Paul Bakker | 99ed678 | 2011-01-05 14:48:42 +0000 | [diff] [blame] | 1 | PolarSSL ChangeLog |
| 2 | |
Paul Bakker | 7eb013f | 2011-10-06 12:37:39 +0000 | [diff] [blame] | 3 | = Version Trunk |
| 4 | Features |
| 5 | * Added ssl_session_reset() to allow better multi-connection pools of |
| 6 | SSL contexts without needing to set all non-connection-specific |
| 7 | data and pointers again. Adapted ssl_server to use this functionality. |
Paul Bakker | 490ecc8 | 2011-10-06 13:04:09 +0000 | [diff] [blame] | 8 | * Added ssl_set_max_version() to allow clients to offer a lower maximum |
| 9 | supported version to a server to help buggy server implementations. |
| 10 | (Closes ticket #36) |
Paul Bakker | 03a30d3 | 2011-11-11 10:55:02 +0000 | [diff] [blame] | 11 | * Added cipher_get_cipher_mode() and cipher_get_cipher_operation() |
| 12 | introspection functions (Closes ticket #40) |
Paul Bakker | 7eb013f | 2011-10-06 12:37:39 +0000 | [diff] [blame] | 13 | |
Paul Bakker | ca6f3e2 | 2011-10-06 13:11:08 +0000 | [diff] [blame] | 14 | Changes |
| 15 | * Documentation for AES and Camellia in modes CTR and CFB128 clarified. |
Paul Bakker | d246ed3 | 2011-10-06 13:18:27 +0000 | [diff] [blame] | 16 | * Fixed rsa_encrypt and rsa_decrypt examples to use public key for |
| 17 | encryption and private key for decryption. (Closes ticket #34) |
Paul Bakker | c4909d9 | 2011-10-12 09:52:22 +0000 | [diff] [blame] | 18 | * Inceased maximum size of ASN1 length reads to 32-bits. |
Paul Bakker | fbc09f3 | 2011-10-12 09:56:41 +0000 | [diff] [blame] | 19 | * Added an EXPLICIT tag number parameter to x509_get_ext() |
Paul Bakker | b5a11ab | 2011-10-12 09:58:41 +0000 | [diff] [blame] | 20 | * Added a separate CRL entry extension parsing function |
Paul Bakker | efc3029 | 2011-11-10 14:43:23 +0000 | [diff] [blame] | 21 | * Separated the ASN.1 parsing code from the X.509 specific parsing code. |
| 22 | So now there is a module that is controlled with POLARSSL_ASN1_PARSE_C. |
Paul Bakker | ca6f3e2 | 2011-10-06 13:11:08 +0000 | [diff] [blame] | 23 | |
Paul Bakker | fa1c592 | 2011-10-06 14:18:49 +0000 | [diff] [blame] | 24 | Bugfix |
| 25 | * Fixed faulty HMAC-MD2 implementation. Found by dibac. (Closes |
| 26 | ticket #37) |
Paul Bakker | 3329d1f | 2011-10-12 09:55:01 +0000 | [diff] [blame] | 27 | * Fixed a bug where the CRL parser expected an EXPLICIT ASN.1 tag |
| 28 | before version numbers |
Paul Bakker | cebdf17 | 2011-11-11 15:01:31 +0000 | [diff] [blame^] | 29 | * Allowed X509 key usage parsing to accept 4 byte values instead of the |
| 30 | standard 1 byte version sometimes used by Microsoft. (Closes ticket #38) |
Paul Bakker | fa1c592 | 2011-10-06 14:18:49 +0000 | [diff] [blame] | 31 | |
Paul Bakker | 968bc98 | 2011-07-27 17:03:00 +0000 | [diff] [blame] | 32 | = Version 1.0.0 released on 2011-07-27 |
Paul Bakker | 343a870 | 2011-06-09 14:27:58 +0000 | [diff] [blame] | 33 | Features |
| 34 | * Expanded cipher layer with support for CFB128 and CTR mode |
Paul Bakker | 7bc05ff | 2011-08-09 10:30:36 +0000 | [diff] [blame] | 35 | * Added rsa_encrypt and rsa_decrypt simple example programs. |
Paul Bakker | 343a870 | 2011-06-09 14:27:58 +0000 | [diff] [blame] | 36 | |
Paul Bakker | 42e5981 | 2011-06-09 15:55:41 +0000 | [diff] [blame] | 37 | Changes |
| 38 | * The generic cipher and message digest layer now have normal error |
| 39 | codes instead of integers |
| 40 | |
Paul Bakker | 887bd50 | 2011-06-08 13:10:54 +0000 | [diff] [blame] | 41 | Bugfix |
| 42 | * Undid faulty bug fix in ssl_write() when flushing old data (Ticket |
| 43 | #18) |
| 44 | |
