forked from pool/Botan
Pedro Monreal Gonzalez
26ea3dbb76
Botan 2.18.0, enable and run tests OBS-URL: https://build.opensuse.org/request/show/886088 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=104
1632 lines
71 KiB
Plaintext
1632 lines
71 KiB
Plaintext
-------------------------------------------------------------------
|
||
Fri Apr 16 16:56:20 UTC 2021 - Ferdinand Thiessen <rpm@fthiessen.de>
|
||
|
||
- Botan 2.18.0
|
||
* Add support for implementing custom RNG objects through the FFI
|
||
interface
|
||
* Improve safegcd bounds, improving runtime performance
|
||
* Reject non-TLS messages as quickly as possible without waiting
|
||
for a full record.
|
||
* Fixes for TLS::Stream::async_shutdown
|
||
- Removed unneeded GNU MP build requirement, support was dropped
|
||
with version 1.11.10
|
||
- Enabled check target, verify integrity of build library
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Dec 23 09:20:07 UTC 2020 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Botan 2.17.3:
|
||
* Harden against side-channels from decoding secret values by
|
||
changing the base64, base58, base32, and hex encoding and
|
||
decoding opearations to run in constant time
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Nov 13 20:42:02 UTC 2020 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Botan 2.17.2:
|
||
* Fix build problem on ppc64
|
||
* Resolve an issue in the modular square root algorithm
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Nov 7 21:51:19 UTC 2020 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Botan 2.17.1:
|
||
* Fix bugs in ECDSA signature generation and verifications under
|
||
specific circumstances
|
||
* developer visible changes, including deprecation with warnings
|
||
* optimization in the non-hardware assisted AES key generation
|
||
* Add more detection logic for AVX-512 features
|
||
* Fix a bug parsing deeply nested cipher names
|
||
* Prevent requesting DER encoding of signatures when the
|
||
algorithm did not support it
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Oct 27 15:53:08 UTC 2020 - Pedro Monreal <pmonreal@suse.com>
|
||
|
||
- Update to 2.16.0:
|
||
* Now userspace PRNG objects (such as AutoSeeded_RNG and HMAC_DRBG)
|
||
use an internal lock, which allows safe concurrent use. This
|
||
however is purely a precaution in case of accidental sharing of
|
||
such RNG objects; for performance reasons it is always preferable
|
||
to use a RNG per thread if a userspace RNG is needed.
|
||
* DL_Group and EC_Group objects now track if they were created
|
||
from a known trusted group (such as P-256 or an IPsec DH
|
||
parameter). If so, then verification tests can be relaxed, as
|
||
compared to parameters which may have been maliciously
|
||
constructed in order to pass primality checks.
|
||
* RandomNumberGenerator::add_entropy_T assumed its input was a POD
|
||
type but did not verify this.
|
||
* Support OCSP responders that live on a non-standard port.
|
||
* Add support for Solaris sandbox.
|
||
* Support suffixes on release numbers for alpha/beta releases.
|
||
* Fix a bug in EAX which allowed requesting a 0 length tag, which
|
||
had the effect of using a full length tag. Instead omit the
|
||
length field, or request the full tag length explicitly.
|
||
* Fix a memory leak in GCM where if passed an unsuitable block
|
||
cipher (eg not 128 bit) it would throw an exception and leak
|
||
the cipher object.
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Aug 16 01:57:13 UTC 2020 - Dirk Mueller <dmueller@suse.com>
|
||
|
||
- update to 2.15:
|
||
Fix a bug where the name constraint extension did not constrain the alternative
|
||
DN field which can be included in a subject alternative name. This would allow
|
||
a corrupted sub-CA which was otherwise constrained by a name constraint to
|
||
issue a certificate with a prohibited DN.
|
||
|
||
Fix a bug in the TLS server during client authentication where where if a
|
||
(disabled by default) static RSA ciphersuite was selected, then no certificate
|
||
request would be sent. This would have an equivalent effect to a client which
|
||
simply replied with an empty Certificate message. (GH #2367)
|
||
|
||
Replace the T-Tables implementation of AES with a 32-bit bitsliced version. As
|
||
a result AES is now constant time on all processors. (GH #2346 #2348 #2353
|
||
#2329 #2355)
|
||
|
||
In TLS, enforce that the key usage given in the server certificate allows the
|
||
operation being performed in the ciphersuite. (GH #2367)
|
||
|
||
In X.509 certificates, verify that the algorithm parameters are the expected
|
||
NULL or empty. (GH #2367)
|
||
|
||
Change the HMAC key schedule to attempt to reduce the information leaked from
|
||
the key schedule with regards to the length of the key, as this is at times (as
|
||
for example in PBKDF2) sensitive information. (GH #2362)
|
||
|
||
Add Processor_RNG which wraps RDRAND or the POWER DARN RNG instructions. The
|
||
previous RDRAND_RNG interface is deprecated. (GH #2352)
|
||
|
||
The documentation claimed that mlocked pages were created with a guard page
|
||
both before and after. However only a trailing guard page was used. Add a
|
||
leading guard page. (GH #2334)
|
||
|
||
Add support for generating and verifying DER-encoded ECDSA signatures in the C
|
||
and Python interfaces. (GH #2357 #2356)
|
||
|
||
Workaround a bug in GCC’s UbSan which triggered on a code sequence in XMSS (GH
|
||
#2322)
|
||
|
||
When building documentation using Sphinx avoid parallel builds with version 3.0
|
||
due to a bug in that version (GH #2326 #2324)
|
||
|
||
Fix a memory leak in the CommonCrypto block cipher calls (GH #2371)
|
||
|
||
Fix a flaky test that would occasionally fail when running the tests with a
|
||
large number of threads. (GH #2325 #2197)
|
||
|
||
Additional algorithms are now deprecated: XTEA, GOST, and Tiger. They will be
|
||
removed in a future major release.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Apr 8 08:19:50 UTC 2020 - Paolo Stivanin <info@paolostivanin.com>
|
||
|
||
- Update to Botan 2.14:
|
||
* Add support for using POWER8+ VPSUMD instruction to accelerate GCM (GH #2247)
|
||
* Optimize the vector permute AES implementation, especially improving
|
||
performance on ARMv7, Aarch64, and POWER. (GH #2243)
|
||
* Use a new algorithm for modular inversions which is both faster
|
||
and more resistant to side channel attacks. (GH #2287 #2296 #2301)
|
||
* Address an issue in CBC padding which would leak the length of the plaintext
|
||
which was being padded. Unpadding during decryption was not affected.
|
||
* Optimize NIST prime field reductions, improving ECDSA by 3-9% (GH #2295)
|
||
* Increase the size of the ECC blinding mask and scale it based on the
|
||
size of the group order. (GH #880 #893 #2308)
|
||
* Add server side support for the TLS asio wrapper. (GH #2229)
|
||
* Add support for using Windows certificate store on MinGW (GH #2280)
|
||
* Add a CLI utility cpu_clock which estimates the speed of the processor cycle counter.
|
||
* Add Roughtime client (GH #2143 #1842)
|
||
* Add support for XMSS X.509 certificates (GH #2172)
|
||
* Add support for X.509 CRLs in FFI layer and Python wrapper (GH #2213)
|
||
* Add AVX2 implementation of SHACAL2 (GH #2196)
|
||
* Support more functionality for X.509 in the Python API (GH #2165)
|
||
* Add generic CPU target useful when building for some new or unusual platform.
|
||
* Disable MD5 in BSI or NIST modes (GH #2188)
|
||
* Many currently public headers are being deprecated. If any such header is included by
|
||
an application, a warning is issued at compile time.
|
||
Headers issuing this warning will be made internal in a future major release.
|
||
* RSA signature performance improvements (GH #2068 #2070)
|
||
* Performance improvements for GCM (GH #2024 #2099 #2119), OCB (#2122), XTS (#2123) and
|
||
ChaCha20Poly1305 (GH #2117), especially for small messages.
|
||
* Add support for constant time AES using NEON and AltiVec (GH #2093 #2095 #2100)
|
||
* Improve performance of POWER8 AES instructions (GH #2096)
|
||
* Add support for the POWER9 hardware random number generator (GH #2026)
|
||
* Add support for 64-bit version of RDRAND, doubling performance on x86-64 (GH #934 #2022)
|
||
* In DTLS server, support a client crashing and then reconnecting from the same
|
||
source port, as described in RFC 6347 sec 4.2.8 (GH #2029)
|
||
* Optimize DTLS MTU splitting to split precisely to the set MTU (GH #2042)
|
||
* Add support for the TLS v1.3 downgrade indicator. (GH #2027)
|
||
* Add Argon2 PBKDF and password hash (GH #459 #1981 #1987)
|
||
* Add Bcrypt-PBKDF (GH #1990)
|
||
* Add server side support for issuing DTLS HelloVerifyRequest messages (GH #1999)
|
||
* Add support for the TLS v1.3 supported_versions extension. (GH #1976)
|
||
* Add Ed25519ph compatible with RFC 8032 (GH #1699 #2000)
|
||
* Add support for OCSP stapling on server side. (GH #1703 #1967)
|
||
* Add a boost::asio TLS stream compatible with boost::asio::ssl. (GH #1839 #1927 #1992)
|
||
* Add a certificate store for Linux/Unix systems. (GH #1885 #1936)
|
||
* Various Fixes
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Apr 2 12:54:40 UTC 2019 - Daniel Molkentin <daniel.molkentin@suse.com>
|
||
|
||
- Update to Botan 2.10
|
||
|
||
* Bump SONAME
|
||
|
||
* Warning: XMSS currently implements draft-06 which is not compatible with
|
||
the final RFC 8391 specification. A PR is open to fix this, however it will
|
||
break all current uses of XMSS. If you are currently using XMSS please
|
||
comment at https://github.com/randombit/botan/pull/1858. Otherwise the PR
|
||
will be merged and support for draft-06 will be removed starting in 2.11.
