coelner/gnuk
1
0
Fork 0
mirror of https://salsa.debian.org/gnuk-team/gnuk/gnuk.git synced 2024-09-20 19:00:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

update polarssl/ChangeLog

Browse Source
This commit is contained in:
NIIBE Yutaka 2013-03-19 12:38:01 +09:00
parent 835eeb09a5
commit f3b90ad1cd
1 changed files with 698 additions and 310 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

396
polarssl/ChangeLog
View File

@ -1,5 +1,393 @@
PolarSSL ChangeLog
= Version 1.2.6 released 2013-03-11
Bugfix
* Fixed memory leak in ssl_free() and ssl_reset() for active session
* Corrected GCM counter incrementation to use only 32-bits instead of
128-bits (found by Yawning Angel)
* Fixes for 64-bit compilation with MS Visual Studio
* Fixed net_bind() for specified IP addresses on little endian systems
* Fixed assembly code for ARM (Thumb and regular) for some compilers
Changes
* Internally split up rsa_pkcs1_encrypt(), rsa_pkcs1_decrypt(),
rsa_pkcs1_sign() and rsa_pkcs1_verify() to separate PKCS#1 v1.5 and
PKCS#1 v2.1 functions
* Added support for custom labels when using rsa_rsaes_oaep_encrypt()
or rsa_rsaes_oaep_decrypt()
* Re-added handling for SSLv2 Client Hello when the define
POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO is set
* The SSL session cache module (ssl_cache) now also retains peer_cert
information (not the entire chain)
Security
* Removed further timing differences during SSL message decryption in
ssl_decrypt_buf()
* Removed timing differences due to bad padding from
rsa_rsaes_pkcs1_v15_decrypt() and rsa_pkcs1_decrypt() for PKCS#1 v1.5
operations
= Version 1.2.5 released 2013-02-02
Changes
* Allow enabling of dummy error_strerror() to support some use-cases
* Debug messages about padding errors during SSL message decryption are
disabled by default and can be enabled with POLARSSL_SSL_DEBUG_ALL
* Sending of security-relevant alert messages that do not break
interoperability can be switched on/off with the flag
POLARSSL_SSL_ALL_ALERT_MESSAGES
Security
* Removed timing differences during SSL message decryption in
ssl_decrypt_buf() due to badly formatted padding
= Version 1.2.4 released 2013-01-25
Changes
* Added ssl_handshake_step() to allow single stepping the handshake process
Bugfix
* Memory leak when using RSA_PKCS_V21 operations fixed
* Handle future version properly in ssl_write_certificate_request()
* Correctly handle CertificateRequest message in client for <= TLS 1.1
without DN list
= Version 1.2.3 released 2012-11-26
Bugfix
* Server not always sending correct CertificateRequest message
= Version 1.2.2 released 2012-11-24
Changes
* Added p_hw_data to ssl_context for context specific hardware acceleration
data
* During verify trust-CA is only checked for expiration and CRL presence
Bugfixes
* Fixed client authentication compatibility
* Fixed dependency on POLARSSL_SHA4_C in SSL modules
= Version 1.2.1 released 2012-11-20
Changes
* Depth that the certificate verify callback receives is now numbered
bottom-up (Peer cert depth is 0)
Bugfixes
* Fixes for MSVC6
* Moved mpi_inv_mod() outside POLARSSL_GENPRIME
* Allow R and A to point to same mpi in mpi_div_mpi (found by Manuel
Pégourié-Gonnard)
* Fixed possible segfault in mpi_shift_r() (found by Manuel
Pégourié-Gonnard)
* Added max length check for rsa_pkcs1_sign with PKCS#1 v2.1
= Version 1.2.0 released 2012-10-31
Features
* Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak
ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by
default!
* Added support for wildcard certificates
* Added support for multi-domain certificates through the X509 Subject
Alternative Name extension
* Added preliminary ASN.1 buffer writing support
* Added preliminary X509 Certificate Request writing support
* Added key_app_writer example application
* Added cert_req example application
* Added base Galois Counter Mode (GCM) for AES
* Added TLS 1.2 support (RFC 5246)
* Added GCM suites to TLS 1.2 (RFC 5288)
* Added commandline error code convertor (util/strerror)
* Added support for Hardware Acceleration hooking in SSL/TLS
* Added OpenSSL / PolarSSL compatibility script (tests/compat.sh) and
example application (programs/ssl/o_p_test) (requires OpenSSL)
* Added X509 CA Path support
* Added Thumb assembly optimizations
* Added DEFLATE compression support as per RFC3749 (requires zlib)
* Added blowfish algorithm (Generic and cipher layer)
* Added PKCS#5 PBKDF2 key derivation function
* Added Secure Renegotiation (RFC 5746)
* Added predefined DHM groups from RFC 5114
* Added simple SSL session cache implementation
* Added ServerName extension parsing (SNI) at server side
* Added option to add minimum accepted SSL/TLS protocol version
Changes
* Removed redundant POLARSSL_DEBUG_MSG define
* AES code only check for Padlock once
* Fixed const-correctness mpi_get_bit()
* Documentation for mpi_lsb() and mpi_msb()
* Moved out_msg to out_hdr + 32 to support hardware acceleration
* Changed certificate verify behaviour to comply with RFC 6125 section 6.3
to not match CN if subjectAltName extension is present (Closes ticket #56)
* Cipher layer cipher_mode_t POLARSSL_MODE_CFB128 is renamed to
POLARSSL_MODE_CFB, to also handle different block size CFB modes.
