December 23rd, 2011· This version introduces the CTR_DBRG random generator based on AES-256-CTR (NIST SP 800-90) and a generic entropy accumulator, next to the already existing HAVEGE random generator.
· The behaviour of x509parse_crt() has changed, though.
· It's backwards compatible with pre-1.1.0 code.
· For permissive parsing, you now have to use the return code differently; please read the documentation.
· A lot of simple error codes (1 and 2) inside the code were changed to 'real errors'.
· In addition, a lot of standing issues were fixed with regards to compatibility and customization.
March 1st, 2011· A possible Man-in-the-Middle attack on the Diffie Hellman key exchange was fixed.
· More information can be found in PolarSSL Security Advisory 2011-01.
March 1st, 2011· A possible Man-in-the-Middle attack on the Diffie Hellman key exchange was fixed.
· More information can be found in PolarSSL Security Advisory 2011-01.
February 25th, 2011Features:
· Parsing PEM private keys encrypted with DES and AES are now supported as well (Fixes ticket #5)
· Added crl_app program to allow easy reading and printing of X509 CRLs from file
Changes:
· Parsing of PEM files moved to separate module (Fixes ticket #13). Also possible to remove PEM support for systems only using DER encoding
Bugfixes:
· Corrected parsing of UTCTime dates before 1990 and after 1950
· Support more exotic OID's when parsing certificates (found by Mads Kiilerich)
· Support more exotic name representations when parsing certificates (found by Mads Kiilerich)
· Replaced the expired test certificates
· Do not bail out if no client certificate specified. Try to negotiate anonymous connection (Fixes ticket #12, found by Boris Krasnovskiy)
February 25th, 2011Bug fixes:
· Corrected parsing of UTCTime dates before 1990 and after 1950
· Support more exotic OID's when parsing certificates (found by Mads Kiilerich)
· Support more exotic name representations when parsing certificates (found by Mads Kiilerich)
· Replaced the expired test certificates
· Do not bail out if no client certificate specified. Try to negotiate anonymous connection (Fixes ticket #12, found by Boris Krasnovskiy)
August 17th, 2010Features:
· Added support for SSL_EDH_RSA_AES_128_SHA and SSL_EDH_RSA_CAMELLIA_128_SHA ciphersuitesAdded compile-time and run-time version informationExpanded ssl_client2 arguments for more flexibilityAdded support for TLS v1.1
Changes:
· Made Makefile cleanerRemoved dependency on rand() in rsa_pkcs1_encrypt(). Now using random fuction provided to function and changed the prototype of rsa_pkcs1_encrypt(), rsa_init() and rsa_gen_key().Some SSL defines were renamed in order to avoid future confusion
Bug fixes:
· Fixed CMake out of source build for tests (found by kkert)rsa_check_private() now supports PKCS1v2 keys as wellFixed deadlock in rsa_pkcs1_encrypt() on failing random generator
March 24th, 2010Features:
· Added option parsing for host and port selection to ssl_client2
· Added support for GeneralizedTime in X509 parsing
· Added cert_app program to allow easy reading and printing of X509 certificates from file or SSL
· connection.
Changes:
· Added const correctness for main code base
· X509 signature algorithm determination is now in a function to allow easy future expansion
· Changed symmetric cipher functions to identical interface (returning int result values)
· Changed ARC4 to use seperate input/output buffer
· Added reset function for HMAC context as speed-up
· for specific use-cases
Bug fixes:
· Fixed bug resulting in failure to send the last certificate in the chain in ssl_write_certificate() and ssl_write_certificate_request() (found by fatbob)
· Added small fixes for compiler warnings on a Mac (found by Frank de Brabander)
· Fixed algorithmic bug in mpi_is_prime() (found by Smbat Tonoyan)
March 22nd, 2010· Small memory footprint
· Clean and simple API for integration
· Loose coupling of cryptographic code.
· Symmetric encryption algorithms: AES, Triple-DES, DES, ARC4, Camellia, XTEA
· Hash algorithms: MD2, MD4, MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512
· HAVEGE random number generator
· RSA with PKCS#1 v1.5 padding
· SSL version 3 and TLS version 1 client support
· X.509 certificate and CRL reading from memory or disk in PEM and DER formats
· Over 900 regression and code coverage tests
· Example applications
Find us on Google+
