forked from Qortal/Brooklyn
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
770 lines
33 KiB
770 lines
33 KiB
PolarSSL ChangeLog |
|
|
|
= Version 1.2.10 released 2013-10-07 |
|
Changes |
|
* Changed RSA blinding to a slower but thread-safe version |
|
|
|
Bugfix |
|
* Fixed memory leak in RSA as a result of introduction of blinding |
|
* Fixed ssl_pkcs11_decrypt() prototype |
|
* Fixed MSVC project files |
|
|
|
= Version 1.2.9 released 2013-10-01 |
|
Changes |
|
* x509_verify() now case insensitive for cn (RFC 6125 6.4) |
|
|
|
Bugfix |
|
* Fixed potential memory leak when failing to resume a session |
|
* Fixed potential file descriptor leaks (found by Remi Gacogne) |
|
* Minor fixes |
|
|
|
Security |
|
* Fixed potential heap buffer overflow on large hostname setting |
|
* Fixed potential negative value misinterpretation in load_file() |
|
* RSA blinding on CRT operations to counter timing attacks |
|
(found by Cyril Arnaud and Pierre-Alain Fouque) |
|
|
|
= Version 1.2.8 released 2013-06-19 |
|
Features |
|
* Parsing of PKCS#8 encrypted private key files |
|
* PKCS#12 PBE and derivation functions |
|
* Centralized module option values in config.h to allow user-defined |
|
settings without editing header files by using POLARSSL_CONFIG_OPTIONS |
|
|
|
Changes |
|
* HAVEGE random generator disabled by default |
|
* Internally split up x509parse_key() into a (PEM) handler function |
|
and specific DER parser functions for the PKCS#1 and unencrypted |
|
PKCS#8 private key formats |
|
* Added mechanism to provide alternative implementations for all |
|
symmetric cipher and hash algorithms (e.g. POLARSSL_AES_ALT in |
|
config.h) |
|
* PKCS#5 module added. Moved PBKDF2 functionality inside and deprecated |
|
old PBKDF2 module |
|
|
|
Bugfix |
|
* Secure renegotiation extension should only be sent in case client |
|
supports secure renegotiation |
|
* Fixed offset for cert_type list in ssl_parse_certificate_request() |
|
* Fixed const correctness issues that have no impact on the ABI |
|
* x509parse_crt() now better handles PEM error situations |
|
* ssl_parse_certificate() now calls x509parse_crt_der() directly |
|
instead of the x509parse_crt() wrapper that can also parse PEM |
|
certificates |
|
* x509parse_crtpath() is now reentrant and uses more portable stat() |
|
* Fixed bignum.c and bn_mul.h to support Thumb2 and LLVM compiler |
|
* Fixed values for 2-key Triple DES in cipher layer |
|
* ssl_write_certificate_request() can handle empty ca_chain |
|
|
|
Security |
|
* A possible DoS during the SSL Handshake, due to faulty parsing of |
|
PEM-encoded certificates has been fixed (found by Jack Lloyd) |
|
|
|
= Version 1.2.7 released 2013-04-13 |
|
Features |
|
* Ability to specify allowed ciphersuites based on the protocol version. |
|
|
|
Changes |
|
* Default Blowfish keysize is now 128-bits |
|
* Test suites made smaller to accommodate Raspberry Pi |
|
|
|
Bugfix |
|
* Fix for MPI assembly for ARM |
|
* GCM adapted to support sizes > 2^29 |
|
|
|
= Version 1.2.6 released 2013-03-11 |
|
Bugfix |
|
* Fixed memory leak in ssl_free() and ssl_reset() for active session |
|
* Corrected GCM counter incrementation to use only 32-bits instead of |
|
128-bits (found by Yawning Angel) |
|
* Fixes for 64-bit compilation with MS Visual Studio |
|
* Fixed net_bind() for specified IP addresses on little endian systems |
|
* Fixed assembly code for ARM (Thumb and regular) for some compilers |
|
|
|
Changes |
|
* Internally split up rsa_pkcs1_encrypt(), rsa_pkcs1_decrypt(), |
|
rsa_pkcs1_sign() and rsa_pkcs1_verify() to separate PKCS#1 v1.5 and |
|
PKCS#1 v2.1 functions |
|
* Added support for custom labels when using rsa_rsaes_oaep_encrypt() |
|
or rsa_rsaes_oaep_decrypt() |
|
* Re-added handling for SSLv2 Client Hello when the define |
|
POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO is set |
|
* The SSL session cache module (ssl_cache) now also retains peer_cert |
|
information (not the entire chain) |
|
|
|
Security |
|
* Removed further timing differences during SSL message decryption in |
|
ssl_decrypt_buf() |
|
* Removed timing differences due to bad padding from |
|
rsa_rsaes_pkcs1_v15_decrypt() and rsa_pkcs1_decrypt() for PKCS#1 v1.5 |
|
operations |
|
|
|
= Version 1.2.5 released 2013-02-02 |
|
Changes |
|
* Allow enabling of dummy error_strerror() to support some use-cases |
