Botan 1.9.9 has been released.
New functions in the Filter infrastructure include Filter::name (which simply returns the name of the filter as a std::string), and Keyed_Filter::valid_iv_length, which allows querying the IV length(s) a filter supports. Previously, partially because there was no such query mechanism, if a filter did not support IVs at all, then calls to set_iv would be silently ignored. Now an exception about the invalid IV length will be thrown.
The most recent release on the stable tree, 1.8.9, added a couple of new functions for doing BER encoding/decoding of public and private keys. These functions had not made it into the previous 1.9 release, and are added here.
The default iteration count for the password based encryption schemes has been increased from 2048 to 10000. This should make password-guessing attacks against private keys encrypted with versions after this release somewhat harder.
The Doxygen documentation comments were substantially updated and expanded in this release. As of the 1.9.9 spin, a total of 961 functions and variables remain undocumented. The goal is to get this number to zero before the next stable release series; patches assisting this would be most welcome.
Problems preventing compilation under Apple's GCC 4.2.1, and on 64-bit MIPS systems using GCC 4.4 or later were fixed.
Posted 2010/06/28 in releases; no comments
Windows Binaries Now Available For 1.8.9
Windows binaries for both 32 and 64 bit systems for the latest stable release are now available; check the download page for links.
Posted 2010/06/16 in announcements; no comments
Botan 1.8.9: Timing attack fixes, Windows DLL, new encoder functions
The latest release in the stable branch, botan 1.8.9, has been released.
The main driver for this release is a couple of security related fixes; possible timing channels that could be used against OAEP decoding and the IDEA block cipher were removed. If you use either OAEP (EME1) or IDEA, you should upgrade as soon as possible.
Three new functions were added in this release; X509::BER_encode and two variants of PKCS8::BER_encode. Previously, the only way to BER encode a key as raw binary, without PEM encoding, was using X509::encode, PKCS8::encode, or PKCS8::encrypt_key, all of which required using a Pipe which would receive the key data. A number of uses I found of these functions simply started a Pipe with no filters and immediately read out the contents as a bitstring. So these functions provide this functionality directly. The previous encode functions are reduced to just:
if(encoding == PEM)
pipe.write(PEM_encode(key));
else
pipe.write(BER_encode(key));
X509::encode, PKCS8::encode, and PKCS8::encrypt_key are now deprecated, and may be removed in a future release. Simply call PEM_encode or BER_encode instead, depending on whatever you were using for the encoding argument.
A bug in the FIPS 186-3 kosherizer prevented creating DSA groups that had 512 or 768 bit p values. Not that using a 512 or 768 bit (or 1024 bit, for that matter) DSA key is a particularly good idea anymore.
The GNU MP backend engine would crash if the library was initialized then shutdown and reinitialized and a PK algorithm was used after the second init.
This release has a number of build changes. Perhaps most noticeable for Windows users is that a DLL is now built by default; if you want a static library, use the option --disable-shared. A Windows installer script (for use with InnoSetup) is created during configuration on Windows. Prebuilt binaries for 1.8.9 for 32 and 64 bit Windows should be available soon.
Botan 1.8 currently has two scripts that can be used to configure the build - one in Perl that traces back to the first release, and a newer one written in Python. For the last year, the Perl version has warned that it was deprecated and recommended migration to the Python script. As of this release, the Perl script is no longer maintained, tested, or supported in any way. Additionally, it will not run at all by default; you must pass the option --i-know-this-is-broken first.
Some bugs that prevented compiling with the LLVM/Clang compiler, GCC 3.4, and with very recent versions of GNU binutils (x86-64 only) were also fixed.
Posted 2010/06/16 in releases; no comments
1.9.8 Released: Windows x64 optimizations, timing attack countermeasures
Botan 1.9.8 has been released.
Botan now makes use of 64 bit multiplications under Visual C++ on 64 bit platforms. This has only been tested on x86-64 but should also work on IA-64 machines. This optimization can easily double the performance of public key algorithms on 64 bit Windows.
Possible timing attacks against OAEP decoding and in the IDEA block cipher were addressed in changes in this release.
The --use-boost-python option was renamed --with-boost-python; this makes it easier to integrate with some packaging systems. There is also a --without-boost-python if you want to be explicit about not building the Python wrappers.
The FORK-256 hash function has been removed; it was definitively broken in papers published over the last couple of years, and was never widely used.
A bug that prevented creating DSA kosherized groups with p being 512 or 768 bits long was fixed. Do note though that using DSA keys of this size is quite unwise, as they can probably be broken with only relatively minimal effort.
Minor problems that prevented out of the box compilation with LLVM's Clang compiler, and with GCC versions before 4.3 on x86, were fixed.
Posted 2010/06/14 in releases; no comments
1.9.7: SSLv2 handshakes, SEED TLS suites, Comb4P
Botan 1.9.7 has been released, offering new TLS features and a new method of combining hash functions.
Some 14 years after the first introduction of SSLv3, and years of known security problems in the SSLv2 protocol, some applications still send SSLv2 client hellos in order to negotiate with SSLv2-only servers. These client hellos are now correctly handled by botan's SSL/TLS code. Note that SSLv2 is not and will not be supported; the only change here is that SSL/TLS client hellos packaged as an SSLv2 hello are processed.
SEED is a South Korean block cipher whose use with TLS is specified in RFC 4269. This release of botan adds support for the TLS SEED ciphersuites.
A new method of combining two hash functions is now available - Comb4P, which is described in Robust Multi-Property Combiners for Hash Functions Revisited, by Marc Fischlin, Anja Lehmann and Krzysztof Pietrzak. It describes a way of combining two n-bit hash functions to produce a 2n-bit output that preserves the collision resistance and PRF properties of the two hashes. This may be useful in applications which are very concerned about hash functions being broken; for instance it allows use of both SHA-512 and Skein-512, such that even if one remains unbroken then the combination will also remain unbroken.
A bug in checking of 'raw' encoding signatures was fixed; verifying a message with leading zero bytes would always fail, even if the signature was valid. This is not security critical as it only caused valid signatures to be rejected (there was no risk of invalid signatures being accepted as a result of this bug). However, using raw (unhashed, unpadded) signature inputs is prone to many different problems and should be avoided if at all possible.
Posted 2010/04/27 in releases; no comments
[1] 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 >>