| PolarSSL ChangeLog |
| |
| = Version 0.99-pre3 released on 2011-02-28 |
| This release replaces version 0.99-pre2 which had possible copyright issues. |
| Features |
| * Parsing PEM private keys encrypted with DES and AES |
| are now supported as well (Fixes ticket #5) |
| * Added crl_app program to allow easy reading and |
| printing of X509 CRLs from file |
| |
| Changes |
| * Parsing of PEM files moved to separate module (Fixes |
| ticket #13). Also possible to remove PEM support for |
| systems only using DER encoding |
| |
| Bugfixes |
| * Corrected parsing of UTCTime dates before 1990 and |
| after 1950 |
| * Support more exotic OID's when parsing certificates |
| (found by Mads Kiilerich) |
| * Support more exotic name representations when parsing |
| certificates (found by Mads Kiilerich) |
| * Replaced the expired test certificates |
| * Do not bail out if no client certificate specified. Try |
| to negotiate anonymous connection (Fixes ticket #12, |
| found by Boris Krasnovskiy) |
| |
| Security fixes |
| * Fixed a possible Man-in-the-Middle attack on the |
| Diffie Hellman key exchange (thanks to Larry Highsmith, |
| Subreption LLC) |
| |
| = Version 0.99-pre1 released on 2011-01-30 |
| Features |
| Note: Most of these features have been donated by Fox-IT |
| * Added Doxygen source code documentation parts |
| * Added reading of DHM context from memory and file |
| * Improved X509 certificate parsing to include extended |
| certificate fields, including Key Usage |
| * Improved certificate verification and verification |
| against the available CRLs |
| * Detection for DES weak keys and parity bits added |
| * Improvements to support integration in other |
| applications: |
| + Added generic message digest and cipher wrapper |
| + Improved information about current capabilities, |
| status, objects and configuration |
| + Added verification callback on certificate chain |
| verification to allow external blacklisting |
| + Additional example programs to show usage |
| * Added support for PKCS#11 through the use of the |
| libpkcs11-helper library |
| |
| Changes |
| * x509parse_time_expired() checks time in addition to |
| the existing date check |
| * The ciphers member of ssl_context and the cipher member |
| of ssl_session have been renamed to ciphersuites and |
| ciphersuite respectively. This clarifies the difference |
| with the generic cipher layer and is better naming |
| altogether |
| |
| = Version 0.14.0 released on 2010-08-16 |
| Features |
| * Added support for SSL_EDH_RSA_AES_128_SHA and |
| SSL_EDH_RSA_CAMELLIA_128_SHA ciphersuites |
| * Added compile-time and run-time version information |
| * Expanded ssl_client2 arguments for more flexibility |
| * Added support for TLS v1.1 |
| |
| Changes |
| * Made Makefile cleaner |
| * Removed dependency on rand() in rsa_pkcs1_encrypt(). |
| Now using random fuction provided to function and |
| changed the prototype of rsa_pkcs1_encrypt(), |
| rsa_init() and rsa_gen_key(). |
| * Some SSL defines were renamed in order to avoid |
| future confusion |
| |
| Bug fixes |
| * Fixed CMake out of source build for tests (found by |
| kkert) |
| * rsa_check_private() now supports PKCS1v2 keys as well |
| * Fixed deadlock in rsa_pkcs1_encrypt() on failing random |
| generator |
| |
| = Version 0.13.1 released on 2010-03-24 |
| Bug fixes |
| * Fixed Makefile in library that was mistakenly merged |
| * Added missing const string fixes |
| |
| = Version 0.13.0 released on 2010-03-21 |
| Features |
| * Added option parsing for host and port selection to |
| ssl_client2 |
| * Added support for GeneralizedTime in X509 parsing |
| * Added cert_app program to allow easy reading and |
| printing of X509 certificates from file or SSL |
| connection. |
| |
| Changes |
| * Added const correctness for main code base |
| * X509 signature algorithm determination is now |
| in a function to allow easy future expansion |
| * Changed symmetric cipher functions to |
| identical interface (returning int result values) |
| * Changed ARC4 to use seperate input/output buffer |
| * Added reset function for HMAC context as speed-up |
| for specific use-cases |
| |
