Changelog for
boringssl-source-20200921-security.41.8.noarch.rpm :
* Fri Feb 09 2024 Otto Hollmann
- Replace python with python3 (bsc#1219308)
* Wed May 04 2022 Andreas Schwab - 0001-Compile-for-RISC-V.patch: add support for RISC-V- enable build on riscv64
* Mon May 17 2021 mrosteckiAATTsuse.com- Update to version 20200921 (fixes bsc#1183836, bsc#1181866):
* Add SSL_CIPHER_get_protocol_id.
* Add TrustTokenV2.
* Add X509_get_pathlen and X509_REVOKED_get0_extensions.
* Add some accommodations for FreeRDP
* Require non-NULL store in X509_STORE_CTX_init.
* Const-correct X509V3_CONF_METHOD.
* Avoid unions in X509_NAME logic.
* Bump OPENSSL_VERSION_NUMBER to 1.1.1.
* Document more of x509.h.
* Fix potential leak in bssl::Array::Shrink.
* Remove ASN1_STRING_length_set.
* Revert \"Check AlgorithmIdentifier parameters for RSA and ECDSA signatures.\"
* Implement PSK variants of HPKE setup functions.
* acvp: support working with files.
* Document a few more functions in x509.h.
* Add subject key ID and authority key ID accessors.
* Remove sxnet and pkey_usage_period extensions.
* Const-correct various X509 functions.
* Make X509_set_not{Before,After} functions rather than macros.
* Add X509_get0_uids from OpenSSL 1.1.0.
* Bound RSA and DSA key sizes better.
* Add set1 versions of X509 timestamp setters.
* Consistently sort generated build files.
* delocate: use 64-bit GOT offsets in the large memory model.
* Update HPKE implementation and test vectors to draft-irtf-cfrg-hpke-05.
* Handle NULL arguments in some i2d_
* functions.
* aarch64: support BTI and pointer authentication in assembly
* Support delegated credentials verison 06
* delocation: large memory model support.
* Enforce presence of ALPN when QUIC is in use.
* Fix the naming of alert error codes.
* Use golang.org/x/crypto in runner.
* Disable ClientHello padding for QUIC.
* Add X509_SIG_get0 and X509_SIG_getm.
* Implement HPKE.
* Disallow TLS 1.3 compatibility mode in QUIC.
* Switch clang-format IncludeBlocks to Preserve.
* Fix unterminated clang-format off.
* Add line number to doc.go error messages.
* Kick the bots.
* Add a JSON output to generate_build_files.py.
* Add details of 20190808 FIPS certification.
* Link to ws2_32 more consistently.
* Allow explicitly-encoded X.509v1 versions for now.
* Opaquify PKCS8_PRIV_KEY_INFO.
* Implement i2d_PUBKEY and friends without crypto/asn1.
* Remove TRUST_TOKEN_experiment_v0.
* Clarify in-place rules for low-level AES mode functions.
* acvp: add CMAC-AES support.
* acvp: add SP800-108 KDF support.
* Remove x509->name.
* Maybe build for AArch64 Windows.
* sha1-x86_64: fix CFI.
* Use |crypto_word_t| and |size_t| more consistently in ECC scalar recoding.
* Enable shaext path for sha1.
* Avoid relying on SSL_get_session\'s behavior during the handshake.
* Add a -wait-for-debugger flag to runner.
* Add missing OPENSSL_EXPORT to X509_get_X509_PUBKEY.
* Const-correct various functions in crypto/asn1.
* Remove uneeded switch statement.
* Convert X.509 accessor macros to proper functions.
* Remove X509_CINF_get_issuer and X509_CINF_get_extensions.
* Remove X509_get_signature_type.
* clang-format x509.h and run comment converter.
* Check AlgorithmIdentifier parameters for RSA and ECDSA signatures.
* Remove some unimplemented prototypes.
* Check the X.509 version when parsing.
* Fix x509v3_cache_extensions error-handling.
* Work around Windows command-line limits in embed_test_data.go.
* Move crypto/x509 test data into its own directory.
* Test resumability of same, different, and default ticket keys.
* Fixes warning when redefining PATH_MAX when building with MINGW.
* Abstract fd operations better in tool.
* Use CMAKE_SIZEOF_VOID_P instead of CMAKE_CL_64
* Enforce the keyUsage extension in TLS 1.2 client certs.
* Reword some comments.
* Add “Z Computation” KAT.
* acvptool: handle negative sizeConstraint.