Paul Bakker | 828acb2 | 2011-05-27 09:25:42 +0000 | [diff] [blame] | 45 | = Version 0.99-pre5 released on 2011-05-26 |
Paul Bakker | b6ecaf5 | 2011-04-19 14:29:23 +0000 | [diff] [blame] | 46 | Features |
| 47 | * Added additional Cipher Block Modes to symmetric ciphers |
| 48 | (AES CTR, Camellia CTR, XTEA CBC) including the option to |
| 49 | enable and disable individual modes when needed |
Paul Bakker | 335db3f | 2011-04-25 15:28:35 +0000 | [diff] [blame] | 50 | * Functions requiring File System functions can now be disabled |
| 51 | by undefining POLARSSL_FS_IO |
Paul Bakker | 9d78140 | 2011-05-09 16:17:09 +0000 | [diff] [blame] | 52 | * A error_strerror function() has been added to translate between |
| 53 | error codes and their description. |
Paul Bakker | 2f5947e | 2011-05-18 15:47:11 +0000 | [diff] [blame] | 54 | * Added mpi_get_bit() and mpi_set_bit() individual bit setter/getter |
| 55 | functions. |
Paul Bakker | 1496d38 | 2011-05-23 12:07:29 +0000 | [diff] [blame] | 56 | * Added ssl_mail_client and ssl_fork_server as example programs. |
Paul Bakker | b6ecaf5 | 2011-04-19 14:29:23 +0000 | [diff] [blame] | 57 | |
Paul Bakker | 23986e5 | 2011-04-24 08:57:21 +0000 | [diff] [blame] | 58 | Changes |
| 59 | * Major argument / variable rewrite. Introduced use of size_t |
| 60 | instead of int for buffer lengths and loop variables for |
Paul Bakker | a755ca1 | 2011-04-24 09:11:17 +0000 | [diff] [blame] | 61 | better unsigned / signed use. Renamed internal bigint types |
| 62 | t_int and t_dbl to t_uint and t_udbl in the process |
Paul Bakker | 6c591fa | 2011-05-05 11:49:20 +0000 | [diff] [blame] | 63 | * mpi_init() and mpi_free() now only accept a single MPI |
| 64 | argument and do not accept variable argument lists anymore. |
Paul Bakker | 9d78140 | 2011-05-09 16:17:09 +0000 | [diff] [blame] | 65 | * The error codes have been remapped and combining error codes |
| 66 | is now done with a PLUS instead of an OR as error codes |
| 67 | used are negative. |
Paul Bakker | 831a755 | 2011-05-18 13:32:51 +0000 | [diff] [blame] | 68 | * Changed behaviour of net_read(), ssl_fetch_input() and ssl_recv(). |
| 69 | net_recv() now returns 0 on EOF instead of |
| 70 | POLARSSL_ERR_NET_CONN_RESET. ssl_fetch_input() returns |
| 71 | POLARSSL_ERR_SSL_CONN_EOF on an EOF from its f_recv() function. |
| 72 | ssl_read() returns 0 if a POLARSSL_ERR_SSL_CONN_EOF is received |
| 73 | after the handshake. |
| 74 | * Network functions now return POLARSSL_ERR_NET_WANT_READ or |
| 75 | POLARSSL_ERR_NET_WANT_WRITE instead of the ambiguous |
| 76 | POLARSSL_ERR_NET_TRY_AGAIN |
Paul Bakker | 23986e5 | 2011-04-24 08:57:21 +0000 | [diff] [blame] | 77 | |
Paul Bakker | 3efa575 | 2011-04-01 12:23:26 +0000 | [diff] [blame] | 78 | = Version 0.99-pre4 released on 2011-04-01 |
Paul Bakker | 9dcc322 | 2011-03-08 14:16:06 +0000 | [diff] [blame] | 79 | Features |
| 80 | * Added support for PKCS#1 v2.1 encoding and thus support |
| 81 | for the RSAES-OAEP and RSASSA-PSS operations. |
Paul Bakker | e77db2e | 2011-03-25 14:01:32 +0000 | [diff] [blame] | 82 | * Reading of Public Key files incorporated into default x509 |
| 83 | functionality as well. |
Paul Bakker | 287781a | 2011-03-26 13:18:49 +0000 | [diff] [blame] | 84 | * Added mpi_fill_random() for centralized filling of big numbers |
| 85 | with random data (Fixed ticket #10) |
Paul Bakker | 9dcc322 | 2011-03-08 14:16:06 +0000 | [diff] [blame] | 86 | |
Paul Bakker | be4e7dc | 2011-03-14 20:41:31 +0000 | [diff] [blame] | 87 | Changes |
| 88 | * Debug print of MPI now removes leading zero octets and |
| 89 | displays actual bit size of the value. |