| Bug fixes |
| * Fixed bug resulting in failure to send the last |
| certificate in the chain in ssl_write_certificate() and |
| ssl_write_certificate_request() (found by fatbob) |
| * Added small fixes for compiler warnings on a Mac |
| (found by Frank de Brabander) |
| * Fixed algorithmic bug in mpi_is_prime() (found by |
| Smbat Tonoyan) |
| |
| = Version 0.12.1 released on 2009-10-04 |
| Changes |
| * Coverage test definitions now support 'depends_on' |
| tagging system. |
| * Tests requiring specific hashing algorithms now honor |
| the defines. |
| |
| Bug fixes |
| * Changed typo in #ifdef in x509parse.c (found |
| by Eduardo) |
| |
| = Version 0.12.0 released on 2009-07-28 |
| Features |
| * Added CMake makefiles as alternative to regular Makefiles. |
| * Added preliminary Code Coverage tests for AES, ARC4, |
| Base64, MPI, SHA-family, MD-family, HMAC-SHA-family, |
| Camellia, DES, 3-DES, RSA PKCS#1, XTEA, Diffie-Hellman |
| and X509parse. |
| |
| Changes |
| * Error codes are not (necessarily) negative. Keep |
| this is mind when checking for errors. |
| * RSA_RAW renamed to SIG_RSA_RAW for consistency. |
| * Fixed typo in name of POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE. |
| * Changed interface for AES and Camellia setkey functions |
| to indicate invalid key lengths. |
| |
| Bug fixes |
| * Fixed include location of endian.h on FreeBSD (found by |
| Gabriel) |
| * Fixed include location of endian.h and name clash on |
| Apples (found by Martin van Hensbergen) |
| * Fixed HMAC-MD2 by modifying md2_starts(), so that the |
| required HMAC ipad and opad variables are not cleared. |
| (found by code coverage tests) |
| * Prevented use of long long in bignum if |
| POLARSSL_HAVE_LONGLONG not defined (found by Giles |
| Bathgate). |
| * Fixed incorrect handling of negative strings in |
| mpi_read_string() (found by code coverage tests). |
| * Fixed segfault on handling empty rsa_context in |
| rsa_check_pubkey() and rsa_check_privkey() (found by |
| code coverage tests). |
| * Fixed incorrect handling of one single negative input |
| value in mpi_add_abs() (found by code coverage tests). |
| * Fixed incorrect handling of negative first input |
| value in mpi_sub_abs() (found by code coverage tests). |
| * Fixed incorrect handling of negative first input |
| value in mpi_mod_mpi() and mpi_mod_int(). Resulting |
| change also affects mpi_write_string() (found by code |
| coverage tests). |
| * Corrected is_prime() results for 0, 1 and 2 (found by |
| code coverage tests). |
| * Fixed Camellia and XTEA for 64-bit Windows systems. |
| |
| = Version 0.11.1 released on 2009-05-17 |
| * Fixed missing functionality for SHA-224, SHA-256, SHA384, |
| SHA-512 in rsa_pkcs1_sign() |
| |
| = Version 0.11.0 released on 2009-05-03 |
| * Fixed a bug in mpi_gcd() so that it also works when both |
| input numbers are even and added testcases to check |
| (found by Pierre Habouzit). |
| * Added support for SHA-224, SHA-256, SHA-384 and SHA-512 |
| one way hash functions with the PKCS#1 v1.5 signing and |
| verification. |
| * Fixed minor bug regarding mpi_gcd located within the |
| POLARSSL_GENPRIME block. |
| * Fixed minor memory leak in x509parse_crt() and added better |
| handling of 'full' certificate chains (found by Mathias |
| Olsson). |
| * Centralized file opening and reading for x509 files into |
| load_file() |
| * Made definition of net_htons() endian-clean for big endian |
| systems (Found by Gernot). |
| * Undefining POLARSSL_HAVE_ASM now also handles prevents asm in |
| padlock and timing code. |
| * Fixed an off-by-one buffer allocation in ssl_set_hostname() |
| responsible for crashes and unwanted behaviour. |
| * Added support for Certificate Revocation List (CRL) parsing. |
| * Added support for CRL revocation to x509parse_verify() and |
| SSL/TLS code. |
| * Fixed compatibility of XTEA and Camellia on a 64-bit system |
| (found by Felix von Leitner). |
| |
| = Version 0.10.0 released on 2009-01-12 |
| * Migrated XySSL to PolarSSL |
| * Added XTEA symmetric cipher |
| * Added Camellia symmetric cipher |
| * Added support for ciphersuites: SSL_RSA_CAMELLIA_128_SHA, |
