diff options
Diffstat (limited to 'doc/relnotes/1_11_14.rst')
-rw-r--r-- | doc/relnotes/1_11_14.rst | 72 |
1 files changed, 43 insertions, 29 deletions
diff --git a/doc/relnotes/1_11_14.rst b/doc/relnotes/1_11_14.rst index 008d2e795..88c14b444 100644 --- a/doc/relnotes/1_11_14.rst +++ b/doc/relnotes/1_11_14.rst @@ -1,35 +1,49 @@ Version 1.11.14, Not Yet Released ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -* The global state object previously used by the library has been - removed and no form of initialization is required to use the library. - LibraryInitializer remains as a stub. - -* The new `ffi` submodule provides a simple C API/ABI for a number of - useful operations (hashing, ciphers, public key operations, etc) - which is easily accessed using the FFI modules included in many - languages. A new Python wrapper using the Python `ctypes` module - is available. The old Boost.Python wrapper has been removed. - -* OCB mode, which provides a fast and constant time AEAD mode without - requiring hardware support, is now supported in TLS, following - draft-zauner-tls-aes-ocb-01. Because this specification is not yet - finalized is not yet enabled by the default policy, and the - ciphersuite numbers used are in the experimental range and may - conflict with other uses. +* The global state object previously used by the library has been removed and no + form of initialization is required to use the library. The global PRNG has + also been removed. LibraryInitializer remains as a stub. + + The engine code has also been removed, replaced by a much lighter-weight + object registry system which provides lookups in faster time and with less + memory overhead than the previous approach. + +* The new `ffi` submodule provides a simple C API/ABI for a number of useful + operations (hashing, ciphers, public key operations, etc) which is easily + accessed using the FFI modules included in many languages. A new Python + wrapper using the Python `ctypes` module is available. The old Boost.Python + wrapper has been removed. + +* PBKDF and KDF operations now provide a way to write the desired output + directly to an application-specified area rather than always allocating a new + heap buffer. + +* HKDF, previously provided using a non-standard interface, now uses the + standard KDF interface and is retreivable using get_kdf. + +* OCB mode, which provides a fast and constant time AEAD mode without requiring + hardware support, is now supported in TLS, following + draft-zauner-tls-aes-ocb-01. Because this specification is not yet finalized + is not yet enabled by the default policy, and the ciphersuite numbers used are + in the experimental range and may conflict with other uses. + +* Add ability to read TLS policy from text file + +* Remove use of memset_s which caused problems with amalgamation on OS X. + Github 42, 45 * The memory usage of the counter mode implementation has been reduced. -* The memory allocator available on Unix systems which uses mmap and - mlock to lock a pool of memory now checks an environment variable - BOTAN_MLOCK_POOL_SIZE. If this is set to a smaller value then the - library would originally have allocated the user specified size is - used. You can also set it to zero to disable the pool entirely. - Previously the allocator would consume all available mlocked memory, - this allows botan to coexist with an application which wants to - mlock memory of its own. - -* The botan-config script previously installed on Unix systems has - been removed. Its functionality is replaced by the `config` command - of the `botan` tool executable, for example `botan config cflags` - instead of `botan-config --cflags`. +* The memory allocator available on Unix systems which uses mmap and mlock to + lock a pool of memory now checks an environment variable + BOTAN_MLOCK_POOL_SIZE. If this is set to a smaller value then the library + would originally have allocated the user specified size is used. You can also + set it to zero to disable the pool entirely. Previously the allocator would + consume all available mlocked memory, this allows botan to coexist with an + application which wants to mlock memory of its own. + +* The botan-config script previously installed on Unix systems has been + removed. Its functionality is replaced by the `config` command of the `botan` + tool executable, for example `botan config cflags` instead of `botan-config + --cflags`. |