[Botan-devel] Botan 1.7.22: further lookup changes, AES optimizations, bug fixes

Jack Lloyd lloyd at randombit.net
Mon Nov 17 07:01:52 EST 2008

Today Botan 1.7.22 has been released at http://botan.randombit.net/
with the following changes:

How provider names had worked in 1.7.21 has been changed significantly
but I think in a way that gives applications much greater flexibility
in the long run. The updated version also properly handles
accelerating constructions like HMAC with alternative
implementations. Instead of passing the provider name to SCAN_Name, it
is a secondary argument to the Algorithm_Factory prototype_<X> and
make_<X> functions. If no provider is specified, Botan will attempt to
choose a good one. A default provider for a particular algorithm
can also be specified with Algorithm_Factory::set_preferred_provider,
for instance

global_state().algorithm_factory().set_preferred_provider("SHA-160", "openssl");

after which by default calls which acquire a SHA-1 object via the
algorithm factory will be from the openssl provider (if possible). In
combination with benchmark.h, this allows easily choosing the fastest
available implementation and then setting it for the rest of the
program run.

AES has been optimized a bit, it is about 10% faster on my Core2 with
several different versions of GCC 4, though the results on a POWER5+
with GCC 4.1 and on the Core2 with Intel C++ 10.1 were both basically
a wash.

The 1.7.21 release had several memory leaks in the PKCS #5 v2.0
password based encryption code which have been fixed. This is
particularly important to know if your application loads encrypted
private keys - 1.7.21 will leak memory each time a key is loaded.

The SSE2 implementation of SHA-1 was not enabled by default on Intel
Prescott processors - this has been fixed.

The microbenchmark code had a problem with nanoseconds overflowing the
32 bit counter (obvious in retrospect, since 2^32 nanoseconds is less
4.3 seconds). Changing to a 64 bit counter allows up to 584 years,
which seems sufficient.

Engine::add_engine was removed. The reason for removal was this API
supported adding an engine implementation in the middle of application
execution, and it was not entirely clear what the semantics should be
in all cases when this happens (particularly in the case of
multithreaded execution). To my knowledge, the only third-party engine
implementation is in Monotone (which was recently removed, since (I
think) the recent changes in Botan 1.7 have made Monotone's need for
the engine hooks obsolete), I simply removed it until it becomes clear
that being able to add an out of tree engine is actually useful and
that it is worthwhile to spend the time thinking about how it should
work in all situations. (If you are currently using an out-of-tree
engine, let me know).


More information about the botan-devel mailing list