All Versions
80
Latest Version
Avg Release Cycle
46 days
Latest Release
828 days ago

Changelog History
Page 6

  • v1.1.7 Changes

    June 19, 2013

    πŸ”„ Changes

    • HAVEGE random generator disabled by default

    πŸ›  Bugfix

    • x509parse_crt() now better handles PEM error situations
    • ssl_parse_certificate() now calls x509parse_crt_der() directly instead of the x509parse_crt() wrapper that can also parse PEM certificates
    • Fixed values for 2-key Triple DES in cipher layer
    • ssl_write_certificate_request() can handle empty ca_chain

    πŸ”’ Security

    • A possible DoS during the SSL Handshake, due to faulty parsing of PEM-encoded certificates has been fixed (found by Jack Lloyd)
  • v1.1.6 Changes

    March 11, 2013

    πŸ›  Bugfix

    • Fixed net_bind() for specified IP addresses on little endian systems

    πŸ”„ Changes

    • Allow enabling of dummy error_strerror() to support some use-cases
    • Debug messages about padding errors during SSL message decryption are disabled by default and can be enabled with POLARSSL_SSL_DEBUG_ALL

    πŸ”’ Security

    • Removed timing differences during SSL message decryption in ssl_decrypt_buf()
    • Removed timing differences due to bad padding from rsa_rsaes_pkcs1_v15_decrypt() and rsa_pkcs1_decrypt() for PKCS#1 v1.5 operations
  • v1.1.5 Changes

    January 16, 2013

    πŸ›  Bugfix

    • Fixed MPI assembly for SPARC64 platform
    • Handle existence of OpenSSL Trust Extensions at end of X.509 DER blob
    • mpi_add_abs() now correctly handles adding short numbers to long numbers with carry rollover
    • Moved mpi_inv_mod() outside POLARSSL_GENPRIME
    • Prevent reading over buffer boundaries on X509 certificate parsing
    • mpi_exp_mod() now correctly handles negative base numbers (Closes ticket #52)
    • Fixed possible segfault in mpi_shift_r() (found by Manuel PΓ©gouriΓ©-Gonnard)
    • Allow R and A to point to same mpi in mpi_div_mpi (found by Manuel PΓ©gouriΓ©-Gonnard)
    • Added max length check for rsa_pkcs1_sign with PKCS#1 v2.1
    • Memory leak when using RSA_PKCS_V21 operations fixed
    • Handle encryption with private key and decryption with public key as per RFC 2313
    • Fixes for MSVC6

    πŸ”’ Security

    • Fixed potential memory zeroization on miscrafted RSA key (found by Eloi Vanderbeken)
  • v1.1.4 Changes

    May 31, 2012

    πŸ›  Bugfix

    • Correctly handle empty SSL/TLS packets (Found by James Yonan)
    • Fixed potential heap corruption in x509_name allocation
    • Fixed single RSA test that failed on Big Endian systems (Closes ticket #54)
  • v1.1.3 Changes

    April 29, 2012

    πŸ›  Bugfix

    • Fixed random MPI generation to not generate more size than requested.
  • v1.1.2 Changes

    April 26, 2012

    πŸ›  Bugfix

    • Fixed handling error in mpi_cmp_mpi() on longer B values (found by Hui Dong)

    πŸ”’ Security

    • Fixed potential memory corruption on miscrafted client messages (found by Frama-C team at CEA LIST)
    • Fixed generation of DHM parameters to correct length (found by Ruslan Yushchenko)
  • v1.1.1 Changes

    January 23, 2012

    πŸ›  Bugfix

    • Check for failed malloc() in ssl_set_hostname() and x509_get_entries() (Closes ticket #47, found by Hugo Leisink)
    • Fixed issues with Intel compiler on 64-bit systems (Closes ticket #50)
    • Fixed multiple compiler warnings for VS6 and armcc
    • Fixed bug in CTR_CRBG selftest
  • v1.1.0 Changes

    December 22, 2011

    πŸ”‹ Features

    • Added ssl_session_reset() to allow better multi-connection pools of SSL contexts without needing to set all non-connection-specific data and pointers again. Adapted ssl_server to use this functionality.
    • Added ssl_set_max_version() to allow clients to offer a lower maximum supported version to a server to help buggy server implementations. (Closes ticket #36)
    • Added cipher_get_cipher_mode() and cipher_get_cipher_operation() introspection functions (Closes ticket #40)
    • Added CTR_DRBG based on AES-256-CTR (NIST SP 800-90) random generator
    • Added a generic entropy accumulator that provides support for adding custom entropy sources and added some generic and platform dependent entropy sources

    πŸ”„ Changes

    • Documentation for AES and Camellia in modes CTR and CFB128 clarified.
    • Fixed rsa_encrypt and rsa_decrypt examples to use public key for encryption and private key for decryption. (Closes ticket #34)
    • Inceased maximum size of ASN1 length reads to 32-bits.
    • Added an EXPLICIT tag number parameter to x509_get_ext()
    • Added a separate CRL entry extension parsing function
    • Separated the ASN.1 parsing code from the X.509 specific parsing code. So now there is a module that is controlled with POLARSSL_ASN1_PARSE_C.
    • Changed the defined key-length of DES ciphers in cipher.h to include the parity bits, to prevent mistakes in copying data. (Closes ticket #33)
    • Loads of minimal changes to better support WINCE as a build target (Credits go to Marco Lizza)
    • Added POLARSSL_MPI_WINDOW_SIZE definition to allow easier time to memory trade-off
    • Introduced POLARSSL_MPI_MAX_SIZE and POLARSSL_MPI_MAX_BITS for MPI size management (Closes ticket #44)
    • Changed the used random function pointer to more flexible format. Renamed havege_rand() to havege_random() to prevent mistakes. Lots of changes as a consequence in library code and programs
    • Moved all examples programs to use the new entropy and CTR_DRBG
    • Added permissive certificate parsing to x509parse_crt() and x509parse_crtfile(). With permissive parsing the parsing does not stop on encountering a parse-error. Beware that the meaning of return values has changed!
    • All error codes are now negative. Even on mermory failures and IO errors.

    πŸ›  Bugfix

    • Fixed faulty HMAC-MD2 implementation. Found by dibac. (Closes ticket #37)
    • Fixed a bug where the CRL parser expected an EXPLICIT ASN.1 tag before version numbers
    • Allowed X509 key usage parsing to accept 4 byte values instead of the standard 1 byte version sometimes used by Microsoft. (Closes ticket #38)
    • Fixed incorrect behaviour in case of RSASSA-PSS with a salt length smaller than the hash length. (Closes ticket #41)
    • If certificate serial is longer than 32 octets, serial number is now appended with '....' after first 28 octets
    • Improved build support for s390x and sparc64 in bignum.h
    • Fixed MS Visual C++ name clash with int64 in sha4.h
    • Corrected removal of leading "00:" in printing serial numbers in certificates and CRLs
  • v1.0.0 Changes

    July 27, 2011

    πŸ”‹ Features

    • Expanded cipher layer with support for CFB128 and CTR mode
    • Added rsa_encrypt and rsa_decrypt simple example programs.

    πŸ”„ Changes

    • The generic cipher and message digest layer now have normal error codes instead of integers

    πŸ›  Bugfix

    • Undid faulty bug fix in ssl_write() when flushing old data (Ticket #18)
  • v0.99-pre5 Changes

    May 26, 2011

    πŸ”‹ Features

    • Added additional Cipher Block Modes to symmetric ciphers (AES CTR, Camellia CTR, XTEA CBC) including the option to enable and disable individual modes when needed
    • Functions requiring File System functions can now be disabled by undefining POLARSSL_FS_IO
    • A error_strerror function() has been added to translate between error codes and their description.
    • Added mpi_get_bit() and mpi_set_bit() individual bit setter/getter functions.
    • Added ssl_mail_client and ssl_fork_server as example programs.

    πŸ”„ Changes

    • Major argument / variable rewrite. Introduced use of size_t instead of int for buffer lengths and loop variables for better unsigned / signed use. Renamed internal bigint types t_int and t_dbl to t_uint and t_udbl in the process
    • mpi_init() and mpi_free() now only accept a single MPI argument and do not accept variable argument lists anymore.
    • The error codes have been remapped and combining error codes is now done with a PLUS instead of an OR as error codes used are negative.
    • Changed behaviour of net_read(), ssl_fetch_input() and ssl_recv(). net_recv() now returns 0 on EOF instead of POLARSSL_ERR_NET_CONN_RESET. ssl_fetch_input() returns POLARSSL_ERR_SSL_CONN_EOF on an EOF from its f_recv() function. ssl_read() returns 0 if a POLARSSL_ERR_SSL_CONN_EOF is received after the handshake.
    • Network functions now return POLARSSL_ERR_NET_WANT_READ or POLARSSL_ERR_NET_WANT_WRITE instead of the ambiguous POLARSSL_ERR_NET_TRY_AGAIN