306 lines
14 KiB
Text
306 lines
14 KiB
Text
PolarSSL ChangeLog
|
||
|
||
= Version 0.14.0 released on 2010-XXXXX
|
||
Features
|
||
* Added support for SSL_EDH_RSA_AES_128_SHA and
|
||
SSL_EDH_RSA_CAMELLIA_128_SHA ciphersuites
|
||
* Added compile-time and run-time version information
|
||
* Expanded ssl_client2 arguments for more flexibility
|
||
|
||
Changes
|
||
* Made Makefile cleaner
|
||
* Removed dependency on rand() in rsa_pkcs1_encrypt().
|
||
Now using random fuction provided to context.
|
||
Requires initialization with rsa_init() before use!
|
||
|
||
Bug fixes
|
||
* Fixed CMake out of source build for tests (found by
|
||
kkert)
|
||
* rsa_check_private() now supports PKCS1v2 keys as well
|
||
* Fixed deadlock in rsa_pkcs1_encrypt() on failing random
|
||
generator
|
||
|
||
= Version 0.13.1 released on 2010-03-24
|
||
Bug fixes
|
||
* Fixed Makefile in library that was mistakenly merged
|
||
* Added missing const string fixes
|
||
|
||
= Version 0.13.0 released on 2010-03-21
|
||
Features
|
||
* Added option parsing for host and port selection to
|
||
ssl_client2
|
||
* Added support for GeneralizedTime in X509 parsing
|
||
* Added cert_app program to allow easy reading and
|
||
printing of X509 certificates from file or SSL
|
||
connection.
|
||
|
||
Changes
|
||
* Added const correctness for main code base
|
||
* X509 signature algorithm determination is now
|
||
in a function to allow easy future expansion
|
||
* Changed symmetric cipher functions to
|
||
identical interface (returning int result values)
|
||
* Changed ARC4 to use seperate input/output buffer
|
||
* Added reset function for HMAC context as speed-up
|
||
for specific use-cases
|
||
|
||
Bug fixes
|
||
* Fixed bug resulting in failure to send the last
|
||
certificate in the chain in ssl_write_certificate() and
|
||
ssl_write_certificate_request() (found by fatbob)
|
||
* Added small fixes for compiler warnings on a Mac
|
||
(found by Frank de Brabander)
|
||
* Fixed algorithmic bug in mpi_is_prime() (found by
|
||
Smbat Tonoyan)
|
||
|
||
= Version 0.12.1 released on 2009-10-04
|
||
Changes
|
||
* Coverage test definitions now support 'depends_on'
|
||
tagging system.
|
||
* Tests requiring specific hashing algorithms now honor
|
||
the defines.
|
||
|
||
Bug fixes
|
||
* Changed typo in #ifdef in x509parse.c (found
|
||
by Eduardo)
|
||
|
||
= Version 0.12.0 released on 2009-07-28
|
||
Features
|
||
* Added CMake makefiles as alternative to regular Makefiles.
|
||
* Added preliminary Code Coverage tests for AES, ARC4,
|
||
Base64, MPI, SHA-family, MD-family, HMAC-SHA-family,
|
||
Camellia, DES, 3-DES, RSA PKCS#1, XTEA, Diffie-Hellman
|
||
and X509parse.
|
||
|
||
Changes
|
||
* Error codes are not (necessarily) negative. Keep
|
||
this is mind when checking for errors.
|
||
* RSA_RAW renamed to SIG_RSA_RAW for consistency.
|
||
* Fixed typo in name of POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE.
|
||
* Changed interface for AES and Camellia setkey functions
|
||
to indicate invalid key lengths.
|
||
|
||
Bug fixes
|
||
* Fixed include location of endian.h on FreeBSD (found by
|
||
Gabriel)
|
||
* Fixed include location of endian.h and name clash on
|
||
Apples (found by Martin van Hensbergen)
|
||
* Fixed HMAC-MD2 by modifying md2_starts(), so that the
|
||
required HMAC ipad and opad variables are not cleared.
|
||
(found by code coverage tests)
|
||
* Prevented use of long long in bignum if
|
||
POLARSSL_HAVE_LONGLONG not defined (found by Giles
|
||
Bathgate).
|
||
* Fixed incorrect handling of negative strings in
|
||
mpi_read_string() (found by code coverage tests).