* Let memory hooks override the size prefix.
* acvptool: go fmt
* Assert md_size > 0.
* Remove -enable-ed25519 compat hack.
* Add a |SSL_process_tls13_new_session_ticket|.
* Use ctr32 optimizations for AES_ctr128_encrypt.
* Test AES mode wrappers.
* Bump minimum CMake version.
* Modify how QUIC 0-RTT go/no-go decision is made.
* Remove RAND_set_urandom_fd.
* Document that getrandom support must be consistent.
* Fix docs link for SSL_CTX_load_verify_locations
* Fix TRUST_TOKEN experiment_v1 SRR map.
* Add CRYPTO_pre_sandbox_init.
* Still query getauxval if reading /proc/cpuinfo fails.
* Add missing header to ec/wnaf.c
* Fix OPENSSL_TSAN typo.
* Fix p256-x86_64-table.h indentation.
* Enable avx2 implementation of sha1.
* Trim Z coordinates from the OPENSSL_SMALL P-256 tables.
* Use public multi-scalar mults in Trust Tokens where applicable.
* Use batched DLEQ proofs for Trust Token.
* Restrict when 0-RTT will be accepted in QUIC.
* Disable TLS 1.3 compatibility mode for QUIC.
* Use a 5-bit comb for some Trust Tokens multiplications.
* Use a (mostly) constant-time multi-scalar mult for Trust Tokens.
* Batch inversions in Trust Tokens.
* Rearrange the DLEQ logic slightly.
* Use token hash to encode private metadata for Trust Token Experiment V1.
* Introduce an EC_AFFINE abstraction.
* Make the fuzzer PRNG thread-safe.
* Disable fork-detect tests under TSAN.
* Introduce TRUST_TOKENS_experiment_v1.
* Route PMBToken calls through TRUST_TOKEN_METHOD.
* Introduce a TRUST_TOKEN_METHOD hook to select TRUST_TOKEN variations.
* fork_detect: be robust to qemu.
* Move serialization of points inside pmbtoken.c.
* Introduce PMBTOKENS key abstractions.
* Fix the types used in token counts.
* Remove unused code from ghash-x86_64.pl.
* Switch the P-384 hash-to-curve to draft-07.
* Add hash-to-curve code for P384.
* Write down the expressions for all the NIST primes.
* Move fork_detect files into rand/
* Harden against fork via MADV_WIPEONFORK.
* Fix typo in comment.
* Use faster addition chains for P-256 field inversion.
* Tidy up third_party/fiat.
* Prefix g_pre_comp in p256.c as well.
* Add missing curve check to ec_hash_to_scalar_p521_xmd_sha512.
* Add a tool to compare the output of bssl speed.
* Benchmark ECDH slightly more accurately.
* Align remaining Intel copyright notice.
* Don\'t retain T in PMBTOKEN_PRETOKEN.
* Check for trailing data in TRUST_TOKEN_CLIENT_finish_issuance.
* Properly namespace everything in third_party/fiat/p256.c.
* Update fiat-crypto.
* Add missing ERR_LIB_TRUST_TOKEN constants.
* Add bssl speed support for hashtocurve and trusttoken.
* Implement DLEQ checks for Trust Token.
* Fix error-handling in EVP_BytesToKey.
* Fix Trust Token CBOR.
* Match parameter names between header and source.
* Trust Token Implementation.
* Include mem.h for |CRYPTO_memcmp|
* acvptool: add subprocess tests.
* Add SHA-512-256.
* Make ec_GFp_simple_cmp constant-time.
* Tidy up CRYPTO_sysrand variants.
* Do a better job testing EC_POINT_cmp.
* Follow-up comments to hash_to_scalar.
* Add a hash_to_scalar variation of P-521\'s hash_to_field.
* Add SSL_SESSION_copy_without_early_data.
* Double-check secret EC point multiplications.
* Make ec_felem_equal constant-time.
* Fix hash-to-curve comment.
* Make ec_GFp_simple_is_on_curve constant-time.
* Implement draft-irtf-cfrg-hash-to-curve-06.
* Update list of tested SDE configurations.
* Only draw from RDRAND for additional_data if it\'s fast.
* Generalize bn_from_montgomery_small.
* Remove BIGNUM from uncompressed coordinate parsing.
* Add EC_RAW_POINT serialization function.
* Base EC_FELEM conversions on bytes rather than BIGNUMs.
* runner: Replace supportsVersions calls with allVersions.
