PolarSSL Changelog

New in version 1.1.0

December 23rd, 2011
  • This version introduces the CTR_DBRG random generator based on AES-256-CTR (NIST SP 800-90) and a generic entropy accumulator, next to the already existing HAVEGE random generator.
  • The behaviour of x509parse_crt() has changed, though.
  • It's backwards compatible with pre-1.1.0 code.
  • For permissive parsing, you now have to use the return code differently; please read the documentation.
  • A lot of simple error codes (1 and 2) inside the code were changed to 'real errors'.
  • In addition, a lot of standing issues were fixed with regards to compatibility and customization.

New in version 0.14.2 (March 1st, 2011)

  • A possible Man-in-the-Middle attack on the Diffie Hellman key exchange was fixed.
  • More information can be found in PolarSSL Security Advisory 2011-01.

New in version 0.99 Pre3 (March 1st, 2011)

  • A possible Man-in-the-Middle attack on the Diffie Hellman key exchange was fixed.
  • More information can be found in PolarSSL Security Advisory 2011-01.

New in version 0.99 pre2 (February 25th, 2011)

  • Features:
  • Parsing PEM private keys encrypted with DES and AES are now supported as well (Fixes ticket #5)
  • Added crl_app program to allow easy reading and printing of X509 CRLs from file
  • Changes:
  • Parsing of PEM files moved to separate module (Fixes ticket #13). Also possible to remove PEM support for systems only using DER encoding
  • Bugfixes:
  • Corrected parsing of UTCTime dates before 1990 and after 1950
  • Support more exotic OID's when parsing certificates (found by Mads Kiilerich)
  • Support more exotic name representations when parsing certificates (found by Mads Kiilerich)
  • Replaced the expired test certificates
  • Do not bail out if no client certificate specified. Try to negotiate anonymous connection (Fixes ticket #12, found by Boris Krasnovskiy)

New in version 0.14.1 (February 25th, 2011)

  • Bug fixes:
  • Corrected parsing of UTCTime dates before 1990 and after 1950
  • Support more exotic OID's when parsing certificates (found by Mads Kiilerich)
  • Support more exotic name representations when parsing certificates (found by Mads Kiilerich)
  • Replaced the expired test certificates
  • Do not bail out if no client certificate specified. Try to negotiate anonymous connection (Fixes ticket #12, found by Boris Krasnovskiy)

New in version 0.14.0 (August 17th, 2010)

  • Features:
  • Added support for SSL_EDH_RSA_AES_128_SHA and SSL_EDH_RSA_CAMELLIA_128_SHA ciphersuitesAdded compile-time and run-time version informationExpanded ssl_client2 arguments for more flexibilityAdded support for TLS v1.1
  • Changes:
  • Made Makefile cleanerRemoved dependency on rand() in rsa_pkcs1_encrypt(). Now using random fuction provided to function and changed the prototype of rsa_pkcs1_encrypt(), rsa_init() and rsa_gen_key().Some SSL defines were renamed in order to avoid future confusion
  • Bug fixes:
  • Fixed CMake out of source build for tests (found by kkert)rsa_check_private() now supports PKCS1v2 keys as wellFixed deadlock in rsa_pkcs1_encrypt() on failing random generator

New in version 0.13.1 (March 24th, 2010)

  • Features:
  • Added option parsing for host and port selection to ssl_client2
  • Added support for GeneralizedTime in X509 parsing
  • Added cert_app program to allow easy reading and printing of X509 certificates from file or SSL
  • connection.
  • Changes:
  • Added const correctness for main code base
  • X509 signature algorithm determination is now in a function to allow easy future expansion
  • Changed symmetric cipher functions to identical interface (returning int result values)
  • Changed ARC4 to use seperate input/output buffer
  • Added reset function for HMAC context as speed-up
  • for specific use-cases
  • Bug fixes:
  • Fixed bug resulting in failure to send the last certificate in the chain in ssl_write_certificate() and ssl_write_certificate_request() (found by fatbob)
  • Added small fixes for compiler warnings on a Mac (found by Frank de Brabander)
  • Fixed algorithmic bug in mpi_is_prime() (found by Smbat Tonoyan)

New in version 0.13.0 (March 22nd, 2010)

  • Small memory footprint
  • Clean and simple API for integration
  • Loose coupling of cryptographic code.
  • Symmetric encryption algorithms: AES, Triple-DES, DES, ARC4, Camellia, XTEA
  • Hash algorithms: MD2, MD4, MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512
  • HAVEGE random number generator
  • RSA with PKCS#1 v1.5 padding
  • SSL version 3 and TLS version 1 client support
  • X.509 certificate and CRL reading from memory or disk in PEM and DER formats
  • Over 900 regression and code coverage tests
  • Example applications