[Botan-devel] 1.9.4 released: SSL/TLS, GOST 34.10, XSalsa20, amalgamations, SIMD optimizations

Jack Lloyd lloyd at randombit.net
Tue Mar 9 11:02:34 EST 2010

Botan 1.9.4 has been released with a wide variety of changes.

Major new features include the merging of the previously standalone
SSLv3/TLSv1.0 implementation Ajisai into the source, and the addition
of the GOST 34.10-2001 ECC signature scheme and the XSalsa20 stream
cipher. New SIMD implementations for the IDEA and Noekeon block
ciphers dramatically improve performance on SSE2 processors, and the
XTS and CBC block cipher modes now join CTR and ECB in making use of
SIMD block cipher implementations.

The ECC code previously relied on TR1's shared_ptr, which made using
it difficult on some platforms, particularly Windows. This code has
been modified so that shared_ptr is no longer used, and ECDSA/ECDH are
now built by default on Windows platforms.

The PK_Signer class now verifies all signatures before releasing them
to the caller; this should help prevent a wide variety of fault
attacks, though it does have the downside of hurting signature
performance, particularly for DSA/ECDSA. Finding the right balance of
performance and safety in these operations is an ongoing project.

A new configuration option, --gen-amalgamation, creates a pair of
files (botan_all.cpp and botan_all.h) which contain the contents of
the library as it would have normally been compiled based on the set
configuration. This should ease the use of botan in projects which do
not wish to depend on an external library.

Another build-related change is that many headers intended only for
library-internal use are no longer installed.

Smaller changes include the addition of a password hashing scheme for
user authentication needs, a SQLite encryption codec (contributed by
Olivier de Gaalon), and a block cipher cascade construction.


More information about the botan-devel mailing list