|
||
* Fixed segfault on handling empty rsa_context in
|
||
rsa_check_pubkey() and rsa_check_privkey() (found by
|
||
code coverage tests).
|
||
* Fixed incorrect handling of one single negative input
|
||
value in mpi_add_abs() (found by code coverage tests).
|
||
* Fixed incorrect handling of negative first input
|
||
value in mpi_sub_abs() (found by code coverage tests).
|
||
* Fixed incorrect handling of negative first input
|
||
value in mpi_mod_mpi() and mpi_mod_int(). Resulting
|
||
change also affects mpi_write_string() (found by code
|
||
coverage tests).
|
||
* Corrected is_prime() results for 0, 1 and 2 (found by
|
||
code coverage tests).
|
||
* Fixed Camellia and XTEA for 64-bit Windows systems.
|
||
|
||
= Version 0.11.1 released on 2009-05-17
|
||
* Fixed missing functionality for SHA-224, SHA-256, SHA384,
|
||
SHA-512 in rsa_pkcs1_sign()
|
||
|
||
= Version 0.11.0 released on 2009-05-03
|
||
* Fixed a bug in mpi_gcd() so that it also works when both
|
||
input numbers are even and added testcases to check
|
||
(found by Pierre Habouzit).
|
||
* Added support for SHA-224, SHA-256, SHA-384 and SHA-512
|
||
one way hash functions with the PKCS#1 v1.5 signing and
|
||
verification.
|
||
* Fixed minor bug regarding mpi_gcd located within the
|
||
POLARSSL_GENPRIME block.
|
||
* Fixed minor memory leak in x509parse_crt() and added better
|
||
handling of 'full' certificate chains (found by Mathias
|
||
Olsson).
|
||
* Centralized file opening and reading for x509 files into
|
||
load_file()
|
||
* Made definition of net_htons() endian-clean for big endian
|
||
systems (Found by Gernot).
|
||
* Undefining POLARSSL_HAVE_ASM now also handles prevents asm in
|
||
padlock and timing code.
|
||
* Fixed an off-by-one buffer allocation in ssl_set_hostname()
|
||
responsible for crashes and unwanted behaviour.
|
||
* Added support for Certificate Revocation List (CRL) parsing.
|
||
* Added support for CRL revocation to x509parse_verify() and
|
||
SSL/TLS code.
|
||
* Fixed compatibility of XTEA and Camellia on a 64-bit system
|
||
(found by Felix von Leitner).
|
||
|
||
= Version 0.10.0 released on 2009-01-12
|
||
* Migrated XySSL to PolarSSL
|
||
* Added XTEA symmetric cipher
|
||
* Added Camellia symmetric cipher
|
||
* Added support for ciphersuites: SSL_RSA_CAMELLIA_128_SHA,
|
||
SSL_RSA_CAMELLIA_256_SHA and SSL_EDH_RSA_CAMELLIA_256_SHA
|
||
* Fixed dangerous bug that can cause a heap overflow in
|
||
rsa_pkcs1_decrypt (found by Christophe Devine)
|
||
|
||
================================================================
|
||
XySSL ChangeLog
|
||
|
||
= Version 0.9 released on 2008-03-16
|
||
|
||
* Added support for ciphersuite: SSL_RSA_AES_128_SHA
|
||
* Enabled support for large files by default in aescrypt2.c
|
||
* Preliminary openssl wrapper contributed by David Barrett
|
||
* Fixed a bug in ssl_write() that caused the same payload to
|
||
be sent twice in non-blocking mode when send returns EAGAIN
|
||
* Fixed ssl_parse_client_hello(): session id and challenge must
|
||
not be swapped in the SSLv2 ClientHello (found by Greg Robson)
|
||
* Added user-defined callback debug function (Krystian Kolodziej)
|
||
* Before freeing a certificate, properly zero out all cert. data
|
||
* Fixed the "mode" parameter so that encryption/decryption are
|
||
not swapped on PadLock; also fixed compilation on older versions
|
||
of gcc (bug reported by David Barrett)
|
||
* Correctly handle the case in padlock_xcryptcbc() when input or
|
||
ouput data is non-aligned by falling back to the software
|
||
implementation, as VIA Nehemiah cannot handle non-aligned buffers
|
||
* Fixed a memory leak in x509parse_crt() which was reported by Greg
|
||
Robson-Garth; some x509write.c fixes by Pascal Vizeli, thanks to
|
||
Matthew Page who reported several bugs
|
||
* Fixed x509_get_ext() to accept some rare certificates which have
|
||
an INTEGER instead of a BOOLEAN for BasicConstraints::cA.
