ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/NEWS
(Generate patch)

Comparing gvpe/NEWS (file contents):
Revision 1.126 by root, Fri Apr 24 21:55:29 2015 UTC vs.
Revision 1.131 by root, Wed Nov 2 06:54:13 2016 UTC

1GVPE NEWS 1GVPE NEWS
2 2
3TODO: bridge mode, finally?
4TODO: gcm mode?
5TODO: replace ripemd160 as the only authentication hash.
6TODO: increase rsa size.
7TODO: replace transport bits by transport endpoint structs?
8TODO: http://incog-izick.blogspot.de/2011/08/using-openssl-aes-gcm.html
9TODO: http://stackoverflow.com/questions/12153009/openssl-c-example-of-aes-gcm-using-evp-interfaces
10
11TODO: verify
12TODO: make sense of overhead calculation
13TODO: if-up &c should not be scripts?
14TODO: ipv6
15TODO: gvpectrl should not use default privatekey,. or maybe document it better 3TODO: gvpectrl should not use default privatekey,. or maybe document it better
16 - INCOMPATIBLE CHANGE: core protocol version 1.0. 4 - INCOMPATIBLE CHANGE: core protocol version 1.0.
17 - INCOMPATIBLE CHANGE: node sections are now introduced 5 - INCOMPATIBLE CHANGE: node sections are now introduced
18 with "node nodename", not "node = nodename". 6 with "node nodename", not "node = nodename".
7 - openssl 1.0.2 is the latest supported openssl release,
8 openssl 1.1.0 is not supported at the moment as the work to
9 make it compatible to both versions is just too much. a switch
10 to openssl 1.1 or another library will be done in a future release.
11 - gvpectrl -g will now generate a single keypair, while -G
12 will try to generate all keypairs as before.
13 - add workaround for temporary/rare ENOBUFS condition.
19 - while individual packets couldn't be replayed, a whole session 14 - while individual packets couldn't be replayed, a whole session
20 could be replayed - this has been fixed by an extra key exchange. 15 could be replayed - this has been fixed by an extra key exchange.
21 - fix a delete vs. delete [] mismatch in the central logging function. 16 - fix a delete vs. delete [] mismatch in the central logging function.
22 - in addition to rsa key exchange and authentication, the handshake now 17 - in addition to rsa key exchange and authentication, the handshake now
23 adds a diffie-hellman key exchange (using curve25119) for perfect 18 adds a diffie-hellman key exchange (using curve25119) for perfect
50 - during rekeying or conenction establishments, hmac authentication 45 - during rekeying or conenction establishments, hmac authentication
51 errors could occur and reset the connection. Transient hmac 46 errors could occur and reset the connection. Transient hmac
52 authentication errors are now being ignored for 3 seconds. 47 authentication errors are now being ignored for 3 seconds.
53 - log the reason for a conneciton loss. 48 - log the reason for a conneciton loss.
54 - use a (hopefully) constant time memcmp to compare internal secrets. 49 - use a (hopefully) constant time memcmp to compare internal secrets.
50 - fix a (harmless) errornous out of bounds stack read that would trigger
51 gcc's -fsanitize=address.
52 - bump old packet window size from 512 to 65536.
53 - update for big changes in openssl 1.1 API, wrap primitives
54 to make further changes easier.
55 - correctly check return values for openssl 1.0.0 and later.
56 - check for both public and private key file when deciding whether
57 to skip generating a key to avoid accidental overwrites.
55 58
562.25 Sat Jul 13 06:42:33 CEST 2013 592.25 Sat Jul 13 06:42:33 CEST 2013
57 - INCOMPATIBLE CHANGE: no longer enable udp protocol if no other 60 - INCOMPATIBLE CHANGE: no longer enable udp protocol if no other
58 protocols are enabled - this is necessary when you have nodes with 61 protocols are enabled - this is necessary when you have nodes with
59 completely unknown protocols, to force mediated connection requests. 62 completely unknown protocols, to force mediated connection requests.

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines