blob: 4e9fb7c93e1bd0a56fd1fc28305b2b91ed42256b [file] [log] [blame]
Paul Bakker99ed6782011-01-05 14:48:42 +00001PolarSSL ChangeLog
2
Paul Bakker1fd0e052013-06-19 12:05:04 +02003= Branch 1.1
4Changes
5 * HAVEGE random generator disabled by default
6
Paul Bakker721f06d2013-06-19 12:07:42 +02007Bugfix
8 * x509parse_crt() now better handles PEM error situations
9
Paul Bakkerd3cd5c12013-03-11 17:02:58 +010010= Version 1.1.6 released on 2013-03-11
Paul Bakkerb5f27272013-03-11 16:53:25 +010011Bugfix
12 * Fixed net_bind() for specified IP addresses on little endian systems
13
Paul Bakkercb60e7c2013-03-11 15:50:35 +010014Changes
15 * Allow enabling of dummy error_strerror() to support some use-cases
Paul Bakker48b7cb82013-03-11 15:59:03 +010016 * Debug messages about padding errors during SSL message decryption are
17 disabled by default and can be enabled with POLARSSL_SSL_DEBUG_ALL
Paul Bakkercb60e7c2013-03-11 15:50:35 +010018
Paul Bakker6a229c12013-03-11 15:56:17 +010019Security
Paul Bakkerd3cd5c12013-03-11 17:02:58 +010020 * Removed timing differences during SSL message decryption in
Paul Bakker0a971b52013-03-11 16:08:06 +010021 ssl_decrypt_buf()
Paul Bakkere73a77f2013-03-11 16:51:05 +010022 * Removed timing differences due to bad padding from
23 rsa_rsaes_pkcs1_v15_decrypt() and rsa_pkcs1_decrypt() for PKCS#1 v1.5
24 operations
Paul Bakker6a229c12013-03-11 15:56:17 +010025
Paul Bakker66a531b2013-01-16 14:06:28 +010026= Version 1.1.5 released on 2013-01-16
Paul Bakkera4ed0c92013-01-14 16:38:45 +010027Bugfix
28 * Fixed MPI assembly for SPARC64 platform
Paul Bakker47f62612013-01-14 16:40:55 +010029 * Handle existence of OpenSSL Trust Extensions at end of X.509 DER blob
Paul Bakkerbdaf68a2012-09-16 21:35:30 +000030 * mpi_add_abs() now correctly handles adding short numbers to long numbers
31 with carry rollover
Paul Bakker087e0372013-01-14 17:57:13 +010032 * Moved mpi_inv_mod() outside POLARSSL_GENPRIME
Paul Bakker7261cba2013-01-16 12:39:54 +010033 * Prevent reading over buffer boundaries on X509 certificate parsing
Paul Bakkerd8ee8442012-05-16 08:02:29 +000034 * mpi_exp_mod() now correctly handles negative base numbers (Closes ticket
35 #52)
Manuel Pégourié-Gonnardf173e0a2012-11-17 12:42:51 +010036 * Fixed possible segfault in mpi_shift_r() (found by Manuel
37 Pégourié-Gonnard)
Paul Bakker0ae1f402012-11-13 10:25:21 +000038 * Allow R and A to point to same mpi in mpi_div_mpi (found by Manuel
39 Pégourié-Gonnard)
Paul Bakker144c3cc2012-11-13 12:13:27 +000040 * Added max length check for rsa_pkcs1_sign with PKCS#1 v2.1
Paul Bakkerc0484932013-01-03 10:50:31 +010041 * Memory leak when using RSA_PKCS_V21 operations fixed
Paul Bakker5f5593a2013-01-16 13:26:56 +010042 * Handle encryption with private key and decryption with public key as per
43 RFC 2313
Paul Bakkercf45a562012-11-02 10:59:36 +000044 * Fixes for MSVC6
Paul Bakkera4ed0c92013-01-14 16:38:45 +010045
Paul Bakker0ea57e82012-07-05 13:58:08 +000046Security
47 * Fixed potential memory zeroization on miscrafted RSA key (found by Eloi
48 Vanderbeken)
49
Paul Bakkerd36da112012-05-31 10:46:28 +000050= Version 1.1.4 released on 2012-05-31
Paul Bakker7f113202012-05-30 07:33:49 +000051Bugfix
Paul Bakkerd36da112012-05-31 10:46:28 +000052 * Correctly handle empty SSL/TLS packets (Found by James Yonan)
Paul Bakker7f113202012-05-30 07:33:49 +000053 * Fixed potential heap corruption in x509_name allocation
Paul Bakkerce30bdf2012-05-30 07:36:21 +000054 * Fixed single RSA test that failed on Big Endian systems (Closes ticket #54)
Paul Bakker7f113202012-05-30 07:33:49 +000055
Paul Bakker662d1682012-04-29 20:15:55 +000056= Version 1.1.3 released on 2012-04-29
57Bugfix
58 * Fixed random MPI generation to not generate more size than requested.
59
Paul Bakkere893b662012-04-26 19:30:20 +000060= Version 1.1.2 released on 2012-04-26
Paul Bakker32356ac2012-04-20 13:34:52 +000061Bugfix
62 * Fixed handling error in mpi_cmp_mpi() on longer B values (found by
63 Hui Dong)
64
Paul Bakkere2f8ff62012-04-20 13:33:14 +000065Security
66 * Fixed potential memory corruption on miscrafted client messages (found by
67 Frama-C team at CEA LIST)
Paul Bakker145e6812012-04-20 13:58:28 +000068 * Fixed generation of DHM parameters to correct length (found by Ruslan
69 Yushchenko)
Paul Bakkere2f8ff62012-04-20 13:33:14 +000070
Paul Bakkere2e36d32012-01-23 09:56:51 +000071= Version 1.1.1 released on 2012-01-23
72Bugfix
73 * Check for failed malloc() in ssl_set_hostname() and x509_get_entries()
74 (Closes ticket #47, found by Hugo Leisink)
75 * Fixed issues with Intel compiler on 64-bit systems (Closes ticket #50)
76 * Fixed multiple compiler warnings for VS6 and armcc
77 * Fixed bug in CTR_CRBG selftest
78
Paul Bakkerd567aa22011-12-22 10:06:27 +000079= Version 1.1.0 released on 2011-12-22
Paul Bakker7eb013f2011-10-06 12:37:39 +000080Features
81 * Added ssl_session_reset() to allow better multi-connection pools of
82 SSL contexts without needing to set all non-connection-specific
83 data and pointers again. Adapted ssl_server to use this functionality.
Paul Bakker490ecc82011-10-06 13:04:09 +000084 * Added ssl_set_max_version() to allow clients to offer a lower maximum
85 supported version to a server to help buggy server implementations.
86 (Closes ticket #36)
Paul Bakker03a30d32011-11-11 10:55:02 +000087 * Added cipher_get_cipher_mode() and cipher_get_cipher_operation()
88 introspection functions (Closes ticket #40)
Paul Bakker0e04d0e2011-11-27 14:46:59 +000089 * Added CTR_DRBG based on AES-256-CTR (NIST SP 800-90) random generator
Paul Bakker6083fd22011-12-03 21:45:14 +000090 * Added a generic entropy accumulator that provides support for adding
91 custom entropy sources and added some generic and platform dependent
92 entropy sources
Paul Bakker7eb013f2011-10-06 12:37:39 +000093
Paul Bakkerca6f3e22011-10-06 13:11:08 +000094Changes
95 * Documentation for AES and Camellia in modes CTR and CFB128 clarified.
Paul Bakkerd246ed32011-10-06 13:18:27 +000096 * Fixed rsa_encrypt and rsa_decrypt examples to use public key for
97 encryption and private key for decryption. (Closes ticket #34)
Paul Bakkerc4909d92011-10-12 09:52:22 +000098 * Inceased maximum size of ASN1 length reads to 32-bits.
Paul Bakkerfbc09f32011-10-12 09:56:41 +000099 * Added an EXPLICIT tag number parameter to x509_get_ext()
Paul Bakkerb5a11ab2011-10-12 09:58:41 +0000100 * Added a separate CRL entry extension parsing function
Paul Bakkerefc30292011-11-10 14:43:23 +0000101 * Separated the ASN.1 parsing code from the X.509 specific parsing code.
