[Botan-announce] Botan 2.14.0 released

Jack Lloyd jack at randombit.net
Mon Apr 6 07:49:07 EDT 2020

I'm happy to announce the release of Botan 2.14.0. This release contains 168
commits from 9 contributors.

The most notable enhancements include:

- Support for GCM is accelerated using POWER8 VPSUMD instruction
- The constant time vector permute AES code is much faster on ARM and POWER
- A new algorithm for modular inversions is used which is both faster and with
  better side channel attack resistance.
- Optimizations for NIST field reductions improving ECDSA/ECDH performance.

A change which might be noticable is that with this release we no longer build
the binaries with -rpath=$ORIGIN (on Linux/FreeBSD) or install_name (on
macOS). As a result, you may need to set LD_LIBRARY_PATH (or DYLD_LIBRARY_PATH
on macOS) to point to the current working directory in order to execute the

One minor security issue is also addressed in this release. During CBC padding,
the length of the plaintext was leaked to a side channel attacker. No
information about the contents beyond the length was exposed. The unpadding
operations were already constant time and not affected. Thanks to Maximilian
Blochberger for reporting this issue.

And as always there are many bugfixes and smaller enhancements documented in the
release notes.

SHA-256 0c10f12b424a40ee19bde00292098e201d7498535c062d8d5b586d07861a54b5


More information about the botan-announce mailing list