* Removed handling for SSLv2 Client Hello (as per RFC 5246 recommendation)
* Revamped session resumption handling
* Generalized external private key implementation handling (like PKCS#11)
in SSL/TLS
* Revamped x509_verify() and the SSL f_vrfy callback implementations
* Moved from unsigned long to fixed width uint32_t types throughout code
* Renamed ciphersuites naming scheme to IANA reserved names
Bugfix
* Fixed handling error in mpi_cmp_mpi() on longer B values (found by
Hui Dong)
* Fixed potential heap corruption in x509_name allocation
* Fixed single RSA test that failed on Big Endian systems (Closes ticket #54)
* mpi_exp_mod() now correctly handles negative base numbers (Closes ticket
#52)
* Handle encryption with private key and decryption with public key as per
RFC 2313
* Handle empty certificate subject names
* Prevent reading over buffer boundaries on X509 certificate parsing
* mpi_add_abs() now correctly handles adding short numbers to long numbers
with carry rollover (found by Ruslan Yushchenko)
* Handle existence of OpenSSL Trust Extensions at end of X.509 DER blob
* Fixed MPI assembly for SPARC64 platform
Security
* Fixed potential memory zeroization on miscrafted RSA key (found by Eloi
Vanderbeken)
= Version 1.1.5 released on 2013-01-16
Bugfix
* Fixed MPI assembly for SPARC64 platform
* Handle existence of OpenSSL Trust Extensions at end of X.509 DER blob
* mpi_add_abs() now correctly handles adding short numbers to long numbers
with carry rollover
* Moved mpi_inv_mod() outside POLARSSL_GENPRIME
* Prevent reading over buffer boundaries on X509 certificate parsing
* mpi_exp_mod() now correctly handles negative base numbers (Closes ticket
#52)
* Fixed possible segfault in mpi_shift_r() (found by Manuel
Pégourié-Gonnard)
* Allow R and A to point to same mpi in mpi_div_mpi (found by Manuel
Pégourié-Gonnard)
* Added max length check for rsa_pkcs1_sign with PKCS#1 v2.1
* Memory leak when using RSA_PKCS_V21 operations fixed
* Handle encryption with private key and decryption with public key as per
RFC 2313
* Fixes for MSVC6
Security
* Fixed potential memory zeroization on miscrafted RSA key (found by Eloi
Vanderbeken)
= Version 1.1.4 released on 2012-05-31
Bugfix
* Correctly handle empty SSL/TLS packets (Found by James Yonan)
* Fixed potential heap corruption in x509_name allocation
* Fixed single RSA test that failed on Big Endian systems (Closes ticket #54)
= Version 1.1.3 released on 2012-04-29
Bugfix
* Fixed random MPI generation to not generate more size than requested.
= Version 1.1.2 released on 2012-04-26
Bugfix
* Fixed handling error in mpi_cmp_mpi() on longer B values (found by
Hui Dong)
Security
* Fixed potential memory corruption on miscrafted client messages (found by
Frama-C team at CEA LIST)
* Fixed generation of DHM parameters to correct length (found by Ruslan
Yushchenko)
= Version 1.1.1 released on 2012-01-23
Bugfix
* Check for failed malloc() in ssl_set_hostname() and x509_get_entries()
(Closes ticket #47, found by Hugo Leisink)
* Fixed issues with Intel compiler on 64-bit systems (Closes ticket #50)
* Fixed multiple compiler warnings for VS6 and armcc
* Fixed bug in CTR_CRBG selftest
= Version 1.1.0 released on 2011-12-22
Features
* Added ssl_session_reset() to allow better multi-connection pools of
SSL contexts without needing to set all non-connection-specific
data and pointers again. Adapted ssl_server to use this functionality.
* Added ssl_set_max_version() to allow clients to offer a lower maximum
supported version to a server to help buggy server implementations.
