[botan-devel] Botan 1.11.31 released

Jack Lloyd lloyd at randombit.net
Tue Aug 30 15:10:46 EDT 2016


I'm happy to announce version 1.11.31 of the Botan crypto library has
been released.

SHA-256 0e751c9182c84f961e90be51f086b1ec254155c3d056cbb37eebff5f5e39ddee

A summary of changes follows, the release notes have more details on
most of these.

Bugs fixed in this release include:
- CVE-2016-6879 Fix undefined behavior in Curve25519 on 32-bit platforms.
  This was never seen to cause problems on x86-32 with current compilers, but
  did cause incorrect results with Clang on ARM32. And undefined behavior by its
  very nature may have arbitrarily bad effects.
- CVE-2016-6879 Fix return value of X509_Certificate::allowed_usage
- Fix a bug in X9.23 padding mode which had a 1 byte overwrite

Other important changes:
- DLIES has changed and is now compatible with BouncyCastle, but incompatible
  with previous releases of the library.

New features include:
- Added initial support for PKCS #11 hardware tokens
- Added ECIES (compatible with BouncyCastle)
- Added ECKCDSA signature scheme
- Added KDF1 from ISO 18033
- Added FRP256v1 curve
- Added PKCS #1 hash id for SHA-512/256 signature
- AutoSeeded_RNG now uses NIST SP800-90A HMAC_DRBG
- HMAC_DRBG now handles fork detection and automatic reseeding

Features newly deprecated in this release (see doc/deprecated.txt)
- X9.31 RNG and HMAC_RNG (use HMAC_DRBG)
- ECB Cipher_Mode (just don't)
- TLS 3DES and SEED ciphersuites (already disabled by default)
- EGD entropy source (obsolete)
- BeOS support (obsolete)

Thank you to everyone who contributed to this release.


More information about the botan-devel mailing list