Paul Bakker | 9867549 | 2011-03-26 13:17:12 +0000 | [diff] [blame] | 90 | * x509parse_key() (and as a consequence x509parse_keyfile()) |
| 91 | does not zeroize memory in advance anymore. Use rsa_init() |
| 92 | before parsing a key or keyfile! |
Paul Bakker | be4e7dc | 2011-03-14 20:41:31 +0000 | [diff] [blame] | 93 | |
| 94 | Bugfix |
| 95 | * Debug output of MPI's now the same independent of underlying |
| 96 | platform (32-bit / 64-bit) (Fixes ticket #19, found by Mads |
| 97 | Kiilerich and Mihai Militaru) |
Paul Bakker | 1fd00bf | 2011-03-14 20:50:15 +0000 | [diff] [blame] | 98 | * Fixed bug in ssl_write() when flushing old data (Fixed ticket |
| 99 | #18, found by Nikolay Epifanov) |
Paul Bakker | e77db2e | 2011-03-25 14:01:32 +0000 | [diff] [blame] | 100 | * Fixed proper handling of RSASSA-PSS verification with variable |
| 101 | length salt lengths |
Paul Bakker | be4e7dc | 2011-03-14 20:41:31 +0000 | [diff] [blame] | 102 | |
Paul Bakker | 345a6fe | 2011-02-28 21:20:02 +0000 | [diff] [blame] | 103 | = Version 0.99-pre3 released on 2011-02-28 |
| 104 | This release replaces version 0.99-pre2 which had possible copyright issues. |
Paul Bakker | 96743fc | 2011-02-12 14:30:57 +0000 | [diff] [blame] | 105 | Features |
| 106 | * Parsing PEM private keys encrypted with DES and AES |
| 107 | are now supported as well (Fixes ticket #5) |
Paul Bakker | a9507c0 | 2011-02-12 15:27:28 +0000 | [diff] [blame] | 108 | * Added crl_app program to allow easy reading and |
| 109 | printing of X509 CRLs from file |
Paul Bakker | 96743fc | 2011-02-12 14:30:57 +0000 | [diff] [blame] | 110 | |
| 111 | Changes |
| 112 | * Parsing of PEM files moved to separate module (Fixes |
| 113 | ticket #13). Also possible to remove PEM support for |
| 114 | systems only using DER encoding |
| 115 | |
Paul Bakker | 400ff6f | 2011-02-20 10:40:16 +0000 | [diff] [blame] | 116 | Bugfixes |
| 117 | * Corrected parsing of UTCTime dates before 1990 and |
| 118 | after 1950 |
| 119 | * Support more exotic OID's when parsing certificates |
Paul Bakker | e2a39cc | 2011-02-20 13:49:27 +0000 | [diff] [blame] | 120 | (found by Mads Kiilerich) |
Paul Bakker | 400ff6f | 2011-02-20 10:40:16 +0000 | [diff] [blame] | 121 | * Support more exotic name representations when parsing |
Paul Bakker | e2a39cc | 2011-02-20 13:49:27 +0000 | [diff] [blame] | 122 | certificates (found by Mads Kiilerich) |
Paul Bakker | 400ff6f | 2011-02-20 10:40:16 +0000 | [diff] [blame] | 123 | * Replaced the expired test certificates |
Paul Bakker | e2a39cc | 2011-02-20 13:49:27 +0000 | [diff] [blame] | 124 | * Do not bail out if no client certificate specified. Try |
| 125 | to negotiate anonymous connection (Fixes ticket #12, |
| 126 | found by Boris Krasnovskiy) |
Paul Bakker | 400ff6f | 2011-02-20 10:40:16 +0000 | [diff] [blame] | 127 | |
Paul Bakker | 345a6fe | 2011-02-28 21:20:02 +0000 | [diff] [blame] | 128 | Security fixes |
| 129 | * Fixed a possible Man-in-the-Middle attack on the |
| 130 | Diffie Hellman key exchange (thanks to Larry Highsmith, |
| 131 | Subreption LLC) |
| 132 | |
Paul Bakker | 9fc4659 | 2011-01-30 16:59:02 +0000 | [diff] [blame] | 133 | = Version 0.99-pre1 released on 2011-01-30 |
Paul Bakker | 37ca75d | 2011-01-06 12:28:03 +0000 | [diff] [blame] | 134 | Features |
Paul Bakker | b63b0af | 2011-01-13 17:54:59 +0000 | [diff] [blame] | 135 | Note: Most of these features have been donated by Fox-IT |
| 136 | * Added Doxygen source code documentation parts |
Paul Bakker | 1b57b06 | 2011-01-06 15:48:19 +0000 | [diff] [blame] | 137 | * Added reading of DHM context from memory and file |