|
||
|
||
* Added a new certificate store implementation that can access the MacOS
|
||
keychain certificate store. (GH #1830)
|
||
|
||
* Redesigned Memory_Pool class, which services allocations out of a set of
|
||
pages locked into memory (using mlock/VirtualLock). It is now faster and
|
||
with improved exploit mitigations. (GH #1800)
|
||
|
||
* Add BMI2 implementations of SHA-512 and SHA-3 which improve performance by
|
||
25-35% on common CPUs. (GH #1815)
|
||
|
||
* Unroll SHA-3 computation improving performance by 10-12% (GH #1838)
|
||
|
||
* Add a Thread_Pool class. It is now possible to run the tests in multiple
|
||
threads with --test-threads=N flag to select the number of threads to use.
|
||
Use --test-threads=0 to run with as many CPU cores as are available on the
|
||
current system. The default remains single threaded. (GH #1819)
|
||
|
||
* XMSS signatures now uses a global thread pool instead of spawning new
|
||
threads for each usage. This improves signature generation performance by
|
||
between 10% and 60% depending on architecture and core count. (GH #1864)
|
||
|
||
* Some functions related to encoding and decoding BigInts have been
|
||
deprecated. (GH #1817)
|
||
|
||
* Binary encoding and decoding of BigInts has been optimized by performing
|
||
word-size operations when possible. (GH #1817)
|
||
|
||
* Rename the exception Integrity_Failure to Invalid_Authentication_Tag to
|
||
make its meaning and usage more clear. The old name remains as a typedef.
|
||
(GH #1816)
|
||
|
||
* Support for using Boost filesystem and MSVC’s std::filesystem have been
|
||
removed, since already POSIX and Win32 versions had to be maintained for
|
||
portability. (GH #1814)
|
||
|
||
* Newly generated McEliece and XMSS keys now default to being encrypted using
|
||
SIV mode, support for which was added in 2.8.0. Previously GCM was used by
|
||
default for these algorithms.
|
||
|
||
* Use arc4random on Android systems (GH #1851)
|
||
|
||
* Fix the encoding of PGP-S2K iteration counts (GH #1853 #1854)
|
||
|
||
* Add a facility for sandboxing the command line util. Currently FreeBSD
|
||
(Capsicum) and OpenBSD (pledge) sandboxes are supported. (GH #1808)
|
||
|
||
* Use if constexpr when available.
|
||
|
||
* Disable building shared libs on iOS as it was broken and it is not clear
|
||
shared libraries are ever useful on iOS (GH #1865)
|
||
|
||
* Renamed the darwin build target to macos. This should not cause any
|
||
user-visible change. (GH #1866)
|
||
|
||
* Add support for using sccache to cache the Windows CI build (GH #1807)
|
||
|
||
* Add --extra-cxxflags option which allows adding compilation flags without
|
||
overriding the default set. (GH #1826)
|
||
|
||
* Add --format= option to the hash cli which allows formatting the output as
|
||
base64 or base58, default output remains hex.
|
||
|
||
* Add base58_enc and base58_dec cli utils for base58 encoding/decoding. (GH #1848)
|
||
|
||
* Enable getentropy by default on macOS (GH #1862)
|
||
|
||
* Avoid using -momit-leaf-frame-pointer flags, since -fomit-frame-pointer is
|
||
already the default with recent versions of GCC.
|
||
|
||
* Fix XLC sanitizer flags.
|
||
|
||
* Rename Blake2b class to BLAKE2b to match the official name. There is a typedef for compat.
|
||
|
||
* Fix a bug where loading a raw Ed25519_PublicKey of incorrect length would
|
||
lead to a crash. (GH #1850)
|
||
|
||
* Fix a bug that caused compilation problems using CryptoNG PRNG. (GH #1832)
|
||
|
||
* Extended SHAKE-128 cipher to support any key between 1 and 160 bytes,
|
||
instead of only multiples of 8 bytes.
|
||
|
||
* Minor HMAC optimizations.
|
||
|
||
* Build fixes for GNU/Hurd.
|
||
|
||
* Fix a bug that prevented generating or verifying Ed25519 signatures in the
|
||
CLI (GH #1828 #1829)
|
||
|
||
* Fix a compilation error when building the amalgamation outside of the
|
||
original source directory when AVX2 was enabled. (GH #1812)
|
||
|
||
* Fix a crash when creating the amalgamation if a header file was edited on
|
||
Windows but then the amalgamation was built on Linux (GH #1763)
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jan 10 10:04:33 UTC 2019 - Daniel Molkentin <daniel.molkentin@suse.com>
|
||
|
||
- Update to Botan 2.9
|
||
|
||
* Bump SONAME
|
||
|
||
* CVE-2018-20187 Address a side channel during ECC key generation, which used an
|
||
unblinded Montgomery ladder. As a result, a timing attack can reveal
|
||
information about the high bits of the secret key.
|
||
|
||
* Fix bugs in TLS which caused negotiation failures when the client used an
|
||
unknown signature algorithm or version (GH #1711 #1709 #1708)
|
||
|
||
* Fix bug affecting GCM, EAX and ChaCha20Poly1305 where if the associated data
|
||
was set after starting a message, the new AD was not reflected in the produced
|
||
tag. Now with these modes setting an AD after beginning a message throws an
|
||
exception.
|
||
|
||
* Use a smaller sieve which improves performance of prime generation.
|
||
|
||
* Fixed a bug that caused ChaCha to produce incorrect output after encrypting 256
|
||
GB. (GH #1728)
|
||
|
||
* Add NEON and AltiVec implementations of ChaCha (GH #1719 #1728 #1729)
|
||
|
||
* Optimize AVX2 ChaCha (GH #1730)
|
||
|
||
* Many more operations in BigInt, ECC and RSA code paths are either fully const
|
||
time or avoid problematic branches that could potentially be exploited in a
|
||
side channel attack. (GH #1738 #1750 #1754 #1755 #1757 #1758 #1759 #1762 #1765
|
||
#1770 #1773 #1774 #1779 #1780 #1794 #1795 #1796 #1797)
|
||
|
||
* Several optimizations for BigInt and ECC, improving ECDSA performance by as
|
||
much as 30%. (GH #1734 #1737 #1777 #1750 #1737 #1788)
|
||
|
||
* Support recovering an ECDSA public key from a message/signature pair (GH #664
|
||
#1784)
|
||
|
||
* Add base58 encoding/decoding functions (GH #1783)
|
||
|
||
* In the command line interface, add support for reading passphrases from the
|
||
terminal with echo disabled (GH #1756)
|
||
|
||
* Add CT::Mask type to simplify const-time programming (GH #1751)
|
||
|
||
* Add new configure options --disable-bmi2, --disable-rdrand, and
|
||
--disable-rdseed to prevent use of those instruction sets.
|
||
|
||
* Add error_type and error_code functions to Exception type (GH #1744)
|
||
|
||
* Now on POSIX systems posix_memalign is used instead of mmap for allocating the
|
||
page-locked memory pool. This avoids issues with fork. (GH #602 #1798)
|
||
|
||
* When available, use RDRAND to generate the additional data in
|
||
Stateful_RNG::randomize_with_ts_input
|
||
|
||
* Use vzeroall/vzeroupper intrinsics to avoid AVX2/SSE transition penalties.
|
||
|
||
* Support for Visual C++ 2013 has been removed (GH #1557 #1697)
|
||
|
||
* Resolve a memory leak when verifying ECDSA signatures with versions of OpenSSL
|
||
before 1.1.0 (GH #1698)
|
||
|
||
* Resolve a memory leak using ECDH via OpenSSL (GH #1767)
|
||
|
||
* Fix an error in XTS which prohibited encrypting values which were exactly the
|
||
same length as the underlying block size. Messages of this size are allowed by
|
||
the standard and other XTS implementations. (GH #1706)
|
||
|
||
* Resolve a bug in TSS which resulted in it using an incorrect length field in
|
||
the shares. Now the correct length is encoded, but either correct or buggy
|
||
lengths are accepted when decoding. (GH #1722)
|
||
|
||
* Correct a bug when reducing a negative BigInt modulo a small power of 2. (GH
|
||
#1755)
|
||
|
||
* Add CLI utils for threshold secret splitting. (GH #1722)
|
||
|
||
* Fix a bug introduced in 2.8.0 that caused compilation failure if using a single
|
||
amalgamation file with AVX2 enabled. (GH #1700)
|
||
|
||
* Add an explicit OS target for Emscripten and improve support for it. (GH #1702)
|
||
|
||
* Fix small issues when building for QNX
|
||
|
||
* Switch the Travis CI build to using Ubuntu 16.04 (GH #1767)
|
||
|
||
* Add options to configure.py to disable generation of pkg-config file, and (for
|
||
systems where pkg-config support defaults to off, like Windows), to enable
|
||
generating it. (GH #1268)
|
||
|
||
* Modify configure.py to accept empty lists or trailing/extra commas. (GH #1705)
|
||
|
||
- Update to Botan 2.8
|
||
|
||
* Add support for using Apple CommonCrypto library for hashing (GH #1667),
|
||
cipher modes (GH #1674) and block ciphers (GH #1673).
