[Botan-announce] Botan 2.3.0 and 1.10.17 released

Jack Lloyd jack at randombit.net
Mon Oct 2 12:35:58 EDT 2017



Botan 1.10.17 has been released. It has a few bugfixes, adds a few small changes
to help make it easier to support both 1.10 and 2.x in the same application,
and fixes a cache based side channel affecting RSA and DH (CVE-2017-14737).

Please remember that 1.10 is only supported until the end of this year. After
that no further releases will be made. I'd recommend moving to 2.x as soon as
possible. If you need help porting your application open an issue on Github.

SHA-256 6847ffb64b8d2f939dccfecc17bd2c80385d08f7621e2c56d3a335118e823613
https://botan.randombit.net/releases/Botan-1.10.17.tgz
https://botan.randombit.net/releases/Botan-1.10.17.tgz.asc

Botan 2.3.0 has also been released. It fixes the same side channel.
It also has the normal slew of new features, most notably

 - SHACAL2 block cipher
 - ARIA block cipher
 - XTS and OCB modes now support 256 and 512 bit block ciphers
 - Support for ARMv8 AES and GCM acceleration
 - System_RNG works on iOS now
 - ECDHE_PSK ciphersuites
 - Raw PSS signatures (PSS signing an externally generated hash)
 - LLVM bitcode target (Emscripten works, but needs polishing)
 - Improved support for Windows Phone/Windows Store
 - Optimization in TLS CBC ciphersuite decryption

Plus many smaller improvements documented in the release notes.
https://botan.randombit.net/news.html#version-2-3-0-2017-10-02

SHA-256 39f970fee5986a4c3e425030aef50ac284da18596c004d1a9cce7688c4e6d47c
https://botan.randombit.net/releases/Botan-2.3.0.tgz
https://botan.randombit.net/releases/Botan-2.3.0.tgz.asc

Enjoy,
 Jack



More information about the botan-announce mailing list