102 So now there is a module that is controlled with POLARSSL_ASN1_PARSE_C.
Paul Bakker5e18aed2011-11-15 15:38:45 +0000103 * Changed the defined key-length of DES ciphers in cipher.h to include the
104 parity bits, to prevent mistakes in copying data. (Closes ticket #33)
Paul Bakkercce9d772011-11-18 14:26:47 +0000105 * Loads of minimal changes to better support WINCE as a build target
Paul Bakker2e6d5322011-11-18 14:34:17 +0000106 (Credits go to Marco Lizza)
Paul Bakkerb6d5f082011-11-25 11:52:11 +0000107 * Added POLARSSL_MPI_WINDOW_SIZE definition to allow easier time to memory
108 trade-off
Paul Bakkerfe3256e2011-11-25 12:11:43 +0000109 * Introduced POLARSSL_MPI_MAX_SIZE and POLARSSL_MPI_MAX_BITS for MPI size
110 management (Closes ticket #44)
Paul Bakkera3d195c2011-11-27 21:07:34 +0000111 * Changed the used random function pointer to more flexible format. Renamed
112 havege_rand() to havege_random() to prevent mistakes. Lots of changes as
113 a consequence in library code and programs
Paul Bakker508ad5a2011-12-04 17:09:26 +0000114 * Moved all examples programs to use the new entropy and CTR_DRBG
Paul Bakker6c0ceb32011-12-04 12:24:18 +0000115 * Added permissive certificate parsing to x509parse_crt() and
116 x509parse_crtfile(). With permissive parsing the parsing does not stop on
Paul Bakker732e1a82011-12-11 16:35:09 +0000117 encountering a parse-error. Beware that the meaning of return values has
118 changed!
119 * All error codes are now negative. Even on mermory failures and IO errors.
Paul Bakkerca6f3e22011-10-06 13:11:08 +0000120
Paul Bakkerfa1c5922011-10-06 14:18:49 +0000121Bugfix
122 * Fixed faulty HMAC-MD2 implementation. Found by dibac. (Closes
123 ticket #37)
Paul Bakker3329d1f2011-10-12 09:55:01 +0000124 * Fixed a bug where the CRL parser expected an EXPLICIT ASN.1 tag
125 before version numbers
Paul Bakkercebdf172011-11-11 15:01:31 +0000126 * Allowed X509 key usage parsing to accept 4 byte values instead of the
127 standard 1 byte version sometimes used by Microsoft. (Closes ticket #38)
Paul Bakker1fe7d9b2011-11-15 15:26:03 +0000128 * Fixed incorrect behaviour in case of RSASSA-PSS with a salt length
129 smaller than the hash length. (Closes ticket #41)
Paul Bakker03c7c252011-11-25 12:37:37 +0000130 * If certificate serial is longer than 32 octets, serial number is now
131 appended with '....' after first 28 octets
Paul Bakker44637402011-11-26 09:23:07 +0000132 * Improved build support for s390x and sparc64 in bignum.h
Paul Bakker4f5ae802011-12-04 22:10:28 +0000133 * Fixed MS Visual C++ name clash with int64 in sha4.h
Paul Bakkerc50132d2011-12-05 14:38:36 +0000134 * Corrected removal of leading "00:" in printing serial numbers in
Paul Bakkerc8ffbe72011-12-05 14:22:49 +0000135 certificates and CRLs
Paul Bakkerfa1c5922011-10-06 14:18:49 +0000136
Paul Bakker968bc982011-07-27 17:03:00 +0000137= Version 1.0.0 released on 2011-07-27
Paul Bakker343a8702011-06-09 14:27:58 +0000138Features
139 * Expanded cipher layer with support for CFB128 and CTR mode
Paul Bakker7bc05ff2011-08-09 10:30:36 +0000140 * Added rsa_encrypt and rsa_decrypt simple example programs.
Paul Bakker343a8702011-06-09 14:27:58 +0000141
Paul Bakker42e59812011-06-09 15:55:41 +0000142Changes
143 * The generic cipher and message digest layer now have normal error
144 codes instead of integers
145
Paul Bakker887bd502011-06-08 13:10:54 +0000146Bugfix
147 * Undid faulty bug fix in ssl_write() when flushing old data (Ticket
148 #18)
149
Paul Bakker828acb22011-05-27 09:25:42 +0000150= Version 0.99-pre5 released on 2011-05-26
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000151Features
152 * Added additional Cipher Block Modes to symmetric ciphers
153 (AES CTR, Camellia CTR, XTEA CBC) including the option to
154 enable and disable individual modes when needed
Paul Bakker335db3f2011-04-25 15:28:35 +0000155 * Functions requiring File System functions can now be disabled
156 by undefining POLARSSL_FS_IO
Paul Bakker9d781402011-05-09 16:17:09 +0000157 * A error_strerror function() has been added to translate between
158 error codes and their description.
Paul Bakker2f5947e2011-05-18 15:47:11 +0000159 * Added mpi_get_bit() and mpi_set_bit() individual bit setter/getter
160 functions.
Paul Bakker1496d382011-05-23 12:07:29 +0000161 * Added ssl_mail_client and ssl_fork_server as example programs.