Paul Bakker | 74111d3 | 2011-01-15 16:57:55 +0000 | [diff] [blame] | 138 | * Improved X509 certificate parsing to include extended |
Paul Bakker | 76fd75a | 2011-01-16 21:12:10 +0000 | [diff] [blame] | 139 | certificate fields, including Key Usage |
| 140 | * Improved certificate verification and verification |
| 141 | against the available CRLs |
Paul Bakker | 1f87fb6 | 2011-01-15 17:32:24 +0000 | [diff] [blame] | 142 | * Detection for DES weak keys and parity bits added |
Paul Bakker | 72f6266 | 2011-01-16 21:27:44 +0000 | [diff] [blame] | 143 | * Improvements to support integration in other |
| 144 | applications: |
| 145 | + Added generic message digest and cipher wrapper |
| 146 | + Improved information about current capabilities, |
| 147 | status, objects and configuration |
| 148 | + Added verification callback on certificate chain |
| 149 | verification to allow external blacklisting |
Paul Bakker | 20a7808 | 2011-01-21 09:32:12 +0000 | [diff] [blame] | 150 | + Additional example programs to show usage |
Paul Bakker | 43b7e35 | 2011-01-18 15:27:19 +0000 | [diff] [blame] | 151 | * Added support for PKCS#11 through the use of the |
| 152 | libpkcs11-helper library |
Paul Bakker | 37ca75d | 2011-01-06 12:28:03 +0000 | [diff] [blame] | 153 | |
Paul Bakker | b619499 | 2011-01-16 21:40:22 +0000 | [diff] [blame] | 154 | Changes |
| 155 | * x509parse_time_expired() checks time in addition to |
| 156 | the existing date check |
Paul Bakker | e3166ce | 2011-01-27 17:40:50 +0000 | [diff] [blame] | 157 | * The ciphers member of ssl_context and the cipher member |
| 158 | of ssl_session have been renamed to ciphersuites and |
| 159 | ciphersuite respectively. This clarifies the difference |
| 160 | with the generic cipher layer and is better naming |
| 161 | altogether |
Paul Bakker | b619499 | 2011-01-16 21:40:22 +0000 | [diff] [blame] | 162 | |
Paul Bakker | 99ed678 | 2011-01-05 14:48:42 +0000 | [diff] [blame] | 163 | = Version 0.14.0 released on 2010-08-16 |
| 164 | Features |
| 165 | * Added support for SSL_EDH_RSA_AES_128_SHA and |
| 166 | SSL_EDH_RSA_CAMELLIA_128_SHA ciphersuites |
| 167 | * Added compile-time and run-time version information |
| 168 | * Expanded ssl_client2 arguments for more flexibility |
| 169 | * Added support for TLS v1.1 |
| 170 | |
| 171 | Changes |
| 172 | * Made Makefile cleaner |
| 173 | * Removed dependency on rand() in rsa_pkcs1_encrypt(). |
| 174 | Now using random fuction provided to function and |
| 175 | changed the prototype of rsa_pkcs1_encrypt(), |
| 176 | rsa_init() and rsa_gen_key(). |
| 177 | * Some SSL defines were renamed in order to avoid |
| 178 | future confusion |
| 179 | |
| 180 | Bug fixes |
| 181 | * Fixed CMake out of source build for tests (found by |
| 182 | kkert) |
| 183 | * rsa_check_private() now supports PKCS1v2 keys as well |
| 184 | * Fixed deadlock in rsa_pkcs1_encrypt() on failing random |
| 185 | generator |
| 186 | |
| 187 | = Version 0.13.1 released on 2010-03-24 |
| 188 | Bug fixes |
| 189 | * Fixed Makefile in library that was mistakenly merged |
| 190 | * Added missing const string fixes |
| 191 | |
| 192 | = Version 0.13.0 released on 2010-03-21 |
| 193 | Features |
| 194 | * Added option parsing for host and port selection to |
| 195 | ssl_client2 |
| 196 | * Added support for GeneralizedTime in X509 parsing |
| 197 | * Added cert_app program to allow easy reading and |
| 198 | printing of X509 certificates from file or SSL |
| 199 | connection. |
| 200 | |
| 201 | Changes |
| 202 | * Added const correctness for main code base |
| 203 | * X509 signature algorithm determination is now |