* Enable QUIC for some perMessageTest runner tests
* Move BN_nnmod calls out of low-level group_set_curve.
* Clean up various EC inversion functions.
* Start to organize ec/internal.h a little.
* Fix CFI for AVX2 ChaCha20-Poly1305.
* Remove unused function prototype.
* Enable more runner tests for QUIC
* Require QUIC method with Transport Parameters and vice versa
* acvptool: support non-interactive mode.
* Add is_quic bit to SSL_SESSION
* Update SDE.
* Update tools.
* Add simpler getters for DH and DSA.
* Don\'t define default implementations for weak symbols.
* Don\'t automatically run all tests for ABI testing.
* Fix test build with recent Clang.
* Remove LCM dependency from RSA_check_key.
* Simplify bn_sub_part_words.
* No-op commit to test Windows SDE bots.
* ABI-test each AEAD.
* Add memory tracking and sanitization hooks
* Add X509_STORE_CTX_get0_chain.
* Add DH_set_length.
* Static assert that CRYPTO_MUTEX is sufficiently aligned.
* [bazel] Format toplevel BUILD file with buildifier
* Add |SSL_CTX_get0_chain|.
* Configure QUIC secrets inside set_{read,write}_state.
* Allow setting QUIC transport parameters after parsing the client\'s
* Fix comment for |BORINGSSL_self_test|.
* Trust Token Key Generation.
* Revise QUIC encryption secret APIs.
* Fix ec_point_mul_scalar_public\'s documentation.
* Don\'t infinite loop when QUIC tests fail.
* Tidy up transitions out of 0-RTT keys on the client.
* Remove bn_sub_part_words assembly.
* Keep the encryption state and encryption level in sync.
* Add ECDSA_SIG_get0_r and ECDSA_SIG_get0_s.
* Fix a couple of comment typos.
* Const-correct various X509_NAME APIs.
* Ignore old -enable-ed25519 flag.
* Provide __NR_getrandom fillins in urandom test too.
* Skip RSATest.DISABLED_BlindingCacheConcurrency in SDE.
* Fix client handling of 0-RTT rejects with cipher mismatch.
* runner: Tidy up 0-RTT support.
* Add X509_getm_notBefore and X509_getm_notAfter.
* Clean up TLS 1.3 handback logic.
* Require handshake flights end at record boundaries.
* Delete unreachable DTLS check.
* Rename TLS-specific functions to tls_foo from ssl3_foo.
* Rename ssl3_choose_cipher.
* SSL_apply_handback: don\'t choke on trailing data.
* ssl_test: test early data with split handshakes.
* Check for overflow in massive mallocs.
* Add more convenient RSA getters.
* Remove SSL_CTX_set_ed25519_enabled.
* Improve signature algorithm tests.
* bazel: explicitly load C++ rules
* Check enum values in handoff.
* Restore fuzz/cert_corpus.
* Add a -sigalgs option to bssl client.
* Add SSL_set_verify_algorithm_prefs.
* Switch verify sigalg pref functions to SSL_HANDSHAKE.
* Add SSL_AD_NO_APPLICATION_PROTOCOL
* Refresh corpora due to TLS 1.3 changes in handoff serialization.
* handoff: set |enable_early_data| as part of handback.
* Add 109 and 120 to SSL_alert_desc_string_long
* runner: enable split handshake tests for TLS 1.3.
* Make TLS 1.3 split handshakes work with early data.
* Split half-RTT tickets out into a separate TLS 1.3 state.
* Use BCryptGenRandom when building as Windows UWP app.
* Thu May 28 2020 Jan Engelhardt - Rectify groups.
* Wed May 27 2020 Michał Rostecki - Remove patch for enabling shared linking - it was enabled upstream.
* 0001-add-soversion-option.patch- Add boringssl-source subpackage.
* Wed May 27 2020 mrosteckiAATTsuse.com- Update to version 20200122:
* Define EVP compatibility constants for X448 and Ed448.
* Allow shared libraries in the external CMake build.
* Add a few little-endian functions to CBS/CBB.
* Move iOS asm tricks up in external CMake build.
* Try again to deal with expensive tests.
* Restore ARM CPU variation tests on builders.
* Remove SSL_CTX_set_rsa_pss_rsae_certs_enabled.
* Work around another NULL/0 C language bug.
* Use the MAYBE/DISABLED pattern in RSATest.BlindingCacheConcurrency.
* Switch an #if-0-gated test to DISABLED_Foo.