|
||
* Added support on the client side for the TLS "hostname" extension
|
||
(patch contributed by David Patino)
|
||
* Make x509parse_verify() return BADCERT_CN_MISMATCH when an empty
|
||
string is passed as the CN (bug reported by spoofy)
|
||
* Added an option to enable/disable the BN assembly code
|
||
* Updated rsa_check_privkey() to verify that (D*E) = 1 % (P-1)*(Q-1)
|
||
* Disabled obsolete hash functions by default (MD2, MD4); updated
|
||
selftest and benchmark to not test ciphers that have been disabled
|
||
* Updated x509parse_cert_info() to correctly display byte 0 of the
|
||
serial number, setup correct server port in the ssl client example
|
||
* Fixed a critical denial-of-service with X.509 cert. verification:
|
||
peer may cause xyssl to loop indefinitely by sending a certificate
|
||
for which the RSA signature check fails (bug reported by Benoit)
|
||
* Added test vectors for: AES-CBC, AES-CFB, DES-CBC and 3DES-CBC,
|
||
HMAC-MD5, HMAC-SHA1, HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512
|
||
* Fixed HMAC-SHA-384 and HMAC-SHA-512 (thanks to Josh Sinykin)
|
||
* Modified ssl_parse_client_key_exchange() to protect against
|
||
Daniel Bleichenbacher attack on PKCS#1 v1.5 padding, as well
|
||
as the Klima-Pokorny-Rosa extension of Bleichenbacher's attack
|
||
* Updated rsa_gen_key() so that ctx->N is always nbits in size
|
||
* Fixed assembly PPC compilation errors on Mac OS X, thanks to
|
||
David Barrett and Dusan Semen
|
||
|
||
= Version 0.8 released on 2007-10-20
|
||
|
||
* Modified the HMAC functions to handle keys larger
|
||
than 64 bytes, thanks to Stephane Desneux and gary ng
|
||
* Fixed ssl_read_record() to properly update the handshake
|
||
message digests, which fixes IE6/IE7 client authentication
|
||
* Cleaned up the XYSSL* #defines, suggested by Azriel Fasten
|
||
* Fixed net_recv(), thanks to Lorenz Schori and Egon Kocjan
|
||
* Added user-defined callbacks for handling I/O and sessions
|
||
* Added lots of debugging output in the SSL/TLS functions
|
||
* Added preliminary X.509 cert. writing by Pascal Vizeli
|
||
* Added preliminary support for the VIA PadLock routines
|
||
* Added AES-CFB mode of operation, contributed by chmike
|
||
* Added an SSL/TLS stress testing program (ssl_test.c)
|
||
* Updated the RSA PKCS#1 code to allow choosing between
|
||
RSA_PUBLIC and RSA_PRIVATE, as suggested by David Barrett
|
||
* Updated ssl_read() to skip 0-length records from OpenSSL
|
||
* Fixed the make install target to comply with *BSD make
|
||
* Fixed a bug in mpi_read_binary() on 64-bit platforms
|
||
* mpi_is_prime() speedups, thanks to Kevin McLaughlin
|
||
* Fixed a long standing memory leak in mpi_is_prime()
|
||
* Replaced realloc with malloc in mpi_grow(), and set
|
||
the sign of zero as positive in mpi_init() (reported
|
||
by Jonathan M. McCune)
|
||
|
||
= Version 0.7 released on 2007-07-07
|
||
|
||
* Added support for the MicroBlaze soft-core processor
|
||
* Fixed a bug in ssl_tls.c which sometimes prevented SSL
|
||
connections from being established with non-blocking I/O
|
||
* Fixed a couple bugs in the VS6 and UNIX Makefiles
|
||
* Fixed the "PIC register ebx clobbered in asm" bug
|
||
* Added HMAC starts/update/finish support functions
|
||
* Added the SHA-224, SHA-384 and SHA-512 hash functions
|
||
* Fixed the net_set_*block routines, thanks to Andreas
|
||
* Added a few demonstration programs: md5sum, sha1sum,
|
||
