1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
|
Version 1.11.14, 2015-02-27
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* The global state object previously used by the library has been removed.
This includes the global PRNG. The library can be safely initialized
multiple times without harm.
The engine code has also been removed, replaced by a much lighter-weight
object registry system which provides lookups in faster time and with less
memory overhead than the previous approach.
One caveat of the current system with regards to static linking: because only
symbols already mentioned elsewhere in the program are included in the final
link step, few algorithms will be available through the lookup system by
default, even though they were compiled into the library. Your application
must explicitly reference the types you require or they will not end up
being available in the final binary. See also Github issue #52
If you intend to build your application against a static library and don't
want to explicitly reference each algo object you might attempt to look up by
string, consider either building with `--via-amalgamation`, or else (much
simpler) using the amalgamation directly.
* The new `ffi` submodule provides a simple C API/ABI for a number of useful
operations (hashing, ciphers, public key operations, etc) which is easily
accessed using the FFI modules included in many languages.
* A new Python wrapper (in `src/lib/python/botan.py`) using `ffi` and the Python
`ctypes` module is available. The old Boost.Python wrapper has been removed.
* Add specialized reducers for P-192, P-224, P-256, and P-384
* OCB mode, which provides a fast and constant time AEAD mode without requiring
hardware support, is now supported in TLS, following
draft-zauner-tls-aes-ocb-01. Because this specification is not yet finalized
is not yet enabled by the default policy, and the ciphersuite numbers used are
in the experimental range and may conflict with other uses.
* Add ability to read TLS policy from a text file using `TLS::Text_Policy`.
* The amalgamation now splits off any ISA specific code (for instance, that
requiring SSSE3 instruction sets) into a new file named (for instance)
`botan_all_ssse3.cpp`. This allows the main amalgamation file to be compiled
without any special flags, so `--via-amalgamation` builds actually work now.
This is disabled with the build option `--single-amalgamation-file`
* PBKDF and KDF operations now provide a way to write the desired output
directly to an application-specified area rather than always allocating a new
heap buffer.
* HKDF, previously provided using a non-standard interface, now uses the
standard KDF interface and is retrievable using get_kdf.
* It is once again possible to build the complete test suite without requiring
any boost libraries. This is currently only supported on systems supporting
the readdir interface.
* Remove use of memset_s which caused problems with amalgamation on OS X.
Github 42, 45
* The memory usage of the counter mode implementation has been reduced.
Previously it encrypted 256 blocks in parallel as this leads to a slightly
faster counter increment operation. Instead CTR_BE simply encrypts a buffer
equal in size to the advertised parallelism of the cipher implementation.
This is not measurably slower, and dramatically reduces the memory use of
CTR mode.
* The memory allocator available on Unix systems which uses mmap and mlock to
lock a pool of memory now checks environment variable BOTAN_MLOCK_POOL_SIZE
and interprets it as an integer. If the value set to a smaller value then the
library would originally have allocated (based on resource limits) the user
specified size is used instead. You can also set the variable to 0 to
disable the pool entirely. Previously the allocator would consume all
available mlocked memory, this allows botan to coexist with an application
which wants to mlock memory for its own uses.
* The botan-config script previously installed on Unix systems has been
removed. Its functionality is replaced by the `config` command of the
`botan` tool executable, for example `botan config cflags` instead of
`botan-config --cflags`.
* Added a target for POWER8 processors
|