|
||
|
||
* Support for negotiating TLS versions 1.0 and 1.1 is disabled in the default
|
||
TLS policy. In addition, support for negotiating TLS ciphersuites using CBC
|
||
or CCM mode is disabled by default. Applications which need to interop with
|
||
old peers must enable these in their TLS policy object. (GH #1651)
|
||
|
||
* During primality testing, use a Lucas test in addition to Miller-Rabin. It
|
||
is possible to construct a composite integer which passes n Miller-Rabin
|
||
tests with probability (1/4)^n. So for a incautious verifier using a small
|
||
number of tests (under 16 or so) it is possible if unlikely they would
|
||
accept such a composite as prime. Adding a Lucas test precludes such an
|
||
attack. (GH #1636)
|
||
|
||
* Add XChaCha and XChaCha20Poly1305 (GH #1640)
|
||
|
||
* Add AVX2 implementations of ChaCha (GH #1662) and Serpent (GH #1660)
|
||
|
||
* Add a new password hashing interface in pwdhash.h (GH #1670)
|
||
|
||
* C binding improvements. Added functions to get name and supported
|
||
keylengths of cipher, hash and MAC objects, support for FE1 format
|
||
preserving encryption (GH #1625 #1646), functions to load and save RSA keys
|
||
in PKCS #1 format (GH #1621), HOTP and TOTP algorithms, scrypt, certificate
|
||
verification (GH #1647), functions to get the output length of public key
|
||
operations (GH #1642), and functions for loading and serializing X25519
|
||
keys (GH #1681)
|
||
|
||
* Support for building with BOTAN_MP_WORD_BITS set to 8 or 16 has been removed.
|
||
|
||
* Previously SM2 had two distinct key types, one for signatures and another
|
||
for encryption. They have now been merged into a single key type since in
|
||
practice it seems the same key is at times used for both operations. (GH
|
||
#1637)
|
||
|
||
* The Cipher_Mode class now derives from SymmetricAlgorithm (GH #1639)
|
||
|
||
* Add support for using the ARMv8 instructions for SM4 encryption (GH #1622)
|
||
|
||
* The entropy source using SecRandomCopyBytes has been removed as it was
|
||
redundant with other entropy sources (GH #1668)
|
||
|
||
* The Python module has much better error checking and reporting, and offers
|
||
new functionality such as scrypt, MPI and FPE. (GH #1643 #1646)
|
||
|
||
* Fixed a bug that caused CCM to fail with an exception when used with L=8 (GH #1631 #1632)
|
||
|
||
* The default bcrypt work factor has been increased from 10 to 12.
|
||
|
||
* The default algorithm used in passhash9 has changed from SHA-256 to
|
||
SHA-512, and the default work factor increased from 10 to 15.
|
||
|
||
* In ECC private keys, include the public key data for compatibility with GnuTLS (GH #1634 #1635)
|
||
|
||
* Add support for using Linux getrandom syscall to access the system PRNG.
|
||
This is disabled by default, use --with-os-feature=getrandom to enable.
|
||
|
||
* It is now possible to encrypt private keys using SIV mode.
|
||
|
||
* The FFI function botan_privkey_load now ignores its rng argument.
|
||
|
||
* Resolve a problem when building under Visual C++ 15.8 (GH #1624)
|
||
|
||
* Fix a bug in XSalsa20 (192-bit Salsa nonces) where if set_iv was called
|
||
twice without calling set_key, the resulting encryption was incorrect. (GH
|
||
#1640)
|
||
|
||
* Handle an error seen when verifying invalid ECDSA signatures using LibreSSL
|
||
on non x86-64 platforms (GH #1627 #1628)
|
||
|
||
* Fix bugs in PKCS7 and X9.23 CBC padding schemes, which would ignore the
|
||
first byte in the event the padding took up the entire block. (GH #1690)
|
||
|
||
* Correct bugs which would cause CFB, OCB, and GCM modes to crash when they
|
||
were used in an unkeyed state. (GH #1639)
|
||
|
||
* Optimizations for SM4 and Poly1305
|
||
|
||
* Avoid a cache side channel in the AES key schedule
|
||
|
||
* Add pk_encrypt and pk_decrypt CLI operations
|
||
|
||
* Now asn1print CLI defaults to printing context-specific fields.
|
||
|
||
* Use codec_base for Base64, which matches how Base32 is implemented (GH #1597)
|
||
|
||
* The cast module has been split up into cast128 and cast256 (GH #1685)
|
||
|
||
* When building under Visual C++ 2013, the user must acknowledge the upcoming
|
||
removal of support using the configure.py flag --ack-vc2013-deprecated (GH
|
||
#1557)
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jul 31 10:44:02 UTC 2018 - daniel.molkentin@suse.com
|
||
|
||
- Fix version in baselibs.conf
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jul 10 09:27:35 UTC 2018 - daniel.molkentin@suse.com
|
||
|
||
- Update to Botan 2.7
|
||
|
||
* CVE-2018-12435 Avoid a side channel in ECDSA signature generation (GH
|
||
#1604)
|
||
|
||
* Avoid a side channel in RSA key generation due to use of a non-constant
|
||
time gcd algorithm. (GH #1542 #1556)
|
||
|
||
* Optimize prime generation, especially improving RSA key generation. (GH
|
||
#1542)
|
||
|
||
* Make Karatsuba multiplication, Montgomery field operations, Barrett
|
||
reduction and Montgomery exponentiation const time (GH #1540 #1606 #1609
|
||
#1610)
|
||
|
||
* Optimizations for elliptic curve operations especially improving reductions
|
||
and inversions modulo NIST primes (GH #1534 #1538 #1545 #1546 #1547 #1550)
|
||
|
||
* Add 24 word wide Comba multiplication, improving 3072-bit RSA and DH by
|
||
~25%. (GH #1564)
|
||
|
||
* Unroll Montgomery reduction for specific sizes (GH #1603)
|
||
|
||
* Improved performance of signature verification in ECGDSA, ECKCDSA, SM2 and
|
||
GOST by 10-15%.
|
||
|
||
* XMSS optimizations (GH #1583 #1585)
|
||
|
||
* Fix an error that meant XMSS would only sign half as many signatures as is
|
||
allowed (GH #1582)
|
||
|
||
* Add support for base32 encoding/decoding (GH #1541)
|
||
|
||
* Add BMI2 optimized version of SHA-256, 40% faster on Skylake (GH #1584)
|
||
|
||
* Allow the year to be up to 2200 in ASN.1 time objects. Previously this was
|
||
limited to 2100. (GH #1536)
|
||
|
||
* Add support for Scrypt password hashing (GH #1570)
|
||
|
||
* Add support for using Scrypt for private key encryption (GH #1574)
|
||
|
||
* Optimizations for DES/3DES, approx 50% faster when used in certain modes
|
||
such as CBC decrypt or CTR.
|
||
|
||
* XMSS signature verification did not check that the signature was of the
|
||
expected length which could lead to a crash. (GH #1537)
|
||
|
||
* The bcrypt variants 2b and 2y are now supported.
|
||
|
||
* Support for 192-bit Suite B TLS profile is now implemented, as the 128-bit
|
||
Suite B is since 2015 not allowed anymore.
|
||
|
||
* Previously botan allowed GCM to be used with an empty nonce, which is not
|
||
allowed by the specification. Now such nonces are rejected.
|
||
|
||
* Avoid problems on Windows when compiling in Unicode mode (GH #1615 #1616)
|
||
|
||
* Previously for ASN.1 encoded signatures (eg ECDSA) Botan would accept any
|
||
valid BER encoding. Now only the single valid DER encoding is accepted.
|
||
|
||
* Correct an error that could in rare cases cause an internal error exception
|
||
when doing computations with the P-224 curve.
|
||
|
||
* Optimizations to reduce allocations/copies during DER encoding and BER
|
||
decoding (GH #1571 #1572 #1600)
|
||
|
||
* Botan generates X.509 subject key IDs by hashing the public key with
|
||
whatever hash function is being used to sign the certificate. However
|
||
especially for SHA-512 this caused SKIDs that were far longer than
|
||
necessary. Now all SKIDs are truncated to 192 bits.
|
||
|
||
* In the test suite use mkstemp to create temporary files instead of creating
|
||
them in the current working directory. (GH #1533 #1530)
|
||
|
||
* It is now possible to safely override CXX when invoking make in addition to
|
||
when configure.py is run. (GH #1579)
|
||
|
||
* OIDs for Camellia and SM4 in CBC and GCM mode are now defined, making it
|
||
possible to use this algorithms for private key encryption.
|
||
|
||
* Avoid creating symlinks to the shared object on OpenBSD (#1535)
|
||
|
||
* The factor command runs much faster on larger inputs now.
|
||
|
||
* Support for Windows Phone/UWP was deprecated starting in 2.5. This
|
||
deprecation has been reversed as it seems UWP is still actively used. (GH
|
||
#1586 #1587)
|
||
|
||
* Support for Visual C++ 2013 is deprecated, and will be removed in Jan 2019.
|
||
|
||
* Added support for GCC’s –sysroot option to configure.py for
|
||
cross-compiling.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Apr 12 16:06:00 UTC 2018 - kasimir_@outlook.de
|
||
|
||
- fixed to build on armv6 and armv7
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Apr 10 15:07:00 UTC 2018 - daniel.molkentin@suse.com
|
||
|
||
- Update to Botan 2.6
|
||
|
||
* CVE-2018-9860 Fix a bug decrypting TLS CBC ciphertexts which could for a
|
||
malformed ciphertext cause the decryptor to read and HMAC an additional 64K
|
||
bytes of data which is not part of the record. This could cause a crash if
|
||
the read went into unmapped memory. No information leak or out of bounds
|
||
write occurs.
|
||
|
||
* Add support for OAEP labels (GH #1508)
|
||
|
||
* RSA signing is about 15% faster (GH #1523) and RSA verification is about 50% faster.
