1.9.4 adds SSL/TLS, GOST 34.10, XSalsa20, fault countermeasures, SIMD optimizations
Botan 1.9.4 has been released with a wide variety of changes.
Major new features include the merging of the previously standalone SSLv3/TLSv1.0 implementation Ajisai into the source, and the addition of the GOST 34.10-2001 ECC signature scheme and the XSalsa20 stream cipher. New SIMD implementations for the IDEA and Noekeon block ciphers dramatically improve performance on SSE2 processors, and the XTS and CBC block cipher modes now join CTR and ECB in making use of SIMD block cipher implementations.
The ECC code previously relied on TR1's shared_ptr, which made using it difficult on some platforms, particularly Windows. This code has been modified so that shared_ptr is no longer used, and ECDSA/ECDH are now built by default on Windows platforms.
The PK_Signer class now verifies all signatures before releasing them to the caller; this should help prevent a wide variety of fault attacks, though it does have the downside of hurting signature performance, particularly for DSA/ECDSA. Finding the right balance of performance and safety in these operations is an ongoing project.
A new configuration option, --gen-amalgamation, creates a pair of files (botan_all.cpp and botan_all.h) which contain the contents of the library as it would have normally been compiled based on the set configuration. This should ease the use of botan in projects which do not wish to depend on an external library.
Another build-related change is that many headers intended only for library-internal use are no longer installed.
Smaller changes include the addition of a password hashing scheme for user authentication needs, a SQLite encryption codec (contributed by Olivier de Gaalon), and a block cipher cascade construction.
Posted 2010/03/09 in releases; no comments
< 1.9.3: Adding AES-NI and format preserving encryption | 1.9.5 Released: ECC optimizations, GOST 34.10-2001 fixes >