@@ -4,11 +4,86 @@ Release Notes
44Version 3.3.0, Not Yet Released
55^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
66
7+ * Add FrodoKEM post-quantum KEM (GH #3679 #3807 #3892)
8+
9+ * Add support for Blake2s (GH #3796)
10+
11+ * Add support for RFC 7250 in TLS 1.3 to allow authenticating peers
12+ using raw public keys (GH #3771)
13+
14+ * Update the BSI TLS policy to match the latest TR, particularly
15+ enabling support for TLS 1.3 (GH #3809)
16+
17+ * Add AsymmetricKey::generate_another() to generate a new key of the
18+ same type and parameters as an existing key (GH #3770 #3786)
19+
20+ * Add Private_Key::remaining_operations() that indicates the number of
21+ remaining signatures for stateful hash-based signatures (GH #3821)
22+
23+ * Add implementation of EC_PrivateKey::check_key() (GH #3782 #3804)
24+
25+ * Add hardware acceleration for SHA-512 on ARMv8 (GH #3860 #3864)
26+
27+ * X.509 certificates that contain Authority Information Access (AIA)
28+ extensions can now be encoded (GH #3784)
29+
730* Various functions defined in ``mem_ops.h `` are now deprecated
8- for public use (GH #3759 #3757 #3755 )
31+ for public use (GH #3759 #3752 #3757 )
932
10- * Use ``BufferStuffer `` and ``concat `` helpers in public key code
11- (GH #3756 #3753)
33+ * The ASIO TLS stream can now be used with C++20 coroutines (GH #3764)
34+
35+ * New public header asio_compat.h to check compatibility of the ASIO
36+ TLS stream with the available boost version (1.73.0+) (GH #3765)
37+
38+ * Flatten input buffer sequences in the ASIO TLS stream to avoid
39+ creating unnecessarily small TLS records (GH #3839)
40+
41+ * Hard-rename the potentially harmful build configuration flag
42+ --terminate-on-asserts to --unsafe-terminate-on-asserts (GH #3755)
43+
44+ * Use modern SQLite3 APIs with integer width annotations from SQLite3 3.37
45+ (GH #3788 #3793)
46+
47+ * Generate and install a CMake package config file (botan-config.cmake)
48+ (GH #3722 #3827 #3830 #3825)
49+
50+ * Add TLS::Channel: :is_handshake_complete() predicate method (GH #3762)
51+
52+ * Add support for setting thread names on Haiku OS and DragonflyBSD
53+ (GH #3758 #3785)
54+
55+ * Use /Zc:throwingNew with MSVC (GH #3858)
56+
57+ * Work around a warning in GCC 13 (GH #3852)
58+
59+ * Add a CLI utility for testing RSA side channels using the MARVIN
60+ toolkit (GH #3749)
61+
62+ * CLI utility 'tls_http_server' is now based on Boost Beast
63+ (GH #3763 #3791)
64+
65+ * CLI utility 'tls_client_hello' can detect and handle TLS 1.3 messages
66+ (GH #3820)
67+
68+ * Add a detailed migration guide for users of OpenSSL 1.1 (GH #3815)
69+
70+ * Various updates to the documentation and code examples
71+ (GH #3777 #3805 #3802 #3794 #3815 #3823 #3828 #3842 #3841 #3849 #3745)
72+
73+ * Fixes and improvements to the build experience using ``ninja ``
74+ (GH #3751 #3750 #3769 #3798 #3848)
75+
76+ * Fix handling of cofactors when performing scalar blinding in EC (GH #3803)
77+
78+ * Fix potential timing side channels in Kyber (GH #3846)
79+
80+ * Fix a potential dangling reference resulting in a crash in the OCB
81+ mode of operation (GH #3814)
82+
83+ * Fix validity checks in the construction of the ASIO TLS stream
84+ (GH #3766)
85+
86+ * Fix error code handling in ASIO TLS stream (GH #3795 #3801 #3773)
1287
1388* Fix a TLS 1.3 assertion failure that would trigger if the
1489 application callback returned an empty certificate chain. (GH #3754)
@@ -17,12 +92,40 @@ Version 3.3.0, Not Yet Released
1792 server would fail to reject a client hello that advertised (only)
1893 FFDHE groups that are not known to us. (GH #3743 #3742 #3729)
1994
20- * Add a cli utility for testing RSA side channels using the MARVIN
21- toolkit (GH #3749)
95+ * Fix that modifications made in TLS::Callbacks: :tls_modify_extensions()
96+ for the TLS 1.3 Certificate message were not being applied. (GH #3792)
97+
98+ * Fix string mapping of the PKCS#11 mechanism RSA signing mechanism that
99+ use SHA-384 (GH #3868)
100+
101+ * Fix a build issue on NetBSD (GH #3767)
102+
103+ * Fix the configure.py to avoid recursing out of our source tree (GH #3748)
104+
105+ * Fix various clang-tidy warnings (GH #3822)
106+
107+ * Fix CLI tests on windows and enable them in CI (GH #3845)
108+
109+ * Use ``BufferStuffer `` and ``concat `` helpers in public key code
110+ (GH #3756 #3753)
111+
112+ * Add a nightly test to ensure hybrid TLS 1.3 PQ/T compatibility with
113+ external implementations (GH #3740)
114+
115+ * Internal memory operation helpers are now memory container agnostic
116+ using C++20 ranges (GH #3715 #3707)
117+
118+ * Public and internal headers are now clearly separated in the build
119+ directory. That restricts the examples build target to public headers.
120+ (GH #3880)
121+
122+ * House keeping for better code formatting with clang-format
123+ (GH #3862 #3865)
22124
23- * Add support for setting thread names on Haiku OS (GH #3758 )
125+ * Build documentation in CI and fail on warnings or errors (GH #3838 )
24126
25- * Fix a build problem using ``ninja `` (GH #3751 #3750)
127+ * Work around a GitHub Actions CI issue (actions/runner-images#8659)
128+ (GH #3783 #3833 #3888)
26129
27130Version 3.2.0, 2023-10-09
28131^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
0 commit comments