|
||
|
||
* Add exponent blinding to RSA (GH #1523)
|
||
|
||
* Add Cipher_Mode::create and AEAD_Mode::create (GH #1527)
|
||
|
||
* Fix bug in TLS server introduced in 2.5 which caused connection to fail if
|
||
the client offered any signature algorithm not known to the server (for
|
||
example RSA/SHA-224).
|
||
|
||
* Fix a bug in inline asm that would with GCC 7.3 cause incorrect
|
||
computations and an infinite loop during the tests. (GH #1524 #1529)
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Apr 3 08:06:46 UTC 2018 - daniel.molkentin@suse.com
|
||
|
||
- Update to Botan 2.5
|
||
|
||
* Fix error in certificate wildcard matching (CVE-2018-9127), where a
|
||
wildcard cert for b*.example.com would be accepted as a match for any host
|
||
with name *b*.example.com (GH #1519)
|
||
|
||
* Add support for RSA-PSS signatures in TLS (GH #1285)
|
||
|
||
* Ed25519 certificates are now supported (GH #1501)
|
||
|
||
* Many optimizations in ECC operations. ECDSA signatures are 8-10 times
|
||
faster. ECDSA verification is about twice as fast. ECDH key agreement is
|
||
3-4 times faster. (GH #1457 #1478)
|
||
|
||
* Implement product scanning Montgomery reduction, which improves
|
||
Diffie-Hellman and RSA performance by 10 to 20% on most platforms. (GH
|
||
#1472)
|
||
|
||
* DSA signing and verification performance has improved by 30-50%.
|
||
|
||
* Add a new Credentials_Manager callback that specifies which CAs the server
|
||
has indicated it trusts (GH #1395 fixing #1261)
|
||
|
||
* Add new TLS::Callbacks methods that allow creating or removing extensions,
|
||
as well as examining extensions sent by the peer (GH #1394 #1186)
|
||
|
||
* Add new TLS::Callbacks methods that allow an application to negotiate use
|
||
of custom elliptic curves. (GH #1448)
|
||
|
||
* Add ability to create custom elliptic curves (GH #1441 #1444)
|
||
|
||
* Add support for POWER8 AES instructions (GH #1459 #1393 #1206)
|
||
|
||
* Fix DSA/ECDSA handling of hashes longer than the group order (GH #1502
|
||
#986)
|
||
|
||
* The default encoding of ECC public keys has changed from compressed to
|
||
uncompressed point representation. This improves compatability with some
|
||
common software packages including Golang’s standard library. (GH #1480
|
||
#1483)
|
||
|
||
* It is now possible to create DNs with custom components. (GH #1490 #1492)
|
||
|
||
* It is now possible to specify the serial number of created certificates,
|
||
instead of using the default 128-bit random integer. (GH #1489 #1491)
|
||
|
||
* Change DL_Group and EC_Group to store their data as shared_ptr for fast
|
||
copying. Also both classes precompute additional useful values (eg for
|
||
modular reductions). (GH #1435 #1454)
|
||
|
||
* Make it possible for PKCS10 requests to include custom extensions. This
|
||
also makes it possible to use muliple SubjectAlternativeNames of a single
|
||
type in a request, which was previously not possible. (GH #1429 #1428)
|
||
|
||
* Add new optimized interface for FE1 format preserving encryption. By
|
||
caching a number of values computed in the course of the FPE calculation,
|
||
it provides a 6-7x speedup versus the old API. (GH #1469)
|
||
|
||
* Add DSA and ElGamal keygen functions to FFI (#1426)
|
||
|
||
* Add Pipe::prepend_filter to replace Pipe::prepend (GH #1402)
|
||
|
||
* Fix a memory leak in the OpenSSL block cipher integration, introduced in
|
||
* 2.2.0
|
||
|
||
* Use an improved algorithm for generating safe primes which is several tens
|
||
of times faster. Also, fix a bug in the prime sieving algorithm which
|
||
caused standard prime generation (like for RSA keys) to be slower than
|
||
necessary. (GH #1413 #1411)
|
||
|
||
* Correct the return value of PK_Encryptor::maximum_input_size which reported
|
||
a much too small value (GH #1410)
|
||
|
||
* Remove use of CPU specific optimization flags, instead the user should set
|
||
these via CXXFLAGS if desired. (GH #1392)
|
||
|
||
* Resolve an issue that would cause a crash in the tests if they were run on
|
||
a machine without SSE2/NEON/VMX instructions. (GH #1495)
|
||
|
||
* The Python module now tries to load DLLs from a list of names and uses the
|
||
first one which successfully loads and indicates it supports the desired
|
||
API level. (GH #1497)
|
||
|
||
* Various minor optimizations for SHA-3 (GH #1433 #1434)
|
||
|
||
* The output of botan --help has been improved (GH #1387)
|
||
|
||
* Add --der-format flag to command line utils, making it possible verify
|
||
DSA/ECDSA signatures generated by OpenSSL command line (GH #1409)
|
||
|
||
* Add support for --library-suffix option to configure.py (GH #1405 #1404)
|
||
|
||
* Use feature flags to enable/disable system specific code (GH #1378)
|
||
|
||
* Add --msvc-runtime option to allow using static runtime (GH #1499 #210)
|
||
|
||
* Add –enable-sanitizers= option to allow specifying which sanitizers to
|
||
enable. The existing --with-sanitizers option just enables some default set
|
||
which is known to work with the minimum required compiler versions.
|
||
|
||
* Use either rst2man or rst2man.py for generating man page as distributions
|
||
differ on where this program is installed (GH #1516)
|
||
|
||
* The threefish module has been renamed threefish_512 since that is the
|
||
algorithm it provides. (GH #1477)
|
||
|
||
* The Perl XS based wrapper has been removed, as it was unmaintained and
|
||
broken. (GH #1412)
|
||
|
||
* The sqlite3 encryption patch under contrib has been removed. It is still
|
||
maintained by the original author at
|
||
https://github.com/OlivierJG/botansqlite3
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Feb 16 16:07:40 UTC 2018 - sleep_walker@opensuse.org
|
||
|
||
- drop explicit package requirements
|
||
- split binary package and documentation from dynamic library package
|
||
and make documentation package noarch
|
||
- merge back Botan2 package to Botan with changelog history
|
||
- drop Botan patches
|
||
aarch64-support.patch - doesn't seem to be required anymore
|
||
Botan-fix_install_paths.patch - doesn't seem to be required
|
||
no-cpuid-header.patch - SLE11 not target anymore
|
||
Botan-fix_pkgconfig.patch - this seem to be wrong
|
||
Botan-no-buildtime.patch - not needed anymore
|
||
dont-set-mach-value.diff - doesn't apply, unclear and undocumented why it is there
|
||
Botan-inttypes.patch - not required
|
||
Botan-ull_constants.patch.bz2 - no reason anymore
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Feb 14 10:29:44 UTC 2018 - sleep_walker@opensuse.org
|
||
|
||
- change group of libbotan-%{version_suffix} to 'System/Libraries' as
|
||
requested on review
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Feb 12 07:45:50 UTC 2018 - adam.majer@suse.de
|
||
|
||
- Don't drop -fstack-clash-protection for openSUSE 42.3 - we just
|
||
need the Update repository present.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Feb 12 06:38:47 UTC 2018 - adam.majer@suse.de
|
||
|
||
- Rename libbotan-devel to libbotan2-devel. We can't have clashing
|
||
packages in the archive because Botan1 and Botan2 provide the
|
||
same -devel binary. Botan2 is also no API compatible with Botan.
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Feb 11 10:33:35 UTC 2018 - sleep_walker@opensuse.org
|
||
|
||
- fix expected version after bump in baselibs.conf too
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Feb 8 14:11:08 UTC 2018 - sleep_walker@opensuse.org
|
||
|
||
- fix unknown flag -fstack-clash-protection for openSUSE 42.3
|
||
- rename to Botan2
|
||
- drop Botan2-INT_MAX.patch as not needed anymore
|
||
- Bump to libbotan 2.4
|
||
|
||
Changes and new features:
|
||
|
||
* Several build improvements requested by downstream packagers,
|
||
including the ability to disable building the static library. All
|
||
makefile constructs that were specific to nmake or GNU make have
|
||
been eliminated, thus the option ``--makefile-style`` which was
|
||
previously used to select the makefile type has also been
|
||
removed. (GH #1230 #1237 #1300 #1318 #1319 #1324 #1325 #1346)
|
||
|
||
* Support for negotiating the DH group as specified in RFC 7919 is
|
||
now available in TLS (GH #1263)
|
||
|
||
* Support for ARIA-GCM ciphersuites are now available in TLS. They
|
||
are disabled by default. (GH #1284)
|
||
|
||
* Add support for generating and verifying X.509 objects
|
||
(certificates, CRLs, etc) using RSA-PSS signatures (GH #1270 and
|
||
#1368)
|
||
|
||
* Add support for AES key wrapping with padding, as specified in RFC
|
||
5649 and NIST SP 800-38F (GH #1301)
|
||
|
||
* OCSP requests made during certificate verification had the
|
||
potential to hang forever. Now the sockets are non-blocking and a
|
||
timeout is enforced. (GH #1360 fixing GH #1326)
|
||
|
||
* Add ``Public_Key::fingerprint_public`` which allows fingerprinting
|
||
the public key.
