[botan-devel] Botan 1.11.31 released
lloyd at randombit.net
Tue Aug 30 15:10:46 EDT 2016
I'm happy to announce version 1.11.31 of the Botan crypto library has
A summary of changes follows, the release notes have more details on
most of these.
Bugs fixed in this release include:
- CVE-2016-6879 Fix undefined behavior in Curve25519 on 32-bit platforms.
This was never seen to cause problems on x86-32 with current compilers, but
did cause incorrect results with Clang on ARM32. And undefined behavior by its
very nature may have arbitrarily bad effects.
- CVE-2016-6879 Fix return value of X509_Certificate::allowed_usage
- Fix a bug in X9.23 padding mode which had a 1 byte overwrite
Other important changes:
- DLIES has changed and is now compatible with BouncyCastle, but incompatible
with previous releases of the library.
New features include:
- Added initial support for PKCS #11 hardware tokens
- Added ECIES (compatible with BouncyCastle)
- Added ECKCDSA signature scheme
- Added KDF1 from ISO 18033
- Added FRP256v1 curve
- Added RDRAND_RNG
- Added PKCS #1 hash id for SHA-512/256 signature
- AutoSeeded_RNG now uses NIST SP800-90A HMAC_DRBG
- HMAC_DRBG now handles fork detection and automatic reseeding
Features newly deprecated in this release (see doc/deprecated.txt)
- X9.31 RNG and HMAC_RNG (use HMAC_DRBG)
- ECB Cipher_Mode (just don't)
- TLS 3DES and SEED ciphersuites (already disabled by default)
- EGD entropy source (obsolete)
- BeOS support (obsolete)
Thank you to everyone who contributed to this release.
More information about the botan-devel