| SSL_RSA_CAMELLIA_256_SHA and SSL_EDH_RSA_CAMELLIA_256_SHA |
| * Fixed dangerous bug that can cause a heap overflow in |
| rsa_pkcs1_decrypt (found by Christophe Devine) |
| |
| ================================================================ |
| XySSL ChangeLog |
| |
| = Version 0.9 released on 2008-03-16 |
| |
| * Added support for ciphersuite: SSL_RSA_AES_128_SHA |
| * Enabled support for large files by default in aescrypt2.c |
| * Preliminary openssl wrapper contributed by David Barrett |
| * Fixed a bug in ssl_write() that caused the same payload to |
| be sent twice in non-blocking mode when send returns EAGAIN |
| * Fixed ssl_parse_client_hello(): session id and challenge must |
| not be swapped in the SSLv2 ClientHello (found by Greg Robson) |
| * Added user-defined callback debug function (Krystian Kolodziej) |
| * Before freeing a certificate, properly zero out all cert. data |
| * Fixed the "mode" parameter so that encryption/decryption are |
| not swapped on PadLock; also fixed compilation on older versions |
| of gcc (bug reported by David Barrett) |
| * Correctly handle the case in padlock_xcryptcbc() when input or |
| ouput data is non-aligned by falling back to the software |
| implementation, as VIA Nehemiah cannot handle non-aligned buffers |
| * Fixed a memory leak in x509parse_crt() which was reported by Greg |
| Robson-Garth; some x509write.c fixes by Pascal Vizeli, thanks to |
| Matthew Page who reported several bugs |
| * Fixed x509_get_ext() to accept some rare certificates which have |
| an INTEGER instead of a BOOLEAN for BasicConstraints::cA. |
| * Added support on the client side for the TLS "hostname" extension |
| (patch contributed by David Patino) |
| * Make x509parse_verify() return BADCERT_CN_MISMATCH when an empty |
| string is passed as the CN (bug reported by spoofy) |
| * Added an option to enable/disable the BN assembly code |
| * Updated rsa_check_privkey() to verify that (D*E) = 1 % (P-1)*(Q-1) |
| * Disabled obsolete hash functions by default (MD2, MD4); updated |
| selftest and benchmark to not test ciphers that have been disabled |
| * Updated x509parse_cert_info() to correctly display byte 0 of the |
| serial number, setup correct server port in the ssl client example |
| * Fixed a critical denial-of-service with X.509 cert. verification: |
| peer may cause xyssl to loop indefinitely by sending a certificate |
| for which the RSA signature check fails (bug reported by Benoit) |
| * Added test vectors for: AES-CBC, AES-CFB, DES-CBC and 3DES-CBC, |
| HMAC-MD5, HMAC-SHA1, HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 |
| * Fixed HMAC-SHA-384 and HMAC-SHA-512 (thanks to Josh Sinykin) |
| * Modified ssl_parse_client_key_exchange() to protect against |
| Daniel Bleichenbacher attack on PKCS#1 v1.5 padding, as well |
| as the Klima-Pokorny-Rosa extension of Bleichenbacher's attack |
| * Updated rsa_gen_key() so that ctx->N is always nbits in size |
| * Fixed assembly PPC compilation errors on Mac OS X, thanks to |
| David Barrett and Dusan Semen |
| |
| = Version 0.8 released on 2007-10-20 |
| |
| * Modified the HMAC functions to handle keys larger |
| than 64 bytes, thanks to Stephane Desneux and gary ng |
| * Fixed ssl_read_record() to properly update the handshake |
| message digests, which fixes IE6/IE7 client authentication |
| * Cleaned up the XYSSL* #defines, suggested by Azriel Fasten |
| * Fixed net_recv(), thanks to Lorenz Schori and Egon Kocjan |
| * Added user-defined callbacks for handling I/O and sessions |
| * Added lots of debugging output in the SSL/TLS functions |
| * Added preliminary X.509 cert. writing by Pascal Vizeli |
| * Added preliminary support for the VIA PadLock routines |
| * Added AES-CFB mode of operation, contributed by chmike |
| * Added an SSL/TLS stress testing program (ssl_test.c) |
| * Updated the RSA PKCS#1 code to allow choosing between |
| RSA_PUBLIC and RSA_PRIVATE, as suggested by David Barrett |
| * Updated ssl_read() to skip 0-length records from OpenSSL |
| * Fixed the make install target to comply with *BSD make |
| * Fixed a bug in mpi_read_binary() on 64-bit platforms |
| * mpi_is_prime() speedups, thanks to Kevin McLaughlin |