|
* Debug messages about padding errors during SSL message decryption are |
|
disabled by default and can be enabled with POLARSSL_SSL_DEBUG_ALL |
|
* Sending of security-relevant alert messages that do not break |
|
interoperability can be switched on/off with the flag |
|
POLARSSL_SSL_ALL_ALERT_MESSAGES |
|
|
|
Security |
|
* Removed timing differences during SSL message decryption in |
|
ssl_decrypt_buf() due to badly formatted padding |
|
|
|
= Version 1.2.4 released 2013-01-25 |
|
Changes |
|
* Added ssl_handshake_step() to allow single stepping the handshake process |
|
|
|
Bugfix |
|
* Memory leak when using RSA_PKCS_V21 operations fixed |
|
* Handle future version properly in ssl_write_certificate_request() |
|
* Correctly handle CertificateRequest message in client for <= TLS 1.1 |
|
without DN list |
|
|
|
= Version 1.2.3 released 2012-11-26 |
|
Bugfix |
|
* Server not always sending correct CertificateRequest message |
|
|
|
= Version 1.2.2 released 2012-11-24 |
|
Changes |
|
* Added p_hw_data to ssl_context for context specific hardware acceleration |
|
data |
|
* During verify trust-CA is only checked for expiration and CRL presence |
|
|
|
Bugfixes |
|
* Fixed client authentication compatibility |
|
* Fixed dependency on POLARSSL_SHA4_C in SSL modules |
|
|
|
= Version 1.2.1 released 2012-11-20 |
|
Changes |
|
* Depth that the certificate verify callback receives is now numbered |
|
bottom-up (Peer cert depth is 0) |
|
|
|
Bugfixes |
|
* Fixes for MSVC6 |
|
* Moved mpi_inv_mod() outside POLARSSL_GENPRIME |
|
* Allow R and A to point to same mpi in mpi_div_mpi (found by Manuel |
|
Pégourié-Gonnard) |
|
* Fixed possible segfault in mpi_shift_r() (found by Manuel |
|
Pégourié-Gonnard) |
|
* Added max length check for rsa_pkcs1_sign with PKCS#1 v2.1 |
|
|
|
= Version 1.2.0 released 2012-10-31 |
|
Features |
|
* Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak |
|
ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by |
|
default! |
|
* Added support for wildcard certificates |
|
* Added support for multi-domain certificates through the X509 Subject |
|
Alternative Name extension |
|
* Added preliminary ASN.1 buffer writing support |
|
* Added preliminary X509 Certificate Request writing support |
|
* Added key_app_writer example application |
|
* Added cert_req example application |
|
* Added base Galois Counter Mode (GCM) for AES |
|
* Added TLS 1.2 support (RFC 5246) |
|
* Added GCM suites to TLS 1.2 (RFC 5288) |
|
* Added commandline error code convertor (util/strerror) |
|
* Added support for Hardware Acceleration hooking in SSL/TLS |
|
* Added OpenSSL / PolarSSL compatibility script (tests/compat.sh) and |
|
example application (programs/ssl/o_p_test) (requires OpenSSL) |
|
* Added X509 CA Path support |
|
* Added Thumb assembly optimizations |
|
* Added DEFLATE compression support as per RFC3749 (requires zlib) |
|
* Added blowfish algorithm (Generic and cipher layer) |
|
* Added PKCS#5 PBKDF2 key derivation function |
|
* Added Secure Renegotiation (RFC 5746) |
|
* Added predefined DHM groups from RFC 5114 |
|
* Added simple SSL session cache implementation |
|
* Added ServerName extension parsing (SNI) at server side |
|
* Added option to add minimum accepted SSL/TLS protocol version |
|
|
|
Changes |
|
* Removed redundant POLARSSL_DEBUG_MSG define |
|
* AES code only check for Padlock once |
|
* Fixed const-correctness mpi_get_bit() |
|
* Documentation for mpi_lsb() and mpi_msb() |
|
* Moved out_msg to out_hdr + 32 to support hardware acceleration |
|
* Changed certificate verify behaviour to comply with RFC 6125 section 6.3 |
|
to not match CN if subjectAltName extension is present (Closes ticket #56) |
|
* Cipher layer cipher_mode_t POLARSSL_MODE_CFB128 is renamed to |
|
POLARSSL_MODE_CFB, to also handle different block size CFB modes. |
|
* Removed handling for SSLv2 Client Hello (as per RFC 5246 recommendation) |
|
* Revamped session resumption handling |
|
* Generalized external private key implementation handling (like PKCS#11) |
|
in SSL/TLS |
|
* Revamped x509_verify() and the SSL f_vrfy callback implementations |
|
* Moved from unsigned long to fixed width uint32_t types throughout code |
|
* Renamed ciphersuites naming scheme to IANA reserved names |
|
|
|
Bugfix |
|
