[botan-devel] Botan 1.11.26 released

Jack Lloyd lloyd at randombit.net
Mon Jan 4 13:45:06 EST 2016

Hash: SHA256


Botan 1.11.26 has been released:


SHA-256 C94CEC8A7A293A813EE30F53AFF7AC6670CBC4D42FA38833AE41EAF860FE8511

New features or other improvements include:

* Adds TLS extended master secret extension (RFC 7627)
* Adds interface for KEM (key encapsulation) in pubkey.h
* Converts McEliece KEM to using new KEM interface
* Adds RSA-KEM from ISO 18033-2
* Enable RDRAND on Windows
* Add support for RDSEED instruction
* Add support for using OpenSSL's ECDH
* Add support for keygen and signing by TPM v1.2 devices (in prov/tpm)
* Fix loading unencrypted raw BER PKCS #8 private keys
* All exceptions thrown by the library derive from `Botan::Exception`
  (this is already true in 1.10, but I did something dumb early in 1.11)
* New command line interface
* Checking const time assertions works with an unpatched valgrind now

In addition there were some bugs fixed, including:

* PointGFp::operator* computed the incorrect result when multiplying by 3
* RandomNumberGenerator::gen_mask (which was not used by the library itself)
  had undefined behavior when bits >= 32 and could return zero or other
  useless things.
* Memset is used instead of unaligned pointer casts (UBSan fix)

More on all these changes and smaller changes are all in the release notes.

Many thanks to the numerous contributors to this release including
Uri Blumenthal, René Korthaus, Daniel Neus, and Simon Warta.

Some other important notes about this release:

The format of serialized TLS sessions has changed (in order to support
extended master secret).

I'm considering removing the TLS maximum fragment length extension,
for the same reasons as removing heartbeat support: they complicate
the core state machine to support an extension of questionable value
and one which in addition seem to be not widely supported in other
implementations. Is there a serious reason to keep this? For example
are there IoT TLS stacks which will only negotiate a tiny fragment
size, or something along these lines? (Botan itself is not an IoT
library of course but it's still perhaps reasonable to be able to
communicate with such devices, if they exist.)

Algorithm deprecations: I'm considering removing Nyberg-Rueppel
signatures, MARS, RC2, RC5, RC6, SAFER, HAS-160, RIPEMD-128, and MD2.
Is there any reason to keep any of these? That is, is there some still
existing application or required use case (eg, verifying a MD2
self-signed CA cert that hasn't been rolled over to SHA-256 yet,
decrypting some really old RC2 S/MIME ciphertexts, ???)

Version: GnuPG v2


More information about the botan-devel mailing list