(Closes ticket #36)
* Added cipher_get_cipher_mode() and cipher_get_cipher_operation()
introspection functions (Closes ticket #40)
* Added CTR_DRBG based on AES-256-CTR (NIST SP 800-90) random generator
* Added a generic entropy accumulator that provides support for adding
custom entropy sources and added some generic and platform dependent
entropy sources
Changes
* Documentation for AES and Camellia in modes CTR and CFB128 clarified.
* Fixed rsa_encrypt and rsa_decrypt examples to use public key for
encryption and private key for decryption. (Closes ticket #34)
* Inceased maximum size of ASN1 length reads to 32-bits.
* Added an EXPLICIT tag number parameter to x509_get_ext()
* Added a separate CRL entry extension parsing function
* Separated the ASN.1 parsing code from the X.509 specific parsing code.
So now there is a module that is controlled with POLARSSL_ASN1_PARSE_C.
* Changed the defined key-length of DES ciphers in cipher.h to include the
parity bits, to prevent mistakes in copying data. (Closes ticket #33)
* Loads of minimal changes to better support WINCE as a build target
(Credits go to Marco Lizza)
* Added POLARSSL_MPI_WINDOW_SIZE definition to allow easier time to memory
trade-off
* Introduced POLARSSL_MPI_MAX_SIZE and POLARSSL_MPI_MAX_BITS for MPI size
management (Closes ticket #44)
* Changed the used random function pointer to more flexible format. Renamed
havege_rand() to havege_random() to prevent mistakes. Lots of changes as
a consequence in library code and programs
* Moved all examples programs to use the new entropy and CTR_DRBG
* Added permissive certificate parsing to x509parse_crt() and
x509parse_crtfile(). With permissive parsing the parsing does not stop on
encountering a parse-error. Beware that the meaning of return values has
changed!
* All error codes are now negative. Even on mermory failures and IO errors.
Bugfix
* Fixed faulty HMAC-MD2 implementation. Found by dibac. (Closes
ticket #37)
* Fixed a bug where the CRL parser expected an EXPLICIT ASN.1 tag
before version numbers
* Allowed X509 key usage parsing to accept 4 byte values instead of the
standard 1 byte version sometimes used by Microsoft. (Closes ticket #38)
* Fixed incorrect behaviour in case of RSASSA-PSS with a salt length
smaller than the hash length. (Closes ticket #41)
* If certificate serial is longer than 32 octets, serial number is now
appended with '....' after first 28 octets
* Improved build support for s390x and sparc64 in bignum.h
* Fixed MS Visual C++ name clash with int64 in sha4.h
* Corrected removal of leading "00:" in printing serial numbers in
certificates and CRLs
= Version 1.0.0 released on 2011-07-27
Features
* Expanded cipher layer with support for CFB128 and CTR mode
* Added rsa_encrypt and rsa_decrypt simple example programs.
Changes
* The generic cipher and message digest layer now have normal error
codes instead of integers
Bugfix
* Undid faulty bug fix in ssl_write() when flushing old data (Ticket
#18)
= Version 0.99-pre5 released on 2011-05-26
Features
* Added additional Cipher Block Modes to symmetric ciphers
(AES CTR, Camellia CTR, XTEA CBC) including the option to
enable and disable individual modes when needed
* Functions requiring File System functions can now be disabled
by undefining POLARSSL_FS_IO
* A error_strerror function() has been added to translate between
error codes and their description.
* Added mpi_get_bit() and mpi_set_bit() individual bit setter/getter
functions.
* Added ssl_mail_client and ssl_fork_server as example programs.
Changes
* Major argument / variable rewrite. Introduced use of size_t
instead of int for buffer lengths and loop variables for
better unsigned / signed use. Renamed internal bigint types
t_int and t_dbl to t_uint and t_udbl in the process
* mpi_init() and mpi_free() now only accept a single MPI
argument and do not accept variable argument lists anymore.
* The error codes have been remapped and combining error codes
is now done with a PLUS instead of an OR as error codes
used are negative.
* Changed behaviour of net_read(), ssl_fetch_input() and ssl_recv().
net_recv() now returns 0 on EOF instead of
POLARSSL_ERR_NET_CONN_RESET. ssl_fetch_input() returns
POLARSSL_ERR_SSL_CONN_EOF on an EOF from its f_recv() function.
ssl_read() returns 0 if a POLARSSL_ERR_SSL_CONN_EOF is received
after the handshake.
* Network functions now return POLARSSL_ERR_NET_WANT_READ or
POLARSSL_ERR_NET_WANT_WRITE instead of the ambiguous
POLARSSL_ERR_NET_TRY_AGAIN
= Version 0.99-pre4 released on 2011-04-01
Features
* Added support for PKCS#1 v2.1 encoding and thus support
for the RSAES-OAEP and RSASSA-PSS operations.
* Reading of Public Key files incorporated into default x509
functionality as well.
