From 0688d06bc12e7339aee39b2e9d86cd6fd9099148 Mon Sep 17 00:00:00 2001 From: Rene Meusel Date: Tue, 13 Feb 2024 14:28:21 +0100 Subject: [PATCH] Update news --- news.rst | 117 +++++++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 110 insertions(+), 7 deletions(-) diff --git a/news.rst b/news.rst index 83a5efbe750..a0728864caa 100644 --- a/news.rst +++ b/news.rst @@ -4,11 +4,86 @@ Release Notes Version 3.3.0, Not Yet Released ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +* Add FrodoKEM post-quantum KEM (GH #3679 #3807 #3892) + +* Add support for Blake2s (GH #3796) + +* Add support for RFC 7250 in TLS 1.3 to allow authenticating peers + using raw public keys (GH #3771) + +* Update the BSI TLS policy to match the latest TR, particularly + enabling support for TLS 1.3 (GH #3809) + +* Add AsymmetricKey::generate_another() to generate a new key of the + same type and parameters as an existing key (GH #3770 #3786) + +* Add Private_Key::remaining_operations() that indicates the number of + remaining signatures for stateful hash-based signatures (GH #3821) + +* Add implementation of EC_PrivateKey::check_key() (GH #3782 #3804) + +* Add hardware acceleration for SHA-512 on ARMv8 (GH #3860 #3864) + +* X.509 certificates that contain Authority Information Access (AIA) + extensions can now be encoded (GH #3784) + * Various functions defined in ``mem_ops.h`` are now deprecated - for public use (GH #3759 #3757 #3755) + for public use (GH #3759 #3752 #3757) -* Use ``BufferStuffer`` and ``concat`` helpers in public key code - (GH #3756 #3753) +* The ASIO TLS stream can now be used with C++20 coroutines (GH #3764) + +* New public header asio_compat.h to check compatibility of the ASIO + TLS stream with the available boost version (1.73.0+) (GH #3765) + +* Flatten input buffer sequences in the ASIO TLS stream to avoid + creating unnecessarily small TLS records (GH #3839) + +* Hard-rename the potentially harmful build configuration flag + --terminate-on-asserts to --unsafe-terminate-on-asserts (GH #3755) + +* Use modern SQLite3 APIs with integer width annotations from SQLite3 3.37 + (GH #3788 #3793) + +* Generate and install a CMake package config file (botan-config.cmake) + (GH #3722 #3827 #3830 #3825) + +* Add TLS::Channel::is_handshake_complete() predicate method (GH #3762) + +* Add support for setting thread names on Haiku OS and DragonflyBSD + (GH #3758 #3785) + +* Use /Zc:throwingNew with MSVC (GH #3858) + +* Work around a warning in GCC 13 (GH #3852) + +* Add a CLI utility for testing RSA side channels using the MARVIN + toolkit (GH #3749) + +* CLI utility 'tls_http_server' is now based on Boost Beast + (GH #3763 #3791) + +* CLI utility 'tls_client_hello' can detect and handle TLS 1.3 messages + (GH #3820) + +* Add a detailed migration guide for users of OpenSSL 1.1 (GH #3815) + +* Various updates to the documentation and code examples + (GH #3777 #3805 #3802 #3794 #3815 #3823 #3828 #3842 #3841 #3849 #3745) + +* Fixes and improvements to the build experience using ``ninja`` + (GH #3751 #3750 #3769 #3798 #3848) + +* Fix handling of cofactors when performing scalar blinding in EC (GH #3803) + +* Fix potential timing side channels in Kyber (GH #3846) + +* Fix a potential dangling reference resulting in a crash in the OCB + mode of operation (GH #3814) + +* Fix validity checks in the construction of the ASIO TLS stream + (GH #3766) + +* Fix error code handling in ASIO TLS stream (GH #3795 #3801 #3773) * Fix a TLS 1.3 assertion failure that would trigger if the application callback returned an empty certificate chain. (GH #3754) @@ -17,12 +92,40 @@ Version 3.3.0, Not Yet Released server would fail to reject a client hello that advertised (only) FFDHE groups that are not known to us. (GH #3743 #3742 #3729) -* Add a cli utility for testing RSA side channels using the MARVIN - toolkit (GH #3749) +* Fix that modifications made in TLS::Callbacks::tls_modify_extensions() + for the TLS 1.3 Certificate message were not being applied. (GH #3792) + +* Fix string mapping of the PKCS#11 mechanism RSA signing mechanism that + use SHA-384 (GH #3868) + +* Fix a build issue on NetBSD (GH #3767) + +* Fix the configure.py to avoid recursing out of our source tree (GH #3748) + +* Fix various clang-tidy warnings (GH #3822) + +* Fix CLI tests on windows and enable them in CI (GH #3845) + +* Use ``BufferStuffer`` and ``concat`` helpers in public key code + (GH #3756 #3753) + +* Add a nightly test to ensure hybrid TLS 1.3 PQ/T compatibility with + external implementations (GH #3740) + +* Internal memory operation helpers are now memory container agnostic + using C++20 ranges (GH #3715 #3707) + +* Public and internal headers are now clearly separated in the build + directory. That restricts the examples build target to public headers. + (GH #3880) + +* House keeping for better code formatting with clang-format + (GH #3862 #3865) -* Add support for setting thread names on Haiku OS (GH #3758) +* Build documentation in CI and fail on warnings or errors (GH #3838) -* Fix a build problem using ``ninja`` (GH #3751 #3750) +* Work around a GitHub Actions CI issue (actions/runner-images#8659) + (GH #3783 #3833 #3888) Version 3.2.0, 2023-10-09 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^