* Fixed handling error in mpi_cmp_mpi() on longer B values (found by |
|
Hui Dong) |
|
* Fixed potential heap corruption in x509_name allocation |
|
* Fixed single RSA test that failed on Big Endian systems (Closes ticket #54) |
|
* mpi_exp_mod() now correctly handles negative base numbers (Closes ticket |
|
#52) |
|
* Handle encryption with private key and decryption with public key as per |
|
RFC 2313 |
|
* Handle empty certificate subject names |
|
* Prevent reading over buffer boundaries on X509 certificate parsing |
|
* mpi_add_abs() now correctly handles adding short numbers to long numbers |
|
with carry rollover (found by Ruslan Yushchenko) |
|
* Handle existence of OpenSSL Trust Extensions at end of X.509 DER blob |
|
* Fixed MPI assembly for SPARC64 platform |
|
|
|
Security |
|
* Fixed potential memory zeroization on miscrafted RSA key (found by Eloi |
|
Vanderbeken) |
|
|
|
= Version 1.1.5 released on 2013-01-16 |
|
Bugfix |
|
* Fixed MPI assembly for SPARC64 platform |
|
* Handle existence of OpenSSL Trust Extensions at end of X.509 DER blob |
|
* mpi_add_abs() now correctly handles adding short numbers to long numbers |
|
with carry rollover |
|
* Moved mpi_inv_mod() outside POLARSSL_GENPRIME |
|
* Prevent reading over buffer boundaries on X509 certificate parsing |
|
* mpi_exp_mod() now correctly handles negative base numbers (Closes ticket |
|
#52) |
|
* Fixed possible segfault in mpi_shift_r() (found by Manuel |
|
Pégourié-Gonnard) |
|
* Allow R and A to point to same mpi in mpi_div_mpi (found by Manuel |
|
Pégourié-Gonnard) |
|
* Added max length check for rsa_pkcs1_sign with PKCS#1 v2.1 |
|
* Memory leak when using RSA_PKCS_V21 operations fixed |
|
* Handle encryption with private key and decryption with public key as per |
|
RFC 2313 |
|
* Fixes for MSVC6 |
|
|
|
Security |
|
* Fixed potential memory zeroization on miscrafted RSA key (found by Eloi |
|
Vanderbeken) |
|
|
|
= Version 1.1.4 released on 2012-05-31 |
|
Bugfix |
|
* Correctly handle empty SSL/TLS packets (Found by James Yonan) |
|
* Fixed potential heap corruption in x509_name allocation |
|
* Fixed single RSA test that failed on Big Endian systems (Closes ticket #54) |
|
|
|
= Version 1.1.3 released on 2012-04-29 |
|
Bugfix |
|
* Fixed random MPI generation to not generate more size than requested. |
|
|
|
= Version 1.1.2 released on 2012-04-26 |
|
Bugfix |
|
* Fixed handling error in mpi_cmp_mpi() on longer B values (found by |
|
Hui Dong) |
|
|
|
Security |
|
* Fixed potential memory corruption on miscrafted client messages (found by |
|
Frama-C team at CEA LIST) |
|
* Fixed generation of DHM parameters to correct length (found by Ruslan |
|
Yushchenko) |
|
|
|
= Version 1.1.1 released on 2012-01-23 |
|
Bugfix |
|
* Check for failed malloc() in ssl_set_hostname() and x509_get_entries() |
|
(Closes ticket #47, found by Hugo Leisink) |
|
* Fixed issues with Intel compiler on 64-bit systems (Closes ticket #50) |
|
* Fixed multiple compiler warnings for VS6 and armcc |
|
* Fixed bug in CTR_CRBG selftest |
|
|
|
= Version 1.1.0 released on 2011-12-22 |
|
Features |
|
* Added ssl_session_reset() to allow better multi-connection pools of |
|
SSL contexts without needing to set all non-connection-specific |
|
data and pointers again. Adapted ssl_server to use this functionality. |
|
* Added ssl_set_max_version() to allow clients to offer a lower maximum |
|
supported version to a server to help buggy server implementations. |
|
(Closes ticket #36) |
|
* Added cipher_get_cipher_mode() and cipher_get_cipher_operation() |
|
introspection functions (Closes ticket #40) |
|
* Added CTR_DRBG based on AES-256-CTR (NIST SP 800-90) random generator |
|
* Added a generic entropy accumulator that provides support for adding |
|
custom entropy sources and added some generic and platform dependent |
|
entropy sources |
|
|
|
Changes |
|
* Documentation for AES and Camellia in modes CTR and CFB128 clarified. |
|
* Fixed rsa_encrypt and rsa_decrypt examples to use public key for |
|
encryption and private key for decryption. (Closes ticket #34) |
|
* Inceased maximum size of ASN1 length reads to 32-bits. |
|
* Added an EXPLICIT tag number parameter to x509_get_ext() |
|
* Added a separate CRL entry extension parsing function |
|
* Separated the ASN.1 parsing code from the X.509 specific parsing code. |
|