| 204 | in a function to allow easy future expansion |
| 205 | * Changed symmetric cipher functions to |
| 206 | identical interface (returning int result values) |
| 207 | * Changed ARC4 to use seperate input/output buffer |
| 208 | * Added reset function for HMAC context as speed-up |
| 209 | for specific use-cases |
| 210 | |
| 211 | Bug fixes |
| 212 | * Fixed bug resulting in failure to send the last |
| 213 | certificate in the chain in ssl_write_certificate() and |
| 214 | ssl_write_certificate_request() (found by fatbob) |
| 215 | * Added small fixes for compiler warnings on a Mac |
| 216 | (found by Frank de Brabander) |
| 217 | * Fixed algorithmic bug in mpi_is_prime() (found by |
| 218 | Smbat Tonoyan) |
| 219 | |
| 220 | = Version 0.12.1 released on 2009-10-04 |
| 221 | Changes |
| 222 | * Coverage test definitions now support 'depends_on' |
| 223 | tagging system. |
| 224 | * Tests requiring specific hashing algorithms now honor |
| 225 | the defines. |
| 226 | |
| 227 | Bug fixes |
| 228 | * Changed typo in #ifdef in x509parse.c (found |
| 229 | by Eduardo) |
| 230 | |
| 231 | = Version 0.12.0 released on 2009-07-28 |
| 232 | Features |
| 233 | * Added CMake makefiles as alternative to regular Makefiles. |
| 234 | * Added preliminary Code Coverage tests for AES, ARC4, |
| 235 | Base64, MPI, SHA-family, MD-family, HMAC-SHA-family, |
| 236 | Camellia, DES, 3-DES, RSA PKCS#1, XTEA, Diffie-Hellman |
| 237 | and X509parse. |
| 238 | |
| 239 | Changes |
| 240 | * Error codes are not (necessarily) negative. Keep |
| 241 | this is mind when checking for errors. |
| 242 | * RSA_RAW renamed to SIG_RSA_RAW for consistency. |
| 243 | * Fixed typo in name of POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE. |
| 244 | * Changed interface for AES and Camellia setkey functions |
| 245 | to indicate invalid key lengths. |
| 246 | |
| 247 | Bug fixes |
| 248 | * Fixed include location of endian.h on FreeBSD (found by |
| 249 | Gabriel) |
| 250 | * Fixed include location of endian.h and name clash on |
| 251 | Apples (found by Martin van Hensbergen) |
| 252 | * Fixed HMAC-MD2 by modifying md2_starts(), so that the |
| 253 | required HMAC ipad and opad variables are not cleared. |
| 254 | (found by code coverage tests) |
| 255 | * Prevented use of long long in bignum if |
| 256 | POLARSSL_HAVE_LONGLONG not defined (found by Giles |
| 257 | Bathgate). |
| 258 | * Fixed incorrect handling of negative strings in |
| 259 | mpi_read_string() (found by code coverage tests). |
| 260 | * Fixed segfault on handling empty rsa_context in |
| 261 | rsa_check_pubkey() and rsa_check_privkey() (found by |
| 262 | code coverage tests). |
| 263 | * Fixed incorrect handling of one single negative input |
| 264 | value in mpi_add_abs() (found by code coverage tests). |
| 265 | * Fixed incorrect handling of negative first input |
| 266 | value in mpi_sub_abs() (found by code coverage tests). |
| 267 | * Fixed incorrect handling of negative first input |
| 268 | value in mpi_mod_mpi() and mpi_mod_int(). Resulting |
| 269 | change also affects mpi_write_string() (found by code |
| 270 | coverage tests). |
| 271 | * Corrected is_prime() results for 0, 1 and 2 (found by |
| 272 | code coverage tests). |
| 273 | * Fixed Camellia and XTEA for 64-bit Windows systems. |
| 274 | |
| 275 | = Version 0.11.1 released on 2009-05-17 |
| 276 | * Fixed missing functionality for SHA-224, SHA-256, SHA384, |
| 277 | SHA-512 in rsa_pkcs1_sign() |
| 278 | |
| 279 | = Version 0.11.0 released on 2009-05-03 |
| 280 | * Fixed a bug in mpi_gcd() so that it also works when both |
