代码拉取完成,页面将自动刷新
-l
within them (such as -fuse-linker-plugin
) to
be misinterpreted. (GH #2715)-latomic
needed on SPARC) were not always applied
effectively. (GH #2622 #2623 #2625)--with-external-libdir
(GH #2496)asn1_str.h
, asn1_time.h
, asn1_oid.h
and alg_id.h
have been moved to asn1_obj.h
. The header files remain
but simply forward the include to asn1_obj.h
. These now-empty header files
are deprecated, and will be removed in a future major release. (GH #2441)asn1_attribute.h
asn1_alt_name.h
name_constraint.h
x509_dn.h
cert_status.h
and key_constraint.h
have been merged into pkix_enums.h
(for enumerations) and pkix_types.h
(for all other definitions). The previous header files remain but simply
forward the include to the new header containing the definition. These
now-empty header files are deprecated, and will be removed in a future major
release. (GH #2441)aarch64_be
target CPU (GH #2422)X509_Certificate
(GH #2250)cpu_clock
which estimates the speed of the
processor cycle counter. (GH #2251)botan_all.cpp
and botan_all.h
are
generated. (GH #2246)none
(GH #2303 #2304 #2305)-rpath=$ORIGIN
or (on macOS)
install_name which allowed running the tests from the build
directory without setting LD_LIBRARY_PATH
/DYLD_LIBRARY_PATH
environment variables. Instead set the dynamic linker variables
appropriately, or use make check
. (GH #2294 #2302)--name-amalgamation
which allows naming the
amalgamation output, instead of the default botan_all
. (GH #2246)generic
CPU target useful when building for some new or unusual
platform..lib
suffix be added when
providing an explicit library name, as is used for example for Boost.
Now the .lib
suffix is implicit, and should be omitted.TLS::Channel::is_active
and
TLS::Channel::is_closed
could simultaneously return true.
(GH #2174 #2171)std::shared_ptr
instead of boost::shared_ptr
in some examples.
(GH #2155)--without-documentation
is used, avoid invoking the
documentation build script. (GH #2138)finish
without
ever setting a nonce (GH #2151 #2150)OID
objects (GH #2057)entropy
cli which allows sampling the output of the entropy sources.base32_enc
and base32_dec
cli for base32 encoding operations. (GH #2111)tls_client
and tls_proxy_server
(GH #2047)--test-threads=1
to
return to previous single-threaded behavior. (GH #2071 #2075)botan.dll
so Python wrapper can run on Windows.
(GH #2059 #2060)BOTAN_FORCE_INLINE
macro to resolve a performance issue with BLAKE2b on MSVC
(GH #2092 #2089)__GNUG__
in headers that may be consumed by a C compiler (GH #2013)boost::asio
TLS stream compatible with boost::asio::ssl
.
(GH #1839 #1927 #1992)System_Certificate_Store
which wraps Windows, macOS,
and Linux certificate stores. (GH #1893)trust_roots
CLI that examines the system certificate store.
(GH #1893)--format
option to rng
CLI command allowing to format
as base64, base58 or binary in addition to hex. (GH #1945)sysconf
to detect the number of CPUs (GH #1877)getauxval
for older Android (GH #1962)configure.py
option allowing to set arbitrary macros during build.
(GH #1960)elf_aux_info
to detect ARM and POWER CPU features
(GH #1895)PROT_MAX
to prevent mmap regions from being made executable
later. (GH #2001)-mabi
flag when building on MIPS64 (GH #1918)LDFLAGS
(GH #1916)Memory_Pool
class, which services allocations out of a
set of pages locked into memory (using mlock
/VirtualLock
). It is now
faster and with improved exploit mitigations. (GH #1800)Thread_Pool
class. It is now possible to run the tests in multiple
threads with --test-threads=N
flag to select the number of threads to use.
Use --test-threads=0
to run with as many CPU cores as are available on the
current system. The default remains single threaded. (GH #1819)Integrity_Failure
to Invalid_Authentication_Tag
to make
its meaning and usage more clear. The old name remains as a typedef. (GH #1816)filesystem
and MSVC's std::filesystem
have been
removed, since already POSIX and Win32 versions had to be maintained for
portability. (GH #1814)arc4random
on Android systems (GH #1851)pledge
) sandboxes are supported. (GH #1808)if constexpr
when available.darwin
build target to macos
. This should not cause any
user-visible change. (GH #1866)sccache
to cache the Windows CI build (GH #1807)--extra-cxxflags
option which allows adding compilation flags without
overriding the default set. (GH #1826)--format=
option to the hash
cli which allows formatting the output
as base64 or base58, default output remains hex.base58_enc
and base58_dec
cli utils for base58 encoding/decoding.
