Fix a bug where the name constraint extension did not constrain the alternative
DN field which can be included in a subject alternative name. This would allow
a corrupted sub-CA which was otherwise constrained by a name constraint to
issue a certificate with a prohibited DN.
Fix a bug in the TLS server during client authentication where where if a
(disabled by default) static RSA ciphersuite was selected, then no certificate
request would be sent. This would have an equivalent effect to a client which
simply replied with an empty Certificate message. (GH #2367)
Replace the T-Tables implementation of AES with a 32-bit bitsliced version. As
a result AES is now constant time on all processors. (GH #2346#2348#2353#2329#2355)
In TLS, enforce that the key usage given in the server certificate allows the
operation being performed in the ciphersuite. (GH #2367)
In X.509 certificates, verify that the algorithm parameters are the expected
NULL or empty. (GH #2367)
Change the HMAC key schedule to attempt to reduce the information leaked from
the key schedule with regards to the length of the key, as this is at times (as
for example in PBKDF2) sensitive information. (GH #2362)
Add Processor_RNG which wraps RDRAND or the POWER DARN RNG instructions. The
previous RDRAND_RNG interface is deprecated. (GH #2352)
The documentation claimed that mlocked pages were created with a guard page
both before and after. However only a trailing guard page was used. Add a
leading guard page. (GH #2334)
Add support for generating and verifying DER-encoded ECDSA signatures in the C
and Python interfaces. (GH #2357#2356)
Workaround a bug in GCC’s UbSan which triggered on a code sequence in XMSS (GH
#2322)
When building documentation using Sphinx avoid parallel builds with version 3.0
due to a bug in that version (GH #2326#2324)
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=94
- Update to Botan 2.14:
* Add support for using POWER8+ VPSUMD instruction to accelerate GCM (GH #2247)
* Optimize the vector permute AES implementation, especially improving
performance on ARMv7, Aarch64, and POWER. (GH #2243)
* Use a new algorithm for modular inversions which is both faster
and more resistant to side channel attacks. (GH #2287#2296#2301)
* Address an issue in CBC padding which would leak the length of the plaintext
which was being padded. Unpadding during decryption was not affected.
* Optimize NIST prime field reductions, improving ECDSA by 3-9% (GH #2295)
* Increase the size of the ECC blinding mask and scale it based on the
size of the group order. (GH #880#893#2308)
* Add server side support for the TLS asio wrapper. (GH #2229)
* Add support for using Windows certificate store on MinGW (GH #2280)
* Add a CLI utility cpu_clock which estimates the speed of the processor cycle counter.
* Add Roughtime client (GH #2143#1842)
* Add support for XMSS X.509 certificates (GH #2172)
* Add support for X.509 CRLs in FFI layer and Python wrapper (GH #2213)
* Add AVX2 implementation of SHACAL2 (GH #2196)
* Support more functionality for X.509 in the Python API (GH #2165)
* Add generic CPU target useful when building for some new or unusual platform.
* Disable MD5 in BSI or NIST modes (GH #2188)
* Many currently public headers are being deprecated. If any such header is included by
an application, a warning is issued at compile time.
Headers issuing this warning will be made internal in a future major release.
* RSA signature performance improvements (GH #2068#2070)
* Performance improvements for GCM (GH #2024#2099#2119), OCB (#2122), XTS (#2123) and
ChaCha20Poly1305 (GH #2117), especially for small messages.
* Add support for constant time AES using NEON and AltiVec (GH #2093#2095#2100)
* Improve performance of POWER8 AES instructions (GH #2096)
* Add support for the POWER9 hardware random number generator (GH #2026)
* Add support for 64-bit version of RDRAND, doubling performance on x86-64 (GH #934#2022)
* In DTLS server, support a client crashing and then reconnecting from the same
source port, as described in RFC 6347 sec 4.2.8 (GH #2029)
* Optimize DTLS MTU splitting to split precisely to the set MTU (GH #2042)
* Add support for the TLS v1.3 downgrade indicator. (GH #2027)
* Add Argon2 PBKDF and password hash (GH #459#1981#1987)
* Add Bcrypt-PBKDF (GH #1990)
* Add server side support for issuing DTLS HelloVerifyRequest messages (GH #1999)
* Add support for the TLS v1.3 supported_versions extension. (GH #1976)
* Add Ed25519ph compatible with RFC 8032 (GH #1699#2000)
* Add support for OCSP stapling on server side. (GH #1703#1967)
* Add a boost::asio TLS stream compatible with boost::asio::ssl. (GH #1839#1927#1992)
* Add a certificate store for Linux/Unix systems. (GH #1885#1936)
* Various Fixes
OBS-URL: https://build.opensuse.org/request/show/792362
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=92
- Update to Botan 2.10
* Bump SONAME
* Warning: XMSS currently implements draft-06 which is not compatible with
the final RFC 8391 specification. A PR is open to fix this, however it will
break all current uses of XMSS. If you are currently using XMSS please
comment at https://github.com/randombit/botan/pull/1858. Otherwise the PR
will be merged and support for draft-06 will be removed starting in 2.11.
