MatrixSSL Changelog

New in version 3.7.1

January 14th, 2015
  • Security Fixes:
  • X.509 and ASN.1 Parsing Improvements - The Advanced Threat Research team at Intel Security discovered several issues as part of their research on the BERSerk attack on RSA signature verification. MatrixSSL does not contain this vulnerability which can result in a MITM attack, however some other ASN.1 fields were not consistently checked against remaining buffer length when parsed. These have each been fixed, and the getAsnLength() internal API now also does a double check against the remaining buffer length for variable length fields in all cases.
  • Constant-Time Memory Compare - Calls to memcmp() have been replaced with a memcmpct() implementation to reduce the effectiveness of future timing based attacks.
  • New Features:
  • Application-Layer Protocol Negotiation - Implemented RFC 7301.
  • X.509 RSASSA-PSS Signatures - MatrixSSL now supports the more secure RSASSA-PSS signature algorithm in X.509 certificates.
  • Run-Time TLS Feature Control - Truncated HMAC use, Maximum Fragment Length requests, and Elliptic Curve specification can now be enabled on a per-session basis when creating a new session..
  • API Changes:
  • Several - Please see the release notes included in the package for details.

New in version 3.4.2 (December 12th, 2013)

  • Bug Fixes and Improvements:
  • Improved Run-Time Checks of Certificate Algorithms Against Cipher Suites Checking the public key and signature algorithms of the certificate material during initialization and cipher suite negotiation is now stricter. Servers now look at the signature algorithm of their certificate when negotiating cipher suites to ensure the authentication mechanism is consistent with the cipher suite. This enables the handshake to fail early in the process if the certificate material does not support a requested cipher suite. This is mainly a protection against user configuration errors because a server should not enable cipher suites it isn't prepared to support. Clients now confirm the server certificate signature algorithm as a pre-emptive measure during the parsing of the CERTIFICATE message. Previous versions would terminate the connection later in the handshake process when the unsupported algorithm was encountered for the public key operation itself.
  • SSL Alert Sent on Handshake Message Creation Failure Previous versions would silently terminate the SSL connection if handshake message creation failed. Now an INTERNAL_ERROR alert is sent before closing the connection.
  • Expired Session Resumption Fix Fixed server support for scenarios in which a session that is already in a resumed handshake state will correctly fall back to a full handshake if the client attempts a resumed re-handshake after the session has expired in the server cache.
  • Disable Yarrow by Default and Simplified PRNG Reseeding The USE_YARROW define is now disabled by default in cryptoConfig.h because the two default entropy gathering sources are PRNG sources themselves so it isn't necessary to run that data through Yarrow. This change will result in a minor connection speed improvement. If Yarrow is needed, the logic for reseeding that algorithm has been simplified to update only on the amount of data read rather than including the number of function calls to the PRNG retrieval function.
  • Removed the USE_RSA Configuration Define The open source version of MatrixSSL only supports RSA cipher suites so the removal of that option makes this explicit.
  • Example Applications Load Full CA List To aid in testing, the example client and server applications now load the full list of sample Certificate Authority files so a recompile is not needed if changing the sample certificate material of the peer.

New in version 3.4.1 (December 12th, 2013)

  • Security Features:
  • Lucky Thirteen Countermeasure - An attack against block cipher padding was proven to be feasible. This affects CBC ciphers including AES and 3DES. This update adds timing countermeasures that reduce the effectiveness of this attack.

New in version 3.1.4 (January 12th, 2011)

  • Feature Updates:
  • Primary crypto algorithms now have configuration options for size vs. speed tradeoffs Previous versions of MatrixSSL had an undocumented compile time define (SMALL_CODE) that influenced the binary code size of some symmetric cipher algorithms. Each algorithm that used this define has now been given its own define to control whether the user wants to build the library for faster algorithm support at the cost of an increased binary code size. The size vs. speed tradeoff is platform dependent but, in general, the speed improvements will be about 5%-10% at the cost of 10-20KB for each algorithm. The default, in each case, is that these defines are disabled in cryptoConfig.h to compile in favor of smallest binary footprint.
  • RSA algorithm now has configuration option for memory usage vs. speed tradeoff. A pair of defines have been added to determine whether the RSA algorithm should be compiled for smaller RAM usage or faster performance. The default is to compile for smaller RAM usage.
  • Servers can now disable specific cipher suites at runtime - Cipher suites that have been compiled into the library can now be programatically disabled (and re-enabled) on a per-session basis. This is useful for servers that wish to limit the supported ciphers suites for a specific connecting client. A new API, matrixSslSetCipherSuiteEnabledStatus, has been added to support this functionality. Please see the MatrixSSL API documentation for detailed information on this new feature.
  • An Xcode project for iPhone development is now included - In the apps/iphone directory the user can now find a Mac Xcode project for developing SSL/TLS client applications for the iPhone.
  • Server compatibility with Chrome browsers that use "false start" - The Google Chrome browser has introduced a new protocol mechanism called “false start” that is incompatible with strict TLS implementations that do not allow application data exchange before the handshake protocol is complete. Enabling ENABLE_FALSE_START in matrixsslConfig.h will allow newer versions of the Chrome browser to connect with MatrixSSL servers. Enabled by default.
  • A new explicit int16 data type has been added - The osdep.h file now includes a typedef for a 16-bit integer type called int16. The initial internal use of this new data type can be found in the pstm.c math function to help improve performance on some platforms.
  • Updated for Luminary Micro/TI Stellaris examples - Updated to support the new release of secure web server examples for the ARM Cortex-M3.
  • Public API Changes:
  • Compile-time define for file system support has been renamed - The USE_FILE_SYSTEM define has been renamed to include a PS_ prefix so that it is now PS_USE_FILE_SYSTEM. In addition, this define is no longer present in the coreConfig.h header file. It should be included in the platform build environment as a compile-time define if file system support is needed.
  • Return types changed for osdep.c Open and Close routines - The platform interface functions implemented in osdep.c have undergone prototype changes.

New in version 3.1.3 (September 3rd, 2010)

  • A server-side configuration option was added to decrease binary executable size with simpler X.509 parsing.
  • The Yarrow PRNG algorithm is included for strong entropy processing.
  • Non-ASCII X.509 attributes are supported in certificates.
  • Project files for Windows were updated to VS Express 2010.
  • The return code was clarified for the matrixSslReceivedData() API.

New in version 3.1 (March 12th, 2010)

  • New API, examples and test suite
  • TLS and AES included in open source
  • Full SSL handshake now requires < 10KB of RAM, including network buffers!
  • Project files for GNU make, Visual Studio and Xcode
  • Still < 50KB code space!

New in version 1.8.7d (August 13th, 2009)

  • Improved handling of flights containing multiple encoded handshake messages.
  • Improved parsing of password protected private keys.
  • Improved handling of CA issued certificates that erroneously allowed malformed strings in the domain name.

New in version 1.8.6 (September 10th, 2008)

  • The matrixRsaParsePubKey routine has added support for X.509 SubjectPublicKeyInfo formatted keys.
  • There is full parsing support of the subjectAltName extension in certificates.
  • Clients are allowed to send multiple compression parameters in the CLIENT_HELLO message.
  • The matrixX509ReadCert routine supports additional PEM file header and footer formats.
  • A filename misspelling in httpsReflector.c for loading the example CAcertCln.der certificate has been corrected.