.cpp -* Fixed pk_types.h (it was broken in 0.8.5) -* Made validation tests more verbose -* Updated the check and example applications - diff --git a/doc/relnotes/0_8_7.rst b/doc/relnotes/0_8_7.rst deleted file mode 100644 index 28d4bda56..000000000 --- a/doc/relnotes/0_8_7.rst +++ /dev/null @@ -1,11 +0,0 @@ -Version 0.8.7, 2002-07-30 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed bugs in EME1 and EMSA4 -* Fixed a potential crash at shutdown -* Cipher modes returned an ill-formed name -* Removed various deprecated types and headers -* Cleaned up the Pipe interface a bit -* Minor additions to the documentation -* First stab at a Visual C++ makefile (doc/Makefile.vc7) - diff --git a/doc/relnotes/0_9_0.rst b/doc/relnotes/0_9_0.rst deleted file mode 100644 index ef73f6ae2..000000000 --- a/doc/relnotes/0_9_0.rst +++ /dev/null @@ -1,8 +0,0 @@ -Version 0.9.0, 2002-08-03 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* EMSA4 supports variable salt size -* PK_* can take a string naming the encoding method to use -* Started writing some internals documentation - - diff --git a/doc/relnotes/0_9_1.rst b/doc/relnotes/0_9_1.rst deleted file mode 100644 index 8d6398d58..000000000 --- a/doc/relnotes/0_9_1.rst +++ /dev/null @@ -1,17 +0,0 @@ -Version 0.9.1, 2002-08-10 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Grand rename from OpenCL to Botan -* Major optimizations for the PK algorithms -* Added ElGamal encryption -* Added Whirlpool -* Tweaked memory allocation parameters -* Improved the method of seeding the global RNG -* Moved pkcs1.h to eme_pkcs.h -* Added more test vectors for some algorithms -* Fixed error reporting in the BigInt tests -* Removed Default_Timer, it was pointless -* Added some new example applications -* Removed some old examples that weren't that interesting -* Documented the compression modules - diff --git a/doc/relnotes/0_9_2.rst b/doc/relnotes/0_9_2.rst deleted file mode 100644 index 46eff06f5..000000000 --- a/doc/relnotes/0_9_2.rst +++ /dev/null @@ -1,10 +0,0 @@ -Version 0.9.2, 2002-08-18 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* DH_PrivateKey::public_value() was returning the wrong value -* Various BigInt optimizations -* The filters.h header now includes hex.h and base64.h -* Moved Counter mode to ctr.h -* Fixed a couple minor problems with VC++ 7 -* Fixed problems with the RPM spec file - diff --git a/doc/relnotes/1_0_0.rst b/doc/relnotes/1_0_0.rst deleted file mode 100644 index 322aa1472..000000000 --- a/doc/relnotes/1_0_0.rst +++ /dev/null @@ -1,10 +0,0 @@ -Version 1.0.0, 2002-08-26 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Octal I/O of BigInt is now supported -* Fixed portability problems in the es_egd module -* Generalized IV handling in the block cipher modes -* Added Karatsuba multiplication and k-ary exponentiation -* Fixed a problem in the multiplication routines - - diff --git a/doc/relnotes/1_0_1.rst b/doc/relnotes/1_0_1.rst deleted file mode 100644 index d496099ad..000000000 --- a/doc/relnotes/1_0_1.rst +++ /dev/null @@ -1,8 +0,0 @@ -Version 1.0.1, 2002-09-14 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed a minor bug in Randpool::random() -* Added some new aliases and typedefs for 1.1.x compatibility -* The 4096-bit RSA benchmark key was decimal instead of hex -* EMAC was returning an incorrect name - diff --git a/doc/relnotes/1_0_2.rst b/doc/relnotes/1_0_2.rst deleted file mode 100644 index 9e09f198a..000000000 --- a/doc/relnotes/1_0_2.rst +++ /dev/null @@ -1,6 +0,0 @@ -Version 1.0.2, 2003-01-12 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed an obscure SEGFAULT causing bug in Pipe -* Fixed an obscure but dangerous bug in SecureVector::swap - diff --git a/doc/relnotes/1_10_0.rst b/doc/relnotes/1_10_0.rst deleted file mode 100644 index 3b6ba56ac..000000000 --- a/doc/relnotes/1_10_0.rst +++ /dev/null @@ -1,10 +0,0 @@ -Version 1.10.0, 2011-06-20 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Detection for the rdrand instruction being added to upcoming Intel - Ivy Bridge processors has been added. - -* A template specialization of std::swap was added for the memory - container types. - - diff --git a/doc/relnotes/1_10_1.rst b/doc/relnotes/1_10_1.rst deleted file mode 100644 index 0620e59a3..000000000 --- a/doc/relnotes/1_10_1.rst +++ /dev/null @@ -1,21 +0,0 @@ -Version 1.10.1, 2011-07-11 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* A race condition in `Algorithm_Factory` could cause crashes in - multithreaded code. See - :botan-devel:`this thread on botan-devel <2011-July/001455>` - for details and workarounds. - -* The return value of ``name`` has changed for GOST 28147-89 and - Skein-512. GOST's ``name`` now includes the name of the sbox, and - Skein's includes the personalization string (if nonempty). This - allows an object to be properly roundtripped, which is necessary to - fix the race condition described above. - -* A new distribution script is now included, as - ``src/build-data/scripts/dist.py`` - -* The ``build.h`` header now includes, if available, an identifier of - the source revision that was used. This identifier is also included - in the result of ``version_string``. - diff --git a/doc/relnotes/1_10_2.rst b/doc/relnotes/1_10_2.rst deleted file mode 100644 index de52d1115..000000000 --- a/doc/relnotes/1_10_2.rst +++ /dev/null @@ -1,68 +0,0 @@ -Version 1.10.2, 2012-06-17 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Several TLS bugs were fixed in this release, including a major -omission that the renegotiation extension was not being used. As the -1.10 implementation of TLS does not properly support renegotiation, -the approach in this release is simply to send the renegotiation -extension SCSV, which should protect the client against any handshake -splicing. In addition renegotiation attempts are handled properly -instead of causing handshake failures - all hello requests, and all -client hellos after the initial negotiation, are ignored. Some -bugs affecting DSA server authentication were also fixed. - -By popular request, ``Pipe::reset`` no longer requires that message -processing be completed, a requirement that caused problems when a -Filter's end_msg call threw an exception, after which point the Pipe -object was no longer usable. - -Support for getting entropy using the rdrand instruction introduced in -Intel's Ivy Bridge processors has been added. In previous releases, -the ``CPUID::has_rdrand`` function was checking the wrong cpuid bit, -and would false positive on AMD Bulldozer processors. - -An implementation of SRP-6a compatible with the specification in RFC -5054 is now available in ``srp6.h``. In 1.11, this is being used for -TLS-SRP, but may be useful in other environments as well. - -An implementation of the Camellia block cipher was added, again largely -for use in TLS. - -If ``clock_gettime`` is available on the system, hres_timer will poll all -the available clock types. - -AltiVec is now detected on IBM POWER7 processors and on OpenBSD systems. -The OpenBSD support was contributed by Brad Smith. - -The Qt mutex wrapper was broken and would not compile with any recent -version of Qt. Taking this as a clear indication that it is not in use, -it has been removed. - -Avoid setting the soname on OpenBSD, as it doesn't support it (:pr:`158`) - -A compilation problem in the dynamic loader that prevented using -dyn_load under MinGW GCC has been fixed. - -A common error for people using MinGW is to target GCC on Windows, -however the 'Windows' target assumes the existence of Visual C++ -runtime functions which do not exist in MinGW. Now, configuring for -GCC on Windows will cause the configure.py to warn that likely you -wanted to configure for either MinGW or Cygwin, not the generic -Windows target. - -A bug in configure.py would cause it to interpret `--cpu=s390x` as -`s390`. This may have affected other CPUs as well. Now configure.py -searches for an exact match, and only if no exact match is found will -it search for substring matches. - -An incompatability in configure.py with the subprocess module included -in Python 3.1 has been fixed (:pr:`157`). - -The exception catching syntax of configure.py has been changed to the -Python 3.x syntax. This syntax also works with Python 2.6 and 2.7, but -not with any earlier Python 2 release. A simple search and replace -will allow running it under Python 2.5:: - - perl -pi -e 's/except (.*) as (.*):/except $1, $2:/g' configure.py - -Note that Python 2.4 is not supported at all. diff --git a/doc/relnotes/1_10_3.rst b/doc/relnotes/1_10_3.rst deleted file mode 100644 index 769f12a8f..000000000 --- a/doc/relnotes/1_10_3.rst +++ /dev/null @@ -1,11 +0,0 @@ -Version 1.10.3, 2012-07-10 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -A change in :doc:`1.10.2 <1_10_2>` accidentally broke ABI -compatibility with 1.10.1 and earlier versions, causing programs -compiled against 1.10.1 to crash if linked with 1.10.2 at runtime. - -Recent versions of OpenSSL include extra information in ECC private -keys, the presence of which caused an exception when such a key was -loaded by botan. The decoding of ECC private keys has been changed to -ignore these fields if they are set. diff --git a/doc/relnotes/1_10_4.rst b/doc/relnotes/1_10_4.rst deleted file mode 100644 index 14d1fb0f8..000000000 --- a/doc/relnotes/1_10_4.rst +++ /dev/null @@ -1,17 +0,0 @@ -Version 1.10.4, 2013-01-07 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Avoid a conditional operation in the power mod implementations on if - a nibble of the exponent was zero or not. This may help protect - against certain forms of side channel attacks. - -* The SRP6 code was checking for invalid values as specified in RFC - 5054, specifically values equal to zero mod p. However SRP would - accept negative A/B values, or ones larger than p, neither of which - should occur in a normal run of the protocol. These values are now - rejected. Credits to Timothy Prepscius for pointing out these values - are not normally used and probably signal something fishy. - -* The return value of version_string is now a compile time constant - string, so version information can be more easily extracted from - binaries. diff --git a/doc/relnotes/1_10_5.rst b/doc/relnotes/1_10_5.rst deleted file mode 100644 index c5603f0a3..000000000 --- a/doc/relnotes/1_10_5.rst +++ /dev/null @@ -1,13 +0,0 @@ -Version 1.10.5, 2013-03-02 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* A potential crash in the AES-NI implementation of the AES-192 key - schedule (caused by misaligned loads) has been fixed. - -* A previously conditional operation in Montgomery multiplication and - squaring is now always performed, removing a possible timing - channel. - -* Use correct flags for creating a shared library on OS X under Clang. - -* Fix a compile time incompatability with Visual C++ 2012. diff --git a/doc/relnotes/1_10_6.rst b/doc/relnotes/1_10_6.rst deleted file mode 100644 index 241ab801c..000000000 --- a/doc/relnotes/1_10_6.rst +++ /dev/null @@ -1,47 +0,0 @@ -Version 1.10.6, 2013-11-10 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* The device reading entropy source now attempts to read from all - available devices. Previously it would break out early if a partial - read from a blocking source occured, not continuing to read from a - non-blocking device. This would cause the library to fall back on - slower and less reliable techniques for collecting PRNG seed - material. Reported by Rickard Bellgrim. - -* HMAC_RNG (the default PRNG implementation) now automatically reseeds - itself periodically. Previously reseeds only occured on explicit - application request. - -* Fix an encoding error in EC_Group when encoding using EC_DOMPAR_ENC_OID. - Reported by fxdupont on github. - -* In EMSA2 and Randpool, avoid calling name() on objects after deleting them if - the provided algorithm objects are not suitable for use. Found by Clang - analyzer, reported by Jeffrey Walton. - -* If X509_Store was copied, the u32bit containing how long to cache validation - results was not initialized, potentially causing results to be cached for - significant amounts of time. This could allow a certificate to be considered - valid after its issuing CA's cert expired. Expiration of the end-entity cert - is always checked, and reading a CRL always causes the status to be reset, so - this issue does not affect revocation. Found by Coverity scanner. - -* Avoid off by one causing a potentially unterminated string to be passed to - the connect system call if the library was configured to use a very long path - name for the EGD socket. Found by Coverity Scanner. - -* In PK_Encryptor_EME, PK_Decryptor_EME, PK_Verifier, and PK_Key_Agreement, - avoid dereferencing an unitialized pointer if no engine supported operations - on the key object given. Found by Coverity scanner. - -* Avoid leaking a file descriptor in the /dev/random and EGD entropy sources if - stdin (file descriptor 0) was closed. Found by Coverity scanner. - -* Avoid a potentially undefined operation in the bit rotation operations. Not - known to have caused problems under any existing compiler, but might have - caused problems in the future. Caught by Clang sanitizer, reported by Jeffrey - Walton. - -* Increase default hash iterations from 10000 to 50000 in PBES1 and PBES2 - -* Add a fix for mips64el builds from Brad Smith. diff --git a/doc/relnotes/1_10_7.rst b/doc/relnotes/1_10_7.rst deleted file mode 100644 index 6f26bd82f..000000000 --- a/doc/relnotes/1_10_7.rst +++ /dev/null @@ -1,6 +0,0 @@ -Version 1.10.7, 2013-12-29 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* OAEP had two bugs, one of which allowed it to be used even if the - key was too small, and the other of which would cause a crash during - decryption if the EME data was too large for the associated key. diff --git a/doc/relnotes/1_10_8.rst b/doc/relnotes/1_10_8.rst deleted file mode 100644 index 5aaaceb93..000000000 --- a/doc/relnotes/1_10_8.rst +++ /dev/null @@ -1,12 +0,0 @@ -Version 1.10.8, 2014-04-10 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fix a bug in primality testing introduced in 1.8.3 which caused only - a single random base, rather than a sequence of random bases, to be - used in the Miller-Rabin test. This increased the probability that a - non-prime would be accepted, for instance a 1024 bit number would be - incorrectly classed as prime with probability around 2^-40. Reported - by Jeff Marrison. - -* The key length limit on HMAC has been raised to 512 bytes, allowing - the use of very long passphrases with PBKDF2. diff --git a/doc/relnotes/1_10_9.rst b/doc/relnotes/1_10_9.rst deleted file mode 100644 index 729e84cd7..000000000 --- a/doc/relnotes/1_10_9.rst +++ /dev/null @@ -1,20 +0,0 @@ -Version 1.10.9, 2014-12-13 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed EAX tag verification to run in constant time - -* The default TLS policy now disables SSLv3. - -* A crash could occur when reading from a blocking random device if - the device initially indicated that entropy was available but - a concurrent process drained the entropy pool before the - read was initiated. - -* Fix decoding indefinite length BER constructs that contain a context - sensitive tag of zero. Github pull 26 from Janusz Chorko. - -* The `botan-config` script previously tried to guess its prefix from - the location of the binary. However this was error prone, and now - the script assumes the final installation prefix matches the value - set during the build. Github issue 29. - diff --git a/doc/relnotes/1_11_0.rst b/doc/relnotes/1_11_0.rst deleted file mode 100644 index 9662afca9..000000000 --- a/doc/relnotes/1_11_0.rst +++ /dev/null @@ -1,65 +0,0 @@ -Version 1.11.0, 2012-07-19 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -.. note:: - - In this release, many new features of C++11 are being used in the - library. Currently GCC 4.7 and Clang 3.1 are known to work well. - This version of the library cannot be compiled by or used with a - C++98 compiler. - -TLS and PKI Changes -"""""""""""""""""""""""""""""""""""""""" - -There have been many changes and improvements to TLS. The interface -is now purely event driven and does not directly interact with -sockets. New TLS features include TLS v1.2 support, client -certificate authentication, renegotiation, session tickets, and -session resumption. Session information can be saved in memory or to -an encrypted SQLite3 database. Newly supported TLS ciphersuite -algorithms include using SHA-2 for message authentication, pre shared -keys and SRP for authentication and key exchange, ECC algorithms for -key exchange and signatures, and anonymous DH/ECDH key exchange. - -Support for OCSP has been added. Currently only client-side support -exists. - -The API for X.509 path validation has changed, with -``x509_path_validate`` in x509path.h now handles path validation and -``Certificate_Store`` handles storage of certificates and CRLs. - -Memory Container Changes -"""""""""""""""""""""""""""""""""""""""" - -The memory container types have changed substantially. The -``MemoryVector`` and ``SecureVector`` container types have been -removed, and an alias of ``std::vector`` using an allocator that -clears memory named ``secure_vector`` is used for key material, with -plain ``std::vector`` being used for everything else. - -The technique used for mlock'ing memory on Linux and BSD systems is -much improved. Now a single page-aligned block of memory (the exact -limit of what we can mlock) is mmap'ed, with allocations being done -using a best-fit allocator and all metadata held outside the mmap'ed -range, in an effort to make best use of the very limited amount of -memory current Linux kernels allow unpriveledged users to lock. - -New LZMA Compression Filter -"""""""""""""""""""""""""""""""""""""""" - -A filter using LZMA was contributed by Vojtech Kral. It is available -if LZMA support was enabled at compilation time by passing -``--with-lzma`` to ``configure.py``. - -ECC Key Decoding Problem Resolved -"""""""""""""""""""""""""""""""""""""""" - -:rfc:`5915` adds some extended information which can be included in -ECC private keys which the ECC key decoder did not expect, causing an -exception when such a key was loaded. In particular, recent versions -of OpenSSL use these fields. Now these fields are decoded properly, -and if the public key value is included it is used, as otherwise the -public key needs to be rederived from the private key. However the -library does not include these fields on encoding keys for -compatability with software that does not expect them (including older -versions of botan). diff --git a/doc/relnotes/1_11_1.rst b/doc/relnotes/1_11_1.rst deleted file mode 100644 index 0e1fba4dc..000000000 --- a/doc/relnotes/1_11_1.rst +++ /dev/null @@ -1,91 +0,0 @@ -Version 1.11.1, 2012-10-30 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -TLS Enhancements and Bug Fixes -"""""""""""""""""""""""""""""""""""""""" - -Initial support for DTLS (both v1.0 and v1.2) is available in this -release, though it should be considered highly experimental. Currently -timeouts and retransmissions are not handled. - -The :cpp:class:`TLS::Client` constructor now takes the version to -offer to the server. The policy hook :cpp:class:`TLS::Policy` function -`pref_version`, which previously controlled this, has been removed. - -:cpp:class:`TLS::Session_Manager_In_Memory` now chooses a random -256-bit key at startup and encrypts all sessions (using the existing -:cpp:func:`TLS::Session::encrypt` mechanism) while they are stored in -memory. This is primarily to reduce pressure on locked memory, as each -session normally requires 48 bytes of locked memory for the master -secret, whereas now only 32 bytes are needed total. This change may -also make it slightly harder for an attacker to extract session data -from memory dumps (eg with a cold boot attack). - -The keys used in :cpp:func:`session encryption <TLS::Session::encrypt>` -were previously uniquely determined by