Paul Bakkerb6ecaf52011-04-19 14:29:23 +0000162
Paul Bakker23986e52011-04-24 08:57:21 +0000163Changes
164 * Major argument / variable rewrite. Introduced use of size_t
165 instead of int for buffer lengths and loop variables for
Paul Bakkera755ca12011-04-24 09:11:17 +0000166 better unsigned / signed use. Renamed internal bigint types
167 t_int and t_dbl to t_uint and t_udbl in the process
Paul Bakker6c591fa2011-05-05 11:49:20 +0000168 * mpi_init() and mpi_free() now only accept a single MPI
169 argument and do not accept variable argument lists anymore.
Paul Bakker9d781402011-05-09 16:17:09 +0000170 * The error codes have been remapped and combining error codes
171 is now done with a PLUS instead of an OR as error codes
172 used are negative.
Paul Bakker831a7552011-05-18 13:32:51 +0000173 * Changed behaviour of net_read(), ssl_fetch_input() and ssl_recv().
174 net_recv() now returns 0 on EOF instead of
175 POLARSSL_ERR_NET_CONN_RESET. ssl_fetch_input() returns
176 POLARSSL_ERR_SSL_CONN_EOF on an EOF from its f_recv() function.
177 ssl_read() returns 0 if a POLARSSL_ERR_SSL_CONN_EOF is received
178 after the handshake.
179 * Network functions now return POLARSSL_ERR_NET_WANT_READ or
180 POLARSSL_ERR_NET_WANT_WRITE instead of the ambiguous
181 POLARSSL_ERR_NET_TRY_AGAIN
Paul Bakker23986e52011-04-24 08:57:21 +0000182
Paul Bakker3efa5752011-04-01 12:23:26 +0000183= Version 0.99-pre4 released on 2011-04-01
Paul Bakker9dcc3222011-03-08 14:16:06 +0000184Features
185 * Added support for PKCS#1 v2.1 encoding and thus support
186 for the RSAES-OAEP and RSASSA-PSS operations.
Paul Bakkere77db2e2011-03-25 14:01:32 +0000187 * Reading of Public Key files incorporated into default x509
188 functionality as well.
Paul Bakker287781a2011-03-26 13:18:49 +0000189 * Added mpi_fill_random() for centralized filling of big numbers
190 with random data (Fixed ticket #10)
Paul Bakker9dcc3222011-03-08 14:16:06 +0000191
Paul Bakkerbe4e7dc2011-03-14 20:41:31 +0000192Changes
193 * Debug print of MPI now removes leading zero octets and
194 displays actual bit size of the value.
Paul Bakker98675492011-03-26 13:17:12 +0000195 * x509parse_key() (and as a consequence x509parse_keyfile())
196 does not zeroize memory in advance anymore. Use rsa_init()
197 before parsing a key or keyfile!
Paul Bakkerbe4e7dc2011-03-14 20:41:31 +0000198
199Bugfix
200 * Debug output of MPI's now the same independent of underlying
201 platform (32-bit / 64-bit) (Fixes ticket #19, found by Mads
202 Kiilerich and Mihai Militaru)
Paul Bakker1fd00bf2011-03-14 20:50:15 +0000203 * Fixed bug in ssl_write() when flushing old data (Fixed ticket
204 #18, found by Nikolay Epifanov)
Paul Bakkere77db2e2011-03-25 14:01:32 +0000205 * Fixed proper handling of RSASSA-PSS verification with variable
206 length salt lengths
Paul Bakkerbe4e7dc2011-03-14 20:41:31 +0000207
Paul Bakker345a6fe2011-02-28 21:20:02 +0000208= Version 0.99-pre3 released on 2011-02-28
209This release replaces version 0.99-pre2 which had possible copyright issues.
