[botan-devel] Botan 1.8.14 released

Jack Lloyd lloyd at randombit.net
Thu Jul 19 17:09:11 EDT 2012

Botan 1.8.14 has been released fixing several bugs:

In versions between 1.7.3 and 1.8.13, if the default (malloc)
allocator failed, it would return a null pointer rather than throwing
an exception. This means that in an out of memory situation a null
pointer dereference would occur (as callers anticipated that the
allocator would either return a valid pointer or throw).

Recent versions of OpenSSL include extra information in ECC private
keys, the presence of which caused an exception when such a key was
loaded by botan. The decoding of ECC private keys has been changed to
ignore these fields if they are set.

Finally AutoSeeded_RNG has been changed to prefer /dev/random over
/dev/urandom. It appears there are some situations (especially on
small headless systems) where the Linux /dev/urandom produces highly
predictable output for a period of time after boot. To help ensure
that a key generated by botan shortly after boot on such a system is
as random as expected it seems preferable to block if needed for
entropy to accumulate in the output buffer.

Download links are at http://botan.randombit.net/download.html


More information about the botan-devel mailing list