January 12th, 2011Feature Updates:
· Primary crypto algorithms now have configuration options for size vs. speed tradeoffs Previous versions of MatrixSSL had an undocumented compile time define (SMALL_CODE) that influenced the binary code size of some symmetric cipher algorithms. Each algorithm that used this define has now been given its own define to control whether the user wants to build the library for faster algorithm support at the cost of an increased binary code size. The size vs. speed tradeoff is platform dependent but, in general, the speed improvements will be about 5%-10% at the cost of 10-20KB for each algorithm. The default, in each case, is that these defines are disabled in cryptoConfig.h to compile in favor of smallest binary footprint.
· RSA algorithm now has configuration option for memory usage vs. speed tradeoff. A pair of defines have been added to determine whether the RSA algorithm should be compiled for smaller RAM usage or faster performance. The default is to compile for smaller RAM usage.
· Servers can now disable specific cipher suites at runtime - Cipher suites that have been compiled into the library can now be programatically disabled (and re-enabled) on a per-session basis. This is useful for servers that wish to limit the supported ciphers suites for a specific connecting client. A new API, matrixSslSetCipherSuiteEnabledStatus, has been added to support this functionality. Please see the MatrixSSL API documentation for detailed information on this new feature.
· An Xcode project for iPhone development is now included - In the apps/iphone directory the user can now find a Mac Xcode project for developing SSL/TLS client applications for the iPhone.
· Server compatibility with Chrome browsers that use "false start" - The Google Chrome browser has introduced a new protocol mechanism called “false start” that is incompatible with strict TLS implementations that do not allow application data exchange before the handshake protocol is complete. Enabling ENABLE_FALSE_START in matrixsslConfig.h will allow newer versions of the Chrome browser to connect with MatrixSSL servers. Enabled by default.
· A new explicit int16 data type has been added - The osdep.h file now includes a typedef for a 16-bit integer type called int16. The initial internal use of this new data type can be found in the pstm.c math function to help improve performance on some platforms.
· Updated for Luminary Micro/TI Stellaris examples - Updated to support the new release of secure web server examples for the ARM Cortex-M3.
Public API Changes:
· Compile-time define for file system support has been renamed - The USE_FILE_SYSTEM define has been renamed to include a PS_ prefix so that it is now PS_USE_FILE_SYSTEM. In addition, this define is no longer present in the coreConfig.h header file. It should be included in the platform build environment as a compile-time define if file system support is needed.
· Return types changed for osdep.c Open and Close routines - The platform interface functions implemented in osdep.c have undergone prototype changes.
September 3rd, 2010
· A server-side configuration option was added to decrease binary executable size with simpler X.509 parsing.
· The Yarrow PRNG algorithm is included for strong entropy processing.
· Non-ASCII X.509 attributes are supported in certificates.
· Project files for Windows were updated to VS Express 2010.
· The return code was clarified for the matrixSslReceivedData() API.
March 12th, 2010
· New API, examples and test suite
· TLS and AES included in open source
· Full SSL handshake now requires < 10KB of RAM, including network buffers!
· Project files for GNU make, Visual Studio and Xcode
· Still < 50KB code space!
August 13th, 2009
· Improved handling of flights containing multiple encoded handshake messages.
· Improved parsing of password protected private keys.
· Improved handling of CA issued certificates that erroneously allowed malformed strings in the domain name.
September 10th, 2008
· The matrixRsaParsePubKey routine has added support for X.509 SubjectPublicKeyInfo formatted keys.
· There is full parsing support of the subjectAltName extension in certificates.
· Clients are allowed to send multiple compression parameters in the CLIENT_HELLO message.
· The matrixX509ReadCert routine supports additional PEM file header and footer formats.
· A filename misspelling in httpsReflector.c for loading the example CAcertCln.der certificate has been corrected.