|
||
The previously available ``Private_Key::fingerprint`` is
|
||
deprecated, now ``Private_Key::fingerprint_private`` should be
|
||
used if this is required. (GH #1357)
|
||
|
||
* ECC certificates generated by Botan used an invalid encoding for
|
||
the parameters field, which was rejected by some certificate
|
||
validation libraries notably BouncyCastle. (GH #1367)
|
||
|
||
* Loading an ECC key which used OID encoding for the domain
|
||
parameters, then saving it, would result in a key using the
|
||
explicit parameters encoding. Now the OID encoding is
|
||
retained. (GH #1365)
|
||
|
||
* Correct various problems in certificate path validation that arose
|
||
when multiple paths could be constructed leading to a trusted root
|
||
but due to other constraints only some of them validated. (GH
|
||
#1363)
|
||
|
||
* It is now possible for certificate validation to return warning
|
||
indicators, such as that the distinguished name is not within
|
||
allowed limits or that a certificate with a negative serial number
|
||
was observed. (GH #1363 #1359)
|
||
|
||
* XMSS signatures now are multi-threaded for improved performance
|
||
(GH #1267)
|
||
|
||
* Fix a bug that caused the TLS peer cert list to be empty on a
|
||
resumed session. (GH #1303 #1342)
|
||
|
||
* Increase the maximum HMAC key length from 512 bytes to 4096
|
||
bytes. This allows using a DH key exchange in TLS with a group
|
||
greater than 4096 bits. (GH #1316)
|
||
|
||
* Fix a bug in the TLS server where, on receiving an SSLv3 client
|
||
hello, it would attempt to negotiate TLS v1.2. Now a
|
||
protocol_version alert is sent. Found with tlsfuzzer. (GH #1316)
|
||
|
||
* Fix several bugs related to sending the wrong TLS alert type in
|
||
various error scenarios, caught with tlsfuzzer.
|
||
|
||
* Add support for a ``tls_http_server`` command line utility which
|
||
responds to simple GET requests. This is useful for testing
|
||
against a browser, or various TLS test tools which expect the
|
||
underlying protocol to be HTTP. (GH #1315)
|
||
|
||
* Add an interface for generic PSK data stores, as well as an
|
||
implementation which encrypts stored values with AES key
|
||
wrapping. (GH #1302)
|
||
|
||
* Optimize GCM mode on systems both with and without carryless
|
||
multiply support. This includes a new base case implementation
|
||
(still constant time), a new SSSE3 implementation for systems with
|
||
SSSE3 but not clmul, and better algorithms for systems with clmul
|
||
and pmull. (GH #1253 #1263)
|
||
|
||
* Various optimizations for OCB, CFB, CTR, SM3, SM4, GMAC, BLAKE2b,
|
||
Blowfish, Twofish, CAST-128, and CRC24 (GH #1281)
|
||
|
||
* Salsa20 now supports the seek operation.
|
||
|
||
* Add ``EC_Group::known_named_groups`` (GH #1339)
|
||
|
||
* Symmetric algorithms (block ciphers, stream ciphers, MACs) now
|
||
verify that a key was set before accepting data. Previously
|
||
attempting to use an unkeyed object would instead result in either
|
||
a crash or invalid outputs. (GH #1279)
|
||
|
||
* The X509 certificate, CRL and PKCS10 types have been heavily
|
||
refactored internally. Previously all data of these types was
|
||
serialized to strings, then in the event a more complicated data
|
||
structure (such as X509_DN) was needed, it would be recreated from
|
||
the string representation. However the round trip process was not
|
||
perfect and could cause fields to become lost. This approach is no
|
||
longer used, fixing several bugs (GH #1010 #1089 #1242 #1252). The
|
||
internal data is now stored in a ``shared_ptr``, so copying such
|
||
objects is now very cheap. (GH #884)
|
||
|
||
* ASN.1 string objects previously held their contents as ISO 8859-1
|
||
codepoints. However this led to certificates which contained
|
||
strings outside of this character set (eg in Cyrillic, Greek, or
|
||
Chinese) being rejected. Now the strings are always converted to
|
||
UTF-8, which allows representing any character. In addition, UCS-4
|
||
strings are now supported. (GH #1113 #1250 #1287 #1289)
|
||
|
||
* It is now possible to create an uninitialized X509_Certificate
|
||
object. Such an object will throw if any attempt to access its
|
||
members is made. (GH #1335)
|
||
|
||
* In BER decoder, avoid unbounded stack recursion when parsing
|
||
nested indefinite length values. Now at most 16 nested indefinite
|
||
length values are accepted, anything deeper resulting in a
|
||
decoding error. (GH #1304 OSS-Fuzz 4353).
|
||
|
||
* A new ASN.1 printer API allows generating a string representation
|
||
of arbitrary BER data. This is used in the ``asn1print`` command
|
||
line utility and may be useful in other applications, for instance
|
||
for debugging.
|
||
|
||
* New functions for bit rotations that distinguish rotating by a
|
||
compile-time constant vs a runtime variable rotation. This allows
|
||
better optimizations in both cases. Notably performance of
|
||
CAST-128 and CAST-256 are substantially improved. (GH #1247)
|
||
|
||
* TLS CBC ciphersuites now are implemented using the standard CBC
|
||
code, instead of reimplementing CBC inside the TLS stack. This
|
||
allows for parallel decryption of TLS CBC ciphertexts, and
|
||
improves performance especially when using AES hardware
|
||
support. (GH #1269)
|
||
|
||
* Add callbacks to make it possible for an application using TLS to
|
||
provide custom implementations of signature schemes, eg when
|
||
offloading the computations to another device. (GH #1332)
|
||
|
||
* Use a direct calculation for calendar computations instead of
|
||
relying on non-portable operating system interfaces. (GH #1336)
|
||
|
||
* Fix a bug in the amalgamation generation which could cause build
|
||
failures on some systems including macOS. (GH #1264 #1265)
|
||
|
||
* A particular code sequence in TLS handshake would always (with an
|
||
ECC ciphersuite) result in an exception being thrown and then
|
||
caught. This has changed so no exception is thrown. (GH #1275)
|
||
|
||
* The code for byteswapping has been improved for ARMv7 and for
|
||
Windows x86-64 systems using MSVC. (GH #1274)
|
||
|
||
* The GMAC class no longer derives from GHASH. This should not cause
|
||
any noticeable change for applications. (GH #1253)
|
||
|
||
* The base implementation of AES now uses a single 4K table, instead
|
||
of 4 such tables. This offers a significant improvement against
|
||
cache-based side channels without hurting performance too much. In
|
||
addition the table is now guaranteed to be aligned on a cache
|
||
line, which ensures the additional countermeasure of reading each
|
||
cache line works as expected. (GH #1255)
|
||
|
||
* In TLS client resumption, avoid sending a OCSP stapling
|
||
request. This caused resumption failures with some servers. (GH
|
||
#1276)
|
||
|
||
* The overhead of making a call through the FFI layer has been
|
||
reduced.
|
||
|
||
* The IDs for SHA-3 PKCSv1.5 signatures added in 2.3.0 were
|
||
incorrect. They have been changed to use the correct encoding, and
|
||
a test added to ensure such errors do not recur.
|
||
|
||
* Counter mode allows setting a configurable width of the
|
||
counter. Previously it was allowed for a counter of even 8 bits
|
||
wide, which would mean the keystream would repeat after just 256
|
||
blocks. Now it requires the width be at least 32 bits. The only
|
||
way this feature could be used was by manually constructing a
|
||
``CTR_BE`` object and setting the second parameter to something in
|
||
the range of 1 to 3.
|
||
|
||
* A new mechanism for formatting ASN.1 data is included in
|
||
``asn1_print.h``. This is the same functionality used by the
|
||
command line ``asn1print`` util, now cleaned up and moved to the
|
||
library.
|
||
|
||
* Add ``Pipe::append_filter``. This is like the existing
|
||
(deprecated) ``Pipe::append``, the difference being that
|
||
``append_filter`` only allows modification before the first call
|
||
to ``start_msg``. (GH #1306 #1307)
|
||
|
||
* The size of ASN1_Tag is increased to 32 bits. This avoids a
|
||
problem with UbSan (GH #751)
|
||
|
||
* Fix a bug affecting bzip2 compression. In certain circumstances,
|
||
compression would fail with ``BZ_SEQUENCE_ERROR`` due to calling
|
||
bzlib in an way it does not support. (GH #1308 #1309)
|
||
|
||
* In 2.3.0, final annotations were added to many classes including
|
||
the TLS policies (like ``Strict_Policy`` and
|
||
``BSI_TR_02102_2``). However it is reasonable and useful for an
|
||
application to derive from one of these policies, so as to create
|
||
an application specific policy that is based on a library-provided
|
||
policy, but with a few tweaks. So the final annotations have been
|
||
removed on these classes. (GH #1292)
|
||
|
||
* A new option ``--with-pdf`` enables building a PDF copy of the
|
||
handbook. (GH #1337)
|
||
|
||
* A new option ``--with-rst2man`` enables building a man page for
|
||
the command line util using Docutils rst2man. (GH #1349)
|
||
|
||
* Support for NEON is now enabled under Clang.
|
||
|
||
* Now the compiler version is detected using the preprocessor,
|
||
instead of trying to parse the output of the compiler's version
|
||
string, which was subject to problems with localization. (GH
|
||
#1358)
|
||
|
||
* By default the gzip compressor will not include a timestamp in the
|
||
header. The timestamp can be set by passing it to the
|
||
``Gzip_Compression`` constructor.
|
||
|
||
* Add an OID for RIPEMD-160
|
||
|
||
* Fixes for CMake build (GH #1251)
|
||
|
||
* Avoid some signed overflow warnings (GH #1220 #1245)
|
||
|
||
* As upstream support for Native Client has been deprecated by
|
||
Google, support is now also deprecated in Botan and will be
|
||
removed in a future release.
|
||
|
||
* The Perl-XS wrapper has not been maintained in many years. It is
|
||
now deprecated, and if no attempts are made to revive it, it will
|
||
be removed in a future release.
