On botan-devel, Rickard Bondesson noted that SHA-512 signatures using the EMSA3 padding scheme (aka PKCS #1 v1.5; the EMSA3 terminology is taken from IEEE 1363) were not matching the values produced by OpenSSL. Investigation showed that botan had been using an incorrect object identifier for SHA-512 EMSA3 signatures, basically since time immemorial. To help prevent a recurrence of such problems, more test vectors for the padding schemes EMSA2, EMSA3, and EMSA4 using a variety of different hash functions have been added in this release. These test vectors were created by a third party implementation of EMSA3, Crypto++ and thus at least imply botan should be interoperable with that implementation.
This change unfortunately means that all such signatures created by previous botan versions are incorrect and will not be accepted by new versions of botan or by any other conforming implementation. Currently the thought/hope is that signatures of this type are rare in practice, so no provision is being made for backwards compatibility with the old object identifier. SHA-512 itself is not going to be used outside of new applications, and hopefully new applications are moving to using PSS rather than continuing with PKCS #1 padding.
A bug in the EGD entropy poller was introduced in the 1.7.23
release; this bug prevented any output from being produced by the
poller, even if EGD was running and returned data. A new program in
the examples directory, test_es.cpp, has been added that will
poll each entropy source on the system and print the gathered raw
output to the screen for inspection. This makes it easier for users
and developers to check that botan's entropy sources are doing
something useful on the particular operating system in use.
A variant of EMSA3 padding called EMSA3_Raw has been added. This variant signs its inputs directly (without using a hash function), and without adding an object identifier. This variant is useful in software implementations of security tokens, and is called CKM_RSA_PKCS in PKCS #11.
The SHA-224 hash function was added in 1.7.16, but until now it was not supported with the EMSA2 or EMSA3 padding schemes, because the hash identifiers for it were not available. These ids are now included in the library.
Posted in releases at 2008/12/01 23:19; 0 comments
< Botan 1.7.23 aka 1.8.0 RC2 Released | Botan 1.8.0 Released >