* Proxy: send whole SSL records through the handshaker.
* Disable Wycheproof primality test cases on non-x86 (too slow)
* test_state.cc: serialize the test clock.
* Output after every Wycheproof primality test.
* Maybe fix generated-CMake build on Android and iOS.
* Detect the NDK path from CMAKE_TOOLCHAIN_FILE.
* Tell Go to build for GOOS=android when running on Android.
* Reland bitsliced aes_nohw implementation.
* Add bssl client option to load a hashed directory of cacerts.
* No-op change to run the new NO_SSE2 builders.
* Clarify that we perform the point-on-curve check.
* Reduce size of BlindingCacheConcurrency test under TSAN.
* Compare vpaes/bsaes conversions against a reference implementation.
* Enable the SSE2 Poly1305 implementation on clang-cl.
* Remove alignment requirement on CRYPTO_poly1305_finish.
* Fix double-free under load.
* Add some XTS tests.
* Add EncodeHex and DecodeHex functions to test_util.h.
* Revert \"Replace aes_nohw with a bitsliced implementation.\"
* Replace aes_nohw with a bitsliced implementation.
* Switch HRSS inversion algorithm.
* Run EVP_CIPHER tests in-place.
* Add an option to disable SSE2 intrinsics for testing.
* Dummy change to trigger master-with-bazel builder.
* Drop use of alignas(64) in aead_test.cc
* Add standalone CMake build to generate_build_files.py
* TLS 1.3 split handshake initial support.
* Import Wycheproof primality tests.
* Split BN_prime_checks into two constants for generation and validation.
* Add some Miller-Rabin tests from Wycheproof.
* Import Wycheproof PKCS#1 decrypt tests.
* Import Wycheproof OAEP tests.
* Import Wycheproof PKCS#1 signing tests.
* Skip JWK keys when converting Wycheproof tests.
* Import Wycheproof\'s size-specific RSA PKCS#1 verifying tests.
* Handle \"acceptable\" Wycheproof inputs unambiguously.
* Import Wycheproof XChaCha20-Poly1305 tests.
* Import Wycheproof HMAC tests.
* Import Wycheproof HKDF tests.
* bytestring: add methods for int64.
* Update Wycheproof test vectors.
* Add mock QUIC transport to runner
* Add test vectors for CVE-2019-1551 (not affected).
* Fix check_bn_tests.go.
* Fix MSan error in SSLTest.Handoff test.
* SSLTest.Handoff: extend to include a session resumption.
* inject_hash preserves filemode
* Move TLS 1.3 state machine constants to internal.h.
* Add a ppc64le ABI tester.
* Allocate small TLS read buffers inline.
* Remove unused labels from ARM ABI test assembly.
* Update AAPCS and AAPCS64 links.
* Fix EVP_has_aes_hardware on ppc64le.
* Remove remnants of end_of_early_data alert from tests.
* Add a test for ERR_error_string_n.
* Remove post-quantum experiment signal extension.
* Give ERR_error_string_n a return value for convenience.
* Defer early keys to QUIC clients to after certificate reverification.
* Defer releasing early secrets to QUIC servers.
* Halve the size of the kNIDsIn
* constants
* modulewrapper: manage buffer with |unique_ptr|.
* Add missing boringssl_prefix_symbols_asm.h include.
* acvptool: add support for ECDSA
* Inline gcm_init_4bit into gcm_init_ssse3.
* Vectorize gcm_mul32_nohw and replace gcm_gmult_4bit_mmx.
* Add a constant-time fallback GHASH implementation.
* Conditionally define PTRACE_O_EXITKILL in urandom_test.cc
* Fix build warning if _SCL_SECURE_NO_WARNINGS is defined globally
* modulewrapper: use a raw string.
* acvptool: add license headers.
* Enable TLS 1.3 by default.
* acvptool: Add support for DRBG
* Discard user_canceled alerts in TLS 1.3.
* Work around more C language bugs with empty spans.
* No-op commit to test the new builder.
* acvptool: Add support for HMAC
* Add stub functions for RSA-PSS keygen parameters.
* HelloRetryRequest getter
* Add break-tests-android.sh script.
* Add compatibility functions for sigalgs
* Run AES-192-GCM in CAVP tests.
* Rename a number of BUF_
* functions to OPENSSL_
*.
* List bn_div fuzzer in documentation.
* Reenable bn_div fuzzer.
* Drop CECPQ2b code.