|
||
|
||
* Support for building on IRIX has been removed.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jan 11 12:55:50 UTC 2018 - i@marguerite.su
|
||
|
||
- add Botan2-INT_MAX.patch
|
||
* Fix “INT_MAX was not declared in this scope”
|
||
in openSUSE Leap 42.1
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jan 8 11:25:54 UTC 2018 - i@marguerite.su
|
||
|
||
- fix build. python3 configure itself is useless,
|
||
we should make package python3 too.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Nov 1 14:26:47 UTC 2017 - mimi.vx@gmail.com
|
||
|
||
- configure Botan explicitly with python3
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Oct 4 07:49:54 UTC 2017 - daniel.molkentin@suse.com
|
||
|
||
- Update to 1.10.17
|
||
- Address a side channel affecting modular exponentiation. An attacker
|
||
capable of a local or cross-VM cache analysis attack may be able to recover
|
||
bits of secret exponents as used in RSA, DH, etc. CVE-2017-14737 Workaround
|
||
a miscompilation bug in GCC 7 on x86-32 affecting GOST-34.11 hash function.
|
||
(GH #1192 #1148 #882, bsc#1060433)
|
||
- Add SecureVector::data() function which returns the start of the buffer.
|
||
This makes it slightly simpler to support both 1.10 and 2.x APIs in the
|
||
same codebase. When compiled by a C++11 (or later) compiler, a template
|
||
typedef of SecureVector, secure_vector, is added. In 2.x this class is a
|
||
std::vector with a custom allocator, so has a somewhat different interface
|
||
than SecureVector in 1.10. But this makes it slightly simpler to support
|
||
both 1.10 and 2.x APIs in the same codebase.
|
||
- Fix a bug that prevented configure.py from running under Python3
|
||
- Botan 1.10.x does not support the OpenSSL 1.1 API. Now the build will
|
||
#error if OpenSSL 1.1 is detected. Avoid –with-openssl if compiling against
|
||
1.1 or later. (GH #753)
|
||
- Import patches from Debian adding basic support for
|
||
building on aarch64, ppc64le, or1k, and mipsn32 platforms.
|
||
|
||
* obsoletes CVE-2017-14737.patch
|
||
|
||
* refreshes aarch64-support.patch
|
||
|
||
* drop ppc64le-support.patch for upstream version
|
||
(disables altivec support as per concerns by upstream)
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Sep 26 13:03:46 UTC 2017 - daniel.molkentin@suse.com
|
||
|
||
- Fix for CVE-2017-14737: A cryptographic cache-based side channel in the RSA
|
||
implementation allows local attacker to recover information about RSA secret
|
||
keys.
|
||
* add CVE-2017-14737.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Sep 21 09:48:17 UTC 2017 - vcizek@suse.com
|
||
|
||
- Explicitly require libopenssl-1_0_0-devel (bsc#1055322)
|
||
* Botan 1.x won't support OpenSSL 1.1
|
||
(https://github.com/randombit/botan/issues/753)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Apr 12 14:52:45 UTC 2017 - daniel.molkentin@suse.com
|
||
|
||
- Add patch to build SLES11 (allows for simplified backporting, e.g. bsc#968030)
|
||
* add no-cpuid-header.patch
|
||
- Clean up spec file
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Apr 11 11:57:53 UTC 2017 - daniel.molkentin@suse.com
|
||
|
||
- Update to 1.10.16 (Fixes CVE-2017-2801, bsc#1033605)
|
||
* Fix a bug in X509 DN string comparisons that could result in out of bound
|
||
reads. This could result in information leakage, denial of service, or
|
||
potentially incorrect certificate validation results. (CVE-2017-2801)
|
||
* Avoid use of C++11 std::to_string in some code added in 1.10.14 (GH #747 #834)
|
||
- Changes from 1.10.15:
|
||
* Change an unintended behavior of 2.0.0, which named the include directory
|
||
botan-2.0. Since future release of Botan-2 should be compatible with code
|
||
written against old versions, there does not seem to be any reason to
|
||
* version the include directory with the minor number. (GH #830 #833)
|
||
* Fix a bug which caused an error when building on Cygwin or other platforms
|
||
where shared libraries are not supported. (GH #821)
|
||
* Enable use of readdir on Cygwin, which allows the tests to run (GH #824)
|
||
* Switch to readthedocs Sphinx theme by default (GH #822 #823)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Dec 28 12:02:11 CET 2016 - pth@suse.de
|
||
|
||
- Update to 1.10.14
|
||
* Fix integer overflow during BER decoding, found by Falko Strenzke.
|
||
This bug is not thought to be directly exploitable but upgrading ASAP
|
||
is advised. (CVE-2016-9132)
|
||
* Fix two cases where (in error situations) an exception would be
|
||
thrown from a destructor, causing a call to std::terminate.
|
||
* When RC4 is disabled in the build, also prevent it from being
|
||
included in the OpenSSL provider. (GH #638)
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Nov 13 01:32:18 UTC 2016 - netsroth@opensuse.org
|
||
|
||
- Update to 1.10.13
|
||
* Use constant time modular inverse algorithm to avoid possible side
|
||
channel attack against ECDSA (CVE-2016-2849)
|
||
* Use constant time PKCS #1 unpadding to avoid possible side channel
|
||
attack against RSA decryption (CVE-2015-7827)
|
||
* Avoid a compilation problem in OpenSSL engine when ECDSA was
|
||
disabled. Gentoo bug 542010
|
||
|
||
-------------------------------------------------------------------
|
||
Fri May 13 07:31:21 UTC 2016 - faure@kde.org
|
||
|
||
- Remove Qt5 dependency, since nothing is using it anymore.
|
||
- Fix double-prefix in botan-config and pkgconfig file.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Feb 3 10:52:19 UTC 2016 - michael@stroeder.com
|
||
|
||
- Update to 1.10.12
|
||
|
||
- Version 1.10.12, 2016-02-03
|
||
* In 1.10.11, the check in PointGFp intended to check the affine y
|
||
argument actually checked the affine x again. Reported by Remi Gacogne
|
||
* The CVE-2016-2195 overflow is not exploitable in 1.10.11 due to an
|
||
additional check in the multiplication function itself which was also
|
||
added in that release, so there are no security implications from the
|
||
missed check. However to avoid confusion the change was pushed in a new
|
||
release immediately.
|
||
* The 1.10.11 release notes incorrectly identified CVE-2016-2195 as
|
||
CVE-2016-2915
|
||
- Version 1.10.11, 2016-02-01
|
||
* Resolve heap overflow in ECC point decoding. CVE-2016-2195
|
||
Resolve infinite loop in modular square root algorithm. CVE-2016-2194
|
||
Correct BigInt::to_u32bit to not fail on integers of exactly 32 bits. GH #239
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Dec 24 10:48:11 UTC 2015 - mpluskal@suse.com
|
||
|
||
- Add gpg signature
|
||
- Cleanup spec file with spec-cleaner
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Aug 14 08:54:09 UTC 2015 - mvyskocil@opensuse.org
|
||
|
||
- Fix Source0 URL
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Aug 11 22:49:31 UTC 2015 - netsroth@opensuse.org
|
||
|
||
- bump SONAME to libbotan-1_10-1
|
||
- Update to 1.10.10
|
||
* SECURITY: The BER decoder would crash due to reading from offset 0
|
||
of an empty vector if it encountered a BIT STRING which did not
|
||
contain any data at all. As the type requires a 1 byte field this
|
||
is not valid BER but could occur in malformed data. Found with
|
||
afl. CVE-2015-5726
|
||
* SECURITY: The BER decoder would allocate a fairly arbitrary amount
|
||
of memory in a length field, even if there was no chance the read
|
||
request would succeed. This might cause the process to run out of
|
||
memory or invoke the OOM killer. Found with afl. CVE-2015-5727
|
||
* Due to an ABI incompatible (though not API incompatible) change in
|
||
this release, the version number of the shared object has been
|
||
increased.
|
||
* The default TLS policy no longer allows RC4.
|
||
* Fix a signed integer overflow in Blue Midnight Wish that may cause
|
||
incorrect computations or undefined behavior.
|
||
|
||
- Update to 1.10.9
|
||
* Fixed EAX tag verification to run in constant time
|
||
* The default TLS policy now disables SSLv3.
|
||
* A crash could occur when reading from a blocking random device if
|
||
the device initially indicated that entropy was available but a
|
||
concurrent process drained the entropy pool before the read was
|
||
initiated.
|
||
* Fix decoding indefinite length BER constructs that contain a
|
||
context sensitive tag of zero. Github pull 26 from Janusz Chorko.
|
||
* The botan-config script previously tried to guess its prefix from
|
||
the location of the binary. However this was error prone, and now
|
||
the script assumes the final installation prefix matches the value
|
||
set during the build. Github issue 29.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 24 16:19:12 UTC 2015 - liujianfeng1994@gmail.com
|
||
|
||
- Change build dependence "libqt4-devel" to "libqt5-qtbase-devel".
|
||
|
||
-------------------------------------------------------------------
|
||
Fri May 8 18:00:00 CET 2014 - tbehrens@suse.com
|
||
|
||
- Update to 1.10.8
|
||
* Fix a bug in primality testing introduced in 1.8.3 which caused
|
||
only a single random base, rather than a sequence of random bases,
|
||
to be used in the Miller-Rabin test. This increased the
|
||
probability that a non-prime would be accepted, for instance a
|
||
1024 bit number would be incorrectly classed as prime with
|
||
probability around 2^-40. Reported by Jeff Marrison.
|
||
* The key length limit on HMAC has been raised to 512 bytes,
|
||
allowing the use of very long passphrases with PBKDF2.
