[Botan-announce] Botan 1.4.10

Jack Lloyd lloyd at randombit.net
Sun Dec 18 18:38:00 EST 2005


Botan 1.4.10 was released about an hour ago; FC2 RPMs are up now, FC3 will be
up shortly, and FC4 sometime Monday. This release adds KASUMI, the block cipher
used in 3G mobile phones, and contains some modifications to Randpool that
should make it significantly more secure. Binary I/O can now be used with the
data sources and streams which back to files, at the option of the application.

Pipe has been refactored, and there is now no overhead whatsoever to running
any number of messages through a single pipe. Previously, there was a roughly
12 to 20 byte overhead per message that went through, even if all the data was
immediately read out. Some facilities previously available to any subclass of
Filter have been now made available only to subclasses of the new Fanout_Filter
class; this has generalized the system a bit, so that Fork is no longer
magical.

A small memory leak in the block cipher code of the OpenSSL engine has been
plugged, and a bug in the allocators reported last month by Matthew Gregan
(http://www.randombit.net/pipermail/botan-devel/2005-November/000165.html) was
fixed using the patch he supplied.

Some headers have changed; the most noticeable one is that util.h has been
split up into bit_ops.h (low-level bit/word operations), parsing.h (string
manipulation), and util.h (timers, memory locking, entropy estimation). In
addition, none of these headers are included in any other botan headers any
longer, with the exception of botan.h (which has bit_ops.h and parsing.h, which
have the most commonly used functions). So you may see missing symbols,
depending on how your code looks, but the fix for that is trivial and backwards
compatible with older releases, so it seems fairly tolerable.

There was a problem with 1.4.9 on MacOS X; I believe this has been resolved but
at the moment I don't have access to an OS X machine. If someone could test
this (especially on a G5 running Tiger, since Botan has never been tested
there), I would appreciate it.

Some of you may be interested to learn that this is the first release for which
you can purchase a commercial support license. Licenses last for a year and
cover all stable releases produced during that time, and include prioritized
bug report and support request processing, assistance in porting to new
platforms, and limited phone support. If this sounds like something your
organization might be interested in, please contact me.

Jack



More information about the botan-announce mailing list