the master key. Now the -encrypted session blob includes two 80 bit salts which are used in the -derivation of the cipher and MAC keys. - -The ``secure_renegotiation`` flag is now considered an aspect of the -connection rather than the session, which matches the behavior of -other implementations. As the format has changed, sessions saved to -persistent storage by 1.11.0 will not load in this version and vice -versa. In either case this will not cause any errors, the session will -simply not resume and instead a full handshake will occur. - -New policy hooks :cpp:func:`TLS::Policy::acceptable_protocol_version`, -:cpp:func:`TLS::Policy::allow_server_initiated_renegotiation`, and -:cpp:func:`TLS::Policy::negotiate_heartbeat_support` were added. - -TLS clients were not sending a next protocol message during a session -resumption, which would cause resumption failures with servers that -support NPN if NPN was being offered by the client. - -A bug caused heartbeat requests sent by the counterparty during a -handshake to be passed to the application callback as if they were -heartbeat responses. - -Support for TLS key material export as specified in :rfc:`5705` has -been added, available via :cpp:func:`TLS::Channel::key_material_export` - -New Feature: Public Key Strength Checking -"""""""""""""""""""""""""""""""""""""""""" - -A new function :cpp:func:`Public_Key::estimated_strength` returns -an estimate for the upper bound of the strength of the key. For -instance for an RSA key, it will return an estimate of how many -operations GNFS would take to factor the key. - -A new :cpp:class:`Path_Validation_Result` code has been added -``SIGNATURE_METHOD_TOO_WEAK``. By default signatures created with keys -below 80 bits of strength (as estimated by ``estimated_strength``) are -rejected. This level can be modified using a parameter to the -:cpp:class:`Path_Validation_Restrictions` constructor. - -SRP6 Is Picker About Values -"""""""""""""""""""""""""""""""""""""""" - -The SRP6 code was checking for invalid values as specified in -:rfc:`5054`, ones equal to zero mod p, however it would accept -negative A/B values, or ones larger than p, neither of which should -occur in a normal run of the protocol. These values are now -rejected. Credits to Timothy Prepscius for pointing out these values -are not normally used and probably signal something fishy. - -Removal of Various BigInt Functions -"""""""""""""""""""""""""""""""""""""""" - -Several :cpp:class:`BigInt` functions have been removed, including -``operator[]``, ``assign``, ``get_reg``, and ``grow_reg``. The version -of ``data`` that returns a mutable pointer has been renamed -``mutable_data``. Support for octal conversions has been removed. - -The constructor ``BigInt(NumberType type, size_t n)`` has been -removed, replaced by ``BigInt::power_of_2``. - -AES-NI Crash Fixed -"""""""""""""""""""""""""""""""""""""""" - -In 1.11.0, when compiled by GCC, the AES-NI implementation of AES-192 -would crash if the mlock-based allocator was used due to an alignment -issue. diff --git a/doc/relnotes/1_11_10.rst b/doc/relnotes/1_11_10.rst deleted file mode 100644 index 9297a2278..000000000 --- a/doc/relnotes/1_11_10.rst +++ /dev/null @@ -1,81 +0,0 @@ -Version 1.11.10, 2014-12-10 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* An implementation of McEliece code-based public key encryption based - on INRIA's HyMES and secured against a variety of side-channels was - contributed by cryptosource GmbH. The original version is LGPL but - cryptosource has secured permission to release an adaptation under a - BSD license. A CCA2-secure KEM scheme is also included. - - The implementation is further described in - http://www.cryptosource.de/docs/mceliece_in_botan.pdf and - http://cryptosource.de/news_mce_in_botan_en.html - -* DSA and ECDSA now create RFC 6979 deterministic signatures. - -* Add support for TLS fallback signaling (draft-ietf-tls-downgrade-scsv-00). - Clients will send a fallback SCSV if the version passed to the Client - constructor is less than the latest version supported by local policy, so - applications implementing fallback are protected. Servers always check the - SCSV. - -* In previous versions a TLS::Server could service either TLS or DTLS - connections depending on policy settings and what type of client hello it - received. This has changed and now a Server object is initialized for - either TLS or DTLS operation. The default policy previously prohibited - DTLS, precisely to prevent a TCP server from being surprised by a DTLS - connection. The default policy now allows TLS v1.0 or higher or DTLS v1.2. - -* Fixed a bug in CCM mode which caused it to produce incorrect tags when used - with a value of L other than 2. This affected CCM TLS ciphersuites, which - use L=3. Thanks to Manuel Pégourié-Gonnard for the anaylsis and patch. - Bugzilla 270. - -* DTLS now supports timeouts and handshake retransmits. Timeout checking - is triggered by the application calling the new TLS::Channel::timeout_check. - -* Add a TLS policy hook to disable putting the value of the local clock in hello - random fields. - -* All compression operations previously available as Filters are now - performed via the Transformation API, which minimizes memory copies. - Compression operations are still available through the Filter API - using new general compression/decompression filters in comp_filter.h - -* The zlib module now also supports gzip compression and decompression. - -* Avoid a crash in low-entropy situations when reading from /dev/random, when - select indicated the device was readable but by the time we start the read the - entropy pool had been depleted. - -* The Miller-Rabin primality test function now takes a parameter allowing the - user to directly specify the maximum false negative probability they are - willing to accept. - -* PKCS #8 private keys can now be encrypted using GCM mode instead of - unauthenticated CBC. The default remains CBC for compatability. - -* The default PKCS #8 encryption scheme has changed to use PBKDF2 with - SHA-256 instead of SHA-1 - -* A specialized reducer for P-521 was added. - -* On Linux the mlock allocator will use MADV_DONTDUMP on the pool so - that the contents are not included in coredumps. - -* A new interface for directly using a system-provided PRNG is - available in system_rng.h. Currently only systems with /dev/urandom - are supported. - -* Fix decoding indefinite length BER constructs that contain a context sensitive - tag of zero. Github pull 26 from Janusz Chorko. - -* The GNU MP engine has been removed. - -* Added AltiVec detection for POWER8 processors. - -* Add a new install script written in Python which replaces shell hackery in the - makefiles. - -* Various modifications to better support Visual C++ 2013 and 2015. Github - issues 11, 17, 18, 21, 22. diff --git a/doc/relnotes/1_11_11.rst b/doc/relnotes/1_11_11.rst deleted file mode 100644 index bd9706d1f..000000000 --- a/doc/relnotes/1_11_11.rst +++ /dev/null @@ -1,28 +0,0 @@ -Version 1.11.11, 2014-12-21 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* The Sqlite3 wrapper has been abstracted to a simple interface for - SQL dbs in general, though Sqlite3 remains the only implementation. - The main logic of the TLS session manager which stored encrypted - sessions to a Sqlite3 database (`TLS::Session_Manager_SQLite`) has - been moved to the new `TLS::Session_Manager_SQL`. The Sqlite3 - manager API remains the same but now just subclasses - `TLS::Session_Manager_SQL` and has a constructor instantiate the - concrete database instance. - - Applications which would like to use a different db can now do so - without having to reimplement the session cache logic simply by - implementing a database wrapper subtype. - -* The CryptGenRandom entropy source is now also used on MinGW. - -* The system_rng API is now also available on systems with CryptGenRandom - -* With GCC use -fstack-protector for linking as well as compiling, - as this is required on MinGW. Github issue 34. - -* Fix missing dependency in filters that caused compilation problem - in amalgamation builds. Github issue 33. - -* SSLv3 support is officially deprecated and will be removed in a - future release. diff --git a/doc/relnotes/1_11_12.rst b/doc/relnotes/1_11_12.rst deleted file mode 100644 index cc304b824..000000000 --- a/doc/relnotes/1_11_12.rst +++ /dev/null @@ -1,21 +0,0 @@ -Version 1.11.12, 2015-01-02 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add Curve25519. The implementation is based on curve25519-donna-c64.c - by Adam Langley. New (completely non-standard) OIDs and formats for - encrypting Curve25519 keys under PKCS #8 and including them in - certificates and CRLs have been defined. - -* Add Poly1305, based on the implementation poly1305-donna by Andrew Moon. - -* Add the ChaCha20Poly1305 AEADs defined in draft-irtf-cfrg-chacha20-poly1305-03 - and draft-agl-tls-chacha20poly1305-04. - -* Add ChaCha20Poly1305 ciphersuites for TLS compatible with Google's servers - following draft-agl-tls-chacha20poly1305-04 - -* When encrypted as PKCS #8 structures, Curve25519 and McEliece - private keys default to using AES-256/GCM instead of AES-256/CBC - -* Define OIDs for OCB mode with AES, Serpent and Twofish. - diff --git a/doc/relnotes/1_11_13.rst b/doc/relnotes/1_11_13.rst deleted file mode 100644 index 7eaac8f37..000000000 --- a/doc/relnotes/1_11_13.rst +++ /dev/null @@ -1,43 +0,0 @@ -Version 1.11.13, 2015-01-11 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* All support for the insecure SSLv3 protocol and the server support - for processing SSLv2 client hellos has been removed. - -* The command line tool now has `tls_proxy` which negotiates TLS with - clients and forwards the plaintext to a specified port. - -* Add MCEIES, a McEliece-based integrated encryption system using - AES-256 in OCB mode for message encryption/authentication. - -* Add DTLS-SRTP negotiation defined in RFC 5764 - -* Add SipHash - -* Add SHA-512/256 - -* The format of serialized TLS sessions has changed. Additiionally, PEM - formatted sessions now use the label of "TLS SESSION" instead of "SSL SESSION" - -* Serialized TLS sessions are now encrypted using AES-256/GCM instead of a - CBC+HMAC construction. - -* The cryptobox_psk module added in 1.11.4 and previously used for TLS session - encryption has been removed. - -* When sending a TLS heartbeat message, the number of pad bytes to use can now - be specified, making it easier to use for PMTU discovery. - -* If available, zero_mem now uses RtlSecureZeroMemory or memset_s instead of a - byte-at-a-time loop. - -* The functions base64_encode and base64_decode would erroneously - throw an exception if passed a zero-length input. Github issue 37. - -* The Python install script added in version 1.11.10 failed to place the - headers into a versioned subdirectory. - -* Fix the install script when running under Python3. - -* Avoid code that triggers iterator debugging asserts under MSVC 2013. Github - pull 36 from Simon Warta. diff --git a/doc/relnotes/1_11_14.rst b/doc/relnotes/1_11_14.rst deleted file mode 100644 index 320a5f221..000000000 --- a/doc/relnotes/1_11_14.rst +++ /dev/null @@ -1,83 +0,0 @@ -Version 1.11.14, 2015-02-27 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* The global state object previously used by the library has been removed. - This includes the global PRNG. The library can be safely initialized - multiple times without harm. - - The engine code has also been removed, replaced by a much lighter-weight - object registry system which provides lookups in faster time and with less - memory overhead than the previous approach. - - One caveat of the current system with regards to static linking: because only - symbols already mentioned elsewhere in the program are included in the final - link step, few algorithms will be available through the lookup system by - default, even though they were compiled into the library. Your application - must explicitly reference the types you require or they will not end up - being available in the final binary. See also Github issue #52 - - If you intend to build your application against a static library and don't - want to explicitly reference each algo object you might attempt to look up by - string, consider either building with `--via-amalgamation`, or else (much - simpler) using the amalgamation directly. - -* The new `ffi` submodule provides a simple C API/ABI for a number of useful - operations (hashing, ciphers, public key operations, etc) which is easily - accessed using the FFI modules included in many languages. - -* A new Python wrapper (in `src/lib/python/botan.py`) using `ffi` and the Python - `ctypes` module is available. The old Boost.Python wrapper has been removed. - -* Add specialized reducers for P-192, P-224, P-256, and P-384 - -* OCB mode, which provides a fast and constant time AEAD mode without requiring - hardware support, is now supported in TLS, following - draft-zauner-tls-aes-ocb-01. Because this specification is not yet finalized - is not yet enabled by the default policy, and the ciphersuite numbers used are - in the experimental range and may conflict with other uses. - -* Add ability to read TLS policy from a text file using `TLS::Text_Policy`. - -* The amalgamation now splits off any ISA specific code (for instance, that - requiring SSSE3 instruction sets) into a new file named (for instance) - `botan_all_ssse3.cpp`. This allows the main amalgamation file to be compiled - without any special flags, so `--via-amalgamation` builds actually work now. - This is disabled with the build option `--single-amalgamation-file` - -* PBKDF and KDF operations now provide a way to write the desired output - directly to an application-specified area rather than always allocating a new - heap buffer. - -* HKDF, previously provided using a non-standard interface, now uses the - standard KDF interface and is retrievable using get_kdf. - -* It is once again possible to build the complete test suite without requiring - any boost libraries. This is currently only supported on systems supporting - the readdir interface. - -* Remove use of memset_s which caused problems with amalgamation on OS X. - Github 42, 45 - -* The memory usage of the counter mode implementation has been reduced. - Previously it encrypted 256 blocks in parallel as this leads to a slightly - faster counter increment operation. Instead CTR_BE simply encrypts a buffer - equal in size to the advertised parallelism of the cipher implementation. - This is not measurably slower, and dramatically reduces the memory use of - CTR mode. - -* The memory allocator available on Unix systems which uses mmap and mlock to - lock a pool of memory now checks environment variable BOTAN_MLOCK_POOL_SIZE - and interprets it as an integer. If the value set to a smaller value then the - library would originally have allocated (based on resource limits) the user - specified size is used instead. You can also set the variable to 0 to - disable the pool entirely. Previously the allocator would consume all - available mlocked memory, this allows botan to coexist with an application - which wants to mlock memory for its own uses. - -* The botan-config script previously installed on Unix systems has been - removed. Its functionality is replaced by the `config` command of the - `botan` tool executable, for example `botan config cflags` instead of - `botan-config --cflags`. - -* Added a target for POWER8 processors - diff --git a/doc/relnotes/1_11_15.rst b/doc/relnotes/1_11_15.rst deleted file mode 100644 index 028965eaf..000000000 --- a/doc/relnotes/1_11_15.rst +++ /dev/null @@ -1,19 +0,0 @@ -Version 1.11.15, 2015-03-08 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Support for RC4 in TLS, already disabled by default, is now deprecated. - The RC4 ciphersuites will be removed entirely in a future release. - -* A bug in ffi.cpp meant Python could only encrypt. Github issue 53. - -* When comparing two ASN.1 algorithm identifiers, consider empty and - NULL parameters the same. - -* Fixed memory leaks in TLS and cipher modes introduced in 1.11.14 - -* MARK-4 failed when OpenSSL was enabled in the build in 1.11.14 - because the OpenSSL version ignored the skip parameter. - -* Fix compilation problem on OS X/clang - -* Use BOTAN_NOEXCEPT macro to work around lack of noexcept in VS 2013 diff --git a/doc/relnotes/1_11_16.rst b/doc/relnotes/1_11_16.rst deleted file mode 100644 index c27e5a204..000000000 --- a/doc/relnotes/1_11_16.rst +++ /dev/null @@ -1,38 +0,0 @@ -Version 1.11.16, 2015-03-29 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* TLS has changed from using the non-standard NPN extension to the IETF - standardized ALPN extension for negotiating an application-level protocol. - Unfortunately the semantics of the exchange have changed with ALPN. Using - NPN, the server offered a list of protocols it advertised, and then the - client chose its favorite. With ALPN, the client offers a list of protocols - and the server chooses. The the signatures of both the TLS::Client and - TLS::Server constructors have changed to support this new flow. - -* Optimized ECDSA signature verification thanks to an observation by - Dr. Falko Strenzke. On some systems verifications are between 1.5 - and 2 times faster than in 1.11.15. - -* RSA encrypt and decrypt operations using OpenSSL have been added. - -* Public key operation types now handle all aspects of the operation, - such as hashing and padding for signatures. This change allows - supporting specialized implementations which only support particular - padding types. - -* Added global timeout to HMAC_RNG entropy reseed. The defaults are - the values set in the build.h macros `BOTAN_RNG_AUTO_RESEED_TIMEOUT` - and `BOTAN_RNG_RESEED_DEFAULT_TIMEOUT`, but can be overriden - on a specific poll with the new API call reseed_with_timeout. - -* Fixed Python cipher update_granularity() and default_nonce_length() - functions - -* The library now builds on Visual C++ 2013 - -* The GCM update granularity was reduced from 4096 to 16 bytes. - -* Fix a bug that prevented building the amalgamation until a non-amalgamation - configuration was performed first in the same directory. - -* Add Travis CI integration. Github pull 60. diff --git a/doc/relnotes/1_11_17.rst b/doc/relnotes/1_11_17.rst deleted file mode 100644 index 646bbf34c..000000000 --- a/doc/relnotes/1_11_17.rst +++ /dev/null @@ -1,16 +0,0 @@ -Version 1.11.17, 2015-06-18 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* All support for the insecure RC4 stream cipher has been removed - from the TLS implementation. - -* Fix decoding of TLS maximum fragment length. Regardless of what - value was actually negotiated, TLS would treat it as a negotiated - limit of 4096. - -* Fix the configure.py flag `--disable-aes-ni` which did nothing of - the sort. - -* Fixed nmake clean target. GitHub #104 - -* Correct buffering logic in `Compression_Filter`. GitHub #93 and #95 diff --git a/doc/relnotes/1_11_18.rst b/doc/relnotes/1_11_18.rst deleted file mode 100644 index eb980b95e..000000000 --- a/doc/relnotes/1_11_18.rst +++ /dev/null @@ -1,5 +0,0 @@ -Version 1.11.18, Not Yet Released -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* In this release Botan has switched VCS from `monotone` to `git`, - and is now hosted on github at https://github.com/randombt/botan diff --git a/doc/relnotes/1_11_2.rst b/doc/relnotes/1_11_2.rst deleted file mode 100644 index 767fbf624..000000000 --- a/doc/relnotes/1_11_2.rst +++ /dev/null @@ -1,47 +0,0 @@ -Version 1.11.2, 2013-03-02 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* A bug in the release script caused the `botan_version.py` included - in :doc:`1.11.1 <1_11_1>` to be invalid, which required a manual - edit to fix (:pr:`226`) - -Memory Zeroization Changes -"""""""""""""""""""""""""""""""""""""""" - -* Previously `clear_mem` was implemented by an inlined call to - `std::memset`. However an optimizing compiler might