blob: 9297a2278df6ecc76eab360ecd8d92bf34e9882d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
|
Version 1.11.10, 2014-12-10
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* An implementation of McEliece code-based public key encryption based
on INRIA's HyMES and secured against a variety of side-channels was
contributed by cryptosource GmbH. The original version is LGPL but
cryptosource has secured permission to release an adaptation under a
BSD license. A CCA2-secure KEM scheme is also included.
The implementation is further described in
http://www.cryptosource.de/docs/mceliece_in_botan.pdf and
http://cryptosource.de/news_mce_in_botan_en.html
* DSA and ECDSA now create RFC 6979 deterministic signatures.
* Add support for TLS fallback signaling (draft-ietf-tls-downgrade-scsv-00).
Clients will send a fallback SCSV if the version passed to the Client
constructor is less than the latest version supported by local policy, so
applications implementing fallback are protected. Servers always check the
SCSV.
* In previous versions a TLS::Server could service either TLS or DTLS
connections depending on policy settings and what type of client hello it
received. This has changed and now a Server object is initialized for
either TLS or DTLS operation. The default policy previously prohibited
DTLS, precisely to prevent a TCP server from being surprised by a DTLS
connection. The default policy now allows TLS v1.0 or higher or DTLS v1.2.
* Fixed a bug in CCM mode which caused it to produce incorrect tags when used
with a value of L other than 2. This affected CCM TLS ciphersuites, which
use L=3. Thanks to Manuel Pégourié-Gonnard for the anaylsis and patch.
Bugzilla 270.
* DTLS now supports timeouts and handshake retransmits. Timeout checking
is triggered by the application calling the new TLS::Channel::timeout_check.
* Add a TLS policy hook to disable putting the value of the local clock in hello
random fields.
* All compression operations previously available as Filters are now
performed via the Transformation API, which minimizes memory copies.
Compression operations are still available through the Filter API
using new general compression/decompression filters in comp_filter.h
* The zlib module now also supports gzip compression and decompression.
* Avoid a crash in low-entropy situations when reading from /dev/random, when
select indicated the device was readable but by the time we start the read the
entropy pool had been depleted.
* The Miller-Rabin primality test function now takes a parameter allowing the
user to directly specify the maximum false negative probability they are
willing to accept.
* PKCS #8 private keys can now be encrypted using GCM mode instead of
unauthenticated CBC. The default remains CBC for compatability.
* The default PKCS #8 encryption scheme has changed to use PBKDF2 with
SHA-256 instead of SHA-1
* A specialized reducer for P-521 was added.
* On Linux the mlock allocator will use MADV_DONTDUMP on the pool so
that the contents are not included in coredumps.
* A new interface for directly using a system-provided PRNG is
available in system_rng.h. Currently only systems with /dev/urandom
are supported.
* Fix decoding indefinite length BER constructs that contain a context sensitive
tag of zero. Github pull 26 from Janusz Chorko.
* The GNU MP engine has been removed.
* Added AltiVec detection for POWER8 processors.
* Add a new install script written in Python which replaces shell hackery in the
makefiles.
* Various modifications to better support Visual C++ 2013 and 2015. Github
issues 11, 17, 18, 21, 22.
|
