[botan-devel] Botan 1.11.12 released

Uri Blumenthal uri at mit.edu
Sat Jan 3 21:48:37 EST 2015


Update. First problem was my fault: include files from Botan-1.11.11 were confusing the compiler (I’m building with boost, boost is located in /opt/local, and Botan-1.11.11 is there as well).

A new problem: cvc stopped working for some reason. Here’s what the test says on 1.11.12:

$ ./botan-test cvc
Exception escaped test: Decoding error:  decoding failed
Tests 1 FAILs

And of course, it was working fine in 1.11.11:

$ ./botan version
1.11.11
$ ./botan-test cvc
Tests all ok
$

I did not see any change in cvc code, so it must be some other change that affects it.


On Jan 3, 2015, at 21:01 , Uri Blumenthal <uri at mit.edu<mailto:uri at mit.edu>> wrote:
Jack,

1. Botan-1.11.12 fails to compile src/lib/tls/tls_ciphersuite.cpp file:

src/lib/tls/tls_ciphersuite.cpp:80:4: error: member initializer 'm_nonce_bytes_from_handshake'
      does not name a non-static data member or base class
   m_nonce_bytes_from_handshake(nonce_bytes_from_handshake),
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/lib/tls/tls_ciphersuite.cpp:81:4: error: member initializer 'm_nonce_bytes_from_record' does
      not name a non-static data member or base class
   m_nonce_bytes_from_record(nonce_bytes_from_record),
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2 errors generated.
Makefile:1359: recipe for target 'build/obj/lib/tls_ciphersuite.o

These are the changed lines (80 and 81 correspondingly) that cause the problem:

-   m_explicit_nonce_bytes(exp_nonce_bytes),
-   m_implicit_nonce_bytes(imp_nonce_bytes),
+   m_nonce_bytes_from_handshake(nonce_bytes_from_handshake),
+   m_nonce_bytes_from_record(nonce_bytes_from_record),


2. src/lib/cert/x509/x509cert.cpp incorrectly rejects certificates where different signing algorithms are used. These are the offending lines (99 and 100):

    if(sig_algo != sig_algo_inner)
       throw Decoding_Error("Algorithm identifier mismatch");

Would you mind explaining what made you put this restriction in in the first place? Valid certificates raise this exception in your code.


On Jan 3, 2015, at 0:35 , Jack Lloyd <lloyd at randombit.net<mailto:lloyd at randombit.net>> wrote:


Botan 1.11.12 was released earlier today. It adds ECC key exchange using
Curve25519 and message authentication using Poly1305. Additionally an AEAD
mode and TLS ciphersuites using a combination of ChaCha20 and Poly1305 are now
available. The ChaCha20Poly1305 TLS ciphersuites are compatible with Google's
implementation and is enabled in the default policy.

Further notes are at http://botan.randombit.net/relnotes/1_11_12.html
_______________________________________________
botan-devel mailing list
botan-devel at randombit.net<mailto:botan-devel at randombit.net>
http://lists.randombit.net/mailman/listinfo/botan-devel

--
Uri Blumenthal
uri at mit.edu<mailto:uri at mit.edu>

_______________________________________________
botan-devel mailing list
botan-devel at randombit.net<mailto:botan-devel at randombit.net>
http://lists.randombit.net/mailman/listinfo/botan-devel

--
Uri Blumenthal
uri at mit.edu<mailto:uri at mit.edu>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/botan-devel/attachments/20150104/bc1a1163/attachment-0001.html>


More information about the botan-devel mailing list