So now there is a module that is controlled with POLARSSL_ASN1_PARSE_C. |
|
* Changed the defined key-length of DES ciphers in cipher.h to include the |
|
parity bits, to prevent mistakes in copying data. (Closes ticket #33) |
|
* Loads of minimal changes to better support WINCE as a build target |
|
(Credits go to Marco Lizza) |
|
* Added POLARSSL_MPI_WINDOW_SIZE definition to allow easier time to memory |
|
trade-off |
|
* Introduced POLARSSL_MPI_MAX_SIZE and POLARSSL_MPI_MAX_BITS for MPI size |
|
management (Closes ticket #44) |
|
* Changed the used random function pointer to more flexible format. Renamed |
|
havege_rand() to havege_random() to prevent mistakes. Lots of changes as |
|
a consequence in library code and programs |
|
* Moved all examples programs to use the new entropy and CTR_DRBG |
|
* Added permissive certificate parsing to x509parse_crt() and |
|
x509parse_crtfile(). With permissive parsing the parsing does not stop on |
|
encountering a parse-error. Beware that the meaning of return values has |
|
changed! |
|
* All error codes are now negative. Even on mermory failures and IO errors. |
|
|
|
Bugfix |
|
* Fixed faulty HMAC-MD2 implementation. Found by dibac. (Closes |
|
ticket #37) |
|
* Fixed a bug where the CRL parser expected an EXPLICIT ASN.1 tag |
|
before version numbers |
|
* Allowed X509 key usage parsing to accept 4 byte values instead of the |
|
standard 1 byte version sometimes used by Microsoft. (Closes ticket #38) |
|
* Fixed incorrect behaviour in case of RSASSA-PSS with a salt length |
|
smaller than the hash length. (Closes ticket #41) |
|
* If certificate serial is longer than 32 octets, serial number is now |
|
appended with '....' after first 28 octets |
|
* Improved build support for s390x and sparc64 in bignum.h |
|
* Fixed MS Visual C++ name clash with int64 in sha4.h |
|
* Corrected removal of leading "00:" in printing serial numbers in |
|
certificates and CRLs |
|
|
|
= Version 1.0.0 released on 2011-07-27 |
|
Features |
|
* Expanded cipher layer with support for CFB128 and CTR mode |
|
* Added rsa_encrypt and rsa_decrypt simple example programs. |
|
|
|
Changes |
|
* The generic cipher and message digest layer now have normal error |
|
codes instead of integers |
|
|
|
Bugfix |
|
* Undid faulty bug fix in ssl_write() when flushing old data (Ticket |
|
#18) |
|
|
|
= Version 0.99-pre5 released on 2011-05-26 |
|
Features |
|
* Added additional Cipher Block Modes to symmetric ciphers |
|
(AES CTR, Camellia CTR, XTEA CBC) including the option to |
|
enable and disable individual modes when needed |
|
* Functions requiring File System functions can now be disabled |
|
by undefining POLARSSL_FS_IO |
|
* A error_strerror function() has been added to translate between |
|
error codes and their description. |
|
* Added mpi_get_bit() and mpi_set_bit() individual bit setter/getter |
|
functions. |
|
* Added ssl_mail_client and ssl_fork_server as example programs. |
|
|
|
Changes |
|
* Major argument / variable rewrite. Introduced use of size_t |
|
instead of int for buffer lengths and loop variables for |
|
better unsigned / signed use. Renamed internal bigint types |
|
t_int and t_dbl to t_uint and t_udbl in the process |
|
* mpi_init() and mpi_free() now only accept a single MPI |
|
argument and do not accept variable argument lists anymore. |
|
* The error codes have been remapped and combining error codes |
|
is now done with a PLUS instead of an OR as error codes |
|
used are negative. |
|
* Changed behaviour of net_read(), ssl_fetch_input() and ssl_recv(). |
|
net_recv() now returns 0 on EOF instead of |
|
POLARSSL_ERR_NET_CONN_RESET. ssl_fetch_input() returns |
|
POLARSSL_ERR_SSL_CONN_EOF on an EOF from its f_recv() function. |
|
ssl_read() returns 0 if a POLARSSL_ERR_SSL_CONN_EOF is received |
|
after the handshake. |
|
* Network functions now return POLARSSL_ERR_NET_WANT_READ or |
|
POLARSSL_ERR_NET_WANT_WRITE instead of the ambiguous |
|
POLARSSL_ERR_NET_TRY_AGAIN |
|
|
|
= Version 0.99-pre4 released on 2011-04-01 |
|
Features |
|
* Added support for PKCS#1 v2.1 encoding and thus support |
|
for the RSAES-OAEP and RSASSA-PSS operations. |
|
* Reading of Public Key files incorporated into default x509 |
|
functionality as well. |
|
* Added mpi_fill_random() for centralized filling of big numbers |
|
with random data (Fixed ticket #10) |
