[ANNOUNCE] WireGuard Snapshot `0.0.20170531` Available

Jason A. Donenfeld Jason at zx2c4.com
Wed May 31 16:35:36 CEST 2017

Hash: SHA256


A new snapshot, `0.0.20170531`, has been tagged in the git repository.

Please note that this snapshot is, like the rest of the project at this point
in time, experimental, and does not consitute a real release that would be
considered secure and bug-free. WireGuard is generally thought to be fairly
stable, and most likely will not crash your computer (though it may).
However, as this is a pre-release snapshot, it comes with no guarantees, and
its security is not yet to be depended on; it is not applicable for CVEs.

With all that said, if you'd like to test this snapshot out, there are a
few relevent changes.

== Changes ==

  This rather large snapshot touches quite a few sensitive areas, so I'm
  releasing it now rather than later to receive feedback on any possible issues.
  It also contains fixes, so everybody should upgrade.
  * man: fix psk mention in wg-quick man page
  * man: update wg-quick(8) to show Debian resolvconf braindamage
  Documentation cleanups.
  * wg-quick: use src routing for default routes in v6
  ip-rule(8) doesn't do the right thing with source addresses, unless we
  explicitly set it inside the route. This fixes wg-quick on IPv6 systems.
  * curve25519: actually, do some things on heap sometimes
  * curve25519: align the basepoint to 32 bytes
  * curve25519: add NEON versions for ARM
  * data: enable BH during parallel crypto on ARM/NEON
  * chacha20poly1305: move constants to rodata
  * chacha20poly1305: add NEON versions for ARM and ARM64
  We now have faster primitives on ARM and ARM64 processors, which should
  improve performance.
  * handshake: process in parallel
  Handshakes are now processed in parallel using all cores, which should improve
  throughput during a storm.
  * noise: no need to store ephemeral public key
  * noise: precompute static-static ECDH operation
  We can precompute the ECDH(s, s) calculation, which improves handshake
  initiation message performance by double.
  * style: spaces after for loops
  * peer: use iterator macro instead of callback
  The most unreadable C ever produced. It might be wise to find a sexier-looking
  alternative at some point.
  * compat: remove warning for < 4.1
  * compat: ship padata if kernel doesn't have it
  The usual array of annoying compat things.
  * rust test: convert screech test to snow
  * rust test: add icmp ping
  We now use Jake's snow library for Noise in the test, which we've expanded to
  complete a ping.
  * config: do not error out when getting if no peers
  * tools: allow creating device with no peers
  Fixing some small things in the tool/config interaction.
  * device: keep going when share_check fails
  * routingtable: remove unnecessary check in node_placement()
  * config: it's faster to memcpy than strncpy
  * timers: fix typo in comment
  * debug: print interface name in dmesg
  For those who compile with `make debug`, you'll be happy to see a bit better
  information in dmesg.
  * timers: rework handshake reply control flow
  * timers: the completion of a handshake also is on key confirmation
  * timers: reset retry-attempt counter when not retrying
  Tightening up our timer implementation, which is quite important.

As always, the source is available at https://git.zx2c4.com/WireGuard/ and
information about the project is available at https://www.wireguard.io/ .

This snapshot is available in tarball form here:
  SHA2-256: 2eb7d9aaf11dcb35e5066837bb1c768398ad3655744fdeb656bd7e7c7ad7cacc
  BLAKE2b-256: 64e5d061e0d03133b781b902d3b5b61658b6d9f664b304325476d5add3a701ca

If you're a snapshot package maintainer, please bump your package version. If
you're a user, the WireGuard team welcomes any and all feedback on this latest

Thank you,
Jason Donenfeld



More information about the WireGuard mailing list