notice cases - where the memset could be skipped in cases allowed by the standard. - Now `clear_mem` calls `zero_mem` which is compiled separately and - which zeros out the array through a volatile pointer. It is possible - some compiler with some optimization setting (especially with - something like LTO) might still skip the writes. It would be nice if - there was an automated way to test this. - -New Parallel Filter -"""""""""""""""""""""""""""""""""""""""" - -* The new filter :cpp:class:`Threaded_Fork` acts like a normal - :cpp:class:`Fork`, sending its input to a number of different - filters, but each subchain of filters in the fork runs in its own - thread. Contributed by Joel Low. - -TLS Enhancements and Bug Fixes -"""""""""""""""""""""""""""""""""""""""" - -* The default TLS policy formerly preferred AES over RC4, and allowed - 3DES by default. Now the default policy is to negotiate only either - AES or RC4, and to prefer RC4. - -* New TLS :cpp:class:`Blocking_Client` provides a thread per - connection style API similar to that provided in 1.10 - -Other API Changes -"""""""""""""""""""""""""""""""""""""""" - -* The API of `Credentials_Manager::trusted_certificate_authorities` - has changed to return a vector of `Certificate_Store*` instead of - `X509_Certificate`. This allows the list of trusted CAs to be - more easily updated dynamically or loaded lazily. - -* The `asn1_int.h` header was split into `asn1_alt_name.h`, - `asn1_attribute.h` and `asn1_time.h`. diff --git a/doc/relnotes/1_11_3.rst b/doc/relnotes/1_11_3.rst deleted file mode 100644 index fc8eebe14..000000000 --- a/doc/relnotes/1_11_3.rst +++ /dev/null @@ -1,30 +0,0 @@ -Version 1.11.3, 2013-04-11 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add a new interface for AEAD modes (:cpp:class:`AEAD_Mode`). - -* Implementations of the OCB and GCM authenticated cipher modes are - now included. - -* Support for TLS GCM ciphersuites is now available. - -* A new TLS policy mechanism - :cpp:func:`TLS::Policy::server_uses_own_ciphersuite_preferences` - controls how a server chooses a ciphersuite. Previously it always - chose its most preferred cipher out of the client's list, but this - can allow configuring a server to choose by the client's preferences - instead. - -* :cpp:class:`Keyed_Filter` now supports returning a - :cpp:class:`Key_Length_Specification` so the full details of what - keylengths are supported is now available in keyed filters. - -* The experimental and rarely used Turing and WiderWAKE stream ciphers - have been removed - -* New functions for symmetric encryption are included in cryptobox.h - though interfaces and formats are subject to change. - -* A new function :cpp:func:`algorithm_kat_detailed` returns a string - providing information about failures, instead of just a pass/fail - indicator as in :cpp:func:`algorithm_kat`. diff --git a/doc/relnotes/1_11_4.rst b/doc/relnotes/1_11_4.rst deleted file mode 100644 index a635531a7..000000000 --- a/doc/relnotes/1_11_4.rst +++ /dev/null @@ -1,37 +0,0 @@ -Version 1.11.4, 2013-07-25 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* CPU specific extensions are now always compiled if support for the - operations is available at build time, and flags enabling use of - extra operations (such as SSE2) are only included when compiling - files which specifically request support. This means, for instance, - that the SSSE3 and AES-NI implementations of AES are always included - in x86 builds, relying on runtime cpuid checking to prevent their - use on CPUs that do not support those operations. - -* The default TLS policy now only accepts TLS, to minimize surprise - for servers which might not expect to negotiate DTLS. Previously a - server would by default negotiate either protocol type (clients - would only accept the same protocol type as they - offered). Applications which use DTLS or combined TLS/DTLS need to - override :cpp:func:`Policy::acceptable_protocol_version`. - -* The TLS channels now accept a new parameter specifying how many - bytes to preallocate for the record handling buffers, which allows - an application some control over how much memory is used at runtime - for a particular connection. - -* Applications can now send arbitrary TLS alert messages using - :cpp:func:`TLS::Channel::send_alert` - -* A new TLS policy :cpp:class:`NSA_Suite_B_128` is available, which - will negotiate only the 128-bit security NSA Suite B. See - :rfc:`6460` for more information about Suite B. - -* Adds a new interface for benchmarking, :cpp:func:`time_algorithm_ops`, - which returns a map of operations to operations per second. For - instance now both encrypt and decrypt speed of a block cipher can be - checked, as well as the key schedule of all keyed algorithms. It - additionally supports AEAD modes. - -* Rename ARC4 to RC4 diff --git a/doc/relnotes/1_11_5.rst b/doc/relnotes/1_11_5.rst deleted file mode 100644 index b327bfd82..000000000 --- a/doc/relnotes/1_11_5.rst +++ /dev/null @@ -1,53 +0,0 @@ -Version 1.11.5, 2013-11-10 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* The TLS callback signatures have changed - there are now two distinct - callbacks for application data and alerts. TLS::Client and TLS::Server have - constructors which continue to accept the old callback and use it for both - operations. - -* The entropy collector that read from randomness devices had two bugs - it - would break out of the poll as soon as any read succeeded, and it selected on - each device individually. When a blocking source was first in the device list - and the entropy pool was running low, the reader might either block in select - until eventually timing out (continuing on to read from /dev/urandom instead), - or read just a few bytes, skip /dev/urandom, fail to satisfy the entropy - target, and the poll would continue using other (slower) sources. This caused - substantial performance/latency problems in RNG heavy applications. Now all - devices are selected over at once, with the effect that a full read from - urandom always occurs, along with however much (if any) output is available - from blocking sources. - -* Previously AutoSeeded_RNG referenced a globally shared PRNG instance. - Now each instance has distinct state. - -* The entropy collector that runs Unix programs to collect statistical - data now runs multiple processes in parallel, greatly reducing poll - times on some systems. - -* The Randpool RNG implementation was removed. - -* All existing cipher mode implementations (such as CBC and XTS) have been - converted from filters to using the interface previously provided by - AEAD modes which allows for in-place message - processing. Code which directly references the filter objects will break, but - an adaptor filter allows usage through get_cipher as usual. - -* An implementation of CCM mode from RFC 3601 has been added, as well as CCM - ciphersuites for TLS. - -* The implementation of OCB mode now supports 64 and 96 bit tags - -* Optimized computation of XTS tweaks, producing a substantial speedup - -* Add support for negotiating Brainpool ECC curves in TLS - -* TLS v1.2 will not negotiate plain SHA-1 signatures by default. - -* TLS channels now support sending a ``std::vector`` - -* Add a generic 64x64->128 bit multiply instruction operation in mul128.h - -* Avoid potentially undefined operations in the bit rotation operations. Not - known to have caused problems under existing compilers but might break in the - future. Found by Clang sanitizer, reported by Jeffrey Walton. diff --git a/doc/relnotes/1_11_6.rst b/doc/relnotes/1_11_6.rst deleted file mode 100644 index 8282e9e28..000000000 --- a/doc/relnotes/1_11_6.rst +++ /dev/null @@ -1,27 +0,0 @@ -Version 1.11.6, 2013-12-29 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* The Boost filesystem and asio libraries are now being used by default. - Pass ``--without-boost`` to ``configure.py`` to disable. - -* The default TLS policy no longer allows SSLv3 or RC4. - -* OAEP had two bugs, one of which allowed it to be used even if the - key was too small, and the other of which would cause a crash during - decryption if the EME data was too large for the associated key. - -* GCM mode now uses the Intel clmul instruction when available - -* Add the Threefish-512 tweakable block cipher, including an AVX2 version - -* Add SIV (from :rfc:`5297`) as a nonce-based AEAD - -* Add HKDF (from :rfc:`5869`) using an experimental PRF interface - -* Add HTTP utility functions and OCSP online checking - -* Add TLS::Policy::acceptable_ciphersuite hook to disable ciphersuites - on an ad-hoc basis. - -* TLS::Session_Manager_In_Memory's constructor now requires a RNG - diff --git a/doc/relnotes/1_11_7.rst b/doc/relnotes/1_11_7.rst deleted file mode 100644 index 7d4703448..000000000 --- a/doc/relnotes/1_11_7.rst +++ /dev/null @@ -1,23 +0,0 @@ -Version 1.11.7, 2014-01-10 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Botan's basic numeric types are now defined in terms of the - C99/C++11 standard integer types. For instance `u32bit` is now a - typedef for `uint32_t`, and both names are included in the library - namespace. This should not result in any application-visible - changes. - -* There are now two executable outputs of the build, `botan-test`, - which runs the tests, and `botan` which is used as a driver to call - into various subcommands which can also act as examples of library - use, much in the manner of the `openssl` command. It understands the - commands `base64`, `asn1`, `x509`, `tls_client`, `tls_server`, - `bcrypt`, `keygen`, `speed`, and various others. As part of this - change many obsolete, duplicated, or one-off examples were removed, - while others were extended with new functionality. Contributions of - new subcommands, new bling for exising ones, or documentation in any - form is welcome. - -* Fix a bug in Lion, which was broken by a change in 1.11.0. The - problem was not noticed before as Lion was also missing a test vector - in previous releases. diff --git a/doc/relnotes/1_11_8.rst b/doc/relnotes/1_11_8.rst deleted file mode 100644 index 7189cff26..000000000 --- a/doc/relnotes/1_11_8.rst +++ /dev/null @@ -1,56 +0,0 @@ -Version 1.11.8, 2014-02-13 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* The `botan` command line application introduced in 1.11.7 is now - installed along with the library. - -* A bug in certificate path validation introduced in 1.11.6 which - caused all CRL signature checks to fail has been corrected. - -* The ChaCha20 stream cipher has been added. - -* The ``Transformation`` class no longer implements an interface for keying, - this has been moved to a new subclass ``Keyed_Transformation``. - -* The ``Algorithm`` class, which previously acted as a global base for - various types (ciphers, hashes, etc) has been removed. - -* CMAC now supports 256 and 512 bit block ciphers, which also allows - the use of larger block ciphers with EAX mode. In particular this - allows using Threefish in EAX mode. - -* The antique PBES1 private key encryption scheme (which only supports - DES or 64-bit RC2) has been removed. - -* The Square, Skipjack, and Luby-Rackoff block ciphers have been removed. - -* The Blue Midnight Wish hash function has been removed. - -* Skein-512 no longer supports output lengths greater than 512 bits. - -* Skein did not reset its internal state properly if clear() was - called, causing it to produce incorrect results for the following - message. It was reset correctly in final() so most usages should not - be affected. - -* A number of public key padding schemes have been renamed to match - the most common notation; for instance EME1 is now called OAEP and - EMSA4 is now called PSSR. Aliases are set which should allow all - current applications to continue to work unmodified. - -* A bug in CFB encryption caused a few bytes past the end of the final - block to be read. The actual output was not affected. - -* Fix compilation errors in the tests that occured with minimized - builds. Contributed by Markus Wanner. - -* Add a new ``--destdir`` option to ``configure.py`` which controls - where the install target will place the output. The ``--prefix`` - option continues to set the location where the library expects to be - eventually installed. - -* Many class destructors which previously deleted memory have been - removed in favor of using ``unique_ptr``. - -* Various portability fixes for Clang, Windows, Visual C++ 2013, OS X, - and x86-32. diff --git a/doc/relnotes/1_11_9.rst b/doc/relnotes/1_11_9.rst deleted file mode 100644 index a18a0b49d..000000000 --- a/doc/relnotes/1_11_9.rst +++ /dev/null @@ -1,37 +0,0 @@ -Version 1.11.9, 2014-04-10 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fix a bug in primality testing introduced in 1.8.3 which caused - only a single random base, rather than a sequence of random bases, - to be used in the Miller-Rabin test. This increased the probability - that a non-prime would be accepted. Reported by Jeff Marrison. - -* X.509 path validation now returns a set of all errors that occurred - during validation, rather than immediately returning the first - detected error. This prevents a seemingly innocuous error (such as - an expired certificate) from hiding an obviously serious error - (such as an invalid signature). The Certificate_Status_Code enum is - now ordered by severity, and the most severe error is returned by - Path_Validation_Result::result(). The entire set of status codes is - available with the new all_statuses call. - -* Fixed a bug in OCSP response decoding which would cause an error - when attempting to decode responses from some widely used - responders. - -* An implementation of HMAC_DRBG RNG from NIST SP800-90A has been - added. Like the X9.31 PRNG implementation, it uses another - underlying RNG for seeding material. - -* An implementation of the RFC 6979 deterministic nonce generator has - been added. - -* Fix a bug in certificate path validation which prevented successful - validation if intermediate certificates were presented out of order. - -* Fix a bug introduced in 1.11.5 which could cause crashes or other - incorrect behavior when a cipher mode filter was followed in the - pipe by another filter, and that filter had a non-empty start_msg. - -* The types.h header now uses stdint.h rather than cstdint to avoid - problems with Clang on OS X. diff --git a/doc/relnotes/1_1_0.rst b/doc/relnotes/1_1_0.rst deleted file mode 100644 index 09a08860b..000000000 --- a/doc/relnotes/1_1_0.rst +++ /dev/null @@ -1,20 +0,0 @@ -Version 1.1.0, 2002-09-14 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added entropy estimation to the RNGs -* Improved the overall design of both Randpool and ANSI_X917_RNG -* Added a separate RNG for nonce generation -* Added window exponentiation support in power_mod -* Added a get_s2k function and the PKCS #5 S2K algorithms -* Added the TLSv1 PRF -* Replaced BlockCipherModeIV typedef with InitializationVector class -* Renamed PK_Key_Agreement_Scheme to PK_Key_Agreement -* Renamed SHA1 -> SHA_160 and SHA2_x -> SHA_x -* Added support for RIPEMD-160 PKCS#1 v1.5 signatures -* Changed the key agreement scheme interface -* Changed the S2K and KDF interfaces -* Better SCAN compatibility for HAVAL, Tiger, MISTY1, SEAL, RC5, SAFER-SK -* Added support for variable-pass Tiger -* Major speedup for Rabin-Williams key generation - - diff --git a/doc/relnotes/1_1_1.rst b/doc/relnotes/1_1_1.rst deleted file mode 100644 index bdb13f3ff..000000000 --- a/doc/relnotes/1_1_1.rst +++ /dev/null @@ -1,15 +0,0 @@ -Version 1.1.1, 2002-10-15 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added the Korean hash function HAS-160 -* Partial support for RSA and DSA X.509 public keys -* Added a mostly functional BER encoder/decoder -* Added support for non-deterministic MAC functions -* Initial support for PEM encoding/decoding -* Internal cleanups in the PK algorithms -* Several new convenience functions in Pipe -* Fixed two nasty bugs in Pipe -* Messed with the entropy sources for es_unix -* Discrete logarithm groups are checked for safety more closely now -* For compatibility with GnuPG, ElGamal now supports DSA-style groups - diff --git a/doc/relnotes/1_1_10.rst b/doc/relnotes/1_1_10.rst deleted file mode 100644 index adc295152..000000000 --- a/doc/relnotes/1_1_10.rst +++ /dev/null @@ -1,13 +0,0 @@ -Version 1.1.10, 2003-04-03 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* X509_CA can now generate new X.509 CRLs -* Added blinding for RSA, RW, DH, and ElGamal to prevent timing attacks -* More certificate and CRL extensions/attributes are supported -* Better DN handling in X.509 certificates/CRLs -* Added a DataSink hierarchy (suggested by Jim Darby) -* Consolidated SecureAllocator and ManagedAllocator -* Many cleanups and generalizations -* Added a (slow) pthreads based EntropySource -* Fixed some threading bugs - diff --git a/doc/relnotes/1_1_11.rst b/doc/relnotes/1_1_11.rst deleted file mode 100644 index ef05a42a0..000000000 --- a/doc/relnotes/1_1_11.rst +++ /dev/null @@ -1,11 +0,0 @@ -Version 1.1.11, 2003-04-07 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added PKCS #10 certificate requests -* Changed X509_Store searching interface to be more flexible -* Added a generic Certificate_Store interface -* Added a function for generating self-signed X.509 certs -* Cleanups and changes to X509_CA -* New examples for PKCS #10 and self-signed certificates -* Some documentation updates - diff --git a/doc/relnotes/1_1_12.rst b/doc/relnotes/1_1_12.rst deleted file mode 100644 index 5f652af52..000000000 --- a/doc/relnotes/1_1_12.rst +++ /dev/null @@ -1,12 +0,0 @@ -Version 1.1.12, 2003-04-15 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed a ASN.1 string encoding bug -* Fixed a pair of X509_DN encoding problems -* Base64_Decoder and Hex_Decoder can now validate input -* Removed support for the LibraryInitializer option 'egd_path' -* Added tests for DSA X.509 and PKCS #8 key formats -* Removed a long deprecated feature of DH_PrivateKey's constructor -* Updated the RPM .spec file -* Major documentation updates - diff --git a/doc/relnotes/1_1_13.rst b/doc/relnotes/1_1_13.rst deleted file mode 100644 index b7379ceb8..000000000 --- a/doc/relnotes/1_1_13.rst +++ /dev/null @@ -1,16 +0,0 @@ -Version 1.1.13, 2003-04-22 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added OMAC -* Added EAX authenticated cipher mode -* Diffie-Hellman would not do blinding in some cases -* Optimized the OFB and CTR modes -* Corrected Skipjack's word ordering, as per NIST clarification -* Support for all subject/issuer attribute types required by RFC 3280 -* The removeFromCRL CRL reason code is now handled correctly -* Increased the flexibility of the allocators -* Renamed Rijndael to AES, created aes.h, deleted rijndael.h -* Removed support for the 'no_timer' LibraryInitializer option -* Removed 'es_pthr' module, pending further testing -* Cleaned up get_ciph.cpp - diff --git a/doc/relnotes/1_1_2.rst b/doc/relnotes/1_1_2.rst deleted file mode 100644 index 088d66804..000000000 --- a/doc/relnotes/1_1_2.rst +++ /dev/null @@ -1,17 +0,0 @@ -Version 1.1.2, 2002-10-21 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Support for PKCS #8 encoded RSA, DSA, and DH private keys -* Support for Diffie-Hellman X.509 public keys -* Major reorganization of how X.509 keys are handled -* Added PKCS #5 v2.0's PBES1 encryption scheme -* Added a generic cipher lookup interface -* Added the WiderWake4+1 stream cipher -* Added support for sync-able stream ciphers -* Added a 'paranoia level' option for the LibraryInitializer -* More security for RNG output meant for long term keys -* Added documentation for some of the new 1.1.x features -* CFB's feedback argument is now specified in bits -* Renamed CTR class to CTR_BE -* Updated the RSA and DSA examples to use X.509 and PKCS #8 key formats - diff --git a/doc/relnotes/1_1_3.rst b/doc/relnotes/1_1_3.rst deleted file mode 100644 index f8c7fc3fc..000000000 --- a/doc/relnotes/1_1_3.rst +++ /dev/null @@ -1,15 +0,0 @@ -Version 1.1.3, 2002-11-03 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added a generic public/private key loading interface -* Fixed a small encoding bug in RSA, RW, and DH -* Changed the PK encryption/decryption interface classes -* ECB supports using padding methods -* Added a function-based interface for library initialization -* Added support for RIPEMD-128 and Tiger PKCS#1 v1.5 signatures -* The cipher mode benchmarks now use 128-bit AES instead of DES -* Removed some obsolete typedefs -* Removed OpenCL support (opencl.h, the OPENCL_* macros, etc) -* Added tests for PKCS #8 encoding/decoding -* Added more tests for ECB and CBC - diff --git a/doc/relnotes/1_1_4.rst b/doc/relnotes/1_1_4.rst deleted file mode 100644 index 9d74c3ae5..000000000 --- a/doc/relnotes/1_1_4.rst +++ /dev/null @@ -1,14 +0,0 @@ -Version 1.1.4, 2002-11-10 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Speedup of 15-30% for PK algorithms -* Implemented the PBES2 encryption scheme -* Fixed a potential bug in decoding RSA and RW private keys -* Changed the DL_Group class interface to handle different formats better -* Added support for PKCS #3 encoded DH parameters -* X9.42 DH parameters use a PEM label of 'X942 DH PARAMETERS' -* Added key pair consistency checking -* Fixed a compatibility problem with gcc 2.96 (pointed out by Hany Greiss) -* A botan-config script is generated at configure time -* Documentation updates - diff --git a/doc/relnotes/1_1_5.rst b/doc/relnotes/1_1_5.rst deleted file mode 100644 index 90101dedb..000000000 --- a/doc/relnotes/1_1_5.rst +++ /dev/null @@ -1,8 +0,0 @@ -Version 1.1.5, 2002-11-17 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added the discrete logarithm integrated encryption system (DLIES) -* Various optimizations for BigInt -* Added support for assembler optimizations in modules -* Added BigInt x86 optimizations module (mpi_ia32) - diff --git a/doc/relnotes/1_1_6.rst b/doc/relnotes/1_1_6.rst deleted file mode 100644 index 4c638b7e3..000000000 --- a/doc/relnotes/1_1_6.rst +++ /dev/null @@ -1,10 +0,0 @@ -Version 1.1.6, 2002-12-10 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Initial support for X.509v3 certificates and CAs -* Major redesign/rewrite of the ASN.1 encoding/decoding code -* Added handling for DSA/NR signatures encoded as DER SEQUENCEs -* Documented the generic cipher lookup interface -* Added an (untested) entropy source for BeOS -* Various cleanups and bug fixes - diff --git a/doc/relnotes/1_1_7.rst b/doc/relnotes/1_1_7.rst deleted file mode 100644 index bd73607e6..000000000 --- a/doc/relnotes/1_1_7.rst +++ /dev/null @@ -1,8 +0,0 @@ -Version 1.1.7, 2003-01-12 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed an obscure but dangerous bug in SecureVector::swap -* Consolidated SHA-384 and SHA-512 to save code space -* Added SSL3-MAC and SSL3-PRF -* Documentation updates, including a new tutorial - diff --git a/doc/relnotes/1_1_8.rst b/doc/relnotes/1_1_8.rst deleted file mode 100644 index 2ed517ece..000000000 --- a/doc/relnotes/1_1_8.rst +++ /dev/null @@ -1,13 +0,0 @@ -Version 1.1.8, 2003-01-29 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixes for the certificate path validation algorithm in X509_Store -* Fixed a bug affecting X509_Certificate::is_ca_cert() -* Added a general configuration interface for policy issues -* Cleanups and API changes in the X.509 CA, cert, and store code -* Made various options available for X509_CA users -* Changed X509_Time's interface to work around time_t problems -* Fixed a theoretical weakness in Randpool's entropy mixing function -* Fixed problems compiling with GCC 2.95.3 and GCC 2.96 -* Fixed a configure bug (reported by Jon Wilson) affecting MinGW - diff --git a/doc/relnotes/1_1_9.rst b/doc/relnotes/1_1_9.rst deleted file mode 100644 index 2ed18080d..000000000 --- a/doc/relnotes/1_1_9.rst +++ /dev/null @@ -1,10 +0,0 @@ -Version 1.1.9, 2003-02-25 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added support for using X.509v2 CRLs -* Fixed several bugs in the path validation algorithm -* Certificates can be verified for a particular usage -* Algorithm for comparing distinguished names now follows X.509 -* Cleaned up the code for the es_beos, es_ftw, es_unix modules -* Documentation updates - diff --git a/doc/relnotes/1_2_0.rst b/doc/relnotes/1_2_0.rst deleted file mode 100644 index 2372919fb..000000000 --- a/doc/relnotes/1_2_0.rst +++ /dev/null @@ -1,9 +0,0 @@ -Version 1.2.0, 2003-04-28 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Tweaked the Karatsuba cut-off points -* Increased the allowed keylength of HMAC and Blowfish -* Removed the 'mpi_ia32' module, pending rewrite -* Workaround a GCC 2.95.x bug in eme1.cpp - - diff --git a/doc/relnotes/1_2_1.rst b/doc/relnotes/1_2_1.rst deleted file mode 100644 index 885d6a10a..000000000 --- a/doc/relnotes/1_2_1.rst +++ /dev/null @@ -1,10 +0,0 @@ -Version 1.2.1, 2003-05-06 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added ANSI X9.23 compatible CBC padding -* Added an entropy source using Win32 CryptoAPI -* Removed the Pipe I/O operators taking a FILE* -* Moved the BigInt encoding/decoding functions into the BigInt class -* Integrated several fixes for VC++ 7 (from Hany Greiss) -* Fixed the configure.pl script for Windows builds - diff --git a/doc/relnotes/1_2_2.rst b/doc/relnotes/1_2_2.rst deleted file mode 100644 index 6732daffb..000000000 --- a/doc/relnotes/1_2_2.rst +++ /dev/null @@ -1,13 +0,0 @@ -Version 1.2.2, 2003-05-13 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add checks to prevent any BigInt bugs from revealing an RSA or RW key -* Changed the interface of Global_RNG::seed -* Major improvements for the es_unix module -* Added another Win32 entropy source, es_win32 -* The Win32 CryptoAPI entropy source can now poll multiple providers -* Improved the BeOS entropy source -* Renamed pipe_unixfd module to fd_unix -* Fixed a file descriptor leak in the EGD module -* Fixed a few locking bugs - diff --git a/doc/relnotes/1_2_3.rst b/doc/relnotes/1_2_3.rst deleted file mode 100644 index fd12fc09c..000000000 --- a/doc/relnotes/1_2_3.rst +++ /dev/null @@ -1,14 +0,0 @@ -Version 1.2.3, 2003-05-20 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed a bug that prevented DSA/NR key generation -* Fixed a bug that prevented importing some root CA certs -* Fixed a bug in the BER decoder when handing optional bit or byte strings -* Fixed the encoding of authorityKeyIdentifier in X509_CA -* Added a sanity check in PBKDF2 for zero length passphrases -* Added versions of X509::load_key and PKCS8::load_key that take a file name -* X509_CA generates 128 bit serial numbers now -* Added tests to check PK key generation -* Added a simplistic X.509 CA example -* Cleaned up some of the examples - diff --git a/doc/relnotes/1_2_4.rst b/doc/relnotes/1_2_4.rst deleted file mode 100644 index 600d030c4..000000000 --- a/doc/relnotes/1_2_4.rst +++ /dev/null @@ -1,8 +0,0 @@ -Version 1.2.4, 2003-05-29 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed a bug in EMSA1 affecting NR signature verification -* Fixed a few latent bugs in BigInt related to word size -* Removed an unused function, mp_add2_nc, from the MPI implementation -* Reorganized the core MPI files - diff --git a/doc/relnotes/1_2_5.rst b/doc/relnotes/1_2_5.rst deleted file mode 100644 index b88c37e7e..000000000 --- a/doc/relnotes/1_2_5.rst +++ /dev/null @@ -1,23 +0,0 @@ -Version 1.2.5, 2003-06-22 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed a tricky and long-standing memory leak in Pipe -* Major cleanups and fixes in the memory allocation system -* Removed alloc_mlock, which has been superseded by the ml_unix module -* Removed a denial of service vulnerability in X509_Store -* Fixed compilation problems with VS .NET 2003 and Codewarrior 8 -* Added another variant of PKCS8::load_key, taking a memory buffer -* Fixed various minor/obscure bugs which occurred when MP_WORD_BITS != 32 -* BigInt::operator%=(word) was a no-op if the input was a power of 2 -* Fixed portability problems in BigInt::to_u32bit -* Fixed major bugs in SSL3-MAC -* Cleaned up some messes in the PK algorithms -* Cleanups and extensions for OMAC and EAX -* Made changes to the entropy estimation function -* Added a 'beos' module set for use on BeOS -* Officially deprecated a few X509:: and PKCS8:: functions -* Moved the contents of primes.h to numthry.h -* Moved the contents of x509opt.h to x509self.h -* Removed the (empty) desx.h header -* Documentation updates - diff --git a/doc/relnotes/1_2_6.rst b/doc/relnotes/1_2_6.rst deleted file mode 100644 index 9a22648d5..000000000 --- a/doc/relnotes/1_2_6.rst +++ /dev/null @@ -1,10 +0,0 @@ -Version 1.2.6, 2003-07-04 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Major performance increase for PK algorithms on most 64-bit systems -* Cleanups in the low-level MPI code to support asm implementations -* Fixed build problems with some versions of Compaq's C++ compiler -* Removed useless constructors for NR public and private keys -* Removed support for the patch_file directive in module files -* Removed several deprecated functions - diff --git a/doc/relnotes/1_2_7.rst b/doc/relnotes/1_2_7.rst deleted file mode 100644 index 8121bbef8..000000000 --- a/doc/relnotes/1_2_7.rst +++ /dev/null @@ -1,15 +0,0 @@ -Version 1.2.7, 2003-10-31 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added support for reading configuration files -* Added constructors so NR and RW keys can be imported easily -* Fixed mp_asm64, which was completely broken in 1.2.6 -* Removed tm_hw_ia32 module; replaced by tm_hard -* Added support for loading certain oddly formed RSA certificates -* Fixed spelling of NON_REPUDIATION enum -* Renamed the option default_to_ca to v1_assume_ca -* Fixed a minor bug in X.509 certificate generation -* Fixed a latent bug in the OID lookup code -* Updated the RPM spec file -* Added to the tutorial - diff --git a/doc/relnotes/1_2_8.rst b/doc/relnotes/1_2_8.rst deleted file mode 100644 index e234b5ccd..000000000 --- a/doc/relnotes/1_2_8.rst +++ /dev/null @@ -1,5 +0,0 @@ -Version 1.2.8, 2003-11-21 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Merged several important bug fixes from 1.3.x - diff --git a/doc/relnotes/1_3_0.rst b/doc/relnotes/1_3_0.rst deleted file mode 100644 index c1229e8d2..000000000 --- a/doc/relnotes/1_3_0.rst +++ /dev/null @@ -1,11 +0,0 @@ -Version 1.3.0, 2003-11-02 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Major redesign of the PKCS #8 private key import/export system -* Added a small amount of UI interface code for getting passphrases -* Added heuristics that tell if a key, cert, etc is stored as PEM or BER -* Removed CS-Cipher, SHARK, ThreeWay, MD5-MAC, and EMAC -* Removed certain deprecated constructors of RSA, DSA, DH, RW, NR -* Made PEM decoding more forgiving of extra text before the header - - diff --git a/doc/relnotes/1_3_1.rst b/doc/relnotes/1_3_1.rst deleted file mode 100644 index 70bc79d02..000000000 --- a/doc/relnotes/1_3_1.rst +++ /dev/null @@ -1,7 +0,0 @@ -Version 1.3.1, 2003-11-04 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Generalized a few pieces of the DER encoder -* PKCS8::load_key would fail if handed an unencrypted key -* Added a failsafe so PKCS #8 key decoding can't go into an infinite loop - diff --git a/doc/relnotes/1_3_10.rst b/doc/relnotes/1_3_10.rst deleted file mode 100644 index f99d11bc2..000000000 --- a/doc/relnotes/1_3_10.rst +++ /dev/null @@ -1,10 +0,0 @@ -Version 1.3.10, 2004-03-27 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added support for OpenPGP's ASCII armor format -* Cleaned up the RNG system; seeding is much more flexible -* Added simple autoconfiguration abilities to configure.pl -* Fixed a GCC 2.95.x compile problem -* Updated the example configuration file -* Documentation updates - diff --git a/doc/relnotes/1_3_11.rst b/doc/relnotes/1_3_11.rst deleted file mode 100644 index 86c1f13a1..000000000 --- a/doc/relnotes/1_3_11.rst +++ /dev/null @@ -1,12 +0,0 @@ -Version 1.3.11, 2004-04-01 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed two show-stopping bugs in PKCS10_Request -* Added some sanity checks in Pipe/Filter -* The DNS and URI entries would get swapped in subjectAlternativeNames -* MAC_Filter is now willing to not take a key at creation time -* Setting the expiration times of certs and CRLs is more flexible -* Fixed problems building on AIX with GCC -* Fixed some problems in the tutorial pointed out by Dominik Vogt -* Documentation updates - diff --git a/doc/relnotes/1_3_12.rst b/doc/relnotes/1_3_12.rst deleted file mode 100644 index 0a5ef7901..000000000 --- a/doc/relnotes/1_3_12.rst +++ /dev/null @@ -1,15 +0,0 @@ -Version 1.3.12, 2004-05-02 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added ability to remove old entries from CRLs -* Swapped the first two arguments of X509_CA::update_crl() -* Added an < operator for MemoryRegion, so it can be used as a std::map key -* Changed X.509 searching by DNS name from substring to full string compares -* Renamed a few X509_Certificate and PKCS10_Request member functions -* Fixed a problem when decoding some PKCS #10 requests -* Hex_Decoder would not check inputs, reported by Vaclav Ovsik -* Changed default CRL expire time from 30 days to 7 days -* X509_CRL's default PEM header is now "X509 CRL", for OpenSSL compatibility -* Corrected errors in the API doc, fixes from Ken Perano -* More documentation about the Pipe/Filter code - diff --git a/doc/relnotes/1_3_13.rst b/doc/relnotes/1_3_13.rst deleted file mode 100644 index 6b6726aea..000000000 --- a/doc/relnotes/1_3_13.rst +++ /dev/null @@ -1,9 +0,0 @@ -Version 1.3.13, 2004-05-15 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Major fixes for Cygwin builds -* Minor MacOS X install fixes -* The configure script is a little better at picking the right modules -* Removed ml_unix from the 'unix' module set for Cygwin compatibility -* Fixed a stupid compile problem in pkcs10.h - diff --git a/doc/relnotes/1_3_14.rst b/doc/relnotes/1_3_14.rst deleted file mode 100644 index 330a4690b..000000000 --- a/doc/relnotes/1_3_14.rst +++ /dev/null @@ -1,26 +0,0 @@ -Version 1.3.14, 2004-06-12 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added support for AEP's AEP1000/AEP2000 crypto cards -* Added a Mutex module using Qt, from Justin Karneges -* Added support for engine loading in LibraryInitializer -* Tweaked SecureAllocator, giving 20% better performance under heavy load -* Added timer and memory locking modules for Win32 (tm_win32, ml_win32) -* Renamed PK_Engine to Engine_Core -* Improved the Karatsuba cutoff points -* Fixes for compiling with GCC 3.4 and Sun C++ 5.5 -* Fixes for Linux/s390, OpenBSD, and Solaris -* Added support for Linux/s390x -* The configure script was totally broken for 'generic' OS -* Removed Montgomery reduction due to bugs -* Removed an unused header, pkcs8alg.h -* check --validate returns an error code if any tests failed -* Removed duplicate entry in Unix command list for es_unix -* Moved the Cert_Usage enumeration into X509_Store -* Added new timing methods for PK benchmarks, clock_gettime and RDTSC -* Fixed a few minor bugs in the configure script -* Removed some deprecated functions from x509cert.h and pkcs10.h -* Removed the 'minimal' module, has to be updated for Engine support -* Changed MP_WORD_BITS macro to BOTAN_MP_WORD_BITS to clean up namespace -* Documentation updates - diff --git a/doc/relnotes/1_3_2.rst b/doc/relnotes/1_3_2.rst deleted file mode 100644 index c4a99be88..000000000 --- a/doc/relnotes/1_3_2.rst +++ /dev/null @@ -1,21 +0,0 @@ -Version 1.3.2, 2003-11-13 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed a bug preventing DSA signatures from verifying on X.509 objects -* Made the X509_Store search routines more efficient and flexible -* Added a function to X509_PublicKey to do easy public/private key matching -* Added support for decoding indefinite length BER data -* Changed Pipe's peek() to take an offset -* Removed Filter::set_owns in favor of the new incr_owns function -* Removed BigInt::zero() and BigInt::one() -* Renamed the PEM related options from base/pem_* to pem/* -* Added an option to specify the line width when encoding PEM -* Removed the "rng/safe_longterm" option; it's always on now -* Changed the cipher used for RNG super-encryption from ARC4 to WiderWake4+1 -* Cleaned up the base64/hex encoders and decoders -* Added an ASN.1/BER decoder as an example -* AES had its internals marked 'public' in previous versions -* Changed the value of the ASN.1 NO_OBJECT enum -* Various new hacks in the configure script -* Removed the already nominal support for SunOS - diff --git a/doc/relnotes/1_3_3.rst b/doc/relnotes/1_3_3.rst deleted file mode 100644 index 236fbec85..000000000 --- a/doc/relnotes/1_3_3.rst +++ /dev/null @@ -1,18 +0,0 @@ -Version 1.3.3, 2003-11-17 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* The library can now be repeatedly initialized and shutdown without crashing -* Fixed an off-by-one error in the CTS code -* Fixed an error in the EMSA4 verification code -* Fixed a memory leak in mutex.cpp (pointed out by James Widener) -* Fixed a memory leak in Pthread_Mutex -* Fixed several memory leaks in the testing code -* Bulletproofed the EMSA/EME/KDF/MGF retrieval functions -* Minor cleanups in SecureAllocator -* Removed a needless mutex guarding the (stateless) global timer -* Fixed a piece of bash-specific code in botan-config -* X.509 objects report more information about decoding errors -* Cleaned up some of the exception handling -* Updated the example config file with new OIDSs -* Moved the build instructions into a separate document, building.tex - diff --git a/doc/relnotes/1_3_4.rst b/doc/relnotes/1_3_4.rst deleted file mode 100644 index 54a12d818..000000000 --- a/doc/relnotes/1_3_4.rst +++ /dev/null @@ -1,11 +0,0 @@ -Version 1.3.4, 2003-11-21 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added a module that does certain MPI operations using GNU MP -* Added the X9.42 Diffie-Hellman PRF -* The Zlib and Bzip2 objects now use custom allocators -* Added member functions for directly hashing/MACing SecureVectors -* Minor optimizations to the MPI addition and subtraction algorithms -* Some cleanups in the low-level MPI code -* Created separate AES-{128,192,256} objects - diff --git a/doc/relnotes/1_3_5.rst b/doc/relnotes/1_3_5.rst deleted file mode 100644 index f94df7bd9..000000000 --- a/doc/relnotes/1_3_5.rst +++ /dev/null @@ -1,21 +0,0 @@ -Version 1.3.5, 2003-11-30 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Major improvements in ASN.1 string handling -* Added partial support for ASN.1 UTF8 STRINGs and BMP STRINGs -* Added partial support for the X.509v3 certificate policies extension -* Centralized the handling of character set information -* Added FIPS 140-2 startup self tests -* Added a module (fips140) for doing extra FIPS 140-2 tests -* Added FIPS 186-2 RNG -* Improved ASN.1 BIT STRING handling -* Removed a memory leak in PKCS10_Request -* The encoding of DirectoryString now follows PKIX guidelines -* Fixed some of the character set dependencies -* Fixed a DER encoding error for tags greater than 30 -* The BER decoder can now handle tags larger than 30 -* Fixed tm_hard.cpp to recognize SPARC on more systems -* Workarounds for a GCC 2.95.x bug in x509find.cpp -* RPM changed to install into /usr instead of /usr/local -* Added support for QNX - diff --git a/doc/relnotes/1_3_6.rst b/doc/relnotes/1_3_6.rst deleted file mode 100644 index f8310d315..000000000 --- a/doc/relnotes/1_3_6.rst +++ /dev/null @@ -1,8 +0,0 @@ -Version 1.3.6, 2003-12-07 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added a new module 'minimal', which disables most algorithms -* SecureAllocator allocates a few blocks at startup -* A few minor MPI cleanups -* RPM spec file cleanups and fixes - diff --git a/doc/relnotes/1_3_7.rst b/doc/relnotes/1_3_7.rst deleted file mode 100644 index 8cbb431f5..000000000 --- a/doc/relnotes/1_3_7.rst +++ /dev/null @@ -1,13 +0,0 @@ -Version 1.3.7, 2003-12-12 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed a big security problem in es_unix -* Fixed several stability problems in es_unix -* Expanded the list of programs es_unix will try to use -* SecureAllocator now only preallocates blocks in special cases -* Added a special case in Global_RNG::seed for forcing a full poll -* Removed the FIPS 186 RNG added in 1.3.5 pending further testing -* Configure updates for PowerPC CPUs -* Removed the (never tested) VAX support -* Added support for S/390 Linux - diff --git a/doc/relnotes/1_3_8.rst b/doc/relnotes/1_3_8.rst deleted file mode 100644 index 7fac2566a..000000000 --- a/doc/relnotes/1_3_8.rst +++ /dev/null @@ -1,26 +0,0 @@ -Version 1.3.8, 2003-12-30 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Initial introduction of engine support, which separates PK keys from - the underlying operations. An engine using GNU MP was added. - -* DSA, DH, NR, and ElGamal constructors accept taking just the private - key again since the public key is easily derived from it. - -* Montgomery reduction support was added. -* ElGamal keys now support being imported/exported as ASN.1 objects -* Added Montgomery reductions -* Added an engine that uses GNU MP (requires 4.1 or later) -* Removed the obsolete mp_gmp module -* Moved several initialization/shutdown functions to init.h -* Major refactoring of the memory containers -* New non-locking container, MemoryVector -* Fixed 64-bit problems in BigInt::set_bit/clear_bit -* Renamed PK_Key::check_params() to check_key() -* Some incompatible changes to OctetString -* Added version checking macros in version.h -* Removed the fips140 module pending rewrite -* Added some functions and hooks to help GUIs -* Moved more shared code into MDx_HashFunction -* Added a policy hook for specifying the encoding of X.509 strings - diff --git a/doc/relnotes/1_3_9.rst b/doc/relnotes/1_3_9.rst deleted file mode 100644 index 1867b8231..000000000 --- a/doc/relnotes/1_3_9.rst +++ /dev/null @@ -1,10 +0,0 @@ -Version 1.3.9, 2004-03-07 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added an engine using OpenSSL (requires 0.9.7 or later) -* X509_Certificate would lose email addresses stored in the DN -* Fixed a missing initialization in a BigInt constructor -* Fixed several Visual C++ compile problems -* Fixed some BeOS build problems -* Fixed the WiderWake benchmark - diff --git a/doc/relnotes/1_4_0.rst b/doc/relnotes/1_4_0.rst deleted file mode 100644 index c1cc5ea88..000000000 --- a/doc/relnotes/1_4_0.rst +++ /dev/null @@ -1,12 +0,0 @@ -Version 1.4.0, 2004-06-26 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added the FIPS 186 RNG back -* Added copy_key functions for X.509 public keys and PKCS #8 private keys -* Fixed PKCS #1 signatures with RIPEMD-128 -* Moved some code around to avoid warnings with Sun ONE compiler -* Fixed a bug in botan-config affecting OpenBSD -* Fixed some build problems on Tru64, HP-UX -* Fixed compile problems with Intel C++, Compaq C++ - - diff --git a/doc/relnotes/1_4_1.rst b/doc/relnotes/1_4_1.rst deleted file mode 100644 index 10f45b8b1..000000000 --- a/doc/relnotes/1_4_1.rst +++ /dev/null @@ -1,11 +0,0 @@ -Version 1.4.1, 2004-10-10 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed major errors in the X.509 and PKCS #8 copy_key functions -* Added a LAST_MESSAGE meta-message number for Pipe -* Added new aliases (3DES and DES-EDE) for Triple-DES -* Added some new functions to PK_Verifier -* Cleaned up the KDF interface -* Disabled tm_posix on BSD due to header issues -* Fixed a build problem on PowerPC with GNU C++ pre-3.4 - diff --git a/doc/relnotes/1_4_10.rst b/doc/relnotes/1_4_10.rst deleted file mode 100644 index 277245284..000000000 --- a/doc/relnotes/1_4_10.rst +++ /dev/null @@ -1,20 +0,0 @@ -Version 1.4.10, 2005-12-18 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added an implementation of KASUMI, the block cipher used in 3G phones -* Refactored Pipe; output queues are now managed by a distinct class -* Made certain Filter facilities only available to subclasses of Fanout_Filter -* There is no longer any overhead in Pipe for a message that has been read out -* It is now possible to generate RSA keys as small as 128 bits -* Changed some of the core classes to derive from Algorithm as a virtual base -* Changed Randpool to use HMAC instead of a plain hash as the mixing function -* Fixed a bug in the allocators; found and fixed by Matthew Gregan -* Enabled the use of binary file I/O, when requested by the application -* The OpenSSL engine's block cipher code was missing some deallocation calls -* Disabled the es_ftw module on NetBSD, due to header problems there -* Fixed a problem preventing tm_hard from building on MacOS X on PowerPC -* Some cleanups for the modules that use inline assembler -* config.h is now stored in build/ instead of build/include/botan/ -* The header util.h was split into bit_ops.h, parsing.h, and util.h -* Cleaned up some redundant include directives - diff --git a/doc/relnotes/1_4_11.rst b/doc/relnotes/1_4_11.rst deleted file mode 100644 index 1bfb5d059..000000000 --- a/doc/relnotes/1_4_11.rst +++ /dev/null @@ -1,12 +0,0 @@ -Version 1.4.11, 2005-12-31 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Changed Whirlpool diffusion matrix to match updated algorithm spec -* Fixed several engine module build errors introduced in 1.4.10 -* Fixed two build problems in es_capi; reported by Matthew Gregan -* Added a constructor to DataSource_Memory taking a std::string -* Placing the same Filter in multiple Pipes triggers an exception -* The configure script accepts --docdir and --libdir -* Merged doc/rngs.txt into the main API document -* Thanks to Joel Low for several bug reports on early tarballs of 1.4.11 - diff --git a/doc/relnotes/1_4_12.rst b/doc/relnotes/1_4_12.rst deleted file mode 100644 index d2c134884..000000000 --- a/doc/relnotes/1_4_12.rst +++ /dev/null @@ -1,8 +0,0 @@ -Version 1.4.12, 2006-01-15 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed an off-by-one memory read in MISTY1::key() -* Fixed a nasty memory leak in Output_Buffers::retire() -* Changed maximum HMAC keylength to 1024 bits -* Fixed a build problem in the hardware timer module on 64-bit PowerPC - diff --git a/doc/relnotes/1_4_2.rst b/doc/relnotes/1_4_2.rst deleted file mode 100644 index 43cc25a42..000000000 --- a/doc/relnotes/1_4_2.rst +++ /dev/null @@ -1,14 +0,0 @@ -Version 1.4.2, 2004-10-31 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed a major CRL handling bug -* Cipher and hash operations can be offloaded to engines -* Added support for cipher and hash offload in OpenSSL engine -* Improvements for 64-bit CPUs without a widening multiply instruction -* Support for SHA2-* and Whirlpool with EMSA2 -* Fixed a long-standing build problem with conflicting include files -* Fixed some examples that hadn't been updated for 1.4.x -* Portability fixes for Solaris, BSD, HP-UX, and others -* Lots of fixes and cleanups in the configure script -* Updated the Gentoo ebuild file - diff --git a/doc/relnotes/1_4_3.rst b/doc/relnotes/1_4_3.rst deleted file mode 100644 index 016221c6c..000000000 --- a/doc/relnotes/1_4_3.rst +++ /dev/null @@ -1,10 +0,0 @@ -Version 1.4.3, 2004-11-06 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Split up SecureAllocator into Allocator and Pooling_Allocator -* Memory locking allocators are more likely to be used -* Fixed the placement of includes in some modules -* Fixed broken installation procedure -* Fixes in configure script to support alternate install programs -* Modules can specify the minimum version they support - diff --git a/doc/relnotes/1_4_4.rst b/doc/relnotes/1_4_4.rst deleted file mode 100644 index f633751f5..000000000 --- a/doc/relnotes/1_4_4.rst +++ /dev/null @@ -1,9 +0,0 @@ -Version 1.4.4, 2004-12-02 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Further tweaks to the pooling allocator -* Modified EMSA3 to support SSL/TLS signatures -* Changes to support Qt/QCA, from Justin Karneges -* Moved mux_qt module code into mod_qt -* Fixes for HP-UX from Mike Desjardins - diff --git a/doc/relnotes/1_4_5.rst b/doc/relnotes/1_4_5.rst deleted file mode 100644 index cfc8b3455..000000000 --- a/doc/relnotes/1_4_5.rst +++ /dev/null @@ -1,15 +0,0 @@ -Version 1.4.5, 2005-02-26 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add support for AES encryption of private keys -* Minor fixes for PBES2 parameter decoding -* Internal cleanups for global state variables -* GCC 3.x version detection was broken in non-English locales -* Work around a Sun Forte bug affecting mem_pool.h -* Several fixes for Borland C++ 5.5, from Friedemann Kleint -* Removed inclusion of init.h into base.h -* Fixed a major bug in reading from certificate stores -* Cleaned up a couple of mutex leaks -* Removed some left-over debugging code -* Removed SSL3_MAC, SSL3_PRF, and TLS_PRF - diff --git a/doc/relnotes/1_4_6.rst b/doc/relnotes/1_4_6.rst deleted file mode 100644 index a4450928d..000000000 --- a/doc/relnotes/1_4_6.rst +++ /dev/null @@ -1,10 +0,0 @@ -Version 1.4.6, 2005-03-13 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fix an error in the shutdown code introduced in 1.4.5 -* Setting base/pkcs8_tries to 0 disables the builtin fail-out -* Support for XMPP identifiers in X.509 certificates -* Duplicate entries in X.509 DNs are removed -* More fixes for Borland C++, from Friedemann Kleint -* Add a workaround for buggy iostreams - diff --git a/doc/relnotes/1_4_7.rst b/doc/relnotes/1_4_7.rst deleted file mode 100644 index 1531b1cfe..000000000 --- a/doc/relnotes/1_4_7.rst +++ /dev/null @@ -1,17 +0,0 @@ -Version 1.4.7, 2005-09-25 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed major performance problems with recent versions of GNU C++ -* Added an implementation of the X9.31 PRNG -* Removed the X9.17 and FIPS 186-2 PRNG algorithms -* Changed defaults to use X9.31 PRNGs as global PRNG objects -* Documentation updates to reflect the PRNG changes -* Some cleanups related to the engine code -* Removed two useless headers, base_eng.h and secalloc.h -* Removed PK_Verifier::valid_signature -* Fixed configure/build system bugs affecting MacOS X builds -* Added support for the EKOPath x86-64 compiler -* Added missing destructor for BlockCipherModePaddingMethod -* Fix some build problems with Visual C++ 2005 beta -* Fix some build problems with Visual C++ 2003 Workshop - diff --git a/doc/relnotes/1_4_8.rst b/doc/relnotes/1_4_8.rst deleted file mode 100644 index 694138ecc..000000000 --- a/doc/relnotes/1_4_8.rst +++ /dev/null @@ -1,9 +0,0 @@ -Version 1.4.8, 2005-10-16 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Resolved a bad performance problem in the allocators; fix by Matt Johnston -* Worked around a Visual Studio 2003 compilation problem introduced in 1.4.7 -* Renamed OMAC to CMAC to match the official NIST naming -* Added single byte versions of update() to PK_Signer and PK_Verifier -* Removed the unused reverse_bits and reverse_bytes functions - diff --git a/doc/relnotes/1_4_9.rst b/doc/relnotes/1_4_9.rst deleted file mode 100644 index ff663a0a5..000000000 --- a/doc/relnotes/1_4_9.rst +++ /dev/null @@ -1,17 +0,0 @@ -Version 1.4.9, 2005-11-06 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added the IBM-created AES candidate algorithm MARS -* Added the South Korean block cipher SEED -* Added the stream cipher Turing -* Added the new hash function FORK-256 -* Deprecated the ISAAC stream cipher -* Twofish and RC6 are significantly faster with GCC -* Much better support for 64-bit PowerPC -* Added support for high-resolution PowerPC timers -* Fixed a bug in the configure script causing problems on FreeBSD -* Changed ANSI X9.31 to support arbitrary block ciphers -* Make the configure script a bit less noisy -* Added more test vectors for some algorithms, including all the AES finalists -* Various cosmetic source code cleanups - diff --git a/doc/relnotes/1_5_0.rst b/doc/relnotes/1_5_0.rst deleted file mode 100644 index 6b2926510..000000000 --- a/doc/relnotes/1_5_0.rst +++ /dev/null @@ -1,13 +0,0 @@ -Version 1.5.0, 2006-01-01 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Moved all global/shared library state into a single object -* Mutex objects are created through mutex factories instead of a global -* Removed ::get_mutex(), ::initialize_mutex(), and Mutex::clone() -* Removed the RNG_Quality enum entirely -* There is now only a single global-use PRNG -* Removed the no_aliases and no_oids options for LibraryInitializer -* Removed the deprecated algorithms SEAL, ISAAC, and HAVAL -* Change es_ftw to use unbuffered I/O - - diff --git a/doc/relnotes/1_5_1.rst b/doc/relnotes/1_5_1.rst deleted file mode 100644 index 69ba5c6fa..000000000 --- a/doc/relnotes/1_5_1.rst +++ /dev/null @@ -1,15 +0,0 @@ -Version 1.5.1, 2006-01-08 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Implemented Montgomery exponentiation -* Implemented generalized Karatsuba multiplication and squaring -* Implemented Comba squaring for 4, 6, and 8 word inputs -* Added new Modular_Exponentiator and Power_Mod classes -* Removed FixedBase_Exp and FixedExponent_Exp -* Fixed a performance regression in get_allocator introduced in 1.5.0 -* Engines can now offer S2K algorithms and block cipher padding methods -* Merged the remaining global 'algolist' code into Default_Engine -* The low-level MPI code is linked as C again -* Replaced BigInt's get_nibble with the more general get_substring -* Some documentation updates - diff --git a/doc/relnotes/1_5_10.rst b/doc/relnotes/1_5_10.rst deleted file mode 100644 index e4af64bb8..000000000 --- a/doc/relnotes/1_5_10.rst +++ /dev/null @@ -1,14 +0,0 @@ -Version 1.5.10, 2006-08-13 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add x86 assembler versions of MD4, MD5, and SHA-1 -* Expand InitializerOptions' language to support on/off switches -* Fix definition of OID 2.5.4.8; was accidentally changed in 1.5.9 -* Fix possible resource leaks in the mmap allocator -* Slightly optimized buffering in MDx_HashFunction -* Initialization failures are dealt with somewhat better -* Add an example implementing Pollard's Rho algorithm -* Better option handling in the test/benchmark tool -* Expand the xor_ciph example to support longer keys -* Some updates to the documentation - diff --git a/doc/relnotes/1_5_11.rst b/doc/relnotes/1_5_11.rst deleted file mode 100644 index 144d8be66..000000000 --- a/doc/relnotes/1_5_11.rst +++ /dev/null @@ -1,11 +0,0 @@ -Version 1.5.11, 2006-09-10 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Removed the Algorithm base class -* Various cleanups in the public key inheritance hierarchy -* Major overhaul of the configure/build setup -* Added x86 assembler implementations of Serpent and low-level MPI code -* Optimizations for the SHA-1 x86 assembler -* Various improvements to the Python wrappers -* Work around a Visual Studio compiler bug - diff --git a/doc/relnotes/1_5_12.rst b/doc/relnotes/1_5_12.rst deleted file mode 100644 index 4e57fd99a..000000000 --- a/doc/relnotes/1_5_12.rst +++ /dev/null @@ -1,10 +0,0 @@ -Version 1.5.12, 2006-10-27 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Cleanups in the initialization routines -* Add some x86-64 assembly for multiply-add -* Fix problems generating very small (below 384 bit) RSA keys -* Support out of tree builds -* Bring some of the documentation up to date -* More improvements to the Python bindings - diff --git a/doc/relnotes/1_5_13.rst b/doc/relnotes/1_5_13.rst deleted file mode 100644 index b8bcf7684..000000000 --- a/doc/relnotes/1_5_13.rst +++ /dev/null @@ -1,6 +0,0 @@ -Version 1.5.13, 2006-12-10 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Compilation fixes for the bzip2, zlib, and GNU MP modules -* Better support for Intel C++ and EKOpath C++ on x86-64 - diff --git a/doc/relnotes/1_5_2.rst b/doc/relnotes/1_5_2.rst deleted file mode 100644 index 5e5a68d44..000000000 --- a/doc/relnotes/1_5_2.rst +++ /dev/null @@ -1,18 +0,0 @@ -Version 1.5.2, 2006-01-15 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed an off-by-one memory read in MISTY1::key() -* Fixed a nasty memory leak in Output_Buffers::retire() -* Reimplemented the memory allocator from scratch -* Improved memory caching in Montgomery exponentiation -* Optimizations for multiple precision addition and subtraction -* Fixed a build problem in the hardware timer module on 64-bit PowerPC -* Changed default Karatsuba cutoff to 12 words (was 14) -* Removed MemoryRegion::bits(), which was unused and incorrect -* Changed maximum HMAC keylength to 1024 bits -* Various minor Makefile and build system changes -* Avoid using std::min in <secmem.h> to bypass Windows libc macro pollution -* Switched checks/clock.cpp back to using clock() by default -* Enabled the symmetric algorithm tests, which were accidentally off in 1.5.1 -* Removed the Default_Mutex's unused clone() member function - diff --git a/doc/relnotes/1_5_3.rst b/doc/relnotes/1_5_3.rst deleted file mode 100644 index 60f5f9009..000000000 --- a/doc/relnotes/1_5_3.rst +++ /dev/null @@ -1,14 +0,0 @@ -Version 1.5.3, 2006-01-24 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Many optimizations in the low-level multiple precision integer code -* Added hooks for assembly implementations of the MPI code -* Support for the X.509 issuer alternative name extension in new certs -* Fixed a bug in the decompression modules; found and patched by Matt Johnston -* New Windows mutex module (mux_win32), by Luca Piccarreta -* Changed the Windows timer module to use QueryPerformanceCounter -* mem_pool.cpp was using std::set iterators instead of std::multiset ones -* Fixed a bug in X509_CA preventing users from disabling particular extensions -* Fixed the mp_asm64 module, which was entirely broken in 1.5.2 -* Fixed some module build problems on FreeBSD and Tru64 - diff --git a/doc/relnotes/1_5_4.rst b/doc/relnotes/1_5_4.rst deleted file mode 100644 index 44eae0598..000000000 --- a/doc/relnotes/1_5_4.rst +++ /dev/null @@ -1,19 +0,0 @@ -Version 1.5.4, 2006-01-29 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Integrated x86 and amd64 assembly code, contributed by Luca Piccarreta -* Fixed a memory access off-by-one in the Karatsuba code -* Changed Pooling_Allocator's free list search to a log(N) algorithm -* Merged ModularReducer with its only subclass, Barrett_Reducer -* Fixed sign-handling bugs in some of the division and modulo code -* Renamed the module description files to modinfo.txt -* Further cleanups in the initialization code -* Removed BigInt::add and BigInt::sub -* Merged all the division-related functions into just divide() -* Modified the <mp_asmi.h> functions to allow for better optimizations -* Made the number of bits polled from an EntropySource user configurable -* Avoid including <algorithm> in <botan/secmem.h> -* Fixed some build problems with Sun Forte -* Removed some dead code from bigint_modop -* Fix the definition of same_mem - diff --git a/doc/relnotes/1_5_5.rst b/doc/relnotes/1_5_5.rst deleted file mode 100644 index e4ab22fb5..000000000 --- a/doc/relnotes/1_5_5.rst +++ /dev/null @@ -1,13 +0,0 @@ -Version 1.5.5, 2006-02-04 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed a potential infinite loop in the memory pool code (Matt Johnston) -* Made Pooling_Allocator::Memory_Block an actual class of sorts -* Some small optimizations to the division and modulo computations -* Cleaned up the implementation of some of the BigInt operators -* Reduced use of dynamic memory allocation in low-level BigInt functions -* A few simplifications in the Randpool mixing function -* Removed power(), as it was not particularly useful (or fast) -* Fixed some annoying bugs in the benchmark code -* Added a real credits file - diff --git a/doc/relnotes/1_5_6.rst b/doc/relnotes/1_5_6.rst deleted file mode 100644 index 8925a8003..000000000 --- a/doc/relnotes/1_5_6.rst +++ /dev/null @@ -1,10 +0,0 @@ -Version 1.5.6, 2006-03-01 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* The low-level DER/BER coding system was redesigned