- Update to Botan 2.7
* CVE-2018-12435 Avoid a side channel in ECDSA signature generation (GH
#1604)
* Avoid a side channel in RSA key generation due to use of a non-constant
time gcd algorithm. (GH #1542 #1556)
* Optimize prime generation, especially improving RSA key generation. (GH
#1542)
* Make Karatsuba multiplication, Montgomery field operations, Barrett
reduction and Montgomery exponentiation const time (GH #1540 #1606 #1609
#1610)
* Optimizations for elliptic curve operations especially improving reductions
and inversions modulo NIST primes (GH #1534 #1538 #1545 #1546 #1547 #1550)
* Add 24 word wide Comba multiplication, improving 3072-bit RSA and DH by
~25%. (GH #1564)
* Unroll Montgomery reduction for specific sizes (GH #1603)
* Improved performance of signature verification in ECGDSA, ECKCDSA, SM2 and
GOST by 10-15%.
* XMSS optimizations (GH #1583 #1585)
* Fix an error that meant XMSS would only sign half as many signatures as is
allowed (GH #1582)
* Add support for base32 encoding/decoding (GH #1541)
* Add BMI2 optimized version of SHA-256, 40% faster on Skylake (GH #1584)
* Allow the year to be up to 2200 in ASN.1 time objects. Previously this was
limited to 2100. (GH #1536)
* Add support for Scrypt password hashing (GH #1570)
* Add support for using Scrypt for private key encryption (GH #1574)
* Optimizations for DES/3DES, approx 50% faster when used in certain modes
such as CBC decrypt or CTR.
* XMSS signature verification did not check that the signature was of the
expected length which could lead to a crash. (GH #1537)