[botan-devel] Botan 1.11.12 released

Uri Blumenthal uri at mit.edu
Sat Jan 3 21:01:50 EST 2015


Jack,

1. Botan-1.11.12 fails to compile src/lib/tls/tls_ciphersuite.cpp file:

src/lib/tls/tls_ciphersuite.cpp:80:4: error: member initializer 'm_nonce_bytes_from_handshake'
      does not name a non-static data member or base class
   m_nonce_bytes_from_handshake(nonce_bytes_from_handshake),
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/lib/tls/tls_ciphersuite.cpp:81:4: error: member initializer 'm_nonce_bytes_from_record' does
      not name a non-static data member or base class
   m_nonce_bytes_from_record(nonce_bytes_from_record),
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2 errors generated.
Makefile:1359: recipe for target 'build/obj/lib/tls_ciphersuite.o

These are the changed lines (80 and 81 correspondingly) that cause the problem:

-   m_explicit_nonce_bytes(exp_nonce_bytes),
-   m_implicit_nonce_bytes(imp_nonce_bytes),
+   m_nonce_bytes_from_handshake(nonce_bytes_from_handshake),
+   m_nonce_bytes_from_record(nonce_bytes_from_record),


2. src/lib/cert/x509/x509cert.cpp incorrectly rejects certificates where different signing algorithms are used. These are the offending lines (99 and 100):

    if(sig_algo != sig_algo_inner)
       throw Decoding_Error("Algorithm identifier mismatch");

Would you mind explaining what made you put this restriction in in the first place? Valid certificates raise this exception in your code.


On Jan 3, 2015, at 0:35 , Jack Lloyd <lloyd at randombit.net<mailto:lloyd at randombit.net>> wrote:


Botan 1.11.12 was released earlier today. It adds ECC key exchange using
Curve25519 and message authentication using Poly1305. Additionally an AEAD
mode and TLS ciphersuites using a combination of ChaCha20 and Poly1305 are now
available. The ChaCha20Poly1305 TLS ciphersuites are compatible with Google's
implementation and is enabled in the default policy.

Further notes are at http://botan.randombit.net/relnotes/1_11_12.html
_______________________________________________
botan-devel mailing list
botan-devel at randombit.net<mailto:botan-devel at randombit.net>
http://lists.randombit.net/mailman/listinfo/botan-devel

--
Uri Blumenthal
uri at mit.edu<mailto:uri at mit.edu>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/botan-devel/attachments/20150104/cc091216/attachment.html>


More information about the botan-devel mailing list