|
||
|
||
- Update to 1.10.7
|
||
* OAEP had two bugs, one of which allowed it to be used even if the
|
||
key was too small, and the other of which would cause a crash
|
||
during decryption if the EME data was too large for the associated
|
||
key.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Mar 3 13:57:13 CET 2014 - ro@suse.de
|
||
|
||
- change license to BSD-2-Clause as requested by legal
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Dec 8 23:46:27 UTC 2013 - dvaleev@suse.com
|
||
|
||
- Add ppc64le architecture
|
||
|
||
- added patches:
|
||
* ppc64le-support.patch
|
||
-------------------------------------------------------------------
|
||
Mon Nov 11 20:11:43 UTC 2013 - tbehrens@suse.com
|
||
|
||
- Update to 1.10.6
|
||
* The device reading entropy source now attempts to read from all
|
||
available devices. Previously it would break out early if a
|
||
partial read from a blocking source occured, not continuing to
|
||
read from a non-blocking device. This would cause the library to
|
||
fall back on slower and less reliable techniques for collecting
|
||
PRNG seed material. Reported by Rickard Bellgrim.
|
||
* HMAC_RNG (the default PRNG implementation) now automatically
|
||
reseeds itself periodically. Previously reseeds only occured on
|
||
explicit application request.
|
||
* Fix an encoding error in EC_Group when encoding using
|
||
EC_DOMPAR_ENC_OID. Reported by fxdupont on github.
|
||
* In EMSA2 and Randpool, avoid calling name() on objects after
|
||
deleting them if the provided algorithm objects are not suitable
|
||
for use. Found by Clang analyzer, reported by Jeffrey Walton.
|
||
* If X509_Store was copied, the u32bit containing how long to cache
|
||
validation results was not initialized, potentially causing
|
||
results to be cached for significant amounts of time. This could
|
||
allow a certificate to be considered valid after its issuing CA’s
|
||
cert expired. Expiration of the end-entity cert is always checked,
|
||
and reading a CRL always causes the status to be reset, so this
|
||
issue does not affect revocation. Found by Coverity scanner.
|
||
* Avoid off by one causing a potentially unterminated string to be
|
||
passed to the connect system call if the library was configured to
|
||
use a very long path name for the EGD socket. Found by Coverity
|
||
Scanner.
|
||
* In PK_Encryptor_EME, PK_Decryptor_EME, PK_Verifier, and
|
||
PK_Key_Agreement, avoid dereferencing an unitialized pointer if no
|
||
engine supported operations on the key object given. Found by
|
||
Coverity scanner.
|
||
* Avoid leaking a file descriptor in the /dev/random and EGD entropy
|
||
sources if stdin (file descriptor 0) was closed. Found by Coverity
|
||
scanner.
|
||
* Avoid a potentially undefined operation in the bit rotation
|
||
operations. Not known to have caused problems under any existing
|
||
compiler, but might have caused problems in the future. Caught by
|
||
Clang sanitizer, reported by Jeffrey Walton.
|
||
* Increase default hash iterations from 10000 to 50000 in PBES1 and
|
||
PBES2
|
||
* Add a fix for mips64el builds from Brad Smith.
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Mar 16 13:44:43 UTC 2013 - cgiboudeaux@gmx.com
|
||
|
||
- Update to 1.10.5
|
||
* A potential crash in the AES-NI implementation of the AES-192 key schedule
|
||
(caused by misaligned loads) has been fixed.
|
||
* A previously conditional operation in Montgomery multiplication and
|
||
squaring is now always performed, removing a possible timing channel.
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Mar 10 21:35:25 UTC 2013 - schwab@suse.de
|
||
|
||
- aarch64-support.patch: add support for aarch64
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Sep 14 20:08:15 UTC 2012 - p.drouand@gmail.com
|
||
|
||
- update to 1.10.3:
|
||
* A change in 1.10.2 accidentally broke ABI compatibility with
|
||
1.10.1 and earlier versions, causing programs compiled against
|
||
1.10.1 to crash if linked with 1.10.2 at runtime.
|
||
* Recent versions of OpenSSL include extra information in ECC
|
||
private keys, the presence of which caused an exception when such
|
||
a key was loaded by botan. The decoding of ECC private keys has been
|
||
changed to ignore these fields if they are set.
|
||
- remove Botan-qt_thread_support.patch no needed anymore
|
||
-------------------------------------------------------------------
|
||
Thu Aug 16 09:06:44 UTC 2012 - dmueller@suse.com
|
||
|
||
- don't fiddle with march settings, we want the distro defaults
|
||
(fixes build on ARM)
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Feb 7 08:04:05 UTC 2012 - coolo@suse.com
|
||
|
||
- little spec cleanup
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Sep 16 17:36:04 UTC 2011 - jengelh@medozas.de
|
||
|
||
- Implement baselibs.conf for package
|
||
- Remove obsolete/redundant tags
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jul 4 17:14:21 CEST 2011 - pth@suse.de
|
||
|
||
- Make package own its docdir.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jun 23 14:43:48 CEST 2011 - dmueller@suse.de
|
||
|
||
- rename the devel package back to libbotan-devel as the main
|
||
package allows to build only one -devel package
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 22 16:10:32 CEST 2011 - pth@suse.de
|
||
|
||
- Fix Requires for devel package.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jun 21 16:53:15 CEST 2011 - pth@suse.de
|
||
|
||
- Devel package now is versioned so multiple devel packages may
|
||
be installed in parallel.
|
||
- Devel package renamed back to Botan-devel to keep rpmlint from
|
||
thinking it is a library package ...
|
||
|
||
- Update to 1.10.0:
|
||
New Features:
|
||
* SSL (SSLv3, TLS 1.0, and TLS 1.1 are currently supported)
|
||
* GOST 34.10-2001 signature scheme (a Russian ECC signature standard
|
||
analogous to ECDSA)
|
||
* The SHA-3 candidates Keccak and Blue Midnight Wish
|
||
* Bcrypt password hashing
|
||
* XSalsa20
|
||
* AES key wrapping
|
||
* Comb4P hash combinator.
|
||
|
||
Other Changes:
|
||
* The block cipher interface now exposes any possible parallelism
|
||
available to the implementation, and XTS, CTR, and CBC modes have been
|
||
changed to use them.
|
||
|
||
* SIMD implementations of Serpent, XTEA, Noekeon, and IDEA have been
|
||
added, as has an implementation of AES using SSSE3 which runs both in
|
||
constant time and, on recent processors, significantly faster than the
|
||
usual table based implementation. There have also been numerous
|
||
optimizations to elliptic curves.
|
||
|
||
* The documentation, previously written in LaTeX, is now in
|
||
reStructuredText, which is converted into HTML with Sphinx. This new
|
||
format is significantly easier to write, encouraging more documentation
|
||
to be written and updated. And, indeed, a number of features never
|
||
before documented are now described in the manual.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Sep 1 16:38:40 CEST 2010 - pth@suse.de
|
||
|
||
- Prefix last patch with Botan-.
|
||
- Enable building of the qt_mutex module. This means that from now
|
||
on libbotan requires libQtCore.
|
||
- Fix test for thread/mutex support to also work for Qt4.
|
||
|
||
- Update to 1.8.10:
|
||
|
||
* This release changes a number of aspects of how private keys are
|
||
encrypted. The default encryption algorithm has changed from 3DES
|
||
to AES-256
|
||
|
||
* The default iteration count for PBES1 and PBES2 encryption schemes
|
||
(which are used primarily to encrypt asymmetric keys like RSA or
|
||
DSA) has increased from 2048 to 10000, which should make brute
|
||
force key cracking substantially harder.
|
||
|
||
* The first round of AES now uses a smaller set of lookup tables;
|
||
this only reduces performance slightly but some timing and cache
|
||
analysis attacks against AES are substantially harder when AES is
|
||
implemented this way.
|
||
|
||
* The class known as S2K was renamed PBKDF in 1.9, with a typedef
|
||
for backwards compatibility. For providing an equivalent forward
|
||
compatibility path, 1.8.10 includes a typedef for PBKDF and a new
|
||
accessor function get_pbkdf. It also includes a new interface for
|
||
deriving keys with a passphrase which takes both the passphrase
|
||
and desired output length as well as the salt and iteration
|
||
count; in many cases this call is actually significantly more
|
||
convenient than the older API.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Aug 31 09:22:59 UTC 2010 - aj@suse.de
|
||
|
||
- Do not include build time and host in package to not trigger rebuilds.
