Overview Repositories Revisions Requests Users Attributes Meta

Revisions of Botan

Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1218259 from Git SCM Staging's avatar Git SCM Staging (src-o-org-forwarder) (revision 67) 
Update to Botan 3.6.0 - the latest stable release



(🤖: Submission of Botan via https://src.opensuse.org/pool/Botan/pulls/7 by ayankov)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1190919 from Git SCM Staging's avatar Git SCM Staging (src-o-org-forwarder) (revision 66) 
Bump 'Botan' src package to Botan3

Botan 2 is EOL 2024. Moving this to the new version, so we can
transition packages to depend on this instead of botan-2 before EOL
hits.

(🤖: Submission of Botan via https://src.opensuse.org/pool/Botan/pulls/6 by ayankov)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1127662 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 64) 
- remove botan binary (moves to Botan3)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 826938 from Dirk Mueller's avatar Dirk Mueller (dirkmueller) (revision 54) 
- update to 2.15:
  Fix a bug where the name constraint extension did not constrain the alternative
  DN field which can be included in a subject alternative name. This would allow
  a corrupted sub-CA which was otherwise constrained by a name constraint to
  issue a certificate with a prohibited DN.
  Fix a bug in the TLS server during client authentication where where if a
  (disabled by default) static RSA ciphersuite was selected, then no certificate
  request would be sent. This would have an equivalent effect to a client which
  simply replied with an empty Certificate message. (GH #2367)
  Replace the T-Tables implementation of AES with a 32-bit bitsliced version. As
  a result AES is now constant time on all processors. (GH #2346 #2348 #2353
  #2329 #2355)
  In TLS, enforce that the key usage given in the server certificate allows the
  operation being performed in the ciphersuite. (GH #2367)
  In X.509 certificates, verify that the algorithm parameters are the expected
  NULL or empty. (GH #2367)
  Change the HMAC key schedule to attempt to reduce the information leaked from
  the key schedule with regards to the length of the key, as this is at times (as
  for example in PBKDF2) sensitive information. (GH #2362)
  Add Processor_RNG which wraps RDRAND or the POWER DARN RNG instructions. The
  previous RDRAND_RNG interface is deprecated. (GH #2352)
  The documentation claimed that mlocked pages were created with a guard page
  both before and after. However only a trailing guard page was used. Add a
  leading guard page. (GH #2334)
  Add support for generating and verifying DER-encoded ECDSA signatures in the C
  and Python interfaces. (GH #2357 #2356)
  Workaround a bug in GCC’s UbSan which triggered on a code sequence in XMSS (GH
  #2322)
  When building documentation using Sphinx avoid parallel builds with version 3.0
  due to a bug in that version (GH #2326 #2324)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 691275 from Daniel Molkentin's avatar Daniel Molkentin (dmolkentin) (revision 52) 
- Update to Botan 2.10
  * Bump SONAME
  * Warning: XMSS currently implements draft-06 which is not compatible with
    the final RFC 8391 specification. A PR is open to fix this, however it will
    break all current uses of XMSS. If you are currently using XMSS please
    comment at https://github.com/randombit/botan/pull/1858. Otherwise the PR
    will be merged and support for draft-06 will be removed starting in 2.11.
  * Added a new certificate store implementation that can access the MacOS
    keychain certificate store. (GH #1830)
  * Redesigned Memory_Pool class, which services allocations out of a set of
    pages locked into memory (using mlock/VirtualLock). It is now faster and
    with improved exploit mitigations. (GH #1800)
  * Add BMI2 implementations of SHA-512 and SHA-3 which improve performance by
    25-35% on common CPUs. (GH #1815)
  * Unroll SHA-3 computation improving performance by 10-12% (GH #1838)
  * Add a Thread_Pool class. It is now possible to run the tests in multiple
    threads with --test-threads=N flag to select the number of threads to use.
    Use --test-threads=0 to run with as many CPU cores as are available on the
    current system. The default remains single threaded. (GH #1819)
  * XMSS signatures now uses a global thread pool instead of spawning new
    threads for each usage. This improves signature generation performance by
    between 10% and 60% depending on architecture and core count. (GH #1864)
  * Some functions related to encoding and decoding BigInts have been
    deprecated. (GH #1817)
  * Binary encoding and decoding of BigInts has been optimized by performing
    word-size operations when possible. (GH #1817)
  * Rename the exception Integrity_Failure to Invalid_Authentication_Tag to
    make its meaning and usage more clear. The old name remains as a typedef.
    (GH #1816)
  * Support for using Boost filesystem and MSVC’s std::filesystem have been
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 626674 from Daniel Molkentin's avatar Daniel Molkentin (dmolkentin) (revision 51) 
- Fix version in baselibs.conf (forwarded request 626673 from dmolkentin)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 593756 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 48) 
- Update to Botan 2.5
  * Fix error in certificate wildcard matching (CVE-2018-9127), where a
    wildcard cert for b*.example.com would be accepted as a match for any host
    with name *b*.example.com (GH #1519)
  * Add support for RSA-PSS signatures in TLS (GH #1285)
  * Ed25519 certificates are now supported (GH #1501)
  * Many optimizations in ECC operations. ECDSA signatures are 8-10 times
    faster. ECDSA verification is about twice as fast. ECDH key agreement is
    3-4 times faster. (GH #1457 #1478)
  * Implement product scanning Montgomery reduction, which improves
    Diffie-Hellman and RSA performance by 10 to 20% on most platforms. (GH
    #1472)
  * DSA signing and verification performance has improved by 30-50%.
  * Add a new Credentials_Manager callback that specifies which CAs the server
    has indicated it trusts (GH #1395 fixing #1261)
  * Add new TLS::Callbacks methods that allow creating or removing extensions,
    as well as examining extensions sent by the peer (GH #1394 #1186)
  * Add new TLS::Callbacks methods that allow an application to negotiate use
    of custom elliptic curves. (GH #1448)
  * Add ability to create custom elliptic curves (GH #1441 #1444)
  * Add support for POWER8 AES instructions (GH #1459 #1393 #1206)
  * Fix DSA/ECDSA handling of hashes longer than the group order (GH #1502
    #986)
  * The default encoding of ECC public keys has changed from compressed to
    uncompressed point representation. This improves compatability with some
    common software packages including Golang’s standard library. (GH #1480
    #1483)
  * It is now possible to create DNs with custom components. (GH #1490 #1492)
  * It is now possible to specify the serial number of created certificates,
    instead of using the default 128-bit random integer. (GH #1489 #1491)
Displaying revisions 1 - 20 of 67
openSUSE Build Service is sponsored by
Places