|
|
|
Changes |
|
* Debug print of MPI now removes leading zero octets and |
|
displays actual bit size of the value. |
|
* x509parse_key() (and as a consequence x509parse_keyfile()) |
|
does not zeroize memory in advance anymore. Use rsa_init() |
|
before parsing a key or keyfile! |
|
|
|
Bugfix |
|
* Debug output of MPI's now the same independent of underlying |
|
platform (32-bit / 64-bit) (Fixes ticket #19, found by Mads |
|
Kiilerich and Mihai Militaru) |
|
* Fixed bug in ssl_write() when flushing old data (Fixed ticket |
|
#18, found by Nikolay Epifanov) |
|
* Fixed proper handling of RSASSA-PSS verification with variable |
|
length salt lengths |
|
|
|
= Version 0.99-pre3 released on 2011-02-28 |
|
This release replaces version 0.99-pre2 which had possible copyright issues. |
|
Features |
|
* Parsing PEM private keys encrypted with DES and AES |
|
are now supported as well (Fixes ticket #5) |
|
* Added crl_app program to allow easy reading and |
|
printing of X509 CRLs from file |
|
|
|
Changes |
|
* Parsing of PEM files moved to separate module (Fixes |
|
ticket #13). Also possible to remove PEM support for |
|
systems only using DER encoding |
|
|
|
Bugfixes |
|
* Corrected parsing of UTCTime dates before 1990 and |
|
after 1950 |
|
* Support more exotic OID's when parsing certificates |
|
(found by Mads Kiilerich) |
|
* Support more exotic name representations when parsing |
|
certificates (found by Mads Kiilerich) |
|
* Replaced the expired test certificates |
|
* Do not bail out if no client certificate specified. Try |
|
to negotiate anonymous connection (Fixes ticket #12, |
|
found by Boris Krasnovskiy) |
|
|
|
Security fixes |
|
* Fixed a possible Man-in-the-Middle attack on the |
|
Diffie Hellman key exchange (thanks to Larry Highsmith, |
|
Subreption LLC) |
|
|
|
= Version 0.99-pre1 released on 2011-01-30 |
|
Features |
|
Note: Most of these features have been donated by Fox-IT |
|
* Added Doxygen source code documentation parts |
|
* Added reading of DHM context from memory and file |
|
* Improved X509 certificate parsing to include extended |
|
certificate fields, including Key Usage |
|
* Improved certificate verification and verification |
|
against the available CRLs |
|
* Detection for DES weak keys and parity bits added |
|
* Improvements to support integration in other |
|
applications: |
|
+ Added generic message digest and cipher wrapper |
|
+ Improved information about current capabilities, |
|
status, objects and configuration |
|
+ Added verification callback on certificate chain |
|
verification to allow external blacklisting |
|
+ Additional example programs to show usage |
|
* Added support for PKCS#11 through the use of the |
|
libpkcs11-helper library |
|
|
|
Changes |
|
* x509parse_time_expired() checks time in addition to |
|
the existing date check |
|
* The ciphers member of ssl_context and the cipher member |
|
of ssl_session have been renamed to ciphersuites and |
|
ciphersuite respectively. This clarifies the difference |
|
with the generic cipher layer and is better naming |
|
altogether |
|
|
|
= Version 0.14.0 released on 2010-08-16 |
|
Features |
|
* Added support for SSL_EDH_RSA_AES_128_SHA and |
|
SSL_EDH_RSA_CAMELLIA_128_SHA ciphersuites |
|
* Added compile-time and run-time version information |
|
* Expanded ssl_client2 arguments for more flexibility |
|
* Added support for TLS v1.1 |
|
|
|
Changes |
|
* Made Makefile cleaner |
|
* Removed dependency on rand() in rsa_pkcs1_encrypt(). |
|
Now using random fuction provided to function and |
|
changed the prototype of rsa_pkcs1_encrypt(), |
|
rsa_init() and rsa_gen_key(). |
|
* Some SSL defines were renamed in order to avoid |
|
future confusion |
|
|
|
Bug fixes |
|
* Fixed CMake out of source build for tests (found by |
|
kkert) |
|
* rsa_check_private() now supports PKCS1v2 keys as well |
|
* Fixed deadlock in rsa_pkcs1_encrypt() on failing random |
|
generator |
|
|
|
= Version 0.13.1 released on 2010-03-24 |
|
Bug fixes |
|
* Fixed Makefile in library that was mistakenly merged |
|
* Added missing const string fixes |
|
|
|
= Version 0.13.0 released on 2010-03-21 |
|
Features |
|
* Added option parsing for host and port selection to |
|
ssl_client2 |
|
* Added support for GeneralizedTime in X509 parsing |
|
* Added cert_app program to allow easy reading and |