Paul Bakker96743fc2011-02-12 14:30:57 +0000210Features
211 * Parsing PEM private keys encrypted with DES and AES
212 are now supported as well (Fixes ticket #5)
Paul Bakkera9507c02011-02-12 15:27:28 +0000213 * Added crl_app program to allow easy reading and
214 printing of X509 CRLs from file
Paul Bakker96743fc2011-02-12 14:30:57 +0000215
216Changes
217 * Parsing of PEM files moved to separate module (Fixes
218 ticket #13). Also possible to remove PEM support for
219 systems only using DER encoding
220
Paul Bakker400ff6f2011-02-20 10:40:16 +0000221Bugfixes
222 * Corrected parsing of UTCTime dates before 1990 and
223 after 1950
224 * Support more exotic OID's when parsing certificates
Paul Bakkere2a39cc2011-02-20 13:49:27 +0000225 (found by Mads Kiilerich)
Paul Bakker400ff6f2011-02-20 10:40:16 +0000226 * Support more exotic name representations when parsing
Paul Bakkere2a39cc2011-02-20 13:49:27 +0000227 certificates (found by Mads Kiilerich)
Paul Bakker400ff6f2011-02-20 10:40:16 +0000228 * Replaced the expired test certificates
Paul Bakkere2a39cc2011-02-20 13:49:27 +0000229 * Do not bail out if no client certificate specified. Try
230 to negotiate anonymous connection (Fixes ticket #12,
231 found by Boris Krasnovskiy)
Paul Bakker400ff6f2011-02-20 10:40:16 +0000232
Paul Bakker345a6fe2011-02-28 21:20:02 +0000233Security fixes
234 * Fixed a possible Man-in-the-Middle attack on the
235 Diffie Hellman key exchange (thanks to Larry Highsmith,
236 Subreption LLC)
237
Paul Bakker9fc46592011-01-30 16:59:02 +0000238= Version 0.99-pre1 released on 2011-01-30
Paul Bakker37ca75d2011-01-06 12:28:03 +0000239Features
Paul Bakkerb63b0af2011-01-13 17:54:59 +0000240Note: Most of these features have been donated by Fox-IT
241 * Added Doxygen source code documentation parts
Paul Bakker1b57b062011-01-06 15:48:19 +0000242 * Added reading of DHM context from memory and file
Paul Bakker74111d32011-01-15 16:57:55 +0000243 * Improved X509 certificate parsing to include extended
Paul Bakker76fd75a2011-01-16 21:12:10 +0000244 certificate fields, including Key Usage
245 * Improved certificate verification and verification
246 against the available CRLs
Paul Bakker1f87fb62011-01-15 17:32:24 +0000247 * Detection for DES weak keys and parity bits added
Paul Bakker72f62662011-01-16 21:27:44 +0000248 * Improvements to support integration in other
249 applications:
250 + Added generic message digest and cipher wrapper
251 + Improved information about current capabilities,
252 status, objects and configuration
253 + Added verification callback on certificate chain
254 verification to allow external blacklisting
Paul Bakker20a78082011-01-21 09:32:12 +0000255 + Additional example programs to show usage
Paul Bakker43b7e352011-01-18 15:27:19 +0000256 * Added support for PKCS#11 through the use of the
257 libpkcs11-helper library
Paul Bakker37ca75d2011-01-06 12:28:03 +0000258
Paul Bakkerb6194992011-01-16 21:40:22 +0000259Changes
260 * x509parse_time_expired() checks time in addition to
261 the existing date check
Paul Bakkere3166ce2011-01-27 17:40:50 +0000262 * The ciphers member of ssl_context and the cipher member
263 of ssl_session have been renamed to ciphersuites and
264 ciphersuite respectively. This clarifies the difference
265 with the generic cipher layer and is better naming
266 altogether
Paul Bakkerb6194992011-01-16 21:40:22 +0000267
Paul Bakker99ed6782011-01-05 14:48:42 +0000268= Version 0.14.0 released on 2010-08-16
269Features
270 * Added support for SSL_EDH_RSA_AES_128_SHA and
271 SSL_EDH_RSA_CAMELLIA_128_SHA ciphersuites
272 * Added compile-time and run-time version information
273 * Expanded ssl_client2 arguments for more flexibility
274 * Added support for TLS v1.1
275
276Changes
277 * Made Makefile cleaner
278 * Removed dependency on rand() in rsa_pkcs1_encrypt().
279 Now using random fuction provided to function and
280 changed the prototype of rsa_pkcs1_encrypt(),
281 rsa_init() and rsa_gen_key().
282 * Some SSL defines were renamed in order to avoid
283 future confusion
284
285Bug fixes
286 * Fixed CMake out of source build for tests (found by
287 kkert)
288 * rsa_check_private() now supports PKCS1v2 keys as well
289 * Fixed deadlock in rsa_pkcs1_encrypt() on failing random
290 generator
291
292= Version 0.13.1 released on 2010-03-24
293Bug fixes
294 * Fixed Makefile in library that was mistakenly merged
295 * Added missing const string fixes
296
297= Version 0.13.0 released on 2010-03-21
298Features
299 * Added option parsing for host and port selection to
300 ssl_client2
301 * Added support for GeneralizedTime in X509 parsing
302 * Added cert_app program to allow easy reading and
303 printing of X509 certificates from file or SSL
304 connection.