* Added a new certificate store implementation that can access the MacOS
keychain certificate store. (GH #1830)
* Redesigned Memory_Pool class, which services allocations out of a set of
pages locked into memory (using mlock/VirtualLock). It is now faster and
with improved exploit mitigations. (GH #1800)
* Add BMI2 implementations of SHA-512 and SHA-3 which improve performance by
25-35% on common CPUs. (GH #1815)
* Unroll SHA-3 computation improving performance by 10-12% (GH #1838)
* Add a Thread_Pool class. It is now possible to run the tests in multiple
threads with --test-threads=N flag to select the number of threads to use.
Use --test-threads=0 to run with as many CPU cores as are available on the
current system. The default remains single threaded. (GH #1819)
* XMSS signatures now uses a global thread pool instead of spawning new
threads for each usage. This improves signature generation performance by
between 10% and 60% depending on architecture and core count. (GH #1864)
* Some functions related to encoding and decoding BigInts have been
deprecated. (GH #1817)
* Binary encoding and decoding of BigInts has been optimized by performing
word-size operations when possible. (GH #1817)
* Rename the exception Integrity_Failure to Invalid_Authentication_Tag to
make its meaning and usage more clear. The old name remains as a typedef.
(GH #1816)
* Support for using Boost filesystem and MSVC’s std::filesystem have been
OBS-URL: https://build.opensuse.org/request/show/690656
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=90
- Update to Botan 2.9
* Bump SONAME
* CVE-2018-20187 Address a side channel during ECC key generation, which used an
unblinded Montgomery ladder. As a result, a timing attack can reveal
information about the high bits of the secret key.
* Fix bugs in TLS which caused negotiation failures when the client used an
unknown signature algorithm or version (GH #1711#1709#1708)
* Fix bug affecting GCM, EAX and ChaCha20Poly1305 where if the associated data
was set after starting a message, the new AD was not reflected in the produced
tag. Now with these modes setting an AD after beginning a message throws an
exception.
* Use a smaller sieve which improves performance of prime generation.
* Fixed a bug that caused ChaCha to produce incorrect output after encrypting 256
GB. (GH #1728)
* Add NEON and AltiVec implementations of ChaCha (GH #1719#1728#1729)
* Optimize AVX2 ChaCha (GH #1730)
* Many more operations in BigInt, ECC and RSA code paths are either fully const
time or avoid problematic branches that could potentially be exploited in a
side channel attack. (GH #1738#1750#1754#1755#1757#1758#1759#1762#1765#1770#1773#1774#1779#1780#1794#1795#1796#1797)
* Several optimizations for BigInt and ECC, improving ECDSA performance by as
much as 30%. (GH #1734#1737#1777#1750#1737#1788)
OBS-URL: https://build.opensuse.org/request/show/689411
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=89
- Update to Botan 2.7
* CVE-2018-12435 Avoid a side channel in ECDSA signature generation (GH
#1604)
* Avoid a side channel in RSA key generation due to use of a non-constant
time gcd algorithm. (GH #1542#1556)
* Optimize prime generation, especially improving RSA key generation. (GH
#1542)
* Make Karatsuba multiplication, Montgomery field operations, Barrett
reduction and Montgomery exponentiation const time (GH #1540#1606#1609#1610)
* Optimizations for elliptic curve operations especially improving reductions
and inversions modulo NIST primes (GH #1534#1538#1545#1546#1547#1550)
* Add 24 word wide Comba multiplication, improving 3072-bit RSA and DH by
~25%. (GH #1564)
* Unroll Montgomery reduction for specific sizes (GH #1603)
* Improved performance of signature verification in ECGDSA, ECKCDSA, SM2 and
GOST by 10-15%.
* XMSS optimizations (GH #1583#1585)
* Fix an error that meant XMSS would only sign half as many signatures as is
allowed (GH #1582)
* Add support for base32 encoding/decoding (GH #1541)
* Add BMI2 optimized version of SHA-256, 40% faster on Skylake (GH #1584)
* Allow the year to be up to 2200 in ASN.1 time objects. Previously this was
limited to 2100. (GH #1536)
* Add support for Scrypt password hashing (GH #1570)
* Add support for using Scrypt for private key encryption (GH #1574)
* Optimizations for DES/3DES, approx 50% faster when used in certain modes
such as CBC decrypt or CTR.
