1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
Version 1.11.5, 2013-11-10
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* The TLS callback signatures have changed - there are now two distinct
callbacks for application data and alerts. TLS::Client and TLS::Server have
constructors which continue to accept the old callback and use it for both
operations.
* The entropy collector that read from randomness devices had two bugs - it
would break out of the poll as soon as any read succeeded, and it selected on
each device individually. When a blocking source was first in the device list
and the entropy pool was running low, the reader might either block in select
until eventually timing out (continuing on to read from /dev/urandom instead),
or read just a few bytes, skip /dev/urandom, fail to satisfy the entropy
target, and the poll would continue using other (slower) sources. This caused
substantial performance/latency problems in RNG heavy applications. Now all
devices are selected over at once, with the effect that a full read from
urandom always occurs, along with however much (if any) output is available
from blocking sources.
* Previously AutoSeeded_RNG referenced a globally shared PRNG instance.
Now each instance has distinct state.
* The entropy collector that runs Unix programs to collect statistical
data now runs multiple processes in parallel, greatly reducing poll
times on some systems.
* The Randpool RNG implementation was removed.
* All existing cipher mode implementations (such as CBC and XTS) have been
converted from filters to using the interface previously provided by
AEAD modes which allows for in-place message
processing. Code which directly references the filter objects will break, but
an adaptor filter allows usage through get_cipher as usual.
* An implementation of CCM mode from RFC 3601 has been added, as well as CCM
ciphersuites for TLS.
* The implementation of OCB mode now supports 64 and 96 bit tags
* Optimized computation of XTS tweaks, producing a substantial speedup
* Add support for negotiating Brainpool ECC curves in TLS
* TLS v1.2 will not negotiate plain SHA-1 signatures by default.
* TLS channels now support sending a ``std::vector``
* Add a generic 64x64->128 bit multiply instruction operation in mul128.h
* Avoid potentially undefined operations in the bit rotation operations. Not
known to have caused problems under existing compilers but might break in the
future. Found by Clang sanitizer, reported by Jeffrey Walton.
|
