diff options
Diffstat (limited to 'doc')
-rw-r--r-- | doc/dev/todo.rst | 26 | ||||
-rw-r--r-- | doc/manual/python.rst | 2 | ||||
-rw-r--r-- | doc/relnotes/1_11_14.rst | 72 |
3 files changed, 62 insertions, 38 deletions
diff --git a/doc/dev/todo.rst b/doc/dev/todo.rst index ae1853dbf..223c50bbb 100644 --- a/doc/dev/todo.rst +++ b/doc/dev/todo.rst @@ -5,13 +5,16 @@ These are features either requested by users or that seem like potentially useful things to have. Several are quite self-contained and could make a quick project. -Request a new feature by sending a patch. +Request a new feature by sending a patch to this file or by writing to +the mailing list. Basic Crypto ---------------------------------------- +* Bitsliced AES or Camellia +* Serpent using AVX2 * scrypt -* BLAKE2 +* BLAKE2b * EdDSA * Skein-MAC * ARIA (Korean block cipher, RFCs 5794 and 6209) @@ -36,18 +39,20 @@ PKIX * OCSP responder logic * X.509 attribute certificates (RFC 5755) -ECC / BigInt / Math +Public Key Crypto, Math, Algorithms ---------------------------------------- -* Specialized reductions for P-256 and P-384 -* MP asm optimizations - SSE2, ARM/NEON, ... +* Add specialized reductions for P-256 and P-384 +* Optimizations for BigInt using SSE2, ARM/NEON, AVX2, ... +* Fast new implementations/algorithms for ECC point operations, + Montgomery multiplication, multi-exponentiation, ... New Protocols ---------------------------------------- * Off-The-Record message protocol * Some useful subset of OpenPGP -* SSHv2 server +* SSHv2 client and/or server * Cash schemes (such as Lucre, credlib, bitcoin?) Accelerators / backends @@ -60,7 +65,12 @@ Accelerators / backends * ARMv8 crypto extensions * Intel Skylake SHA-1/SHA-2 -Python +Python/FFI ---------------------------------------- -* TLS, ECDSA, bcrypt, ... +* Expose TLS + +Build +---------------------------------------- + +* Code signing for Windows installers diff --git a/doc/manual/python.rst b/doc/manual/python.rst index a1239253b..295caa3c3 100644 --- a/doc/manual/python.rst +++ b/doc/manual/python.rst @@ -202,7 +202,7 @@ Public Key Public Key Operations ---------------------------------------- -.. py:class:: pk_op_encrypt(pubkey, padding, rng) +.. py:class:: pk_op_encrypt(pubkey, padding) .. py:method:: encrypt(msg, rng) diff --git a/doc/relnotes/1_11_14.rst b/doc/relnotes/1_11_14.rst index 008d2e795..88c14b444 100644 --- a/doc/relnotes/1_11_14.rst +++ b/doc/relnotes/1_11_14.rst @@ -1,35 +1,49 @@ Version 1.11.14, Not Yet Released ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -* The global state object previously used by the library has been - removed and no form of initialization is required to use the library. - LibraryInitializer remains as a stub. - -* The new `ffi` submodule provides a simple C API/ABI for a number of - useful operations (hashing, ciphers, public key operations, etc) - which is easily accessed using the FFI modules included in many - languages. A new Python wrapper using the Python `ctypes` module - is available. The old Boost.Python wrapper has been removed. - -* OCB mode, which provides a fast and constant time AEAD mode without - requiring hardware support, is now supported in TLS, following - draft-zauner-tls-aes-ocb-01. Because this specification is not yet - finalized is not yet enabled by the default policy, and the - ciphersuite numbers used are in the experimental range and may - conflict with other uses. +* The global state object previously used by the library has been removed and no + form of initialization is required to use the library. The global PRNG has + also been removed. LibraryInitializer remains as a stub. + + The engine code has also been removed, replaced by a much lighter-weight + object registry system which provides lookups in faster time and with less + memory overhead than the previous approach. + +* The new `ffi` submodule provides a simple C API/ABI for a number of useful + operations (hashing, ciphers, public key operations, etc) which is easily + accessed using the FFI modules included in many languages. A new Python + wrapper using the Python `ctypes` module is available. The old Boost.Python + wrapper has been removed. + +* PBKDF and KDF operations now provide a way to write the desired output + directly to an application-specified area rather than always allocating a new + heap buffer. + +* HKDF, previously provided using a non-standard interface, now uses the + standard KDF interface and is retreivable using get_kdf. + +* OCB mode, which provides a fast and constant time AEAD mode without requiring + hardware support, is now supported in TLS, following + draft-zauner-tls-aes-ocb-01. Because this specification is not yet finalized + is not yet enabled by the default policy, and the ciphersuite numbers used are + in the experimental range and may conflict with other uses. + +* Add ability to read TLS policy from text file + +* Remove use of memset_s which caused problems with amalgamation on OS X. + Github 42, 45 * The memory usage of the counter mode implementation has been reduced. -* The memory allocator available on Unix systems which uses mmap and - mlock to lock a pool of memory now checks an environment variable - BOTAN_MLOCK_POOL_SIZE. If this is set to a smaller value then the - library would originally have allocated the user specified size is - used. You can also set it to zero to disable the pool entirely. - Previously the allocator would consume all available mlocked memory, - this allows botan to coexist with an application which wants to - mlock memory of its own. - -* The botan-config script previously installed on Unix systems has - been removed. Its functionality is replaced by the `config` command - of the `botan` tool executable, for example `botan config cflags` - instead of `botan-config --cflags`. +* The memory allocator available on Unix systems which uses mmap and mlock to + lock a pool of memory now checks an environment variable + BOTAN_MLOCK_POOL_SIZE. If this is set to a smaller value then the library + would originally have allocated the user specified size is used. You can also + set it to zero to disable the pool entirely. Previously the allocator would + consume all available mlocked memory, this allows botan to coexist with an + application which wants to mlock memory of its own. + +* The botan-config script previously installed on Unix systems has been + removed. Its functionality is replaced by the `config` command of the `botan` + tool executable, for example `botan config cflags` instead of `botan-config + --cflags`. |