* XMSS signature verification did not check that the signature was of the
expected length which could lead to a crash. (GH #1537)
OBS-URL: https://build.opensuse.org/request/show/621856
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=86
- Update to Botan 2.5
* Fix error in certificate wildcard matching (CVE-2018-9127), where a
wildcard cert for b*.example.com would be accepted as a match for any host
with name *b*.example.com (GH #1519)
* Add support for RSA-PSS signatures in TLS (GH #1285)
* Ed25519 certificates are now supported (GH #1501)
* Many optimizations in ECC operations. ECDSA signatures are 8-10 times
faster. ECDSA verification is about twice as fast. ECDH key agreement is
3-4 times faster. (GH #1457#1478)
* Implement product scanning Montgomery reduction, which improves
Diffie-Hellman and RSA performance by 10 to 20% on most platforms. (GH
#1472)
* DSA signing and verification performance has improved by 30-50%.
* Add a new Credentials_Manager callback that specifies which CAs the server
has indicated it trusts (GH #1395 fixing #1261)
* Add new TLS::Callbacks methods that allow creating or removing extensions,
as well as examining extensions sent by the peer (GH #1394#1186)
* Add new TLS::Callbacks methods that allow an application to negotiate use
of custom elliptic curves. (GH #1448)
* Add ability to create custom elliptic curves (GH #1441#1444)
* Add support for POWER8 AES instructions (GH #1459#1393#1206)
* Fix DSA/ECDSA handling of hashes longer than the group order (GH #1502#986)
* The default encoding of ECC public keys has changed from compressed to
uncompressed point representation. This improves compatability with some
common software packages including Golang’s standard library. (GH #1480#1483)
* It is now possible to create DNs with custom components. (GH #1490#1492)
* It is now possible to specify the serial number of created certificates,
instead of using the default 128-bit random integer. (GH #1489#1491)
OBS-URL: https://build.opensuse.org/request/show/593097
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=79
- drop explicit package requirements
- split binary package and documentation from dynamic library package
- merge back Botan2 package to Botan with changelog history
- drop Botan patches
aarch64-support.patch - doesn't seem to be required anymore
Botan-fix_install_paths.patch - doesn't seem to be required
no-cpuid-header.patch - SLE11 not target anymore
Botan-fix_pkgconfig.patch - this seem to be wrong
Botan-no-buildtime.patch - not needed anymore
dont-set-mach-value.diff - doesn't apply, unclear and undocumented why it is there
Botan-inttypes.patch - not required
Botan-ull_constants.patch.bz2 - no reason anymore
- change group of libbotan-%{version_suffix} to 'System/Libraries' as
requested on review
- Don't drop -fstack-clash-protection for openSUSE 42.3 - we just
need the Update repository present.
- Rename libbotan-devel to libbotan2-devel. We can't have clashing
packages in the archive because Botan1 and Botan2 provide the
same -devel binary. Botan2 is also no API compatible with Botan.
- fix expected version after bump in baselibs.conf too
- fix unknown flag -fstack-clash-protection for openSUSE 42.3
- rename to Botan2
- drop Botan2-INT_MAX.patch as not needed anymore
- Bump to libbotan 2.4
Changes and new features:
OBS-URL: https://build.opensuse.org/request/show/578006
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=75
- bump SONAME to libbotan-1_10-1
- Update to 1.10.10
* SECURITY: The BER decoder would crash due to reading from offset 0
of an empty vector if it encountered a BIT STRING which did not
contain any data at all. As the type requires a 1 byte field this
is not valid BER but could occur in malformed data. Found with
afl. CVE-2015-5726
* SECURITY: The BER decoder would allocate a fairly arbitrary amount
of memory in a length field, even if there was no chance the read
request would succeed. This might cause the process to run out of
memory or invoke the OOM killer. Found with afl. CVE-2015-5727
* Due to an ABI incompatible (though not API incompatible) change in
this release, the version number of the shared object has been
increased.
* The default TLS policy no longer allows RC4.
* Fix a signed integer overflow in Blue Midnight Wish that may cause
incorrect computations or undefined behavior.
- Update to 1.10.9
* Fixed EAX tag verification to run in constant time
* The default TLS policy now disables SSLv3.
* A crash could occur when reading from a blocking random device if
the device initially indicated that entropy was available but a
concurrent process drained the entropy pool before the read was
initiated.
* Fix decoding indefinite length BER constructs that contain a
context sensitive tag of zero. Github pull 26 from Janusz Chorko.
* The botan-config script previously tried to guess its prefix from
the location of the binary. However this was error prone, and now
the script assumes the final installation prefix matches the value
set during the build. Github issue 29.
OBS-URL: https://build.opensuse.org/request/show/322627
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/Botan?expand=0&rev=51