305
306Changes
307 * Added const correctness for main code base
308 * X509 signature algorithm determination is now
309 in a function to allow easy future expansion
310 * Changed symmetric cipher functions to
311 identical interface (returning int result values)
312 * Changed ARC4 to use seperate input/output buffer
313 * Added reset function for HMAC context as speed-up
314 for specific use-cases
315
316Bug fixes
317 * Fixed bug resulting in failure to send the last
318 certificate in the chain in ssl_write_certificate() and
319 ssl_write_certificate_request() (found by fatbob)
320 * Added small fixes for compiler warnings on a Mac
321 (found by Frank de Brabander)
322 * Fixed algorithmic bug in mpi_is_prime() (found by
323 Smbat Tonoyan)
324
325= Version 0.12.1 released on 2009-10-04
326Changes
327 * Coverage test definitions now support 'depends_on'
328 tagging system.
329 * Tests requiring specific hashing algorithms now honor
330 the defines.
331
332Bug fixes
333 * Changed typo in #ifdef in x509parse.c (found
334 by Eduardo)
335
336= Version 0.12.0 released on 2009-07-28
337Features
338 * Added CMake makefiles as alternative to regular Makefiles.
339 * Added preliminary Code Coverage tests for AES, ARC4,
340 Base64, MPI, SHA-family, MD-family, HMAC-SHA-family,
341 Camellia, DES, 3-DES, RSA PKCS#1, XTEA, Diffie-Hellman
342 and X509parse.
343
344Changes
345 * Error codes are not (necessarily) negative. Keep
346 this is mind when checking for errors.
347 * RSA_RAW renamed to SIG_RSA_RAW for consistency.
348 * Fixed typo in name of POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE.
349 * Changed interface for AES and Camellia setkey functions
350 to indicate invalid key lengths.
351
352Bug fixes
353 * Fixed include location of endian.h on FreeBSD (found by
354 Gabriel)
355 * Fixed include location of endian.h and name clash on
356 Apples (found by Martin van Hensbergen)
357 * Fixed HMAC-MD2 by modifying md2_starts(), so that the
358 required HMAC ipad and opad variables are not cleared.
359 (found by code coverage tests)
360 * Prevented use of long long in bignum if
361 POLARSSL_HAVE_LONGLONG not defined (found by Giles
362 Bathgate).
363 * Fixed incorrect handling of negative strings in
364 mpi_read_string() (found by code coverage tests).
365 * Fixed segfault on handling empty rsa_context in
366 rsa_check_pubkey() and rsa_check_privkey() (found by
367 code coverage tests).
368 * Fixed incorrect handling of one single negative input
369 value in mpi_add_abs() (found by code coverage tests).
370 * Fixed incorrect handling of negative first input
371 value in mpi_sub_abs() (found by code coverage tests).
372 * Fixed incorrect handling of negative first input
373 value in mpi_mod_mpi() and mpi_mod_int(). Resulting
374 change also affects mpi_write_string() (found by code
375 coverage tests).
376 * Corrected is_prime() results for 0, 1 and 2 (found by
377 code coverage tests).
378 * Fixed Camellia and XTEA for 64-bit Windows systems.
379
380= Version 0.11.1 released on 2009-05-17
381 * Fixed missing functionality for SHA-224, SHA-256, SHA384,
382 SHA-512 in rsa_pkcs1_sign()
383
384= Version 0.11.0 released on 2009-05-03
385 * Fixed a bug in mpi_gcd() so that it also works when both
386 input numbers are even and added testcases to check
387 (found by Pierre Habouzit).
388 * Added support for SHA-224, SHA-256, SHA-384 and SHA-512
389 one way hash functions with the PKCS#1 v1.5 signing and
390 verification.
391 * Fixed minor bug regarding mpi_gcd located within the
392 POLARSSL_GENPRIME block.
393 * Fixed minor memory leak in x509parse_crt() and added better
394 handling of 'full' certificate chains (found by Mathias
395 Olsson).
396 * Centralized file opening and reading for x509 files into
397 load_file()
398 * Made definition of net_htons() endian-clean for big endian
399 systems (Found by Gernot).
400 * Undefining POLARSSL_HAVE_ASM now also handles prevents asm in
401 padlock and timing code.
402 * Fixed an off-by-one buffer allocation in ssl_set_hostname()
403 responsible for crashes and unwanted behaviour.
404 * Added support for Certificate Revocation List (CRL) parsing.
405 * Added support for CRL revocation to x509parse_verify() and
406 SSL/TLS code.
407 * Fixed compatibility of XTEA and Camellia on a 64-bit system
408 (found by Felix von Leitner).