|
printing of X509 certificates from file or SSL |
|
connection. |
|
|
|
Changes |
|
* Added const correctness for main code base |
|
* X509 signature algorithm determination is now |
|
in a function to allow easy future expansion |
|
* Changed symmetric cipher functions to |
|
identical interface (returning int result values) |
|
* Changed ARC4 to use seperate input/output buffer |
|
* Added reset function for HMAC context as speed-up |
|
for specific use-cases |
|
|
|
Bug fixes |
|
* Fixed bug resulting in failure to send the last |
|
certificate in the chain in ssl_write_certificate() and |
|
ssl_write_certificate_request() (found by fatbob) |
|
* Added small fixes for compiler warnings on a Mac |
|
(found by Frank de Brabander) |
|
* Fixed algorithmic bug in mpi_is_prime() (found by |
|
Smbat Tonoyan) |
|
|
|
= Version 0.12.1 released on 2009-10-04 |
|
Changes |
|
* Coverage test definitions now support 'depends_on' |
|
tagging system. |
|
* Tests requiring specific hashing algorithms now honor |
|
the defines. |
|
|
|
Bug fixes |
|
* Changed typo in #ifdef in x509parse.c (found |
|
by Eduardo) |
|
|
|
= Version 0.12.0 released on 2009-07-28 |
|
Features |
|
* Added CMake makefiles as alternative to regular Makefiles. |
|
* Added preliminary Code Coverage tests for AES, ARC4, |
|
Base64, MPI, SHA-family, MD-family, HMAC-SHA-family, |
|
Camellia, DES, 3-DES, RSA PKCS#1, XTEA, Diffie-Hellman |
|
and X509parse. |
|
|
|
Changes |
|
* Error codes are not (necessarily) negative. Keep |
|
this is mind when checking for errors. |
|
* RSA_RAW renamed to SIG_RSA_RAW for consistency. |
|
* Fixed typo in name of POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE. |
|
* Changed interface for AES and Camellia setkey functions |
|
to indicate invalid key lengths. |
|
|
|
Bug fixes |
|
* Fixed include location of endian.h on FreeBSD (found by |
|
Gabriel) |
|
* Fixed include location of endian.h and name clash on |
|
Apples (found by Martin van Hensbergen) |
|
* Fixed HMAC-MD2 by modifying md2_starts(), so that the |
|
required HMAC ipad and opad variables are not cleared. |
|
(found by code coverage tests) |
|
* Prevented use of long long in bignum if |
|
POLARSSL_HAVE_LONGLONG not defined (found by Giles |
|
Bathgate). |
|
* Fixed incorrect handling of negative strings in |
|
mpi_read_string() (found by code coverage tests). |
|
* Fixed segfault on handling empty rsa_context in |
|
rsa_check_pubkey() and rsa_check_privkey() (found by |
|
code coverage tests). |
|
* Fixed incorrect handling of one single negative input |
|
value in mpi_add_abs() (found by code coverage tests). |
|
* Fixed incorrect handling of negative first input |
|
value in mpi_sub_abs() (found by code coverage tests). |
|
* Fixed incorrect handling of negative first input |
|
value in mpi_mod_mpi() and mpi_mod_int(). Resulting |
|
change also affects mpi_write_string() (found by code |
|
coverage tests). |
|
* Corrected is_prime() results for 0, 1 and 2 (found by |
|
code coverage tests). |
|
* Fixed Camellia and XTEA for 64-bit Windows systems. |
|
|
|
= Version 0.11.1 released on 2009-05-17 |
|
* Fixed missing functionality for SHA-224, SHA-256, SHA384, |
|
SHA-512 in rsa_pkcs1_sign() |
|
|
|
= Version 0.11.0 released on 2009-05-03 |
|
* Fixed a bug in mpi_gcd() so that it also works when both |
|
input numbers are even and added testcases to check |
|
(found by Pierre Habouzit). |
|
* Added support for SHA-224, SHA-256, SHA-384 and SHA-512 |
|
one way hash functions with the PKCS#1 v1.5 signing and |
|
verification. |
|
* Fixed minor bug regarding mpi_gcd located within the |
|
POLARSSL_GENPRIME block. |
|
* Fixed minor memory leak in x509parse_crt() and added better |
|
handling of 'full' certificate chains (found by Mathias |
|
Olsson). |
|
* Centralized file opening and reading for x509 files into |
|
load_file() |
|
* Made definition of net_htons() endian-clean for big endian |
|
systems (Found by Gernot). |
|
* Undefining POLARSSL_HAVE_ASM now also handles prevents asm in |
|
padlock and timing code. |
|
* Fixed an off-by-one buffer allocation in ssl_set_hostname() |
|
responsible for crashes and unwanted behaviour. |
|
* Added support for Certificate Revocation List (CRL) parsing. |
|
* Added support for CRL revocation to x509parse_verify() and |
|
SSL/TLS code. |
|
