What's new in PolarSSL 1.1.0
Dec 23, 2011
- This version introduces the CTR_DBRG random generator based on AES-256-CTR (NIST SP 800-90) and a generic entropy accumulator, next to the already existing HAVEGE random generator.
- The behaviour of x509parse_crt() has changed, though.
- It's backwards compatible with pre-1.1.0 code.
- For permissive parsing, you now have to use the return code differently; please read the documentation.
- A lot of simple error codes (1 and 2) inside the code were changed to 'real errors'.
- In addition, a lot of standing issues were fixed with regards to compatibility and customization.
New in PolarSSL 0.14.2 (Mar 1, 2011)
- A possible Man-in-the-Middle attack on the Diffie Hellman key exchange was fixed.
- More information can be found in PolarSSL Security Advisory 2011-01.
New in PolarSSL 0.99 Pre3 (Mar 1, 2011)
- A possible Man-in-the-Middle attack on the Diffie Hellman key exchange was fixed.
- More information can be found in PolarSSL Security Advisory 2011-01.
New in PolarSSL 0.99 pre2 (Feb 25, 2011)
- Features:
- Parsing PEM private keys encrypted with DES and AES are now supported as well (Fixes ticket #5)
- Added crl_app program to allow easy reading and printing of X509 CRLs from file
- Changes:
- Parsing of PEM files moved to separate module (Fixes ticket #13). Also possible to remove PEM support for systems only using DER encoding
- Bugfixes:
- Corrected parsing of UTCTime dates before 1990 and after 1950
- Support more exotic OID's when parsing certificates (found by Mads Kiilerich)
- Support more exotic name representations when parsing certificates (found by Mads Kiilerich)
- Replaced the expired test certificates
- Do not bail out if no client certificate specified. Try to negotiate anonymous connection (Fixes ticket #12, found by Boris Krasnovskiy)
New in PolarSSL 0.14.1 (Feb 25, 2011)
- Bug fixes:
- Corrected parsing of UTCTime dates before 1990 and after 1950
- Support more exotic OID's when parsing certificates (found by Mads Kiilerich)
- Support more exotic name representations when parsing certificates (found by Mads Kiilerich)
- Replaced the expired test certificates
- Do not bail out if no client certificate specified. Try to negotiate anonymous connection (Fixes ticket #12, found by Boris Krasnovskiy)
New in PolarSSL 0.14.0 (Aug 17, 2010)
- Features:
- Added support for SSL_EDH_RSA_AES_128_SHA and SSL_EDH_RSA_CAMELLIA_128_SHA ciphersuitesAdded compile-time and run-time version informationExpanded ssl_client2 arguments for more flexibilityAdded support for TLS v1.1
- Changes:
- Made Makefile cleanerRemoved dependency on rand() in rsa_pkcs1_encrypt(). Now using random fuction provided to function and changed the prototype of rsa_pkcs1_encrypt(), rsa_init() and rsa_gen_key().Some SSL defines were renamed in order to avoid future confusion
- Bug fixes:
- Fixed CMake out of source build for tests (found by kkert)rsa_check_private() now supports PKCS1v2 keys as wellFixed deadlock in rsa_pkcs1_encrypt() on failing random generator
New in PolarSSL 0.13.1 (Mar 24, 2010)
- Features:
- Added option parsing for host and port selection to ssl_client2
- Added support for GeneralizedTime in X509 parsing
- Added cert_app program to allow easy reading and printing of X509 certificates from file or SSL
- connection.
- Changes:
- Added const correctness for main code base
- X509 signature algorithm determination is now in a function to allow easy future expansion
- Changed symmetric cipher functions to identical interface (returning int result values)
- Changed ARC4 to use seperate input/output buffer
- Added reset function for HMAC context as speed-up
- for specific use-cases
- Bug fixes:
- Fixed bug resulting in failure to send the last certificate in the chain in ssl_write_certificate() and ssl_write_certificate_request() (found by fatbob)
- Added small fixes for compiler warnings on a Mac (found by Frank de Brabander)
- Fixed algorithmic bug in mpi_is_prime() (found by Smbat Tonoyan)
New in PolarSSL 0.13.0 (Mar 22, 2010)
- Small memory footprint
- Clean and simple API for integration
- Loose coupling of cryptographic code.
- Symmetric encryption algorithms: AES, Triple-DES, DES, ARC4, Camellia, XTEA
- Hash algorithms: MD2, MD4, MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512
- HAVEGE random number generator
- RSA with PKCS#1 v1.5 padding
- SSL version 3 and TLS version 1 client support
- X.509 certificate and CRL reading from memory or disk in PEM and DER formats
- Over 900 regression and code coverage tests
- Example applications