(GH #1848)getentropy
by default on macOS (GH #1862)-momit-leaf-frame-pointer
flags, since -fomit-frame-pointer
is already the default with recent versions of GCC.Blake2b
class to BLAKE2b
to match the official name. There is
a typedef for compat.Ed25519_PublicKey
of incorrect length would
lead to a crash. (GH #1850)CT::Mask
type to simplify const-time programming (GH #1751)--disable-bmi2
, --disable-rdrand
,
and --disable-rdseed
to prevent use of those instruction sets.error_type
and error_code
functions to Exception type (GH #1744)posix_memalign
is used instead of mmap
for
allocating the page-locked memory pool. This avoids issues with fork
.
(GH #602 #1798)Stateful_RNG::randomize_with_ts_input
BigInt
modulo a small power of 2.
(GH #1755)configure.py
to disable generation of pkg-config
file, and (for systems where pkg-config
support defaults to off,
like Windows), to enable generating it. (GH #1268)configure.py
to accept empty lists or trailing/extra commas.
(GH #1705)Cipher_Mode
class now derives from SymmetricAlgorithm
(GH #1639)SecRandomCopyBytes
has been removed as it was
redundant with other entropy sources (GH #1668)getrandom
syscall to access the system PRNG.
This is disabled by default, use --with-os-feature=getrandom
to enable.pk_encrypt
and pk_decrypt
CLI operationsasn1print
CLI defaults to printing context-specific fields.cast
module has been split up into cast128
and cast256
(GH #1685)--ack-vc2013-deprecated
(GH #1557)mkstemp
to create temporary files instead of
creating them in the current working directory. (GH #1533 #1530)CXX
when invoking make in addition
to when configure.py
is run. (GH #1579)factor
command runs much faster on larger inputs now.Cipher_Mode::create
and AEAD_Mode::create
(GH #1527)b*.example.com
would be accepted as a match for
any host with name *b*.example.com
(GH #1519)Pipe::prepend_filter
to replace deprecated Pipe::prepend
(GH #1402)PK_Encryptor::maximum_input_size
which
reported a much too small value (GH #1410)botan --help
has been improved (GH #1387)--der-format
flag to command line utils, making it possible verify
DSA/ECDSA signatures generated by OpenSSL command line (GH #1409)--library-suffix
option to configure.py
(GH #1405 #1404)--msvc-runtime
option to allow using static runtime (GH #1499 #210)--enable-sanitizers=
option to allow specifying which sanitizers to
enable. The existing --with-sanitizers
option just enables some default
set which is known to work with the minimum required compiler versions.rst2man
or rst2man.py
for generating man page as
distributions differ on where this program is installed (GH #1516)contrib
has been removed. It
is still maintained by the original author at
https://github.com/OlivierJG/botansqlite3
--makefile-style
which was previously used to select the makefile type has
also been removed. (GH #1230 #1237 #1300 #1318 #1319 #1324 #1325 #1346)Public_Key::fingerprint_public
which allows fingerprinting the public key.
The previously available Private_Key::fingerprint
is deprecated, now
Private_Key::fingerprint_private
should be used if this is required.
(GH #1357)tls_http_server
command line utility which responds to
simple GET requests. This is useful for testing against a browser, or various
TLS test tools which expect the underlying protocol to be HTTP. (GH #1315)EC_Group::known_named_groups
(GH #1339)shared_ptr
, so copying such objects is
now very cheap. (GH #884)asn1print
command line utility and may be
useful in other applications, for instance for debugging.CTR_BE
object and setting the second parameter to something in the range
of 1 to 3.asn1_print.h
.
This is the same functionality used by the command line asn1print
util,
now cleaned up and moved to the library.Pipe::append_filter
. This is like the existing (deprecated)
Pipe::append
, the difference being that append_filter
only
allows modification before the first call to start_msg
. (GH #1306 #1307)BZ_SEQUENCE_ERROR
due to calling bzlib in an way it does
not support. (GH #1308 #1309)Strict_Policy
and BSI_TR_02102_2
). However it is
reasonable and useful for an application to derive from one of these policies, so
as to create an application specific policy that is based on a library-provided
policy, but with a few tweaks. So the final annotations have been removed on
these classes. (GH #1292)--with-pdf
enables building a PDF copy of the handbook.
(GH #1337)--with-rst2man
enables building a man page for the
command line util using Docutils rst2man. (GH #1349)Gzip_Compression
constructor.System_RNG
class is now implemented using arc4random
.