| 281 | input numbers are even and added testcases to check |
| 282 | (found by Pierre Habouzit). |
| 283 | * Added support for SHA-224, SHA-256, SHA-384 and SHA-512 |
| 284 | one way hash functions with the PKCS#1 v1.5 signing and |
| 285 | verification. |
| 286 | * Fixed minor bug regarding mpi_gcd located within the |
| 287 | POLARSSL_GENPRIME block. |
| 288 | * Fixed minor memory leak in x509parse_crt() and added better |
| 289 | handling of 'full' certificate chains (found by Mathias |
| 290 | Olsson). |
| 291 | * Centralized file opening and reading for x509 files into |
| 292 | load_file() |
| 293 | * Made definition of net_htons() endian-clean for big endian |
| 294 | systems (Found by Gernot). |
| 295 | * Undefining POLARSSL_HAVE_ASM now also handles prevents asm in |
| 296 | padlock and timing code. |
| 297 | * Fixed an off-by-one buffer allocation in ssl_set_hostname() |
| 298 | responsible for crashes and unwanted behaviour. |
| 299 | * Added support for Certificate Revocation List (CRL) parsing. |
| 300 | * Added support for CRL revocation to x509parse_verify() and |
| 301 | SSL/TLS code. |
| 302 | * Fixed compatibility of XTEA and Camellia on a 64-bit system |
| 303 | (found by Felix von Leitner). |
| 304 | |
| 305 | = Version 0.10.0 released on 2009-01-12 |
| 306 | * Migrated XySSL to PolarSSL |
| 307 | * Added XTEA symmetric cipher |
| 308 | * Added Camellia symmetric cipher |
| 309 | * Added support for ciphersuites: SSL_RSA_CAMELLIA_128_SHA, |
| 310 | SSL_RSA_CAMELLIA_256_SHA and SSL_EDH_RSA_CAMELLIA_256_SHA |
| 311 | * Fixed dangerous bug that can cause a heap overflow in |
| 312 | rsa_pkcs1_decrypt (found by Christophe Devine) |
| 313 | |
| 314 | ================================================================ |
| 315 | XySSL ChangeLog |
| 316 | |
| 317 | = Version 0.9 released on 2008-03-16 |
| 318 | |
| 319 | * Added support for ciphersuite: SSL_RSA_AES_128_SHA |
| 320 | * Enabled support for large files by default in aescrypt2.c |
| 321 | * Preliminary openssl wrapper contributed by David Barrett |
| 322 | * Fixed a bug in ssl_write() that caused the same payload to |
| 323 | be sent twice in non-blocking mode when send returns EAGAIN |
| 324 | * Fixed ssl_parse_client_hello(): session id and challenge must |
| 325 | not be swapped in the SSLv2 ClientHello (found by Greg Robson) |
| 326 | * Added user-defined callback debug function (Krystian Kolodziej) |
| 327 | * Before freeing a certificate, properly zero out all cert. data |
| 328 | * Fixed the "mode" parameter so that encryption/decryption are |
| 329 | not swapped on PadLock; also fixed compilation on older versions |
| 330 | of gcc (bug reported by David Barrett) |
| 331 | * Correctly handle the case in padlock_xcryptcbc() when input or |
| 332 | ouput data is non-aligned by falling back to the software |
| 333 | implementation, as VIA Nehemiah cannot handle non-aligned buffers |
| 334 | * Fixed a memory leak in x509parse_crt() which was reported by Greg |
| 335 | Robson-Garth; some x509write.c fixes by Pascal Vizeli, thanks to |
| 336 | Matthew Page who reported several bugs |
| 337 | * Fixed x509_get_ext() to accept some rare certificates which have |
| 338 | an INTEGER instead of a BOOLEAN for BasicConstraints::cA. |
| 339 | * Added support on the client side for the TLS "hostname" extension |
| 340 | (patch contributed by David Patino) |
| 341 | * Make x509parse_verify() return BADCERT_CN_MISMATCH when an empty |
| 342 | string is passed as the CN (bug reported by spoofy) |
| 343 | * Added an option to enable/disable the BN assembly code |
