[Botan-announce] Botan 1.11.30 released

Jack Lloyd lloyd at randombit.net
Sun Jun 19 01:41:10 EDT 2016

Hash: SHA256

Botan 1.11.30 was released today.


SHA-256 8daf3adc8eb3b046ab4678beca5aef07af900c7781ddc88b10d1d966de66a125

Notable bugs fixed in this release include

 * A bug in TLS CBC ciphersuites introduced in 1.11.23 caused records
   containing no plaintext at all to be rejected.
 * GCM could produce incorrect results if an IV other than exactly 96
   bits (the default) was used. The odds of incorrect result depend on
   the length of the messages. There are no known security
   implications to this bug, it is purely a problem of interop.
 * The IETF variant of the ChaCha20Poly1305 AEAD had a bug which
   caused incorrect results if the plaintext or AAD was exactly a
   multiple of 16 bytes. Again, there are no known security issues.

Features added or other changes include

 * Added IETF-standard ChaCha20Poly1305 TLS ciphersuites
 * The TLS OCB ciphersuites have been updated to match the new -04 draft,
   this is an incompatible change.
 * Added StreamCipher::seek interface (currently only implemented for
   ChaCha but will be extended to others in the future).
 * Unknown critical extensions no longer cause certificate parsing
   to fail. Instead the rejection occurs at validation time.
 * Support for ChaCha with 8 or 12 rounds was added.
 * Add EDGDSA signature algorithm
 * Added support for a label argument to KDF functions
 * Add NIST SP800-108 and 56C KDFs
 * A X.509 DN is no longer required to have a common name or
   country field when generating a self signed certificate.
 * The unmaintained/broken Card Verifiable Certificates code has been removed
 * The obsolete EMSA1_BSI signature padding scheme has been removed

For details consult the release notes and/or commit history.

Finally, a last call for the following features, which are currently
deprecated and are likely to be removed in a future release (some
possibly as soon as 1.11.31). If you care about any of these or know
of any application which would break due to their removal, now is the
time to mention it.

 * Signature schemes Rabin-Williams and Nyberg-Rueppel
 * Signature padding scheme EMSA2 (aka X9.31); used with RW signatures
   and only very rarely with RSA
 * Block ciphers TEA, XTEA, RC2, RC5, RC6, SAFER
 * Hashes MD2, RIPEMD-128, HAS-160
 * The `unix_procs` entropy source

That the above are all theoretically useful cannot be denied
(otherwise they wouldn't have been added in the first place). But,
without at least one actual user their continued presence in the
library is purely dead weight on future development. And in the case
of `unix_procs` a probable security risk (there are no known bugs, but
at the least it prevents any kind of useful application sandboxing).

Thanks for playing along and have a lovely day.


Version: GnuPG v2


More information about the botan-announce mailing list