* Add urandom_test to all_tests.json
* Fix the standalone Android FIPS build.
* Add sanity checks to FIPS module construction.
* Correct relative path.
* Add test for urandom.c
* break-hash.go: Search ELF dynamic symbols if symbols not found.
* Fix $OPENSSL_ia32cap handling.
* Switch probable_prime to rejection sampling.
* Rename the last remnants of the early_data_info extension.
* Fix up BN_GENCB_call calls.
* Do fewer trial divisions for larger RSA keygens.
* Fix GRND_NONBLOCK flag when calling getrandom.
* Simplify bn_miller_rabin_iteration slightly.
* Add some notes on RSA key generation performance.
* Break early on composites in the primality test.
* Extract and test the deterministic part of Miller-Rabin.
* Fix the FIPS + fuzzing build.
* FIPS.md: document some recent Android changes.
* Add a function to derive an EC key from some input secret.
* Fix run_android_tests.go with shared library builds.
* No-op change to test new builders.
* Move no-exec-stack sections outside of #ifs.
* Add |SSL_get_min_proto_version| and |SSL_get_max_proto_version|
* Make FIPS build work for Android cross-compile.
* Enable optional GRND_RANDOM flag to be passed to getrandom on Android.
* Switch cert_compression_algs to GrowableArray.
* Add GrowableArray to ssl/internal.h.
* Fixed quic_method lookup in TLS 1.3 server side handshake.
* Add .note.GNU-stack at the source level.
* -Wno-vla -> -Wvla
* Add an option for explicit renegotiations.
* tool: add -json flag to |speed|
* Set -Wno-vla.
* Use a pointer to module_hash in boringssl_fips_self_test() args.
* Use a smaller hex digest in FIPS flag files when SHA-256 used.
* Switch to using SHA-256 for FIPS integrity check on Android.
* Use getentropy on macOS 10.12 and later.
* Move #include of \"internal.h\", which defines |OPENSSL_URANDOM|.
* Style nit.
* Assert that BN_CTX_end is actually called.
* Test some known large primes.
* Test some Euler pseudoprimes.
* Be consistent about Miller-Rabin vs Rabin-Miller.
* fix build with armv6 Error: .size expression for _vpaes_decrypt_consts does not evaluate to a constant
* Mark ssl_early_data_reason_t values stable.
* Make the dispatch tests opt-in.
* Bound the number of API calls in ssl_ctx_api.cc.
* Only attempt to mprotect FIPS module for AArch64.
* Opportunistically read entropy from the OS in FIPS mode.
* Update INSTANTIATE_TEST_SUITE_P calls missing first argument.
* Ignore build32 and build64 subdirectories.
* Add page protection logic to BCM self test.
* Disable unwind tests in FIPS mode.
* Disable RDRAND on AMD family 0x17, models 0x70–0x7f.
* Don\'t allow SGC EKUs for server certificates.
* Add |SSL_CIPHER_get_value| to get the IANA number of a cipher suite.
* Add XOF compilation compatibility flags
* Replace BIO_printf with ASN1_STRING_print in GENERAL_NAME_print
* Trigger a build on the ARM mode builder.
* Fix vpaes-armv7.pl in ARM mode.
* Add AES-192-GCM support to EVP_AEAD.
* Add AES-256 CFB to libdecrepit.
* Parse explicit EC curves more strictly.
* Use the Go 1.13 standard library ed25519.
* Update build tools.
* Use ScopedEVP_AEAD_CTX in ImplDispatchTest.AEAD_AES_GCM.
* Use a mix of bsaes and vpaes for CTR on NEON.
* Use vpaes + conversion to setup CBC decrypt on NEON.
* Add NEON vpaes-to-bsaes key converters.
* Add vpaes-armv7.pl and replace non-parallel modes.
* Correct comments for x86_64 _vpaes_encrypt_core_2x.
* Add benchmarks for AES block operations.
* Only write self test flag files if an environment variable is set.
* Const-correct EC_KEY_set_public_key_affine_coordinates.
* Revert \"Fix VS build when assembler is enabled\"
* Support compilation via emscripten
* Fix cross-compile of Android on Windows.
* Move the config->async check into RetryAsync.
* Clear
*out in ReadHandshakeData\'s empty case.
* Add initial support for 0-RTT with QUIC.
* Have some more fun with spans.
* Add OPENSSL_FALLTHROUGH to a few files.
* Limit __attribute__ ((fallthrough)) to Clang >= 5.
