[botan-devel] Botan 1.11.12 released

Uri Blumenthal uri at mit.edu
Sun Jan 4 00:21:05 EST 2015


Update. cvc stays broken. The exception is thrown by “decode_info” in cvc_gen_cert.h file. The offending invocation appears to be in cvc_gen_cert/decode_info.  Help is appreciated. (Most surprising to me is the fact that cvc code did not seem to change from 1.11.11 to 1.11.12 - and it works fine in 1.11.11.)

In order for the help (such as “botan keygen —help) to produce meaningful/useful info, this patch is needed:

diff -u src/cmd/getopt.h.~1~ src/cmd/getopt.h
--- src/cmd/getopt.h.~1~ 2015-01-04 00:15:48.000000000 -0500
+++ src/cmd/getopt.h 2015-01-04 00:14:40.000000000 -0500
@@ -56,7 +56,7 @@



          for(auto flag : flags)
             {
-            o << flag.name();
+            o << "--" << flag.name();
             if(flag.takes_arg())
                o << "=";
             o << " ";



On Jan 3, 2015, at 21:48 , Uri Blumenthal <uri at MIT.EDU<mailto:uri at MIT.EDU>> wrote:
Update. First problem was my fault: include files from Botan-1.11.11 were confusing the compiler (I’m building with boost, boost is located in /opt/local, and Botan-1.11.11 is there as well).

A new problem: cvc stopped working for some reason. Here’s what the test says on 1.11.12:

$ ./botan-test cvc
Exception escaped test: Decoding error:  decoding failed
Tests 1 FAILs

And of course, it was working fine in 1.11.11:

$ ./botan version
1.11.11
$ ./botan-test cvc
Tests all ok
$

I did not see any change in cvc code, so it must be some other change that affects it.


On Jan 3, 2015, at 21:01 , Uri Blumenthal <uri at mit.edu<mailto:uri at mit.edu>> wrote:
Jack,

1. Botan-1.11.12 fails to compile src/lib/tls/tls_ciphersuite.cpp file:

src/lib/tls/tls_ciphersuite.cpp:80:4: error: member initializer 'm_nonce_bytes_from_handshake'
      does not name a non-static data member or base class
   m_nonce_bytes_from_handshake(nonce_bytes_from_handshake),
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/lib/tls/tls_ciphersuite.cpp:81:4: error: member initializer 'm_nonce_bytes_from_record' does
      not name a non-static data member or base class
   m_nonce_bytes_from_record(nonce_bytes_from_record),
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2 errors generated.
Makefile:1359: recipe for target 'build/obj/lib/tls_ciphersuite.o

These are the changed lines (80 and 81 correspondingly) that cause the problem:

-   m_explicit_nonce_bytes(exp_nonce_bytes),
-   m_implicit_nonce_bytes(imp_nonce_bytes),
+   m_nonce_bytes_from_handshake(nonce_bytes_from_handshake),
+   m_nonce_bytes_from_record(nonce_bytes_from_record),


2. src/lib/cert/x509/x509cert.cpp incorrectly rejects certificates where different signing algorithms are used. These are the offending lines (99 and 100):

    if(sig_algo != sig_algo_inner)
       throw Decoding_Error("Algorithm identifier mismatch");

Would you mind explaining what made you put this restriction in in the first place? Valid certificates raise this exception in your code.


On Jan 3, 2015, at 0:35 , Jack Lloyd <lloyd at randombit.net<mailto:lloyd at randombit.net>> wrote:


Botan 1.11.12 was released earlier today. It adds ECC key exchange using
Curve25519 and message authentication using Poly1305. Additionally an AEAD
mode and TLS ciphersuites using a combination of ChaCha20 and Poly1305 are now
available. The ChaCha20Poly1305 TLS ciphersuites are compatible with Google's
implementation and is enabled in the default policy.

Further notes are at http://botan.randombit.net/relnotes/1_11_12.html
_______________________________________________
botan-devel mailing list
botan-devel at randombit.net<mailto:botan-devel at randombit.net>
http://lists.randombit.net/mailman/listinfo/botan-devel

--
Uri Blumenthal
uri at mit.edu<mailto:uri at mit.edu>

_______________________________________________
botan-devel mailing list
botan-devel at randombit.net<mailto:botan-devel at randombit.net>
http://lists.randombit.net/mailman/listinfo/botan-devel

--
Uri Blumenthal
uri at mit.edu<mailto:uri at mit.edu>

_______________________________________________
botan-devel mailing list
botan-devel at randombit.net<mailto:botan-devel at randombit.net>
http://lists.randombit.net/mailman/listinfo/botan-devel

--
Uri Blumenthal
uri at mit.edu<mailto:uri at mit.edu>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/botan-devel/attachments/20150104/58e4bb76/attachment.html>


More information about the botan-devel mailing list