aboutsummaryrefslogtreecommitdiffstats
path: root/doc
diff options
context:
space:
mode:
Diffstat (limited to 'doc')
-rw-r--r--doc/dev/todo.rst26
-rw-r--r--doc/manual/python.rst2
-rw-r--r--doc/relnotes/1_11_14.rst72
3 files changed, 62 insertions, 38 deletions
diff --git a/doc/dev/todo.rst b/doc/dev/todo.rst
index ae1853dbf..223c50bbb 100644
--- a/doc/dev/todo.rst
+++ b/doc/dev/todo.rst
@@ -5,13 +5,16 @@ These are features either requested by users or that seem like
potentially useful things to have. Several are quite self-contained
and could make a quick project.
-Request a new feature by sending a patch.
+Request a new feature by sending a patch to this file or by writing to
+the mailing list.
Basic Crypto
----------------------------------------
+* Bitsliced AES or Camellia
+* Serpent using AVX2
* scrypt
-* BLAKE2
+* BLAKE2b
* EdDSA
* Skein-MAC
* ARIA (Korean block cipher, RFCs 5794 and 6209)
@@ -36,18 +39,20 @@ PKIX
* OCSP responder logic
* X.509 attribute certificates (RFC 5755)
-ECC / BigInt / Math
+Public Key Crypto, Math, Algorithms
----------------------------------------
-* Specialized reductions for P-256 and P-384
-* MP asm optimizations - SSE2, ARM/NEON, ...
+* Add specialized reductions for P-256 and P-384
+* Optimizations for BigInt using SSE2, ARM/NEON, AVX2, ...
+* Fast new implementations/algorithms for ECC point operations,
+ Montgomery multiplication, multi-exponentiation, ...
New Protocols
----------------------------------------
* Off-The-Record message protocol
* Some useful subset of OpenPGP
-* SSHv2 server
+* SSHv2 client and/or server
* Cash schemes (such as Lucre, credlib, bitcoin?)
Accelerators / backends
@@ -60,7 +65,12 @@ Accelerators / backends
* ARMv8 crypto extensions
* Intel Skylake SHA-1/SHA-2
-Python
+Python/FFI
----------------------------------------
-* TLS, ECDSA, bcrypt, ...
+* Expose TLS
+
+Build
+----------------------------------------
+
+* Code signing for Windows installers
diff --git a/doc/manual/python.rst b/doc/manual/python.rst
index a1239253b..295caa3c3 100644
--- a/doc/manual/python.rst
+++ b/doc/manual/python.rst
@@ -202,7 +202,7 @@ Public Key
Public Key Operations
----------------------------------------
-.. py:class:: pk_op_encrypt(pubkey, padding, rng)
+.. py:class:: pk_op_encrypt(pubkey, padding)
.. py:method:: encrypt(msg, rng)
diff --git a/doc/relnotes/1_11_14.rst b/doc/relnotes/1_11_14.rst
index 008d2e795..88c14b444 100644
--- a/doc/relnotes/1_11_14.rst
+++ b/doc/relnotes/1_11_14.rst
@@ -1,35 +1,49 @@
Version 1.11.14, Not Yet Released
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-* The global state object previously used by the library has been
- removed and no form of initialization is required to use the library.
- LibraryInitializer remains as a stub.
-
-* The new `ffi` submodule provides a simple C API/ABI for a number of
- useful operations (hashing, ciphers, public key operations, etc)
- which is easily accessed using the FFI modules included in many
- languages. A new Python wrapper using the Python `ctypes` module
- is available. The old Boost.Python wrapper has been removed.
-
-* OCB mode, which provides a fast and constant time AEAD mode without
- requiring hardware support, is now supported in TLS, following
- draft-zauner-tls-aes-ocb-01. Because this specification is not yet
- finalized is not yet enabled by the default policy, and the
- ciphersuite numbers used are in the experimental range and may
- conflict with other uses.
+* The global state object previously used by the library has been removed and no
+ form of initialization is required to use the library. The global PRNG has
+ also been removed. LibraryInitializer remains as a stub.
+
+ The engine code has also been removed, replaced by a much lighter-weight
+ object registry system which provides lookups in faster time and with less
+ memory overhead than the previous approach.
+
+* The new `ffi` submodule provides a simple C API/ABI for a number of useful
+ operations (hashing, ciphers, public key operations, etc) which is easily
+ accessed using the FFI modules included in many languages. A new Python
+ wrapper using the Python `ctypes` module is available. The old Boost.Python
+ wrapper has been removed.
+
+* PBKDF and KDF operations now provide a way to write the desired output
+ directly to an application-specified area rather than always allocating a new
+ heap buffer.
+
+* HKDF, previously provided using a non-standard interface, now uses the
+ standard KDF interface and is retreivable using get_kdf.
+
+* OCB mode, which provides a fast and constant time AEAD mode without requiring
+ hardware support, is now supported in TLS, following
+ draft-zauner-tls-aes-ocb-01. Because this specification is not yet finalized
+ is not yet enabled by the default policy, and the ciphersuite numbers used are
+ in the experimental range and may conflict with other uses.
+
+* Add ability to read TLS policy from text file
+
+* Remove use of memset_s which caused problems with amalgamation on OS X.
+ Github 42, 45
* The memory usage of the counter mode implementation has been reduced.
-* The memory allocator available on Unix systems which uses mmap and
- mlock to lock a pool of memory now checks an environment variable
- BOTAN_MLOCK_POOL_SIZE. If this is set to a smaller value then the
- library would originally have allocated the user specified size is
- used. You can also set it to zero to disable the pool entirely.
- Previously the allocator would consume all available mlocked memory,
- this allows botan to coexist with an application which wants to
- mlock memory of its own.
-
-* The botan-config script previously installed on Unix systems has
- been removed. Its functionality is replaced by the `config` command
- of the `botan` tool executable, for example `botan config cflags`
- instead of `botan-config --cflags`.
+* The memory allocator available on Unix systems which uses mmap and mlock to
+ lock a pool of memory now checks an environment variable
+ BOTAN_MLOCK_POOL_SIZE. If this is set to a smaller value then the library
+ would originally have allocated the user specified size is used. You can also
+ set it to zero to disable the pool entirely. Previously the allocator would
+ consume all available mlocked memory, this allows botan to coexist with an
+ application which wants to mlock memory of its own.
+
+* The botan-config script previously installed on Unix systems has been
+ removed. Its functionality is replaced by the `config` command of the `botan`
+ tool executable, for example `botan config cflags` instead of `botan-config
+ --cflags`.