[Botan-announce] Botan 1.11.26 released

Jack Lloyd lloyd at randombit.net
Mon Jan 4 13:45:06 EST 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

Botan 1.11.26 has been released:

https://botan.randombit.net/releases/Botan-1.11.26.tgz
https://botan.randombit.net/releases/Botan-1.11.26.tgz.asc

SHA-256 C94CEC8A7A293A813EE30F53AFF7AC6670CBC4D42FA38833AE41EAF860FE8511

New features or other improvements include:

* Adds TLS extended master secret extension (RFC 7627)
* Adds interface for KEM (key encapsulation) in pubkey.h
* Converts McEliece KEM to using new KEM interface
* Adds RSA-KEM from ISO 18033-2
* Enable RDRAND on Windows
* Add support for RDSEED instruction
* Add support for using OpenSSL's ECDH
* Add support for keygen and signing by TPM v1.2 devices (in prov/tpm)
* Fix loading unencrypted raw BER PKCS #8 private keys
* All exceptions thrown by the library derive from `Botan::Exception`
  (this is already true in 1.10, but I did something dumb early in 1.11)
* New command line interface
* Checking const time assertions works with an unpatched valgrind now

In addition there were some bugs fixed, including:

* PointGFp::operator* computed the incorrect result when multiplying by 3
* RandomNumberGenerator::gen_mask (which was not used by the library itself)
  had undefined behavior when bits >= 32 and could return zero or other
  useless things.
* Memset is used instead of unaligned pointer casts (UBSan fix)

More on all these changes and smaller changes are all in the release notes.

Many thanks to the numerous contributors to this release including
Uri Blumenthal, René Korthaus, Daniel Neus, and Simon Warta.

Some other important notes about this release:

The format of serialized TLS sessions has changed (in order to support
extended master secret).

I'm considering removing the TLS maximum fragment length extension,
for the same reasons as removing heartbeat support: they complicate
the core state machine to support an extension of questionable value
and one which in addition seem to be not widely supported in other
implementations. Is there a serious reason to keep this? For example
are there IoT TLS stacks which will only negotiate a tiny fragment
size, or something along these lines? (Botan itself is not an IoT
library of course but it's still perhaps reasonable to be able to
communicate with such devices, if they exist.)

Algorithm deprecations: I'm considering removing Nyberg-Rueppel
signatures, MARS, RC2, RC5, RC6, SAFER, HAS-160, RIPEMD-128, and MD2.
Is there any reason to keep any of these? That is, is there some still
existing application or required use case (eg, verifying a MD2
self-signed CA cert that hasn't been rolled over to SHA-256 yet,
decrypting some really old RC2 S/MIME ciphertexts, ???)

Best,
  Jack
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQGcBAEBCAAGBQJWirrjAAoJEHjpgENXEjtge1IL/0Q5vdfiBQT8wjHbvCNarmM4
ASU9d1qXyHP+oLS+wNoNOY7JObFKj0RweVMcmX1kelbX9YStTNJ91YL9rK9VNXBm
/8BYx3Re+Iac70V9MnhFbOwDEMBGEFjfvtGFAEcMKZYyuZTTA8GIAYf8XNYhj0Im
OYT9fHz3CKHe3pE3+MdLqLfdu9PxglJOPnIqNG8eqXzckb7VOsraoqOAYTK77Hs+
KkIL1fTEpj8GGlZq4qn89QsNCpNdw1WcMP6JFn1Nw1vZg4hmR8k7PilxXuFHj2yH
UtrbDhpQ/MAW6aPRBD0pBBH5a8BNk/bm1ofiqypAVpTIk9CNBlXsMCbvhviXkHpg
X2EItB5otbLzNwO17RVgyx2h2z1llVKKjAsQwawTIHA0KhzFm7dYKOPYjjQjdCvq
Nq7EiUcDmUOF+zybULRgaLtBocc5dpwlQCo3klZZvECZKj9xkJSL6EX3Tmp2rLEq
mwx62OzGRlxfS4KSJBaT84ALHF2gaP5QqNlfwcGGXA==
=sKAG
-----END PGP SIGNATURE-----


More information about the botan-announce mailing list