| 344 | * Updated rsa_check_privkey() to verify that (D*E) = 1 % (P-1)*(Q-1) |
| 345 | * Disabled obsolete hash functions by default (MD2, MD4); updated |
| 346 | selftest and benchmark to not test ciphers that have been disabled |
| 347 | * Updated x509parse_cert_info() to correctly display byte 0 of the |
| 348 | serial number, setup correct server port in the ssl client example |
| 349 | * Fixed a critical denial-of-service with X.509 cert. verification: |
| 350 | peer may cause xyssl to loop indefinitely by sending a certificate |
| 351 | for which the RSA signature check fails (bug reported by Benoit) |
| 352 | * Added test vectors for: AES-CBC, AES-CFB, DES-CBC and 3DES-CBC, |
| 353 | HMAC-MD5, HMAC-SHA1, HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 |
| 354 | * Fixed HMAC-SHA-384 and HMAC-SHA-512 (thanks to Josh Sinykin) |
| 355 | * Modified ssl_parse_client_key_exchange() to protect against |
| 356 | Daniel Bleichenbacher attack on PKCS#1 v1.5 padding, as well |
| 357 | as the Klima-Pokorny-Rosa extension of Bleichenbacher's attack |
| 358 | * Updated rsa_gen_key() so that ctx->N is always nbits in size |
| 359 | * Fixed assembly PPC compilation errors on Mac OS X, thanks to |
| 360 | David Barrett and Dusan Semen |
| 361 | |
| 362 | = Version 0.8 released on 2007-10-20 |
| 363 | |
| 364 | * Modified the HMAC functions to handle keys larger |
| 365 | than 64 bytes, thanks to Stephane Desneux and gary ng |
| 366 | * Fixed ssl_read_record() to properly update the handshake |
| 367 | message digests, which fixes IE6/IE7 client authentication |
| 368 | * Cleaned up the XYSSL* #defines, suggested by Azriel Fasten |
| 369 | * Fixed net_recv(), thanks to Lorenz Schori and Egon Kocjan |
| 370 | * Added user-defined callbacks for handling I/O and sessions |
| 371 | * Added lots of debugging output in the SSL/TLS functions |
| 372 | * Added preliminary X.509 cert. writing by Pascal Vizeli |
| 373 | * Added preliminary support for the VIA PadLock routines |
| 374 | * Added AES-CFB mode of operation, contributed by chmike |
| 375 | * Added an SSL/TLS stress testing program (ssl_test.c) |
| 376 | * Updated the RSA PKCS#1 code to allow choosing between |
| 377 | RSA_PUBLIC and RSA_PRIVATE, as suggested by David Barrett |
| 378 | * Updated ssl_read() to skip 0-length records from OpenSSL |
| 379 | * Fixed the make install target to comply with *BSD make |
| 380 | * Fixed a bug in mpi_read_binary() on 64-bit platforms |
| 381 | * mpi_is_prime() speedups, thanks to Kevin McLaughlin |
| 382 | * Fixed a long standing memory leak in mpi_is_prime() |
| 383 | * Replaced realloc with malloc in mpi_grow(), and set |
| 384 | the sign of zero as positive in mpi_init() (reported |
| 385 | by Jonathan M. McCune) |
| 386 | |
| 387 | = Version 0.7 released on 2007-07-07 |
| 388 | |
| 389 | * Added support for the MicroBlaze soft-core processor |
| 390 | * Fixed a bug in ssl_tls.c which sometimes prevented SSL |
| 391 | connections from being established with non-blocking I/O |
| 392 | * Fixed a couple bugs in the VS6 and UNIX Makefiles |
| 393 | * Fixed the "PIC register ebx clobbered in asm" bug |
| 394 | * Added HMAC starts/update/finish support functions |
| 395 | * Added the SHA-224, SHA-384 and SHA-512 hash functions |
| 396 | * Fixed the net_set_*block routines, thanks to Andreas |
| 397 | * Added a few demonstration programs: md5sum, sha1sum, |
| 398 | dh_client, dh_server, rsa_genkey, rsa_sign, rsa_verify |
| 399 | * Added new bignum import and export helper functions |
| 400 | * Rewrote README.txt in program/ssl/ca to better explain |
| 401 | how to create a test PKI |
