ProHoster > Blog > internet news > Release of cryptographic libraries LibreSSL 3.1.0 and Botan 2.14.0

Release of cryptographic libraries LibreSSL 3.1.0 and Botan 2.14.0

Developers of the OpenBSD project presented release of a portable edition of a package LibreSSL 3.1.0, within which a fork of OpenSSL is being developed, aimed at providing a higher level of security. The LibreSSL project is focused on high-quality support for SSL / TLS protocols with the removal of unnecessary functionality, the addition of additional security features and a significant cleaning and reworking of the code base. The LibreSSL 3.1.0 release is seen as an experimental release that develops features that will be included with OpenBSD 6.7.

Features of LibreSSL 3.1.0:

  • An initial implementation of TLS 1.3 based on a new state machine and a subsystem for working with records is proposed. By default, only the client part of TLS 1.3 is enabled so far, the server part is planned to be activated by default in one of the future releases.
  • The code has been cleaned, protocol parsing and memory handling have been improved.
  • Ported RSA-PSS and RSA-OAEP methods from OpenSSL 1.1.1.
  • Ported from OpenSSL 1.1.1 and enabled by default CMS (Cryptographic Message Syntax). The "cms" command has been added to the openssl utility.
  • Improved compatibility with OpenSSL 1.1.1 by backporting some changes.
  • A large set of new tests for cryptographic functions has been added.
  • The behavior of EVP_chacha20() is close to OpenSSL semantics.
  • Added the ability to configure the location of a set with certificates of certification authorities.
  • In the openssl utility, the "-addext" option is implemented in the "req" command.

In addition, it can be noted issue cryptographic library Boot 2.14.0used in the project NeoPG, a fork of GnuPG 2. The library provides a large collection of ready-made primitivesused in TLS, X.509 certificates, AEAD ciphers, TPMs, PKCS#11, password hashing, and post-quantum cryptography (hash-based signatures and key agreement based on McEliece and NewHope). The library is written in C++11 and supplied under the BSD license.

Among changes in the new issue of Botan:

  • Added mode implementation GCM (Galois/Counter Mode), accelerated for POWER8 processors using the VPSUMD vector instruction.
  • For ARM and POWER systems, the implementation of the constant-time AES vector permutation operation has been significantly accelerated.
  • A new modulo inversion algorithm has been proposed that provides faster and better protection against side channel attacks.
  • Made optimizations that speed up ECDSA/ECDH by reducing the NIST field.

Source: opennet.ru

Add a comment