* Fixed compatibility of XTEA and Camellia on a 64-bit system |
|
(found by Felix von Leitner). |
|
|
|
= Version 0.10.0 released on 2009-01-12 |
|
* Migrated XySSL to PolarSSL |
|
* Added XTEA symmetric cipher |
|
* Added Camellia symmetric cipher |
|
* Added support for ciphersuites: SSL_RSA_CAMELLIA_128_SHA, |
|
SSL_RSA_CAMELLIA_256_SHA and SSL_EDH_RSA_CAMELLIA_256_SHA |
|
* Fixed dangerous bug that can cause a heap overflow in |
|
rsa_pkcs1_decrypt (found by Christophe Devine) |
|
|
|
================================================================ |
|
XySSL ChangeLog |
|
|
|
= Version 0.9 released on 2008-03-16 |
|
|
|
* Added support for ciphersuite: SSL_RSA_AES_128_SHA |
|
* Enabled support for large files by default in aescrypt2.c |
|
* Preliminary openssl wrapper contributed by David Barrett |
|
* Fixed a bug in ssl_write() that caused the same payload to |
|
be sent twice in non-blocking mode when send returns EAGAIN |
|
* Fixed ssl_parse_client_hello(): session id and challenge must |
|
not be swapped in the SSLv2 ClientHello (found by Greg Robson) |
|
* Added user-defined callback debug function (Krystian Kolodziej) |
|
* Before freeing a certificate, properly zero out all cert. data |
|
* Fixed the "mode" parameter so that encryption/decryption are |
|
not swapped on PadLock; also fixed compilation on older versions |
|
of gcc (bug reported by David Barrett) |
|
* Correctly handle the case in padlock_xcryptcbc() when input or |
|
ouput data is non-aligned by falling back to the software |
|
implementation, as VIA Nehemiah cannot handle non-aligned buffers |
|
* Fixed a memory leak in x509parse_crt() which was reported by Greg |
|
Robson-Garth; some x509write.c fixes by Pascal Vizeli, thanks to |
|
Matthew Page who reported several bugs |
|
* Fixed x509_get_ext() to accept some rare certificates which have |
|
an INTEGER instead of a BOOLEAN for BasicConstraints::cA. |
|
* Added support on the client side for the TLS "hostname" extension |
|
(patch contributed by David Patino) |
|
* Make x509parse_verify() return BADCERT_CN_MISMATCH when an empty |
|
string is passed as the CN (bug reported by spoofy) |
|
* Added an option to enable/disable the BN assembly code |
|
* Updated rsa_check_privkey() to verify that (D*E) = 1 % (P-1)*(Q-1) |
|
* Disabled obsolete hash functions by default (MD2, MD4); updated |
|
selftest and benchmark to not test ciphers that have been disabled |
|
* Updated x509parse_cert_info() to correctly display byte 0 of the |
|
serial number, setup correct server port in the ssl client example |
|
* Fixed a critical denial-of-service with X.509 cert. verification: |
|
peer may cause xyssl to loop indefinitely by sending a certificate |
|
for which the RSA signature check fails (bug reported by Benoit) |
|
* Added test vectors for: AES-CBC, AES-CFB, DES-CBC and 3DES-CBC, |
|
HMAC-MD5, HMAC-SHA1, HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 |
|
* Fixed HMAC-SHA-384 and HMAC-SHA-512 (thanks to Josh Sinykin) |
|
* Modified ssl_parse_client_key_exchange() to protect against |
|
Daniel Bleichenbacher attack on PKCS#1 v1.5 padding, as well |
|
as the Klima-Pokorny-Rosa extension of Bleichenbacher's attack |
|
* Updated rsa_gen_key() so that ctx->N is always nbits in size |
|
* Fixed assembly PPC compilation errors on Mac OS X, thanks to |
|
David Barrett and Dusan Semen |
|
|
|
= Version 0.8 released on 2007-10-20 |
|
|
|
* Modified the HMAC functions to handle keys larger |
|
than 64 bytes, thanks to Stephane Desneux and gary ng |
|
* Fixed ssl_read_record() to properly update the handshake |
|
message digests, which fixes IE6/IE7 client authentication |
|
* Cleaned up the XYSSL* #defines, suggested by Azriel Fasten |
|
* Fixed net_recv(), thanks to Lorenz Schori and Egon Kocjan |
|
* Added user-defined callbacks for handling I/O and sessions |
|
* Added lots of debugging output in the SSL/TLS functions |
|
* Added preliminary X.509 cert. writing by Pascal Vizeli |
|
* Added preliminary support for the VIA PadLock routines |
|
* Added AES-CFB mode of operation, contributed by chmike |
|
* Added an SSL/TLS stress testing program (ssl_test.c) |
|
* Updated the RSA PKCS#1 code to allow choosing between |
|
RSA_PUBLIC and RSA_PRIVATE, as suggested by David Barrett |
|
* Updated ssl_read() to skip 0-length records from OpenSSL |
|