409
410= Version 0.10.0 released on 2009-01-12
411 * Migrated XySSL to PolarSSL
412 * Added XTEA symmetric cipher
413 * Added Camellia symmetric cipher
414 * Added support for ciphersuites: SSL_RSA_CAMELLIA_128_SHA,
415 SSL_RSA_CAMELLIA_256_SHA and SSL_EDH_RSA_CAMELLIA_256_SHA
416 * Fixed dangerous bug that can cause a heap overflow in
417 rsa_pkcs1_decrypt (found by Christophe Devine)
418
419================================================================
420XySSL ChangeLog
421
422= Version 0.9 released on 2008-03-16
423
424 * Added support for ciphersuite: SSL_RSA_AES_128_SHA
425 * Enabled support for large files by default in aescrypt2.c
426 * Preliminary openssl wrapper contributed by David Barrett
427 * Fixed a bug in ssl_write() that caused the same payload to
428 be sent twice in non-blocking mode when send returns EAGAIN
429 * Fixed ssl_parse_client_hello(): session id and challenge must
430 not be swapped in the SSLv2 ClientHello (found by Greg Robson)
431 * Added user-defined callback debug function (Krystian Kolodziej)
432 * Before freeing a certificate, properly zero out all cert. data
433 * Fixed the "mode" parameter so that encryption/decryption are
434 not swapped on PadLock; also fixed compilation on older versions
435 of gcc (bug reported by David Barrett)
436 * Correctly handle the case in padlock_xcryptcbc() when input or
437 ouput data is non-aligned by falling back to the software
438 implementation, as VIA Nehemiah cannot handle non-aligned buffers
439 * Fixed a memory leak in x509parse_crt() which was reported by Greg
440 Robson-Garth; some x509write.c fixes by Pascal Vizeli, thanks to
441 Matthew Page who reported several bugs
442 * Fixed x509_get_ext() to accept some rare certificates which have
443 an INTEGER instead of a BOOLEAN for BasicConstraints::cA.
444 * Added support on the client side for the TLS "hostname" extension
445 (patch contributed by David Patino)
446 * Make x509parse_verify() return BADCERT_CN_MISMATCH when an empty
447 string is passed as the CN (bug reported by spoofy)
448 * Added an option to enable/disable the BN assembly code
449 * Updated rsa_check_privkey() to verify that (D*E) = 1 % (P-1)*(Q-1)
450 * Disabled obsolete hash functions by default (MD2, MD4); updated
451 selftest and benchmark to not test ciphers that have been disabled
452 * Updated x509parse_cert_info() to correctly display byte 0 of the
453 serial number, setup correct server port in the ssl client example
454 * Fixed a critical denial-of-service with X.509 cert. verification:
455 peer may cause xyssl to loop indefinitely by sending a certificate
456 for which the RSA signature check fails (bug reported by Benoit)
457 * Added test vectors for: AES-CBC, AES-CFB, DES-CBC and 3DES-CBC,
458 HMAC-MD5, HMAC-SHA1, HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512
459 * Fixed HMAC-SHA-384 and HMAC-SHA-512 (thanks to Josh Sinykin)
460 * Modified ssl_parse_client_key_exchange() to protect against
461 Daniel Bleichenbacher attack on PKCS#1 v1.5 padding, as well
462 as the Klima-Pokorny-Rosa extension of Bleichenbacher's attack
463 * Updated rsa_gen_key() so that ctx->N is always nbits in size
464 * Fixed assembly PPC compilation errors on Mac OS X, thanks to
465 David Barrett and Dusan Semen
466
467= Version 0.8 released on 2007-10-20
468
469 * Modified the HMAC functions to handle keys larger
470 than 64 bytes, thanks to Stephane Desneux and gary ng
471 * Fixed ssl_read_record() to properly update the handshake
472 message digests, which fixes IE6/IE7 client authentication
473 * Cleaned up the XYSSL* #defines, suggested by Azriel Fasten
474 * Fixed net_recv(), thanks to Lorenz Schori and Egon Kocjan
475 * Added user-defined callbacks for handling I/O and sessions
476 * Added lots of debugging output in the SSL/TLS functions
477 * Added preliminary X.509 cert. writing by Pascal Vizeli
478 * Added preliminary support for the VIA PadLock routines
479 * Added AES-CFB mode of operation, contributed by chmike
480 * Added an SSL/TLS stress testing program (ssl_test.c)
481 * Updated the RSA PKCS#1 code to allow choosing between
482 RSA_PUBLIC and RSA_PRIVATE, as suggested by David Barrett
483 * Updated ssl_read() to skip 0-length records from OpenSSL
484 * Fixed the make install target to comply with *BSD make