* Added mpi_fill_random() for centralized filling of big numbers
with random data (Fixed ticket #10)
Changes
* Debug print of MPI now removes leading zero octets and
displays actual bit size of the value.
* x509parse_key() (and as a consequence x509parse_keyfile())
does not zeroize memory in advance anymore. Use rsa_init()
before parsing a key or keyfile!
Bugfix
* Debug output of MPI's now the same independent of underlying
platform (32-bit / 64-bit) (Fixes ticket #19, found by Mads
Kiilerich and Mihai Militaru)
* Fixed bug in ssl_write() when flushing old data (Fixed ticket
#18, found by Nikolay Epifanov)
* Fixed proper handling of RSASSA-PSS verification with variable
length salt lengths
= Version 0.99-pre3 released on 2011-02-28
This release replaces version 0.99-pre2 which had possible copyright issues.
Features
* Parsing PEM private keys encrypted with DES and AES
are now supported as well (Fixes ticket #5)
* Added crl_app program to allow easy reading and
printing of X509 CRLs from file
Changes
* Parsing of PEM files moved to separate module (Fixes
ticket #13). Also possible to remove PEM support for
systems only using DER encoding
Bugfixes
* Corrected parsing of UTCTime dates before 1990 and
after 1950
* Support more exotic OID's when parsing certificates
(found by Mads Kiilerich)
* Support more exotic name representations when parsing
certificates (found by Mads Kiilerich)
* Replaced the expired test certificates
* Do not bail out if no client certificate specified. Try
to negotiate anonymous connection (Fixes ticket #12,
found by Boris Krasnovskiy)
Security fixes
* Fixed a possible Man-in-the-Middle attack on the
Diffie Hellman key exchange (thanks to Larry Highsmith,
Subreption LLC)
= Version 0.99-pre1 released on 2011-01-30
Features
Note: Most of these features have been donated by Fox-IT
* Added Doxygen source code documentation parts
* Added reading of DHM context from memory and file
* Improved X509 certificate parsing to include extended
certificate fields, including Key Usage
* Improved certificate verification and verification
against the available CRLs
* Detection for DES weak keys and parity bits added
* Improvements to support integration in other
applications:
+ Added generic message digest and cipher wrapper
+ Improved information about current capabilities,
status, objects and configuration
+ Added verification callback on certificate chain
verification to allow external blacklisting
+ Additional example programs to show usage
* Added support for PKCS#11 through the use of the
libpkcs11-helper library
Changes
* x509parse_time_expired() checks time in addition to
the existing date check
* The ciphers member of ssl_context and the cipher member
of ssl_session have been renamed to ciphersuites and
ciphersuite respectively. This clarifies the difference
with the generic cipher layer and is better naming
altogether
= Version 0.14.0 released on 2010-08-16
Features
* Added support for SSL_EDH_RSA_AES_128_SHA and
@ -245,7 +633,7 @@ XySSL ChangeLog
* Ciphers used in SSL/TLS can now be disabled at compile
time, to reduce the memory footprint on embedded systems
* Added multiply assembly code for the TriCore and modified
havege_struct for this processor, thanks to David Patiño
havege_struct for this processor, thanks to David Patiño
* Added multiply assembly code for 64-bit PowerPCs,
thanks to Peking University and the OSU Open Source Lab
* Added experimental support of Quantum Cryptography
@ -282,7 +670,7 @@ XySSL ChangeLog
* Added server-side SSLv3 and TLSv1.0 support
* Multiple fixes to enhance the compatibility with g++,
thanks to Xosé Antón Otero Ferreira
thanks to Xosé Antón Otero Ferreira
* Fixed a bug in the CBC code, thanks to dowst; also,
the bignum code is no longer dependant on long long
* Updated rsa_pkcs1_sign to handle arbitrary large inputs
@ -295,14 +683,14 @@ XySSL ChangeLog
* Updated the MPI code to support 8086 on MSVC 1.5
* Added the copyright notice at the top of havege.h
* Fixed a bug in sha2_hmac, thanks to newsoft/Wenfang Zhang
* Fixed a bug reported by Adrian Rüegsegger in x509_read_key
* Fixed a bug reported by Adrian Rüegsegger in x509_read_key
* Fixed a bug reported by Torsten Lauter in ssl_read_record
* Fixed a bug in rsa_check_privkey that would wrongly cause
valid RSA keys to be dismissed (thanks to oldwolf)
* Fixed a bug in mpi_is_prime that caused some primes to fail
the Miller-Rabin primality test
I'd also like to thank Younès Hafri for the CRUX linux port,
I'd also like to thank Younès Hafri for the CRUX linux port,
Khalil Petit who added XySSL into pkgsrc and Arnaud Cornet
who maintains the Debian package :-)