| 402 | |
| 403 | = Version 0.6 released on 2007-04-01 |
| 404 | |
| 405 | * Ciphers used in SSL/TLS can now be disabled at compile |
| 406 | time, to reduce the memory footprint on embedded systems |
| 407 | * Added multiply assembly code for the TriCore and modified |
| 408 | havege_struct for this processor, thanks to David Patiño |
| 409 | * Added multiply assembly code for 64-bit PowerPCs, |
| 410 | thanks to Peking University and the OSU Open Source Lab |
| 411 | * Added experimental support of Quantum Cryptography |
| 412 | * Added support for autoconf, contributed by Arnaud Cornet |
| 413 | * Fixed "long long" compilation issues on IA-64 and PPC64 |
| 414 | * Fixed a bug introduced in xyssl-0.5/timing.c: hardclock |
| 415 | was not being correctly defined on ARM and MIPS |
| 416 | |
| 417 | = Version 0.5 released on 2007-03-01 |
| 418 | |
| 419 | * Added multiply assembly code for SPARC and Alpha |
| 420 | * Added (beta) support for non-blocking I/O operations |
| 421 | * Implemented session resuming and client authentication |
| 422 | * Fixed some portability issues on WinCE, MINIX 3, Plan9 |
| 423 | (thanks to Benjamin Newman), HP-UX, FreeBSD and Solaris |
| 424 | * Improved the performance of the EDH key exchange |
| 425 | * Fixed a bug that caused valid packets with a payload |
| 426 | size of 16384 bytes to be rejected |
| 427 | |
| 428 | = Version 0.4 released on 2007-02-01 |
| 429 | |
| 430 | * Added support for Ephemeral Diffie-Hellman key exchange |
| 431 | * Added multiply asm code for SSE2, ARM, PPC, MIPS and M68K |
| 432 | * Various improvement to the modular exponentiation code |
| 433 | * Rewrote the headers to generate the API docs with doxygen |
| 434 | * Fixed a bug in ssl_encrypt_buf (incorrect padding was |
| 435 | generated) and in ssl_parse_client_hello (max. client |
| 436 | version was not properly set), thanks to Didier Rebeix |
| 437 | * Fixed another bug in ssl_parse_client_hello: clients with |
| 438 | cipherlists larger than 96 bytes were incorrectly rejected |
| 439 | * Fixed a couple memory leak in x509_read.c |
| 440 | |
| 441 | = Version 0.3 released on 2007-01-01 |
| 442 | |
| 443 | * Added server-side SSLv3 and TLSv1.0 support |
| 444 | * Multiple fixes to enhance the compatibility with g++, |
| 445 | thanks to Xosé Antón Otero Ferreira |
| 446 | * Fixed a bug in the CBC code, thanks to dowst; also, |
| 447 | the bignum code is no longer dependant on long long |
| 448 | * Updated rsa_pkcs1_sign to handle arbitrary large inputs |
| 449 | * Updated timing.c for improved compatibility with i386 |
| 450 | and 486 processors, thanks to Arnaud Cornet |
| 451 | |
| 452 | = Version 0.2 released on 2006-12-01 |
| 453 | |
| 454 | * Updated timing.c to support ARM and MIPS arch |
| 455 | * Updated the MPI code to support 8086 on MSVC 1.5 |
| 456 | * Added the copyright notice at the top of havege.h |
| 457 | * Fixed a bug in sha2_hmac, thanks to newsoft/Wenfang Zhang |
| 458 | * Fixed a bug reported by Adrian Rüegsegger in x509_read_key |
| 459 | * Fixed a bug reported by Torsten Lauter in ssl_read_record |
| 460 | * Fixed a bug in rsa_check_privkey that would wrongly cause |
| 461 | valid RSA keys to be dismissed (thanks to oldwolf) |
| 462 | * Fixed a bug in mpi_is_prime that caused some primes to fail |
| 463 | the Miller-Rabin primality test |
| 464 | |
| 465 | I'd also like to thank Younès Hafri for the CRUX linux port, |
| 466 | Khalil Petit who added XySSL into pkgsrc and Arnaud Cornet |
| 467 | who maintains the Debian package :-) |
| 468 | |
| 469 | = Version 0.1 released on 2006-11-01 |
| 470 | |