and rewritten -* Portions of the certificate code were cleaned up internally -* Use macros to substantially clean up the GCC assembly code -* Added 32-bit x86 assembly for Visual C++ (by Luca Piccarreta) -* Avoid a couple of spurious warnings under Visual C++ -* Some slight cleanups in X509_PublicKey::key_id - diff --git a/doc/relnotes/1_5_7.rst b/doc/relnotes/1_5_7.rst deleted file mode 100644 index 45ded103f..000000000 --- a/doc/relnotes/1_5_7.rst +++ /dev/null @@ -1,8 +0,0 @@ -Version 1.5.7, 2006-05-28 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Further, major changes to the BER/DER coding system -* Updated the Qt mutex module to use Mutex_Factory -* Moved the library global state object into an anonymous namespace -* Drop the Visual C++ x86 assembly module due to bugs - diff --git a/doc/relnotes/1_5_8.rst b/doc/relnotes/1_5_8.rst deleted file mode 100644 index c7a2c549d..000000000 --- a/doc/relnotes/1_5_8.rst +++ /dev/null @@ -1,13 +0,0 @@ -Version 1.5.8, 2006-06-23 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Many internal cleanups to the X.509 cert/CRL code -* Allow for application code to support new X.509 extensions -* Change the return type of X509_Certificate::{subject,issuer}_info -* Allow for alternate character set handling mechanisms -* Fix a bug that was slowing squaring performance somewhat -* Fix a very hard to hit overflow bug in the C version of word3_muladd -* Minor cleanups to the assembler modules -* Disable es_unix module on FreeBSD due to build problem on FreeBSD 6.1 -* Support for GCC 2.95.x has been dropped in this release - diff --git a/doc/relnotes/1_5_9.rst b/doc/relnotes/1_5_9.rst deleted file mode 100644 index fa7c130fa..000000000 --- a/doc/relnotes/1_5_9.rst +++ /dev/null @@ -1,13 +0,0 @@ -Version 1.5.9, 2006-07-12 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fixed bitrot in the AEP engine -* Fix support for marking certificate/CRL extensions as critical -* Significant cleanups in the library state / initialization code -* LibraryInitializer takes an explicit InitializerOptions object -* Make Mutex_Factory an abstract class, add Default_Mutex_Factory -* Change configuration access to using global_state() -* Add support for global named mutexes throughout the library -* Add some STL wrappers for the delete operator -* Change how certificates are created to be more flexible and general - diff --git a/doc/relnotes/1_6_0.rst b/doc/relnotes/1_6_0.rst deleted file mode 100644 index 32b4d7ae8..000000000 --- a/doc/relnotes/1_6_0.rst +++ /dev/null @@ -1,6 +0,0 @@ -Version 1.6.0, 2006-12-17 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Minor cleanups versus 1.5.13 - - diff --git a/doc/relnotes/1_6_1.rst b/doc/relnotes/1_6_1.rst deleted file mode 100644 index cf1de29a0..000000000 --- a/doc/relnotes/1_6_1.rst +++ /dev/null @@ -1,8 +0,0 @@ -Version 1.6.1, 2007-01-20 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fix some base64 decoder bugs -* Add a new option to base64 encoding, to always append a newline -* Fix some build problems under Visual Studio with debug enabled -* Fix a bug in BER_Decoder that was triggered under some compilers - diff --git a/doc/relnotes/1_6_2.rst b/doc/relnotes/1_6_2.rst deleted file mode 100644 index 3fdea578f..000000000 --- a/doc/relnotes/1_6_2.rst +++ /dev/null @@ -1,7 +0,0 @@ -Version 1.6.2, 2007-03-24 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fix autodection on Athlon64s running Linux -* Fix builds on QNX and compilers using STLport -* Remove a call to abort() that crept into production - diff --git a/doc/relnotes/1_6_3.rst b/doc/relnotes/1_6_3.rst deleted file mode 100644 index c6d9f4364..000000000 --- a/doc/relnotes/1_6_3.rst +++ /dev/null @@ -1,6 +0,0 @@ -Version 1.6.3, 2007-07-23 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fix a race condition in the algorithm lookup cache -* Fix problems building the memory pool on some versions of Visual C++ - diff --git a/doc/relnotes/1_6_4.rst b/doc/relnotes/1_6_4.rst deleted file mode 100644 index 8f5295bcc..000000000 --- a/doc/relnotes/1_6_4.rst +++ /dev/null @@ -1,5 +0,0 @@ -Version 1.6.4, 2008-03-08 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fix a compilation problem with Visual Studio C++ 2003 - diff --git a/doc/relnotes/1_6_5.rst b/doc/relnotes/1_6_5.rst deleted file mode 100644 index 827adff95..000000000 --- a/doc/relnotes/1_6_5.rst +++ /dev/null @@ -1,6 +0,0 @@ -Version 1.6.5, 2008-08-27 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add noexec stack marker for GNU linker in assembly code -* Fix autoconfiguration problem on x86 with GCC 4.2 and 4.3 - diff --git a/doc/relnotes/1_7_0.rst b/doc/relnotes/1_7_0.rst deleted file mode 100644 index b9ad37914..000000000 --- a/doc/relnotes/1_7_0.rst +++ /dev/null @@ -1,11 +0,0 @@ -Version 1.7.0, 2007-05-19 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* DSA parameter generation now follows FIPS 186-3 -* Added OIDs for Rabin-Williams and Nyberg-Rueppel -* Somewhat better support for out of tree builds -* Minor optimizations for RC2 and Tiger -* Documentation updates -* Update the todo list - - diff --git a/doc/relnotes/1_7_1.rst b/doc/relnotes/1_7_1.rst deleted file mode 100644 index e53bf66d9..000000000 --- a/doc/relnotes/1_7_1.rst +++ /dev/null @@ -1,10 +0,0 @@ -Version 1.7.1, 2007-07-23 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fix a race condition in the algorithm object cache -* HMAC key schedule optimization -* The build header sets a macro defining endianness, if known -* New word load/store abstraction allowing further optimization -* Modify most of the library to avoid use the C-style casts -* Use higher resolution timers in symmetric benchmarks - diff --git a/doc/relnotes/1_7_10.rst b/doc/relnotes/1_7_10.rst deleted file mode 100644 index edaec7b71..000000000 --- a/doc/relnotes/1_7_10.rst +++ /dev/null @@ -1,12 +0,0 @@ -Version 1.7.10, 2008-09-05 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Public key benchmarks run using a selection of random keys -* New benchmark timer options are clock_gettime, gettimeofday, times, clock -* Including reinterpret_cast optimization for xor_buf in default header -* Split byte swapping and word rotation functions into distinct headers -* Add IETF modp 6144 group and 2048 and 3072 bit DSS groups -* Optimizes BigInt right shift -* Add aliases in DL_Group::Format enum -* BigInt now caches the significant word count - diff --git a/doc/relnotes/1_7_11.rst b/doc/relnotes/1_7_11.rst deleted file mode 100644 index be23f0d72..000000000 --- a/doc/relnotes/1_7_11.rst +++ /dev/null @@ -1,13 +0,0 @@ -Version 1.7.11, 2008-09-11 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added the Salsa20 stream cipher -* Optimized Montgomery reduction, Karatsuba squaring -* Added 16x16->32 word Comba multiplication and squaring -* Use a much larger Karatsuba cutoff point -* Remove bigint_mul_add_words -* Inlined several BigInt functions -* Add useful information to the generated build.h -* Rename alg_{ia32,amd64} modules to asm_{ia32,amd64} -* Fix the Windows build - diff --git a/doc/relnotes/1_7_12.rst b/doc/relnotes/1_7_12.rst deleted file mode 100644 index 21bd3da8c..000000000 --- a/doc/relnotes/1_7_12.rst +++ /dev/null @@ -1,19 +0,0 @@ -Version 1.7.12, 2008-09-18 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add x86 assembly for Visual Studio C++, by Luca Piccarreta -* Add a Perl XS module, by Vaclav Ovsik -* Add SWIG-based wrapper for Botan -* Add SSE2 implementation of SHA-1, by Dean Gaudet -* Remove the BigInt::sig_words cache due to bugs -* Combined the 4 Blowfish sboxes, suggested by Yves Jerschow -* Changed BigInt::grow_by and BigInt::grow_to to be non-const -* Add private assignment operators to classes that don't support assignment -* Benchmark RSA encryption and signatures -* Added test programs for random_prime and ressol -* Add high resolution timers for IA-64, HP-PA, S390x -* Reduce use of the RNG during benchmarks -* Fix builds on STI Cell PPU -* Add support for IBM's XLC compiler -* Add IETF 8192 bit MODP group - diff --git a/doc/relnotes/1_7_13.rst b/doc/relnotes/1_7_13.rst deleted file mode 100644 index 66591df88..000000000 --- a/doc/relnotes/1_7_13.rst +++ /dev/null @@ -1,9 +0,0 @@ -Version 1.7.13, 2008-09-27 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add SSLv3 MAC, SSLv3 PRF, and TLS v1.0 PRF from Ajisai -* Allow all examples to compile even if compression not enabled -* Make CMAC's polynomial doubling operation a public class method -* Use the -m64 flag when compiling with Sun Forte on x86-64 -* Clean up and slightly optimize CMAC::final_result - diff --git a/doc/relnotes/1_7_14.rst b/doc/relnotes/1_7_14.rst deleted file mode 100644 index 6bf5c50d2..000000000 --- a/doc/relnotes/1_7_14.rst +++ /dev/null @@ -1,11 +0,0 @@ -Version 1.7.14, 2008-09-30 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Split library into parts allowing modular builds -* Add (very preliminary) CMS support to the main library -* Some constructors now require object pointers instead of names -* Support multiple implementations of the same algorithm -* Build support for Pentium-M processors, from Derek Scherger -* Build support for MinGW/MSYS, from Zbigniew Zagorski -* Use inline assembly for bswap on 32-bit x86 - diff --git a/doc/relnotes/1_7_15.rst b/doc/relnotes/1_7_15.rst deleted file mode 100644 index 9cd34ab64..000000000 --- a/doc/relnotes/1_7_15.rst +++ /dev/null @@ -1,11 +0,0 @@ -Version 1.7.15, 2008-10-07 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add GF(p) arithmetic from InSiTo -* Add ECDSA and ECKAEG implementations from InSiTo -* Minimize internal dependencies, allowing for smaller build configurations -* Add new User Manual and Architecture Guide from FlexSecure GmbH -* Alter configure.pl options for better autotools compatibility -* Update build instructions for recent changes to configure.pl -* Fix CPU detection using /proc/cpuinfo - diff --git a/doc/relnotes/1_7_16.rst b/doc/relnotes/1_7_16.rst deleted file mode 100644 index 8b964da3f..000000000 --- a/doc/relnotes/1_7_16.rst +++ /dev/null @@ -1,12 +0,0 @@ -Version 1.7.16, 2008-10-09 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add several missing pieces needed for ECDSA and ECKAEG -* Add Card Verifiable Certificates from InSiTo -* Add SHA-224 from InSiTo -* Add BSI variant of EMSA1 from InSiTo -* Add GF(p) and ECDSA tests from InSiTo -* Split ECDSA and ECKAEG into distinct modules -* Allow OpenSSL and GNU MP engines to be built with public key algos disabled -* Rename sha256.h to sha2_32.h and sha_64.h to sha2_64.h - diff --git a/doc/relnotes/1_7_17.rst b/doc/relnotes/1_7_17.rst deleted file mode 100644 index b364d6112..000000000 --- a/doc/relnotes/1_7_17.rst +++ /dev/null @@ -1,10 +0,0 @@ -Version 1.7.17, 2008-10-12 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add missing ECDSA object identifiers -* Fix error in x86 and x86-64 assembler affecting GF(p) math -* Remove Boost dependency from GF(p) math -* Modify botan-config to not print -L/usr/lib or -L/usr/local/lib -* Add BOTAN_DLL macro to over 30 classes missing it -* Rename the two SHA-2 base classes for consistency - diff --git a/doc/relnotes/1_7_18.rst b/doc/relnotes/1_7_18.rst deleted file mode 100644 index 2bc1bf970..000000000 --- a/doc/relnotes/1_7_18.rst +++ /dev/null @@ -1,11 +0,0 @@ -Version 1.7.18, 2008-10-22 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add Doxygen comments from InSiTo -* Add ECDSA and ECKAEG benchmarks -* Add configure.pl switch --with-tr1-implementation -* Fix configure.pl's --with-endian and --with-unaligned-mem options -* Added support for pkg-config -* Optimize byteswap with x86 inline asm for Visual C++ by Yves Jerschow -* Use const references to avoid copying overhead in CurveGFp, GFpModulus - diff --git a/doc/relnotes/1_7_19.rst b/doc/relnotes/1_7_19.rst deleted file mode 100644 index c54ce354d..000000000 --- a/doc/relnotes/1_7_19.rst +++ /dev/null @@ -1,10 +0,0 @@ -Version 1.7.19, 2008-11-06 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add HMAC_RNG, based on a design by Hugo Krawczyk -* Optimized the Turing stream cipher (about 20% faster on x86-64) -* Modify Randpool's reseeding algorithm to poll more sources -* Add a new AutoSeeded_RNG in auto_rng.h -* OpenPGP_S2K changed to take hash object instead of name -* Add automatic identification for Intel's Prescott processors - diff --git a/doc/relnotes/1_7_2.rst b/doc/relnotes/1_7_2.rst deleted file mode 100644 index 3b182d246..000000000 --- a/doc/relnotes/1_7_2.rst +++ /dev/null @@ -1,11 +0,0 @@ -Version 1.7.2, 2007-10-13 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Initialize the global library state lazily -* Add plain CBC-MAC for backwards compatibility with old systems -* Clean up some of the self test code -* Throw a sensible exception if a DL_Group is not found -* Truncate KDF2 output rather than allowing counter overflow -* Add newly assigned OIDs for SHA-2 and DSA with SHA-224/256 -* Fix a Visual Studio compilation problem in x509stat.cpp - diff --git a/doc/relnotes/1_7_20.rst b/doc/relnotes/1_7_20.rst deleted file mode 100644 index 38a4b6b1c..000000000 --- a/doc/relnotes/1_7_20.rst +++ /dev/null @@ -1,8 +0,0 @@ -Version 1.7.20, 2008-11-09 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Namespace pkg-config file by major and minor versions -* Cache device descriptors in Device_EntropySource -* Split base.h into {block_cipher,stream_cipher,mac,hash}.h -* Removed get_mgf function from lookup.h - diff --git a/doc/relnotes/1_7_21.rst b/doc/relnotes/1_7_21.rst deleted file mode 100644 index d3eaf48f8..000000000 --- a/doc/relnotes/1_7_21.rst +++ /dev/null @@ -1,9 +0,0 @@ -Version 1.7.21, 2008-11-11 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Make algorithm lookup much more configuable -* Add facilities for runtime performance testing of algorithms -* Drop use of entropy estimation in the PRNGs -* Increase intervals between HMAC_RNG automatic reseeding -* Drop InitializerOptions class, all options but thread safety - diff --git a/doc/relnotes/1_7_22.rst b/doc/relnotes/1_7_22.rst deleted file mode 100644 index 52a286e83..000000000 --- a/doc/relnotes/1_7_22.rst +++ /dev/null @@ -1,10 +0,0 @@ -Version 1.7.22, 2008-11-17 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add provider preferences to Algorithm_Factory -* Fix memory leaks in PBE_PKCS5v20 and get_pbe introduced in 1.7.21 -* Optimize AES encryption and decryption (about 10% faster) -* Enable SSE2 optimized SHA-1 implementation on Intel Prescott CPUs -* Fix nanoseconds overflow in benchmark code -* Remove Engine::add_engine - diff --git a/doc/relnotes/1_7_23.rst b/doc/relnotes/1_7_23.rst deleted file mode 100644 index bd30238d2..000000000 --- a/doc/relnotes/1_7_23.rst +++ /dev/null @@ -1,15 +0,0 @@ -Version 1.7.23, 2008-11-23 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Change to use TR1 (thus enabling ECDSA) with GCC and ICC -* Optimize almost all hash functions, especially MD4 and Tiger -* Add configure.pl options --{with,without}-{bzip2,zlib,openssl,gnump} -* Change Timer to be pure virtual, and add ANSI_Clock_Timer -* Cache socket descriptors in the EGD entropy source -* Avoid bogging down startup in /proc walking entropy source -* Remove Buffered_EntropySource helper class -* Add a Default_Benchmark_Timer typedef in benchmark.h -* Add examples using benchmark.h and Algorithm_Factory -* Add ECC tests from InSiTo -* Minor documentation updates - diff --git a/doc/relnotes/1_7_24.rst b/doc/relnotes/1_7_24.rst deleted file mode 100644 index f43c752ff..000000000 --- a/doc/relnotes/1_7_24.rst +++ /dev/null @@ -1,15 +0,0 @@ -Version 1.7.24, 2008-12-01 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fix a compatibility problem with SHA-512/EMSA3 signature padding -* Fix bug preventing EGD/PRNGD entropy poller from working -* Fix integer overflow in Pooling_Allocator::get_more_core (bug id #27) -* Add EMSA3_Raw, a variant of EMSA3 called CKM_RSA_PKCS in PKCS #11 -* Add support for SHA-224 in EMSA2 and EMSA3 PK signature padding schemes -* Add many more test vectors for RSA with EMSA2, EMSA3, and EMSA4 -* Wrap private structs in SSE2 SHA-1 code in anonymous namespace -* Change configure.pl's CPU autodetection output to be more consistent -* Disable using OpenSSL's AES due to crashes of unknown cause -* Fix warning in /proc walking entropy poller -* Fix compilation with IBM XLC for Cell 0.9-200709 - diff --git a/doc/relnotes/1_7_3.rst b/doc/relnotes/1_7_3.rst deleted file mode 100644 index 8426978cd..000000000 --- a/doc/relnotes/1_7_3.rst +++ /dev/null @@ -1,12 +0,0 @@ -Version 1.7.3, 2008-01-23 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* New invocation syntax for configure.pl with several new options -* Support for IPv4 addresses in a subject alternative name -* New fast poll for the generic Unix entropy source (es_unix) -* The es_file entropy source has been replaced by the es_dev module -* The malloc allocator does not inherit from Pooling_Allocator anymore -* The path that es_unix will search in are now fully user-configurable -* Truncate X9.42 PRF output rather than allow counter overflow -* PowerPC is now assumed to be big-endian - diff --git a/doc/relnotes/1_7_4.rst b/doc/relnotes/1_7_4.rst deleted file mode 100644 index 608b7ffb1..000000000 --- a/doc/relnotes/1_7_4.rst +++ /dev/null @@ -1,11 +0,0 @@ -Version 1.7.4, 2008-03-10 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Use unaligned memory read/writes on systems that allow it, for performance -* Assembly for x86-64 for accessing the bswap instruction -* Use larger buffers in ARC4 and WiderWAKE for significant throughput increase -* Unroll loops in SHA-160 for a few percent increase in performance -* Fix compilation with GCC 3.2 in es_ftw and es_unix -* Build fix for NetBSD systems -* Prevent es_dev from being built except on Unix systems - diff --git a/doc/relnotes/1_7_5.rst b/doc/relnotes/1_7_5.rst deleted file mode 100644 index f5ec97e14..000000000 --- a/doc/relnotes/1_7_5.rst +++ /dev/null @@ -1,14 +0,0 @@ -Version 1.7.5, 2008-04-12 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* The API of X509_CA::sign_request was altered to avoid race conditions -* New type Pipe::message_id to represent the Pipe message number -* Remove the Named_Mutex_Holder for a small performance gain -* Removed several unused or rarely used functions from Config -* Ignore spaces inside of a decimal string in BigInt::decode -* Allow using a std::istream to initialize a DataSource_Stream object -* Fix compilation problem in zlib compression module -* The chunk sized used by Pooling_Allocator is now a compile time setting -* The size of random blinding factors is now a compile time setting -* The install target no longer tries to set a particular owner/group - diff --git a/doc/relnotes/1_7_6.rst b/doc/relnotes/1_7_6.rst deleted file mode 100644 index 3fb6064fd..000000000 --- a/doc/relnotes/1_7_6.rst +++ /dev/null @@ -1,12 +0,0 @@ -Version 1.7.6, 2008-05-05 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Initial support for Windows DLLs, from Joel Low -* Reset the position pointer when a new block is generated in X9.32 PRNG -* Timer objects are now treated as entropy sources -* Moved several ASN.1-related enums from enums.h to an appropriate header -* Removed the AEP module, due to inability to test -* Removed Global_RNG and rng.h -* Removed system_clock -* Removed Library_State::UI and the pulse callback logic - diff --git a/doc/relnotes/1_7_7.rst b/doc/relnotes/1_7_7.rst deleted file mode 100644 index 9934959e0..000000000 --- a/doc/relnotes/1_7_7.rst +++ /dev/null @@ -1,14 +0,0 @@ -Version 1.7.7, 2008-06-28 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Remove the global PRNG object -* The PK filter objects were removed -* Add a test suite for the ANSI X9.31 PRNG -* Much cleaner and (mostly) thread-safe reimplementation of es_ftw -* Remove both default arguments to ANSI_X931_RNG's constructor -* Remove the randomizing version of OctetString::change -* Make the cipher and MAC to use in Randpool configurable -* Move RandomNumberGenerator declaration to rng.h -* RSA_PrivateKey will not generate keys smaller than 1024 bits -* Fix an error decoding BER UNIVERSAL types with special taggings - diff --git a/doc/relnotes/1_7_8.rst b/doc/relnotes/1_7_8.rst deleted file mode 100644 index b02451214..000000000 --- a/doc/relnotes/1_7_8.rst +++ /dev/null @@ -1,12 +0,0 @@ -Version 1.7.8, 2008-07-15 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Added the block cipher Noekeon -* Remove global deref_alias function -* X509_Store takes timeout options as constructor arguments -* Add Shanks-Tonelli algorithm, contributed by FlexSecure GmbH -* Extend random_prime() for generating primes of any bit length -* Remove Config class -* Allow adding new entropy via base RNG interface -* Reseeding a X9.31 PRNG also reseeds the underlying PRNG - diff --git a/doc/relnotes/1_7_9.rst b/doc/relnotes/1_7_9.rst deleted file mode 100644 index 039106d71..000000000 --- a/doc/relnotes/1_7_9.rst +++ /dev/null @@ -1,9 +0,0 @@ -Version 1.7.9, 2008-08-27 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Make clear() in most algorithm base classes a pure virtual -* Add noexec stack marker for GNU linker in assembly code -* Avoid string operations in ressol -* Compilation fixes for MinGW and Visual Studio C++ 2008 -* Some autoconfiguration fixes for Windows - diff --git a/doc/relnotes/1_8_0.rst b/doc/relnotes/1_8_0.rst deleted file mode 100644 index e9ebbe43f..000000000 --- a/doc/relnotes/1_8_0.rst +++ /dev/null @@ -1,6 +0,0 @@ -Version 1.8.0, 2008-12-08 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fix compilation on Solaris with GCC - - diff --git a/doc/relnotes/1_8_1.rst b/doc/relnotes/1_8_1.rst deleted file mode 100644 index 532842fba..000000000 --- a/doc/relnotes/1_8_1.rst +++ /dev/null @@ -1,8 +0,0 @@ -Version 1.8.1, 2009-01-20 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Avoid a valgrind warning in es_unix.cpp on 32-bit Linux -* Fix memory leak in PKCS8 load_key and encrypt_key -* Relicense api.tex from CC-By-SA 2.5 to BSD -* Fix botan-config on MacOS X, Solaris - diff --git a/doc/relnotes/1_8_10.rst b/doc/relnotes/1_8_10.rst deleted file mode 100644 index 3c4f62b09..000000000 --- a/doc/relnotes/1_8_10.rst +++ /dev/null @@ -1,11 +0,0 @@ -Version 1.8.10, 2010-08-31 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Switch default PKCS #8 encryption algorithm from 3DES to AES-256 -* Increase default hash iterations from 2048 to 10000 in PBES1 and PBES2 -* Use small tables in the first round of AES -* Add PBKDF typedef and get_pbkdf for better compatability with 1.9 -* Add version of S2K::derive_key taking salt and iteration count -* Enable the /proc-walking entropy source on NetBSD -* Fix the doxygen makefile target - diff --git a/doc/relnotes/1_8_11.rst b/doc/relnotes/1_8_11.rst deleted file mode 100644 index 688023ab4..000000000 --- a/doc/relnotes/1_8_11.rst +++ /dev/null @@ -1,10 +0,0 @@ -Version 1.8.11, 2010-11-02 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fix a number of CRL encoding and decoding bugs -* When building a debug library under VC++, use the debug runtime -* Fix compilation under Sun Studio on Linux and Solaris -* Add several functions for compatability with 1.9 -* In the examples, read most input files as binary -* The Perl build script has been removed in this release - diff --git a/doc/relnotes/1_8_12.rst b/doc/relnotes/1_8_12.rst deleted file mode 100644 index 14d29325e..000000000 --- a/doc/relnotes/1_8_12.rst +++ /dev/null @@ -1,14 +0,0 @@ -Version 1.8.12, 2011-06-20 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -* If EMSA3(Raw) was used for more than one signature, it would produce - incorrect output. - -* Fix the --enable-debug option to configure.py - -* Improve OS detection on Cygwin - -* Fix compilation under Sun Studio 12 on Solaris - -* Fix a memory leak in the constructors of DataSource_Stream and - DataSink_Stream which would occur if opening the file failed (:pr:`144`) - diff --git a/doc/relnotes/1_8_13.rst b/doc/relnotes/1_8_13.rst deleted file mode 100644 index e96f6e449..000000000 --- a/doc/relnotes/1_8_13.rst +++ /dev/null @@ -1,7 +0,0 @@ -Version 1.8.13, 2011-07-02 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* A race condition in `Algorithm_Factory` could cause crashes in - multithreaded code. See :botan-devel:`this thread on botan-devel - <2011-July/001455>` for details and workarounds. - diff --git a/doc/relnotes/1_8_14.rst b/doc/relnotes/1_8_14.rst deleted file mode 100644 index cf48e3cc7..000000000 --- a/doc/relnotes/1_8_14.rst +++ /dev/null @@ -1,17 +0,0 @@ -Version 1.8.14, 2012-07-18 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* The malloc allocator would return null instead of throwing in the - event of an allocation failure, which could cause an application - crash due to null pointer dereference where normally an exception - would occur. - -* Recent versions of OpenSSL include extra information in ECC private - keys, the presence of which caused an exception when such a key was - loaded by botan. The decoding of ECC private keys has been changed to - ignore these fields if they are set. - -* AutoSeeded_RNG has been changed to prefer ``/dev/random`` over - ``/dev/urandom`` - -* Fix detection of s390x (Debian bug 638347) diff --git a/doc/relnotes/1_8_2.rst b/doc/relnotes/1_8_2.rst deleted file mode 100644 index 8ba19973b..000000000 --- a/doc/relnotes/1_8_2.rst +++ /dev/null @@ -1,8 +0,0 @@ -Version 1.8.2, 2009-04-07 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Make entropy polling more flexible and in most cases faster -* GOST 28147 now supports multiple sbox parameters -* Added the GOST 34.11 hash function -* Fix botan-config problems on MacOS X - diff --git a/doc/relnotes/1_8_3.rst b/doc/relnotes/1_8_3.rst deleted file mode 100644 index 3bfe7bde0..000000000 --- a/doc/relnotes/1_8_3.rst +++ /dev/null @@ -1,14 +0,0 @@ -Version 1.8.3, 2009-07-11 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add a new Python configuration script -* Add the Skein-512 SHA-3 candidate hash function -* Add the XTS block cipher mode from IEEE P1619 -* Fix random_prime when generating a prime of less than 7 bits -* Improve handling of low-entropy situations during PRNG seeding -* Change random device polling to prefer /dev/urandom over /dev/random -* Use an input insensitive implementation of same_mem instead of memcmp -* Correct DataSource::discard_next to return the number of discarded bytes -* Provide a default value for AutoSeeded_RNG::reseed -* Fix Gentoo bug 272242 - diff --git a/doc/relnotes/1_8_4.rst b/doc/relnotes/1_8_4.rst deleted file mode 100644 index b103db11f..000000000 --- a/doc/relnotes/1_8_4.rst +++ /dev/null @@ -1,5 +0,0 @@ -Version 1.8.4, 2009-07-12 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fix a bug in nonce generation in the Miller-Rabin test - diff --git a/doc/relnotes/1_8_5.rst b/doc/relnotes/1_8_5.rst deleted file mode 100644 index f2675de99..000000000 --- a/doc/relnotes/1_8_5.rst +++ /dev/null @@ -1,8 +0,0 @@ -Version 1.8.5, 2009-07-23 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Change configure.py to work on stock Python 2.4 -* Avoid a crash in Skein_512::add_data processing a zero-length input -* Small build fixes for SPARC, ARM, and HP-PA processors -* The test suite now returns an error code from main() if any tests failed - diff --git a/doc/relnotes/1_8_6.rst b/doc/relnotes/1_8_6.rst deleted file mode 100644 index 6e4fa8c56..000000000 --- a/doc/relnotes/1_8_6.rst +++ /dev/null @@ -1,13 +0,0 @@ -Version 1.8.6, 2009-08-13 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add Cryptobox, a set of simple password-based encryption routines -* Only read world-readable files when walking /proc for entropy -* Fix building with TR1 disabled -* Fix x86 bswap support for Visual C++ -* Fixes for compilation under Sun C++ -* Add support for Dragonfly BSD (contributed by Patrick Georgi) -* Add support for the Open64 C++ compiler -* Build fixes for MIPS systems running Linux -* Minor changes to license, now equivalent to the FreeBSD/NetBSD license - diff --git a/doc/relnotes/1_8_7.rst b/doc/relnotes/1_8_7.rst deleted file mode 100644 index e5bf54649..000000000 --- a/doc/relnotes/1_8_7.rst +++ /dev/null @@ -1,6 +0,0 @@ -Version 1.8.7, 2009-09-09 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fix processing multiple messages in XTS mode -* Add --no-autoload option to configure.py, for minimized builds - diff --git a/doc/relnotes/1_8_8.rst b/doc/relnotes/1_8_8.rst deleted file mode 100644 index a46032c20..000000000 --- a/doc/relnotes/1_8_8.rst +++ /dev/null @@ -1,8 +0,0 @@ -Version 1.8.8, 2009-11-03 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Alter Skein-512 to match the tweaked 1.2 specification -* Fix use of inline asm for access to x86 bswap function -* Allow building the library without AES enabled -* Add 'powerpc64' alias to ppc64 arch for Gentoo ebuild - diff --git a/doc/relnotes/1_8_9.rst b/doc/relnotes/1_8_9.rst deleted file mode 100644 index c66198364..000000000 --- a/doc/relnotes/1_8_9.rst +++ /dev/null @@ -1,27 +0,0 @@ -Version 1.8.9, 2010-06-16 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Use constant time multiplication in IDEA - -* Avoid possible timing attack against OAEP decoding - -* Add new X509::BER_encode and PKCS8::BER_encode - -* Enable DLL builds under Windows - -* Add Win32 installer support - -* Add support for the Clang compiler - -* Fix problem in semcem.h preventing build under Clang or GCC 3.4 - -* Fix bug that prevented creation of DSA groups under 1024 bits - -* Fix crash in GMP_Engine if library is shutdown and reinitialized and - a PK algorithm was used after the second init - -* Work around problem with recent binutils in x86-64 SHA-1 - -* The Perl build script is no longer supported and refuses to run by - default. If you really want to use it, pass - ``--i-know-this-is-broken`` to the script. diff --git a/doc/relnotes/1_9_0.rst b/doc/relnotes/1_9_0.rst deleted file mode 100644 index 3e0407887..000000000 --- a/doc/relnotes/1_9_0.rst +++ /dev/null @@ -1,12 +0,0 @@ -Version 1.9.0, 2009-09-09 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add support for parallel invocation of block ciphers where possible -* Add SSE2 implementation of Serpent -* Add Rivest's package transform (an all or nothing transform) -* Minor speedups to the Turing key schedule -* Fix processing multiple messages in XTS mode -* Add --no-autoload option to configure.py, for minimized builds -* The previously used configure.pl script is no longer supported - - diff --git a/doc/relnotes/1_9_1.rst b/doc/relnotes/1_9_1.rst deleted file mode 100644 index e044f1d3c..000000000 --- a/doc/relnotes/1_9_1.rst +++ /dev/null @@ -1,16 +0,0 @@ -Version 1.9.1, 2009-10-23 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Better support for Python and Perl wrappers -* Add an implementation of Blue Midnight Wish (Round 2 tweak version) -* Modify Skein-512 to match the tweaked 1.2 specification -* Add threshold secret sharing (draft-mcgrew-tss-02) -* Add runtime cpu feature detection for x86/x86-64 -* Add code for general runtime self testing for hashes, MACs, and ciphers -* Optimize XTEA; twice as fast as before on Core2 and Opteron -* Convert CTR_BE and OFB from filters to stream ciphers -* New parsing code for SCAN algorithm names -* Enable SSE2 optimizations under Visual C++ -* Remove all use of C++ exception specifications -* Add support for GNU/Hurd and Clang/LLVM - diff --git a/doc/relnotes/1_9_10.rst b/doc/relnotes/1_9_10.rst deleted file mode 100644 index 296c34ca3..000000000 --- a/doc/relnotes/1_9_10.rst +++ /dev/null @@ -1,26 +0,0 @@ -Version 1.9.10, 2010-08-12 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add a constant-time AES implementation using SSSE3. This code is - based on public domain assembly written by `Mike Hamburg - <http://crypto.stanford.edu/vpaes/>`_, and described in his CHES - 2009 paper "Accelerating AES with Vector Permute Instructions". In - addition to being constant time, it is also significantly faster - than the table-based implementation on some processors. The current - code has been tested with GCC 4.5, Visual C++ 2008, and Clang 2.8. - - -* Support for dynamically loading Engine objects at runtime was also - added. Currently only system that use ``dlopen``-style dynamic - linking are supported. - -* On GCC 4.3 and later, use the byteswap intrinsic functions. - -* Drop support for building with Python 2.4 - -* Fix benchmarking of block ciphers in ECB mode - -* Consolidate the two x86 assembly engines - -* Rename S2K to PBKDF - diff --git a/doc/relnotes/1_9_11.rst b/doc/relnotes/1_9_11.rst deleted file mode 100644 index ea48fb9e5..000000000 --- a/doc/relnotes/1_9_11.rst +++ /dev/null @@ -1,44 +0,0 @@ -Version 1.9.11, 2010-11-29 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* The TLS API has changed substantially and now relies heavily on - TR1's ``std::function`` is now required. Additionally, it is - required that all callers derive a subclass of TLS_Policy and pass - it to a client or server object. Please remember that the TLS - interface/API is currently unstable and will very likely change - further before TLS is included in a stable release. A handshake - failure that occured when RC4 was negotiated has also been fixed. - -* Some possible timing channels in the implementations of Montgomery - reduction and the IDEA key schedule were removed. The table-based - AES implementation uses smaller tables in the first round to help - make some timing/cache attacks harder. - -* The library now uses size_t instead of u32bit to represent - lengths. Also the interfaces for the memory containers have changed - substantially to better match STL container interfaces; - MemoryRegion::append, MemoryRegion::destroy, and MemoryRegion::set - were all removed, and several other functions, like clear and - resize, have changed meaning. - -* Update Skein-512 to match the v1.3 specification -* Fix a number of CRL encoding and decoding bugs -* Counter mode now always encrypts 256 blocks in parallel -* Use small tables in the first round of AES -* Removed AES class: app must choose AES-128, AES-192, or AES-256 -* Add hex encoding/decoding functions that can be used without a Pipe -* Add base64 encoding functions that can be used without a Pipe -* Add to_string function to X509_Certificate -* Add support for dynamic engine loading on Windows -* Replace BlockCipher::BLOCK_SIZE attribute with function block_size() -* Replace HashFunction::HASH_BLOCK_SIZE attribute with hash_block_size() -* Move PBKDF lookup to engine system -* The IDEA key schedule has been changed to run in constant time -* Add Algorithm and Key_Length_Specification classes -* Switch default PKCS #8 encryption algorithm from AES-128 to AES-256 -* Allow using PBKDF2 with empty passphrases -* Add compile-time deprecation warnings for GCC, Clang, and MSVC -* Support use of HMAC(SHA-256) and CMAC(Blowfish) in passhash9 -* Improve support for Intel Atom processors -* Fix compilation problems under Sun Studio and Clang - diff --git a/doc/relnotes/1_9_12.rst b/doc/relnotes/1_9_12.rst deleted file mode 100644 index 21ad561d5..000000000 --- a/doc/relnotes/1_9_12.rst +++ /dev/null @@ -1,7 +0,0 @@ -Version 1.9.12, 2010-12-13 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add the Keccak hash function -* Fix compilation problems in Python wrappers -* Fix compilation problem in OpenSSL engine -* Update SQLite3 database encryption codec diff --git a/doc/relnotes/1_9_13.rst b/doc/relnotes/1_9_13.rst deleted file mode 100644 index 701b6e5f0..000000000 --- a/doc/relnotes/1_9_13.rst +++ /dev/null @@ -1,30 +0,0 @@ -Version 1.9.13, 2011-02-19 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -GOST 34.10 signatures were being formatted in a way that was not -compatible with other implemenations, and specifically how GOST is -used in DNSSEC. - -The Keccak hash function was updated to the tweaked variant proposed -for round 3 of the NIST hash competition. This version is not -compatible with the previous algorithm. - -A new option ``--distribution-info`` was added to the configure -script. It allows the user building the library to set any -distribution-specific notes on the build, which are available as a -macro ``BOTAN_DISTRIBUTION_INFO``. The default value is -'unspecified'. If you are building an unmodified version of botan -(especially for distribution), and want to indicate to applications -that this is the case, consider using -``--distribution-info=pristine``. If you are making any patches or -modifications, it is recommended to use -``--distribution-info=[Distribution Name] [Version]``, for instance -'FooNix 1.9.13-r3'. - -Some bugs preventing compilation under Clang 2.9 and Sun Studio 12 -were fixed. - -The DER/BER codecs use ``size_t`` instead of ``u32bit`` for small -integers - - diff --git a/doc/relnotes/1_9_14.rst b/doc/relnotes/1_9_14.rst deleted file mode 100644 index 318d7b53d..000000000 --- a/doc/relnotes/1_9_14.rst +++ /dev/null @@ -1,10 +0,0 @@ -Version 1.9.14, 2011-03-01 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add support for bcrypt, OpenBSD's password hashing scheme. - -* Add support for NIST's AES key wrapping algorithm, as described in - :rfc:`3394`. It is available by including ``rfc3394.h``. - -* Fix an infinite loop in zlib filters introduced in 1.9.11 (:pr:`142`) - diff --git a/doc/relnotes/1_9_15.rst b/doc/relnotes/1_9_15.rst deleted file mode 100644 index 77b8dbde9..000000000 --- a/doc/relnotes/1_9_15.rst +++ /dev/null @@ -1,25 +0,0 @@ -Version 1.9.15, 2011-03-21 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* First release candidate for 1.10.0 - -* Modify how message expansion is done in SHA-256 and SHA-512. - Instead of expanding the entire message at the start, compute them - in the minimum number of registers. Values are computed 15 rounds - before they are needed. On a Core i7-860, GCC 4.5.2, went from 143 - to 157 MiB/s in SHA-256, and 211 to 256 MiB/s in SHA-512. - -* Pipe will delete empty output queues as soon as they are no longer - needed, even if earlier messages still have data unread. However an - (empty) entry in a deque of pointers will remain until all prior - messages are completely emptied. - -* Avoid reading the SPARC ``%tick`` register on OpenBSD as unlike the - Linux and NetBSD kernels, it will not trap and emulate it for us, - causing a illegal instruction crash. - -* Improve detection and autoconfiguration for ARM processors. Thanks - go out to the the `Tahoe-LAFS Software Foundation - <http://tahoe-lafs.org>`_, who donated a Sheevaplug that I'll be - using to figure out how to make the cryptographic primitives - Tahoe-LAFS relies on faster, particularly targeting the ARMv5TE. diff --git a/doc/relnotes/1_9_16.rst b/doc/relnotes/1_9_16.rst deleted file mode 100644 index fe7441be8..000000000 --- a/doc/relnotes/1_9_16.rst +++ /dev/null @@ -1,52 +0,0 @@ -Version 1.9.16, 2011-04-11 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Second release candidate for 1.10.0 - -* The documentation, previously written in LaTeX, is now in - reStructuredText suitable for processing by `Sphinx - <http://sphinx.pocoo.org>`_, which can generate nicely formatted - HTML and PDFs. The documentation has also been greatly updated and - expanded. - -* The class ``EC_Domain_Params`` has been renamed ``EC_Group``, with a - typedef for backwards compatability. - -* ``EC_Group``'s string constructor didn't understand the standard - names like "secp160r1", forcing use of the OIDs. - -* Two constructors for ECDSA private keys, the one that creates a new - random key, and the one that provides a preset private key as a - ``BigInt``, have been merged. This matches the existing interface - for DSA and DH keys. If you previously used the version taking a - ``BigInt`` private key, you'll have to additionally pass in a - ``RandomNumberGenerator`` object starting in this release. - -* It is now possible to create ECDH keys with a preset ``BigInt`` - private