dh_client, dh_server, rsa_genkey, rsa_sign, rsa_verify
|
||
* Added new bignum import and export helper functions
|
||
* Rewrote README.txt in program/ssl/ca to better explain
|
||
how to create a test PKI
|
||
|
||
= Version 0.6 released on 2007-04-01
|
||
|
||
* Ciphers used in SSL/TLS can now be disabled at compile
|
||
time, to reduce the memory footprint on embedded systems
|
||
* Added multiply assembly code for the TriCore and modified
|
||
havege_struct for this processor, thanks to David Pati<74>o
|
||
* Added multiply assembly code for 64-bit PowerPCs,
|
||
thanks to Peking University and the OSU Open Source Lab
|
||
* Added experimental support of Quantum Cryptography
|
||
* Added support for autoconf, contributed by Arnaud Cornet
|
||
* Fixed "long long" compilation issues on IA-64 and PPC64
|
||
* Fixed a bug introduced in xyssl-0.5/timing.c: hardclock
|
||
was not being correctly defined on ARM and MIPS
|
||
|
||
= Version 0.5 released on 2007-03-01
|
||
|
||
* Added multiply assembly code for SPARC and Alpha
|
||
* Added (beta) support for non-blocking I/O operations
|
||
* Implemented session resuming and client authentication
|
||
* Fixed some portability issues on WinCE, MINIX 3, Plan9
|
||
(thanks to Benjamin Newman), HP-UX, FreeBSD and Solaris
|
||
* Improved the performance of the EDH key exchange
|
||
* Fixed a bug that caused valid packets with a payload
|
||
size of 16384 bytes to be rejected
|
||
|
||
= Version 0.4 released on 2007-02-01
|
||
|
||
* Added support for Ephemeral Diffie-Hellman key exchange
|
||
* Added multiply asm code for SSE2, ARM, PPC, MIPS and M68K
|
||
* Various improvement to the modular exponentiation code
|
||
* Rewrote the headers to generate the API docs with doxygen
|
||
* Fixed a bug in ssl_encrypt_buf (incorrect padding was
|
||
generated) and in ssl_parse_client_hello (max. client
|
||
version was not properly set), thanks to Didier Rebeix
|
||
* Fixed another bug in ssl_parse_client_hello: clients with
|
||
cipherlists larger than 96 bytes were incorrectly rejected
|
||
* Fixed a couple memory leak in x509_read.c
|
||
|
||
= Version 0.3 released on 2007-01-01
|
||
|
||
* Added server-side SSLv3 and TLSv1.0 support
|
||
* Multiple fixes to enhance the compatibility with g++,
|
||
thanks to Xos<6F> Ant<6E>n Otero Ferreira
|
||
* Fixed a bug in the CBC code, thanks to dowst; also,
|
||
the bignum code is no longer dependant on long long
|
||
* Updated rsa_pkcs1_sign to handle arbitrary large inputs
|
||
* Updated timing.c for improved compatibility with i386
|
||
and 486 processors, thanks to Arnaud Cornet
|
||
|
||
= Version 0.2 released on 2006-12-01
|
||
|
||
* Updated timing.c to support ARM and MIPS arch
|
||
* Updated the MPI code to support 8086 on MSVC 1.5
|
||
* Added the copyright notice at the top of havege.h
|
||
* Fixed a bug in sha2_hmac, thanks to newsoft/Wenfang Zhang
|
||
* Fixed a bug reported by Adrian R<>egsegger in x509_read_key
|
||
* Fixed a bug reported by Torsten Lauter in ssl_read_record
|
||
* Fixed a bug in rsa_check_privkey that would wrongly cause
|
||
valid RSA keys to be dismissed (thanks to oldwolf)
|
||
* Fixed a bug in mpi_is_prime that caused some primes to fail
|
||
the Miller-Rabin primality test
|
||
|
||
I'd also like to thank Youn<75>s Hafri for the CRUX linux port,
|
||
Khalil Petit who added XySSL into pkgsrc and Arnaud Cornet
|
||
who maintains the Debian package :-)
|
||
|
||
= Version 0.1 released on 2006-11-01
|
||
|