* Make |EVP_CIPHER_CTX_reset| return one.
* Add Fallthru support for clang 10.
* Add self-test suppression flag file for Android FIPS builds.
* Align 0-RTT and resumption state machines slightly
* Require getrandom in Android FIPS builds.
* acvp: allow passing custom subprocess I/O.
* Add a function to convert SSL_ERROR_
* values to strings.
* Fold SSL_want constants into SSL_get_error constants.
* Use spans for the various TLS 1.3 secrets.
* Switch another low-level function to spans.
* Switch tls13_enc.cc to spans.
* Check the second ClientHello\'s PSK binder on resumption.
* Introduce libcrypto_bcm_sources for Android.
* Remove stale TODO.
* Add an android-cmake option to generate_build_files.py
* Add a QUIC test for HelloRetryRequest.
* Add missing \".text\" to Windows code for dummy_chacha20_poly1305_asm
* Update TODO to note that Clang git doesn\'t have the POWER bug.
* Fix paths in break-tests.sh.
* Fix POWER build with OPENSSL_NO_ASM.
* Workaround Clang bug on POWER.
* Add assembly support for -fsanitize=hwaddress tagged globals.
* Fix typo in valgrind constant-time annotations.
* acvp: add support for AES-ECB and AES-CBC.
* Fix misspelled TODO.
* Move CCM fragments out of the FIPS module.
* Add EVP_PKEY_base_id.
* Add some project links to README.md.
* Make alert_dispatch into a bool.
* Trim some more per-connection memory.
* Remove SSL_export_early_keying_material.
* Add EVP_PKEY support for X25519.
* Make EVP_PKEY_bits return 253 for Ed25519.
* Make SSL_get_servername work in the early callback.
* Tue Mar 10 2020 Guillaume GARDET - Fix arm build:
* 0005-fix-alignment-for-arm.patch
* Wed Dec 04 2019 Klaus Kämpf - fix s390x and ppc64le build
* 0003-enable-s390x-builds.patch
* 0004-fix-alignment-for-ppc64le.patch- rename add-soversion-option.patch to 0001-add-soversion-option.patch- rename 0001-crypto-Fix-aead_test-build-on-aarch64.patch to 0002-crypto-Fix-aead_test-build-on-aarch64.patch
* Thu Oct 17 2019 Richard Brown - Remove obsolete Groups tag (fate#326485)
* Mon Oct 14 2019 Martin Pluskal - Update to version 20190916:
* Revert \"Fix VS build when assembler is enabled\"
* Only bypass the signature verification itself in fuzzer mode.
* Move the PQ-experiment signal to SSL_CTX.
* Name cipher suite tests in runner by IETF names.
* Align TLS 1.3 cipher suite names with OpenSSL.
* Prefix all the SIKE symbols.
* Rename SIKE\'s params.c.
* Add post-quantum experiment signal extension.
* Fix shim error message endings.
* Add initial draft of ACVP tool.
* Implements SIKE/p434
* Add SipHash-2-4.
* Remove android_tools checkout
* Support key wrap with padding in CAVP.
* Add android_sdk checkout
* Move fipstools/ to util/fipstools/cavp
* Factor out TLS cipher selection to ssl_choose_tls_cipher.
* Emit empty signerInfos in PKCS#7 bundles.
* Clarify language about default SSL_CTX session ticket key behavior.
* Add an API to record use of delegated credential
* Fix runner tests with Go 1.13.
* Add a value barrier to constant-time selects.
* Avoid leaking intermediate states in point doubling special case.
* Split p224-64.c multiplication functions in three.
* Add AES-KWP
* Discuss the doubling case in windowed Booth representation.
* Update build tools.
* Set a minimum CMake version of 3.0.
* Replace addc64,subc64,mul64 in SIKE Go code with functions from math/bits
* Eliminate some superfluous conditions in SIKE Go code.
* Fix various typos.
* Fix name clash in test structures
* bcm: don\'t forget to cleanup HMAC_CTX.
* Handle fips_shared_support.c getting built in other builds.
* Fix various mistakes in ec_GFp_nistp_recode_scalar_bits comment.
* Fix filename in comment.
* Split EC_METHOD.mul into two operations.
* Split ec_point_mul_scalar into two operations.
* Add FIPS shared mode.
* delocate: add test for .file handling.
* delocate: translate uleb128 and sleb128 directives
* Integrate SIKE with TLS key exchange.
* Convert ecdsa_p224_key.pem to PKCS#8.