key; previously no method for this was available. - -* The overload of ``generate_passhash9`` that takes an explicit - algorithm identifier has been merged with the one that does not. - The algorithm identifier code has been moved from the second - parameter to the fourth. - -* Change shared library versioning to match the normal Unix - conventions. Instead of ``libbotan-X.Y.Z.so``, the shared lib is - named ``libbotan-X.Y.so.Z``; this allows the runtime linker to do - its runtime linky magic. It can be safely presumed that any change - in the major or minor version indicates ABI incompatability. - -* Remove the socket wrapper code; it was not actually used by anything - in the library, only in the examples, and you can use whatever kind - of (blocking) socket interface you like with the SSL/TLS code. It's - available as socket.h in the examples directory if you want to use - it. - -* Disable the by-default 'strong' checking of private keys that are - loaded from storage. You can always request key material sanity - checking using Private_Key::check_key. - -* Bring back removed functions ``min_keylength_of``, - ``max_keylength_of``, ``keylength_multiple_of`` in ``lookup.h`` to - avoid breaking applications written against 1.8 - diff --git a/doc/relnotes/1_9_17.rst b/doc/relnotes/1_9_17.rst deleted file mode 100644 index 794120be3..000000000 --- a/doc/relnotes/1_9_17.rst +++ /dev/null @@ -1,45 +0,0 @@ -Version 1.9.17, 2011-04-29 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Third release candidate for 1.10.0 - -* The format preserving encryption method currently available was - presented in the header ``fpe.h`` and the functions ``fpe_encrypt`` - and ``fpe_decrypt``. These were renamed as it is likely that other - FPE schemes will be included in the future. The header is now - ``fpe_fe1.h``, and the functions are named ``fe1_encrypt`` and - ``fe1_decrypt``. - -* New options to ``configure.py`` control what tools are used for - documentation generation. The ``--with-sphinx`` option enables using - Sphinx to convert ReST into HTML; otherwise the ReST sources are - installed directly. If ``--with-doxygen`` is used, Doxygen will run - as well. Documentation generation can be triggered via the ``docs`` - target in the makefile; it will also be installed by the install - target on Unix. - -* A bug in 1.9.16 effectively disabled support for runtime CPU feature - detection on x86 under GCC in that release. - -* A mostly internal change, all references to "ia32" and "amd64" have - been changed to the vendor neutral and probably easier to understand - "x86-32" and "x86-64". For instance, the "mp_amd64" module has been - renamed "mp_x86_64", and the macro indicating x86-32 has changed - from ``BOTAN_TARGET_ARCH_IS_IA32`` to - ``BOTAN_TARGET_ARCH_IS_X86_32``. The classes calling assembly have - also been renamed. - -* Similiarly to the above change, the AES implemenations using the - AES-NI instruction set have been renamed from AES_XXX_Intel to - AES_XXX_NI. - -* Systems that are identified as `sun4u` will default to compiling for - 32-bit SPARCv9 code rather than 64-bit. This matches the still - common convention for 32-bit SPARC userspaces. If you want 64-bit - code on such as system, use ``--cpu=sparc64``. - -* Some minor fixes for compiling botan under the BeOS - clone/continuation `Haiku <http://haiku-os.org>`_. - -* Further updates to the documentation - diff --git a/doc/relnotes/1_9_18.rst b/doc/relnotes/1_9_18.rst deleted file mode 100644 index b82167bdf..000000000 --- a/doc/relnotes/1_9_18.rst +++ /dev/null @@ -1,81 +0,0 @@ -Version 1.9.18, 2011-06-03 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Fourth release candidate for 1.10.0 - -* The GOST 34.10 verification operation was not ensuring that s and r - were both greater than zero. This could potentially have meant it - would have accepted an invalid all-zero signature as valid for any - message. Due to how ECC points are internally represented it instead - resulted in an exception being thrown. - -* A simple multiexponentation algorithm is now used in ECDSA and - GOST-34.10 signature verification, leading to 20 to 25% improvements - in ECDSA and 25% to 40% improvements in GOST-34.10 verification - performance. - -* The internal representation of elliptic curve points has been - modified to use Montgomery representation exclusively, resulting in - reduced memory usage and a 10 to 20% performance improvement for - ECDSA and ECDH. - -* In OAEP decoding, scan for the delimiter bytes using a loop that is - written without conditionals so as to help avoid timing analysis. - Unfortunately GCC at least is 'smart' enough to compile it to - jumps anyway. - -* The SSE2 implementation of IDEA did not work correctly when compiled - by Clang, because the trick it used to emulate a 16 bit unsigned - compare in SSE (which doesn't contain one natively) relied on signed - overflow working in the 'usual' way. A different method that doesn't - rely on signed overflow is now used. - -* Add support for compiling SSL using Visual C++ 2010's TR1 - implementation. - -* Fix a bug under Visual C++ 2010 which would cause ``hex_encode`` to - crash if given a zero-sized input to encode. - -* A new build option ``--via-amalgamation`` will first generate the - single-file amalgamation, then build the library from that single - file. This option requires a lot of memory and does not parallelize, - but the resulting library is smaller and may be faster. - -* On Unix, the library and header paths have been changed to allow - parallel installation of different versions of the library. Headers - are installed into ``<prefix>/include/botan-1.9/botan``, libraries - are named ``libbotan-1.9``, and ``botan-config`` is now namespaced - (so in this release ``botan-config-1.9``). All of these embedded - versions will be 1.10 in the upcoming stable release. - -* The soname system has been modified. In this release the library - soname is ``libbotan-1.9.so.0``, with the full library being named - ``libbotan-1.9.so.0.18``. The ``0`` is the ABI version, and will be - incremented whenever a breaking ABI change is made. - -* TR1 support is not longer automatically assumed under older versions - of GCC - -* Functions for base64 decoding that work standalone (without needing - to use a pipe) have been added to ``base64.h`` - -* The function ``BigInt::to_u32bit`` was inadvertently removed in 1.9.11 - and has been added back. - -* The function ``BigInt::get_substring`` did not work correctly with a - *length* argument of 32. - -* The implementation of ``FD_ZERO`` on Solaris uses ``memset`` and - assumes the caller included ``string.h`` on its behalf. Do so to - fix compilation in the ``dev_random`` and ``unix_procs`` entropy - sources. Patch from Jeremy C. Reed. - -* Add two different configuration targets for Atom, since some are - 32-bit and some are 64-bit. The 'atom' target now refers to the - 64-bit implementations, use 'atom32' to target the 32-bit - processors. - -* The (incomplete) support for CMS and card verifiable certificates - are disabled by default; add ``--enable-modules=cms`` or - ``--enable-modules=cvc`` during configuration to turn them back on. - diff --git a/doc/relnotes/1_9_2.rst b/doc/relnotes/1_9_2.rst deleted file mode 100644 index e3a46b770..000000000 --- a/doc/relnotes/1_9_2.rst +++ /dev/null @@ -1,9 +0,0 @@ -Version 1.9.2, 2009-11-03 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add SIMD version of XTEA -* Support both SSE2 and AltiVec SIMD for Serpent and XTEA -* Optimizations for SHA-1 and SHA-2 -* Add AltiVec runtime detection -* Fix x86 CPU identification with Intel C++ and Visual C++ - diff --git a/doc/relnotes/1_9_3.rst b/doc/relnotes/1_9_3.rst deleted file mode 100644 index 7e7b27efc..000000000 --- a/doc/relnotes/1_9_3.rst +++ /dev/null @@ -1,11 +0,0 @@ -Version 1.9.3, 2009-11-19 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add new AES implementation using Intel's AES instruction intrinsics -* Add an implementation of format preserving encryption -* Allow use of any hash function in X.509 certificate creation -* Optimizations for MARS, Skipjack, and AES -* Set macros for available SIMD instructions in build.h -* Add support for using InnoSetup to package Windows builds -* By default build a DLL on Windows - diff --git a/doc/relnotes/1_9_4.rst b/doc/relnotes/1_9_4.rst deleted file mode 100644 index 60e02ffd6..000000000 --- a/doc/relnotes/1_9_4.rst +++ /dev/null @@ -1,57 +0,0 @@ -Version 1.9.4, 2010-03-09 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add the Ajisai SSLv3/TLSv1.0 implementation - -* Add GOST 34.10-2001 public key signature scheme -* Add SIMD implementation of Noekeon - -* Add SSE2 implementation of IDEA - -* Extend Salsa20 to support longer IVs (XSalsa20) - -* Perform XTS encryption and decryption in parallel where possible - -* Perform CBC decryption in parallel where possible - -* Add SQLite3 db encryption codec, contributed by Olivier de Gaalon - -* Add a block cipher cascade construction - -* Add support for password hashing for authentication (passhash9.h) - -* Add support for Win32 high resolution system timers - -* Major refactoring and API changes in the public key code - -* PK_Signer class now verifies all signatures before releasing them to - the caller; this should help prevent a wide variety of fault - attacks, though it does have the downside of hurting signature - performance, particularly for DSA/ECDSA. - -* Changed S2K interface: derive_key now takes salt, iteration count - -* Remove dependency on TR1 shared_ptr in ECC and CVC code - -* Renamed ECKAEG to its more usual name, ECDH - -* Fix crash in GMP_Engine if library is shutdown and reinitialized - -* Fix an invalid memory read in MD4 - -* Fix Visual C++ static builds - -* Remove Timer class entirely - -* Switch default PKCS #8 encryption algorithm from 3DES to AES-128 - -* New configuration option, ``--gen-amalgamation``, creates a pair of - files (``botan_all.cpp`` and ``botan_all.h``) which contain the - contents of the library as it would have normally been compiled - based on the set configuration. - -* Many headers are now explicitly internal-use-only and are not installed - -* Greatly improve the Win32 installer - -* Several fixes for Visual C++ debug builds diff --git a/doc/relnotes/1_9_5.rst b/doc/relnotes/1_9_5.rst deleted file mode 100644 index cdcd8db4b..000000000 --- a/doc/relnotes/1_9_5.rst +++ /dev/null @@ -1,14 +0,0 @@ -Version 1.9.5, 2010-03-29 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Numerous ECC optimizations -* Fix GOST 34.10-2001 X.509 key loading -* Allow PK_Signer's fault protection checks to be toggled off -* Avoid using pool-based locking allocator if we can't mlock -* Remove all runtime options -* New BER_Decoder::{decode_and_check, decode_octet_string_bigint} -* Remove SecureBuffer in favor of SecureVector length parameter -* HMAC_RNG: Perform a poll along with user-supplied entropy -* Fix crash in MemoryRegion if Allocator::get failed -* Fix small compilation problem on FreeBSD - diff --git a/doc/relnotes/1_9_6.rst b/doc/relnotes/1_9_6.rst deleted file mode 100644 index 971da7bca..000000000 --- a/doc/relnotes/1_9_6.rst +++ /dev/null @@ -1,9 +0,0 @@ -Version 1.9.6, 2010-04-09 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* TLS: Add support for TLS v1.1 -* TLS: Support server name indicator extension -* TLS: Fix server handshake -* TLS: Fix server using DSA certificates -* TLS: Avoid timing channel between CBC padding check and MAC verification - diff --git a/doc/relnotes/1_9_7.rst b/doc/relnotes/1_9_7.rst deleted file mode 100644 index 4c6e2c21d..000000000 --- a/doc/relnotes/1_9_7.rst +++ /dev/null @@ -1,11 +0,0 @@ -Version 1.9.7, 2010-04-27 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* TLS: Support reading SSLv2 client hellos -* TLS: Add support for SEED ciphersuites (RFC 4162) -* Add Comb4P hash combiner function - -* Fix checking of EMSA_Raw signatures with leading 0 bytes, valid - signatures could be rejected in certain scenarios. - - diff --git a/doc/relnotes/1_9_8.rst b/doc/relnotes/1_9_8.rst deleted file mode 100644 index a671d946c..000000000 --- a/doc/relnotes/1_9_8.rst +++ /dev/null @@ -1,13 +0,0 @@ -Version 1.9.8, 2010-06-14 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Add support for wide multiplications on 64-bit Windows -* Use constant time multiplication in IDEA -* Avoid possible timing attack against OAEP decoding -* Removed FORK-256; rarely used and it has been broken -* Rename ``--use-boost-python`` to ``--with-boost-python`` -* Skip building shared libraries on MinGW/Cygwin -* Fix creation of 512 and 768 bit DL groups using the DSA kosherizer -* Fix compilation on GCC versions before 4.3 (missing cpuid.h) -* Fix compilation under the Clang compiler - diff --git a/doc/relnotes/1_9_9.rst b/doc/relnotes/1_9_9.rst deleted file mode 100644 index 4ff1a9c0c..000000000 --- a/doc/relnotes/1_9_9.rst +++ /dev/null @@ -1,26 +0,0 @@ -Version 1.9.9, 2010-06-28 -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -A new pure virtual function has been added to ``Filter``, ``name`` -which simply returns some useful identifier for the object. Any -out-of-tree ``Filter`` implementations will need to be updated. - -Add ``Keyed_Filter::valid_iv_length`` which makes it possible to query -as to what IV length(s) a particular filter allows. Previously, -partially because there was no such query mechanism, if a filter did -not support IVs at all, then calls to ``set_iv`` would be silently -ignored. Now an exception about the invalid IV length will be thrown. - -The default iteration count for the password based encryption schemes -has been increased from 2048 to 10000. This should make -password-guessing attacks against private keys encrypted with versions -after this release somewhat harder. - -New functions for encoding public and private keys to binary, -``X509::BER_encode`` and ``PKCS8::BER_encode`` have been added. - -Problems compiling under Apple's version of GCC 4.2.1 and on 64-bit -MIPS systems using GCC 4.4 or later were fixed. - -The coverage of Doxygen documentation comments has significantly -improved in this release. diff --git a/doc/relnotes/contents.rst b/doc/relnotes/contents.rst deleted file mode 100644 index 406fc4133..000000000 --- a/doc/relnotes/contents.rst +++ /dev/null @@ -1,8 +0,0 @@ - -Release Notes -======================================== - -.. toctree:: - :maxdepth: 2 - - index diff --git a/doc/relnotes/index.rst b/doc/relnotes/index.rst deleted file mode 100644 index b93b327f5..000000000 --- a/doc/relnotes/index.rst +++ /dev/null @@ -1,278 +0,0 @@ - -Release Notes -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Series 1.11 ----------------------------------------- - -.. toctree:: - :maxdepth: 1 - - 1_11_18 - 1_11_17 - 1_11_16 - 1_11_15 - 1_11_14 - 1_11_13 - 1_11_12 - 1_11_11 - 1_11_10 - 1_11_9 - 1_11_8 - 1_11_7 - 1_11_6 - 1_11_5 - 1_11_4 - 1_11_3 - 1_11_2 - 1_11_1 - 1_11_0 - -Series 1.10 ----------------------------------------- - -.. toctree:: - - 1_10_9 - 1_10_8 - 1_10_7 - 1_10_6 - 1_10_5 - 1_10_4 - 1_10_3 - 1_10_2 - 1_10_1 - 1_10_0 - -Series 1.9 ----------------------------------------- - -.. toctree:: - - 1_9_18 - 1_9_17 - 1_9_16 - 1_9_15 - 1_9_14 - 1_9_13 - 1_9_12 - 1_9_11 - 1_9_10 - 1_9_9 - 1_9_8 - 1_9_7 - 1_9_6 - 1_9_5 - 1_9_4 - 1_9_3 - 1_9_2 - 1_9_1 - 1_9_0 - -Series 1.8 ----------------------------------------- - -.. toctree:: - - 1_8_14 - 1_8_13 - 1_8_12 - 1_8_11 - 1_8_10 - 1_8_9 - 1_8_8 - 1_8_7 - 1_8_6 - 1_8_5 - 1_8_4 - 1_8_3 - 1_8_2 - 1_8_1 - 1_8_0 - -Series 1.7 ----------------------------------------- - -.. toctree:: - - 1_7_24 - 1_7_23 - 1_7_22 - 1_7_21 - 1_7_20 - 1_7_19 - 1_7_18 - 1_7_17 - 1_7_16 - 1_7_15 - 1_7_14 - 1_7_13 - 1_7_12 - 1_7_11 - 1_7_10 - 1_7_9 - 1_7_8 - 1_7_7 - 1_7_6 - 1_7_5 - 1_7_4 - 1_7_3 - 1_7_2 - 1_7_1 - 1_7_0 - -Series 1.6 ----------------------------------------- - -.. toctree:: - - 1_6_5 - 1_6_4 - 1_6_3 - 1_6_2 - 1_6_1 - 1_6_0 - -Series 1.5 ----------------------------------------- - -.. toctree:: - - 1_5_13 - 1_5_12 - 1_5_11 - 1_5_10 - 1_5_9 - 1_5_8 - 1_5_7 - 1_5_6 - 1_5_5 - 1_5_4 - 1_5_3 - 1_5_2 - 1_5_1 - 1_5_0 - -Series 1.4 ----------------------------------------- - -.. toctree:: - - 1_4_12 - 1_4_11 - 1_4_10 - 1_4_9 - 1_4_8 - 1_4_7 - 1_4_6 - 1_4_5 - 1_4_4 - 1_4_3 - 1_4_2 - 1_4_1 - 1_4_0 - -Series 1.3 ----------------------------------------- - -.. toctree:: - - 1_3_14 - 1_3_13 - 1_3_12 - 1_3_11 - 1_3_10 - 1_3_9 - 1_3_8 - 1_3_7 - 1_3_6 - 1_3_5 - 1_3_4 - 1_3_3 - 1_3_2 - 1_3_1 - 1_3_0 - -Series 1.2 ----------------------------------------- - -.. toctree:: - - 1_2_8 - 1_2_7 - 1_2_6 - 1_2_5 - 1_2_4 - 1_2_3 - 1_2_2 - 1_2_1 - 1_2_0 - -Series 1.1 ----------------------------------------- - -.. toctree:: - - 1_1_13 - 1_1_12 - 1_1_11 - 1_1_10 - 1_1_9 - 1_1_8 - 1_1_7 - 1_1_6 - 1_1_5 - 1_1_4 - 1_1_3 - 1_1_2 - 1_1_1 - 1_1_0 - -Series 1.0 ----------------------------------------- - -.. toctree:: - - 1_0_2 - 1_0_1 - 1_0_0 - -Series 0.9 ----------------------------------------- - -.. toctree:: - - 0_9_2 - 0_9_1 - 0_9_0 - -Series 0.8 ----------------------------------------- - -.. toctree:: - - 0_8_7 - 0_8_6 - 0_8_5 - 0_8_4 - 0_8_3 - 0_8_2 - 0_8_1 - 0_8_0 - -Series 0.7 ----------------------------------------- - -.. toctree:: - - 0_7_10 - 0_7_9 - 0_7_8 - 0_7_7 - 0_7_6 - 0_7_5 - 0_7_4 - 0_7_3 - 0_7_2 - 0_7_1 - 0_7_0 diff --git a/src/build-data/sphinx/conf.py b/src/build-data/sphinx/conf.py index 29a1c1fe7..378cfbc65 100644 --- a/src/build-data/sphinx/conf.py +++ b/src/build-data/sphinx/conf.py @@ -35,7 +35,6 @@ if is_website_build and use_disqus: files_dir = 'http://botan.randombit.net/releases' extlinks = { - 'pr': ('http://bugs.randombit.net/show_bug.cgi?id=%s', 'PR '), 'wikipedia': ('https://en.wikipedia.org/wiki/%s', ''), 'botan-devel': ('http://lists.randombit.net/pipermail/botan-devel/%s.html', None), diff --git a/src/scripts/combine_relnotes.py b/src/scripts/combine_relnotes.py deleted file mode 100755 index cf9a78ad7..000000000 --- a/src/scripts/combine_relnotes.py +++ /dev/null @@ -1,89 +0,0 @@ -#!/usr/bin/python - -""" -(C) 2014 Jack Lloyd - -Botan is released under the Simplified BSD License (see license.txt) -""" - -import re -import sys -import os -import sys - -def open_for_utf8(fsname, mode): - if sys.version_info[0] == 3: - return open(fsname, mode, encoding='utf-8') - else: - return open(fsname, mode) - -def combine_relnotes(relnote_dir, with_rst_labels): - - relnotes = [p for p in os.listdir(relnote_dir) if p.startswith(('0', '1', '2'))] - - re_version = re.compile('Version (\d+\.\d+\.\d+), ([0-9]{4}-[0-9]{2}-[0-9]{2})$') - re_nyr = re.compile('Version (\d+\.\d+\.\d+), Not Yet Released$') - - version_contents = {} - version_date = {} - versions = [] - versions_nyr = [] - - for f in relnotes: - contents = open_for_utf8(os.path.join(relnote_dir, f), 'r').readlines() - - match = re_version.match(contents[0]) - - if match: - version = match.group(1) - date = match.group(2) - versions.append(version) - version_date[version] = date - else: - match = re_nyr.match(str(contents[0])) - if not match: - raise Exception('No version match for %s' % (f)) - - version = match.group(1) - versions_nyr.append(version) - - version_contents[version] = (''.join(contents)).strip() - - def make_label(v): - if with_rst_labels: - return ".. _v%s:\n\n" % (v.replace('.', '_')) - else: - return '' - - s = '' - - s += "Release Notes\n" - s += "========================================\n" - s += "\n" - - date_to_version = {} - for (v,d) in version_date.items(): - date_to_version.setdefault(d, []).append(v) - - if len(versions_nyr) > 0: - for v in versions_nyr: - s += make_label(v) - s += version_contents[v] - s += "\n\n" - - for d in sorted(date_to_version.keys(), reverse=True): - for v in sorted(date_to_version[d]): - s += make_label(v) - s += version_contents[v] - s += "\n\n" - - return s - -def main(args = None): - if args is None: - args = sys.argv - - print(combine_relnotes(args[1], True)) - -if __name__ == '__main__': - sys.exit(main()) |