Previously the system RNG class was not available on iOS. (GH #1219)PSSR_Raw
signatures which PSS sign an externally derived
hash. (GH #1212 #1211)allow_client_initiated_renegotiation
which is the
parallel of the existing allow_server_initiated_renegotiation
. If set to
false, servers will reject attempts by the client to renegotiation the
session, instead sending a no_renegotiation
warning alert. Note that the
default is false
, ie that client renegotiation is now prohibited by default.
(GH #872)botan_ffi_supports_api
call will
return true for either the current or older versions of the API version since
no backwards incompatible changes have occurred.botan_hex_decode
, botan_base64_encode
,
botan_base64_decode
, botan_constant_time_compare
.botan_privkey_load_dh
, botan_pubkey_load_dh
,
and botan_privkey_create_dh
(GH #1155)is_passhash9_alg_supported
(GH #1154)power_mod
function now supports negative bases (GH #1179 #1168)botan_pk_op_verify_finish
. In 2.2.0 this function
returned -1 on invalid signature, instead of 1 which was used in 2.0, 2.1, and
now again in 2.3. (GH #1189 #1187)--rng-type=drbg
and --drbg-seed
which
allow running commands with a deterministic RNG. (GH #1169)Botan::secure_allocator
. In particular, not
defining the construct
and destroy
methods avoids a performance problem
under MSVC. (GH #1228 and #1229)secure_allocator
class now uses calloc
and free
instead of
new
and delete
. In addition the actual allocation operation is hidden
inside of compiled functions, which significantly reduces code size. (GH #1231)secure_scrub_memory
function now uses explicit_bzero
on OpenBSD.botan config libs
was incorrect, it produced -lbotan-2.X
where X is the minor version, instead of the actual lib name -lbotan-2
.constant_time_compare
as better named equivalent of same_mem
.create_private_key
(GH #1150)BOTAN_DLL
macro has been split up into BOTAN_PUBLIC_API
,
BOTAN_UNSTABLE_API
and BOTAN_TEST_API
which allows
indicating in the header the API stability of the export. All three
are defined as BOTAN_DLL
so overriding just that macro continues
to work as before. (GH #1216)bigint_divop
when a double-word type is available. (GH #494)valgrind
in the fork
tests for the RNG was resolved.CurveGFp_Repr
type (only used internally) to resolve a
long standing UBSan warning. (GH #453)-fstack-protector
and similar flags that affect linking are exported
in botan config ldflags
as they already were in the pkg-config
output.
(GH #863)package.h
) is now deprecated, and will be
removed in a future release. (GH #1215)--data-dir
option (GH #1149)final
annotations have been added to classes which are not
intended for derivation. This keyword was already in use but was not
applied consistently.SecureVector
has been added for the secure_vector
type.
This makes porting code from 1.10 to 2.x API slightly simpler.bigint.h
no longer
includes rng.h
, but just forward declares RandomNumberGenerator
.http_util
(allowing OCSP checks on Windows),
as well as in the TLS command line utils (GH #1138).--destdir
flag to configure.py
has been removed. Instead use
the DESTDIR
environment variable at install time. This change was
done to more closely match how autoconf handles this case.
(GH #1139 #1111 #997 #996).hmac
(GH #1001), encryption
(GH #359),
hex_enc
, and hex_dec
.sign_cert
command line util, which ignored the
--ca-key-pass
option. (GH #1106)speed
util can now benchmark multiple buffer sizes (GH #1084)--single-amalgamation-file
without --amalgamation
, though it did not do anything useful. Now
--single-amalgamation-file
requires --amalgamation
also be set
on the command line.--with-pkcs11
and --without-pkcs11
flags to configure.py
have been removed. PKCS11 can still be disabled
using --disable-modules=pkcs11
(GH #837)OS::run_cpu_instruction_probe
for runtime probing of ISA extensions.
Supporting this requires system-specific techniques, currently Windows SEH and
Unix signal handling are supported.time_t
. (GH #933 fixing #917)--with-external-libdir
to configure.py (GH #857 fixing #19 #767)OS::get_high_resolution_clock
which returns the best resolution
clock available on the system.OS::get_processor_timestamp
to return 0 if no hardware
cycle counter is available. Previously it silently fell back on some
other clock type.botan speed
.tls_client
. (GH #942)timing_test
which enables running
timing-based side channel analysis of TLS CBC decryption, ECC scalar
multiplies, OAEP decoding, and other operations which are prone to
providing an oracle via side channel. This replaces the standalone
timing test suite added in 1.11.34, which has been removed.botan-2.0
. Since future release of Botan-2 should be
compatible with code written against old versions, there does not
seem to be any reason to version the include directory with the
minor number. (GH #830 #833)doc/old_news.rst
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。