|
||
- Add pkg-config build requires as suggested by rpmlint.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Mar 10 01:01:48 CET 2010 - ro@suse.de
|
||
|
||
- add patch from fedora to fix build on x86_64
|
||
(botan-1.8.8-binutils_lea_offset.patch)
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Jan 10 04:27:38 CET 2010 - jengelh@medozas.de
|
||
|
||
- run configure with --cpu=%_target to have correct bitness
|
||
selected for SPARC
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Dec 21 17:34:49 UTC 2009 - coolo@novell.com
|
||
|
||
- do not patch arch specific Makefiles, but simply pass WARN_FLAGS
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Dec 21 00:32:43 CET 2009 - ro@suse.de
|
||
|
||
- fix requires for devel package
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Dec 16 13:13:16 CET 2009 - pth@suse.de
|
||
|
||
- Remove patches that aren't needed anymore.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Dec 11 19:43:25 CET 2009 - pth@suse.de
|
||
|
||
- Update to Botan-1.8.8:
|
||
- Alter Skein-512 to match the tweaked 1.2 specification
|
||
- Fix use of inline asm for access to x86 bswap function
|
||
- Allow building the library without AES enabled
|
||
- For the complete changes since 1.6.4 see log.txt in
|
||
/usr/share/doc/packages/Botan.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Apr 7 13:20:18 CEST 2008 - pth@suse.de
|
||
|
||
- No macros for package name.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Apr 3 18:39:38 CEST 2008 - pth@suse.de
|
||
|
||
- Update to 1.6.4. While the included fix is uninteresting for
|
||
Linux, it makes it easier to rename the package once again to
|
||
its old name:
|
||
* Fix a compilation problem with Visual Studio C++ 2003
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Aug 3 01:56:12 CEST 2007 - dmueller@suse.de
|
||
|
||
- update to 1.6.3:
|
||
* fixes various multithreading issues
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jun 21 01:02:20 CEST 2007 - dmueller@suse.de
|
||
|
||
- update to 1.6.2:
|
||
* Remove a call to abort() that crept into production
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Apr 23 18:41:19 CEST 2007 - dmueller@suse.de
|
||
|
||
- fix -devel package requires
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Mar 24 12:19:13 CET 2007 - aj@suse.de
|
||
|
||
- Add libbz2-devel to BuildRequires.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Mar 9 18:46:03 CET 2007 - pth@suse.de
|
||
|
||
- Update to 1.6.1. Changes since 1.4.10:
|
||
|
||
* Compilation fixes for the bzip2, zlib, and GNU MP modules
|
||
* Better support for Intel C++ and EKOpath C++ on x86-64
|
||
* Cleanups in the initialization routines
|
||
* Add some x86-64 assembly for multiply-add
|
||
* Fix problems generating very small (below 384 bit) RSA keys
|
||
* More improvements to the Python bindings
|
||
* Removed the Algorithm base class
|
||
* Various cleanups in the public key inheritance hierarchy
|
||
* Added x86 assembler implementations of Serpent and low-level MPI code
|
||
* Optimizations for the SHA-1 x86 assembler
|
||
* Various improvements to the Python wrappers
|
||
* Add x86 assembler versions of MD4, MD5, and SHA-1
|
||
* Expand InitializerOptions' language to support on/off switches
|
||
* Fix possible resource leaks in the mmap allocator
|
||
* Slightly optimized buffering in MDx_HashFunction
|
||
* Initialization failures are dealt with somewhat better
|
||
* Add an example implementing Pollard's Rho algorithm
|
||
* Expand the xor_ciph example to support longer keys
|
||
* Fixed bitrot in the AEP engine
|
||
* Fix support for marking certificate/CRL extensions as critical
|
||
* Significant cleanups in the library state / initialization code
|
||
* LibraryInitializer takes an explicit InitializerOptions object
|
||
* Make Mutex_Factory an abstract class, add Default_Mutex_Factory
|
||
* Change configuration access to using global_state()
|
||
* Add support for global named mutexes throughout the library
|
||
* Add some STL wrappers for the delete operator
|
||
* Change how certificates are created to be more flexible and general
|
||
* Many internal cleanups to the X.509 cert/CRL code
|
||
* Allow for application code to support new X.509 extensions
|
||
* Change the return type of X509_Certificate::{subject,issuer}_info
|
||
* Allow for alternate character set handling mechanisms
|
||
* Fix a bug that was slowing squaring performance somewhat
|
||
* Fix a very hard to hit overflow bug in the C version of word3_muladd
|
||
* Minor cleanups to the assembler modules
|
||
* Further, major changes to the BER/DER coding system
|
||
* Updated the Qt mutex module to use Mutex_Factory
|
||
* Moved the library global state object into an anonymous namespace
|
||
* The low-level DER/BER coding system was redesigned and rewritten
|
||
* Portions of the certificate code were cleaned up internally
|
||
* Use macros to substantially clean up the GCC assembly code
|
||
* Some slight cleanups in X509_PublicKey::key_id
|
||
* Fixed a potential infinite loop in the memory pool code (Matt Johnston)
|
||
* Made Pooling_Allocator::Memory_Block an actual class of sorts
|
||
* Some small optimizations to the division and modulo computations
|
||
* Cleaned up the implementation of some of the BigInt operators
|
||
* Reduced use of dynamic memory allocation in low-level BigInt functions
|
||
* A few simplifications in the Randpool mixing function
|
||
* Removed power(), as it was not particularly useful (or fast)
|
||
* Fixed some annoying bugs in the benchmark code
|
||
* Added a real credits file
|
||
* Integrated x86 and amd64 assembly code, contributed by Luca Piccarreta
|
||
* Fixed a memory access off-by-one in the Karatsuba code
|
||
* Changed Pooling_Allocator's free list search to a log(N) algorithm
|
||
* Merged ModularReducer with its only subclass, Barrett_Reducer
|
||
* Fixed sign-handling bugs in some of the division and modulo code
|
||
* Renamed the module description files to modinfo.txt
|
||
* Further cleanups in the initialization code
|
||
* Removed BigInt::add and BigInt::sub
|
||
* Merged all the division-related functions into just divide()
|
||
* Modified the <mp_asmi.h> functions to allow for better optimizations
|
||
* Made the number of bits polled from an EntropySource user configurable
|
||
* Avoid including <algorithm> in <botan/secmem.h>
|
||
* Removed some dead code from bigint_modop
|
||
* Fix the definition of same_mem
|
||
* Many optimizations in the low-level multiple precision integer code
|
||
* Added hooks for assembly implementations of the MPI code
|
||
* Support for the X.509 issuer alternative name extension in new certs
|
||
* Fixed a bug in the decompression modules; found and patched by Matt Johnston
|
||
* mem_pool.cpp was using std::set iterators instead of std::multiset ones
|
||
* Fixed a bug in X509_CA preventing users from disabling particular extensions
|
||
* Fixed the mp_asm64 module, which was entirely broken in 1.5.2
|
||
* Fixed an off-by-one memory read in MISTY1::key()
|
||
* Fixed a nasty memory leak in Output_Buffers::retire()
|
||
* Reimplemented the memory allocator from scratch
|
||
* Improved memory caching in Montgomery exponentiation
|
||
* Optimizations for multiple precision addition and subtraction
|
||
* Fixed a build problem in the hardware timer module on 64-bit PowerPC
|
||
* Changed default Karatsuba cutoff to 12 words (was 14)
|
||
* Removed MemoryRegion::bits(), which was unused and incorrect
|
||
* Changed maximum HMAC keylength to 1024 bits
|
||
* Various minor Makefile and build system changes
|
||
* Avoid using std::min in <secmem.h> to bypass Windows libc macro pollution
|
||
* Switched checks/clock.cpp back to using clock() by default
|
||
* Removed the Default_Mutex's unused clone() member function
|
||
* Implemented Montgomery exponentiation
|
||
* Implemented generalized Karatsuba multiplication and squaring
|
||
* Implemented Comba squaring for 4, 6, and 8 word inputs
|
||
* Added new Modular_Exponentiator and Power_Mod classes
|
||
* Removed FixedBase_Exp and FixedExponent_Exp
|
||
* Fixed a performance regression in get_allocator
|
||
* Engines can now offer S2K algorithms and block cipher padding methods
|
||
* Merged the remaining global 'algolist' code into Default_Engine
|
||
* The low-level MPI code is linked as C again
|
||
* Replaced BigInt's get_nibble with the more general get_substring
|
||
* Moved all global/shared library state into a single object
|
||
* Mutex objects are created through mutex factories instead of a global
|
||
* Removed ::get_mutex(), ::initialize_mutex(), and Mutex::clone()
|
||
* Removed the RNG_Quality enum entirely
|
||
* There is now only a single global-use PRNG
|
||
* Removed the no_aliases and no_oids options for LibraryInitializer
|
||
* Removed the deprecated algorithms SEAL, ISAAC, and HAVAL
|
||
* Fixed an off-by-one memory read in MISTY1::key()
|
||
* Fixed a nasty memory leak in Output_Buffers::retire()
|
||
* Changed maximum HMAC keylength to 1024 bits
|
||
* Changed Whirlpool diffusion matrix to match updated algorithm spec
|
||
* Added a constructor to DataSource_Memory taking a std::string
|
||
* Placing the same Filter in multiple Pipes triggers an exception
|
||
* The configure script accepts --docdir and --libdir
|
||
* Merged doc/rngs.txt into the main API document
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jan 25 21:31:10 CET 2006 - mls@suse.de
|
||
|
||
- converted neededforbuild to BuildRequires
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Jan 14 13:07:23 CET 2006 - kukuk@suse.de
|
||
|
||
- Add gmp-devel to nfb
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Dec 19 11:58:35 CET 2005 - pth@suse.de
|
||
|
||
- Update to 1.4.10
|
||
- Bunch of cleanups and bugfixes added
|
||
- Add KASUMI, the block cipher used in 3G phones
|
||
- Binary file I/O can now be used with the data sink and source classes.
|
||
- Pipe has been refactored
|
||
- A possible memory leak in the OpenSSL engine was also fixed.
|
||
|
||
- Randpool has been modified to use HMAC instead of a plain hash
|
||
as its mixing operation.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Nov 23 14:12:09 CET 2005 - pth@suse.de
|
||
|
||
- Update to 1.4.9
|
||
- new algorithms including MARS, SEED, Turing, and FORK-256.
|
||
- include optimizations for RC6 and Twofish
|
||
- much better support for 64-bit PowerPC
|
||
- support for high resolution hardware timers on most PowerPC systems
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Nov 15 16:48:55 CET 2005 - uli@suse.de
|
||
|
||
- fixed to build on ARM
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Sep 15 16:25:59 CEST 2005 - pth@suse.de
|
||
|
||
- Initial package
|
||
- Use ISO C99 stdint.h to define integer types.
|
||
- Mark 64 bit hex constants as ULL to shut up the compiler.
|
||
|