* Fixed the make install target to comply with *BSD make |
|
* Fixed a bug in mpi_read_binary() on 64-bit platforms |
|
* mpi_is_prime() speedups, thanks to Kevin McLaughlin |
|
* Fixed a long standing memory leak in mpi_is_prime() |
|
* Replaced realloc with malloc in mpi_grow(), and set |
|
the sign of zero as positive in mpi_init() (reported |
|
by Jonathan M. McCune) |
|
|
|
= Version 0.7 released on 2007-07-07 |
|
|
|
* Added support for the MicroBlaze soft-core processor |
|
* Fixed a bug in ssl_tls.c which sometimes prevented SSL |
|
connections from being established with non-blocking I/O |
|
* Fixed a couple bugs in the VS6 and UNIX Makefiles |
|
* Fixed the "PIC register ebx clobbered in asm" bug |
|
* Added HMAC starts/update/finish support functions |
|
* Added the SHA-224, SHA-384 and SHA-512 hash functions |
|
* Fixed the net_set_*block routines, thanks to Andreas |
|
* Added a few demonstration programs: md5sum, sha1sum, |
|
dh_client, dh_server, rsa_genkey, rsa_sign, rsa_verify |
|
* Added new bignum import and export helper functions |
|
* Rewrote README.txt in program/ssl/ca to better explain |
|
how to create a test PKI |
|
|
|
= Version 0.6 released on 2007-04-01 |
|
|
|
* Ciphers used in SSL/TLS can now be disabled at compile |
|
time, to reduce the memory footprint on embedded systems |
|
* Added multiply assembly code for the TriCore and modified |
|
havege_struct for this processor, thanks to David Patiño |
|
* Added multiply assembly code for 64-bit PowerPCs, |
|
thanks to Peking University and the OSU Open Source Lab |
|
* Added experimental support of Quantum Cryptography |
|
* Added support for autoconf, contributed by Arnaud Cornet |
|
* Fixed "long long" compilation issues on IA-64 and PPC64 |
|
* Fixed a bug introduced in xyssl-0.5/timing.c: hardclock |
|
was not being correctly defined on ARM and MIPS |
|
|
|
= Version 0.5 released on 2007-03-01 |
|
|
|
* Added multiply assembly code for SPARC and Alpha |
|
* Added (beta) support for non-blocking I/O operations |
|
* Implemented session resuming and client authentication |
|
* Fixed some portability issues on WinCE, MINIX 3, Plan9 |
|
(thanks to Benjamin Newman), HP-UX, FreeBSD and Solaris |
|
* Improved the performance of the EDH key exchange |
|
* Fixed a bug that caused valid packets with a payload |
|
size of 16384 bytes to be rejected |
|
|
|
= Version 0.4 released on 2007-02-01 |
|
|
|
* Added support for Ephemeral Diffie-Hellman key exchange |
|
* Added multiply asm code for SSE2, ARM, PPC, MIPS and M68K |
|
* Various improvement to the modular exponentiation code |
|
* Rewrote the headers to generate the API docs with doxygen |
|
* Fixed a bug in ssl_encrypt_buf (incorrect padding was |
|
generated) and in ssl_parse_client_hello (max. client |
|
version was not properly set), thanks to Didier Rebeix |
|
* Fixed another bug in ssl_parse_client_hello: clients with |
|
cipherlists larger than 96 bytes were incorrectly rejected |
|
* Fixed a couple memory leak in x509_read.c |
|
|
|
= Version 0.3 released on 2007-01-01 |
|
|
|
* Added server-side SSLv3 and TLSv1.0 support |
|
* Multiple fixes to enhance the compatibility with g++, |
|
thanks to Xosé Antón Otero Ferreira |
|
* Fixed a bug in the CBC code, thanks to dowst; also, |
|
the bignum code is no longer dependant on long long |
|
* Updated rsa_pkcs1_sign to handle arbitrary large inputs |
|
* Updated timing.c for improved compatibility with i386 |
|
and 486 processors, thanks to Arnaud Cornet |
|
|
|
= Version 0.2 released on 2006-12-01 |
|
|
|
* Updated timing.c to support ARM and MIPS arch |
|
* Updated the MPI code to support 8086 on MSVC 1.5 |
|
* Added the copyright notice at the top of havege.h |
|
* Fixed a bug in sha2_hmac, thanks to newsoft/Wenfang Zhang |
|
* Fixed a bug reported by Adrian Rüegsegger in x509_read_key |
|
* Fixed a bug reported by Torsten Lauter in ssl_read_record |
|
* Fixed a bug in rsa_check_privkey that would wrongly cause |
|
valid RSA keys to be dismissed (thanks to oldwolf) |
|
* Fixed a bug in mpi_is_prime that caused some primes to fail |
|
the Miller-Rabin primality test |
|
|
|
I'd also like to thank Younès Hafri for the CRUX linux port, |
|
Khalil Petit who added XySSL into pkgsrc and Arnaud Cornet |
|
who maintains the Debian package :-) |
|
|
|
= Version 0.1 released on 2006-11-01 |
|
|
|
|