| * Fixed a long standing memory leak in mpi_is_prime() |
| * Replaced realloc with malloc in mpi_grow(), and set |
| the sign of zero as positive in mpi_init() (reported |
| by Jonathan M. McCune) |
| |
| = Version 0.7 released on 2007-07-07 |
| |
| * Added support for the MicroBlaze soft-core processor |
| * Fixed a bug in ssl_tls.c which sometimes prevented SSL |
| connections from being established with non-blocking I/O |
| * Fixed a couple bugs in the VS6 and UNIX Makefiles |
| * Fixed the "PIC register ebx clobbered in asm" bug |
| * Added HMAC starts/update/finish support functions |
| * Added the SHA-224, SHA-384 and SHA-512 hash functions |
| * Fixed the net_set_*block routines, thanks to Andreas |
| * Added a few demonstration programs: md5sum, sha1sum, |
| dh_client, dh_server, rsa_genkey, rsa_sign, rsa_verify |
| * Added new bignum import and export helper functions |
| * Rewrote README.txt in program/ssl/ca to better explain |
| how to create a test PKI |
| |
| = Version 0.6 released on 2007-04-01 |
| |
| * Ciphers used in SSL/TLS can now be disabled at compile |
| time, to reduce the memory footprint on embedded systems |
| * Added multiply assembly code for the TriCore and modified |
| havege_struct for this processor, thanks to David Patiño |
| * Added multiply assembly code for 64-bit PowerPCs, |
| thanks to Peking University and the OSU Open Source Lab |
| * Added experimental support of Quantum Cryptography |
| * Added support for autoconf, contributed by Arnaud Cornet |
| * Fixed "long long" compilation issues on IA-64 and PPC64 |
| * Fixed a bug introduced in xyssl-0.5/timing.c: hardclock |
| was not being correctly defined on ARM and MIPS |
| |
| = Version 0.5 released on 2007-03-01 |
| |
| * Added multiply assembly code for SPARC and Alpha |
| * Added (beta) support for non-blocking I/O operations |
| * Implemented session resuming and client authentication |
| * Fixed some portability issues on WinCE, MINIX 3, Plan9 |
| (thanks to Benjamin Newman), HP-UX, FreeBSD and Solaris |
| * Improved the performance of the EDH key exchange |
| * Fixed a bug that caused valid packets with a payload |
| size of 16384 bytes to be rejected |
| |
| = Version 0.4 released on 2007-02-01 |
| |
| * Added support for Ephemeral Diffie-Hellman key exchange |
| * Added multiply asm code for SSE2, ARM, PPC, MIPS and M68K |
| * Various improvement to the modular exponentiation code |
| * Rewrote the headers to generate the API docs with doxygen |
| * Fixed a bug in ssl_encrypt_buf (incorrect padding was |
| generated) and in ssl_parse_client_hello (max. client |
| version was not properly set), thanks to Didier Rebeix |
| * Fixed another bug in ssl_parse_client_hello: clients with |
| cipherlists larger than 96 bytes were incorrectly rejected |
| * Fixed a couple memory leak in x509_read.c |
| |
| = Version 0.3 released on 2007-01-01 |
| |
| * Added server-side SSLv3 and TLSv1.0 support |
| * Multiple fixes to enhance the compatibility with g++, |
| thanks to Xosé Antón Otero Ferreira |
| * Fixed a bug in the CBC code, thanks to dowst; also, |
| the bignum code is no longer dependant on long long |
| * Updated rsa_pkcs1_sign to handle arbitrary large inputs |
| * Updated timing.c for improved compatibility with i386 |
| and 486 processors, thanks to Arnaud Cornet |
| |
| = Version 0.2 released on 2006-12-01 |
| |
| * Updated timing.c to support ARM and MIPS arch |
| * Updated the MPI code to support 8086 on MSVC 1.5 |
| * Added the copyright notice at the top of havege.h |
| * Fixed a bug in sha2_hmac, thanks to newsoft/Wenfang Zhang |
| * Fixed a bug reported by Adrian Rüegsegger in x509_read_key |
| * Fixed a bug reported by Torsten Lauter in ssl_read_record |
| * Fixed a bug in rsa_check_privkey that would wrongly cause |
| valid RSA keys to be dismissed (thanks to oldwolf) |
| * Fixed a bug in mpi_is_prime that caused some primes to fail |
| the Miller-Rabin primality test |
| |
| I'd also like to thank Younès Hafri for the CRUX linux port, |
| Khalil Petit who added XySSL into pkgsrc and Arnaud Cornet |
| who maintains the Debian package :-) |
| |
| = Version 0.1 released on 2006-11-01 |
| |