485 * Fixed a bug in mpi_read_binary() on 64-bit platforms
486 * mpi_is_prime() speedups, thanks to Kevin McLaughlin
487 * Fixed a long standing memory leak in mpi_is_prime()
488 * Replaced realloc with malloc in mpi_grow(), and set
489 the sign of zero as positive in mpi_init() (reported
490 by Jonathan M. McCune)
491
492= Version 0.7 released on 2007-07-07
493
494 * Added support for the MicroBlaze soft-core processor
495 * Fixed a bug in ssl_tls.c which sometimes prevented SSL
496 connections from being established with non-blocking I/O
497 * Fixed a couple bugs in the VS6 and UNIX Makefiles
498 * Fixed the "PIC register ebx clobbered in asm" bug
499 * Added HMAC starts/update/finish support functions
500 * Added the SHA-224, SHA-384 and SHA-512 hash functions
501 * Fixed the net_set_*block routines, thanks to Andreas
502 * Added a few demonstration programs: md5sum, sha1sum,
503 dh_client, dh_server, rsa_genkey, rsa_sign, rsa_verify
504 * Added new bignum import and export helper functions
505 * Rewrote README.txt in program/ssl/ca to better explain
506 how to create a test PKI
507
508= Version 0.6 released on 2007-04-01
509
510 * Ciphers used in SSL/TLS can now be disabled at compile
511 time, to reduce the memory footprint on embedded systems
512 * Added multiply assembly code for the TriCore and modified
513 havege_struct for this processor, thanks to David Patiño
514 * Added multiply assembly code for 64-bit PowerPCs,
515 thanks to Peking University and the OSU Open Source Lab
516 * Added experimental support of Quantum Cryptography
517 * Added support for autoconf, contributed by Arnaud Cornet
518 * Fixed "long long" compilation issues on IA-64 and PPC64
519 * Fixed a bug introduced in xyssl-0.5/timing.c: hardclock
520 was not being correctly defined on ARM and MIPS
521
522= Version 0.5 released on 2007-03-01
523
524 * Added multiply assembly code for SPARC and Alpha
525 * Added (beta) support for non-blocking I/O operations
526 * Implemented session resuming and client authentication
527 * Fixed some portability issues on WinCE, MINIX 3, Plan9
528 (thanks to Benjamin Newman), HP-UX, FreeBSD and Solaris
529 * Improved the performance of the EDH key exchange
530 * Fixed a bug that caused valid packets with a payload
531 size of 16384 bytes to be rejected
532
533= Version 0.4 released on 2007-02-01
534
535 * Added support for Ephemeral Diffie-Hellman key exchange
536 * Added multiply asm code for SSE2, ARM, PPC, MIPS and M68K
537 * Various improvement to the modular exponentiation code
538 * Rewrote the headers to generate the API docs with doxygen
539 * Fixed a bug in ssl_encrypt_buf (incorrect padding was
540 generated) and in ssl_parse_client_hello (max. client
541 version was not properly set), thanks to Didier Rebeix
542 * Fixed another bug in ssl_parse_client_hello: clients with
543 cipherlists larger than 96 bytes were incorrectly rejected
544 * Fixed a couple memory leak in x509_read.c
545
546= Version 0.3 released on 2007-01-01
547
548 * Added server-side SSLv3 and TLSv1.0 support
549 * Multiple fixes to enhance the compatibility with g++,
550 thanks to Xosé Antón Otero Ferreira
551 * Fixed a bug in the CBC code, thanks to dowst; also,
552 the bignum code is no longer dependant on long long
553 * Updated rsa_pkcs1_sign to handle arbitrary large inputs
554 * Updated timing.c for improved compatibility with i386
555 and 486 processors, thanks to Arnaud Cornet
556
557= Version 0.2 released on 2006-12-01
558
559 * Updated timing.c to support ARM and MIPS arch
560 * Updated the MPI code to support 8086 on MSVC 1.5
561 * Added the copyright notice at the top of havege.h
562 * Fixed a bug in sha2_hmac, thanks to newsoft/Wenfang Zhang
563 * Fixed a bug reported by Adrian Rüegsegger in x509_read_key
564 * Fixed a bug reported by Torsten Lauter in ssl_read_record
565 * Fixed a bug in rsa_check_privkey that would wrongly cause
566 valid RSA keys to be dismissed (thanks to oldwolf)
567 * Fixed a bug in mpi_is_prime that caused some primes to fail
568 the Miller-Rabin primality test
569
570 I'd also like to thank Younès Hafri for the CRUX linux port,
571 Khalil Petit who added XySSL into pkgsrc and Arnaud Cornet
572 who maintains the Debian package :-)
573
574= Version 0.1 released on 2006-11-01
575