mirror of
https://salsa.debian.org/gnuk-team/gnuk/gnuk.git
synced 2024-09-20 19:00:08 +00:00
update polarssl/ChangeLog
This commit is contained in:
parent
835eeb09a5
commit
f3b90ad1cd
@ -1,5 +1,393 @@
|
||||
PolarSSL ChangeLog
|
||||
|
||||
= Version 1.2.6 released 2013-03-11
|
||||
Bugfix
|
||||
* Fixed memory leak in ssl_free() and ssl_reset() for active session
|
||||
* Corrected GCM counter incrementation to use only 32-bits instead of
|
||||
128-bits (found by Yawning Angel)
|
||||
* Fixes for 64-bit compilation with MS Visual Studio
|
||||
* Fixed net_bind() for specified IP addresses on little endian systems
|
||||
* Fixed assembly code for ARM (Thumb and regular) for some compilers
|
||||
|
||||
Changes
|
||||
* Internally split up rsa_pkcs1_encrypt(), rsa_pkcs1_decrypt(),
|
||||
rsa_pkcs1_sign() and rsa_pkcs1_verify() to separate PKCS#1 v1.5 and
|
||||
PKCS#1 v2.1 functions
|
||||
* Added support for custom labels when using rsa_rsaes_oaep_encrypt()
|
||||
or rsa_rsaes_oaep_decrypt()
|
||||
* Re-added handling for SSLv2 Client Hello when the define
|
||||
POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO is set
|
||||
* The SSL session cache module (ssl_cache) now also retains peer_cert
|
||||
information (not the entire chain)
|
||||
|
||||
Security
|
||||
* Removed further timing differences during SSL message decryption in
|
||||
ssl_decrypt_buf()
|
||||
* Removed timing differences due to bad padding from
|
||||
rsa_rsaes_pkcs1_v15_decrypt() and rsa_pkcs1_decrypt() for PKCS#1 v1.5
|
||||
operations
|
||||
|
||||
= Version 1.2.5 released 2013-02-02
|
||||
Changes
|
||||
* Allow enabling of dummy error_strerror() to support some use-cases
|
||||
* Debug messages about padding errors during SSL message decryption are
|
||||
disabled by default and can be enabled with POLARSSL_SSL_DEBUG_ALL
|
||||
* Sending of security-relevant alert messages that do not break
|
||||
interoperability can be switched on/off with the flag
|
||||
POLARSSL_SSL_ALL_ALERT_MESSAGES
|
||||
|
||||
Security
|
||||
* Removed timing differences during SSL message decryption in
|
||||
ssl_decrypt_buf() due to badly formatted padding
|
||||
|
||||
= Version 1.2.4 released 2013-01-25
|
||||
Changes
|
||||
* Added ssl_handshake_step() to allow single stepping the handshake process
|
||||
|
||||
Bugfix
|
||||
* Memory leak when using RSA_PKCS_V21 operations fixed
|
||||
* Handle future version properly in ssl_write_certificate_request()
|
||||
* Correctly handle CertificateRequest message in client for <= TLS 1.1
|
||||
without DN list
|
||||
|
||||
= Version 1.2.3 released 2012-11-26
|
||||
Bugfix
|
||||
* Server not always sending correct CertificateRequest message
|
||||
|
||||
= Version 1.2.2 released 2012-11-24
|
||||
Changes
|
||||
* Added p_hw_data to ssl_context for context specific hardware acceleration
|
||||
data
|
||||
* During verify trust-CA is only checked for expiration and CRL presence
|
||||
|
||||
Bugfixes
|
||||
* Fixed client authentication compatibility
|
||||
* Fixed dependency on POLARSSL_SHA4_C in SSL modules
|
||||
|
||||
= Version 1.2.1 released 2012-11-20
|
||||
Changes
|
||||
* Depth that the certificate verify callback receives is now numbered
|
||||
bottom-up (Peer cert depth is 0)
|
||||
|
||||
Bugfixes
|
||||
* Fixes for MSVC6
|
||||
* Moved mpi_inv_mod() outside POLARSSL_GENPRIME
|
||||
* Allow R and A to point to same mpi in mpi_div_mpi (found by Manuel
|
||||
Pégourié-Gonnard)
|
||||
* Fixed possible segfault in mpi_shift_r() (found by Manuel
|
||||
Pégourié-Gonnard)
|
||||
* Added max length check for rsa_pkcs1_sign with PKCS#1 v2.1
|
||||
|
||||
= Version 1.2.0 released 2012-10-31
|
||||
Features
|
||||
* Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak
|
||||
ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by
|
||||
default!
|
||||
* Added support for wildcard certificates
|
||||
* Added support for multi-domain certificates through the X509 Subject
|
||||
Alternative Name extension
|
||||
* Added preliminary ASN.1 buffer writing support
|
||||
* Added preliminary X509 Certificate Request writing support
|
||||
* Added key_app_writer example application
|
||||
* Added cert_req example application
|
||||
* Added base Galois Counter Mode (GCM) for AES
|
||||
* Added TLS 1.2 support (RFC 5246)
|
||||
* Added GCM suites to TLS 1.2 (RFC 5288)
|
||||
* Added commandline error code convertor (util/strerror)
|
||||
* Added support for Hardware Acceleration hooking in SSL/TLS
|
||||
* Added OpenSSL / PolarSSL compatibility script (tests/compat.sh) and
|
||||
example application (programs/ssl/o_p_test) (requires OpenSSL)
|
||||
* Added X509 CA Path support
|
||||
* Added Thumb assembly optimizations
|
||||
* Added DEFLATE compression support as per RFC3749 (requires zlib)
|
||||
* Added blowfish algorithm (Generic and cipher layer)
|
||||
* Added PKCS#5 PBKDF2 key derivation function
|
||||
* Added Secure Renegotiation (RFC 5746)
|
||||
* Added predefined DHM groups from RFC 5114
|
||||
* Added simple SSL session cache implementation
|
||||
* Added ServerName extension parsing (SNI) at server side
|
||||
* Added option to add minimum accepted SSL/TLS protocol version
|
||||
|
||||
Changes
|
||||
* Removed redundant POLARSSL_DEBUG_MSG define
|
||||
* AES code only check for Padlock once
|
||||
* Fixed const-correctness mpi_get_bit()
|
||||
* Documentation for mpi_lsb() and mpi_msb()
|
||||
* Moved out_msg to out_hdr + 32 to support hardware acceleration
|
||||
* Changed certificate verify behaviour to comply with RFC 6125 section 6.3
|
||||
to not match CN if subjectAltName extension is present (Closes ticket #56)
|
||||
* Cipher layer cipher_mode_t POLARSSL_MODE_CFB128 is renamed to
|
||||
POLARSSL_MODE_CFB, to also handle different block size CFB modes.
|
||||
* Removed handling for SSLv2 Client Hello (as per RFC 5246 recommendation)
|
||||
* Revamped session resumption handling
|
||||
* Generalized external private key implementation handling (like PKCS#11)
|
||||
in SSL/TLS
|
||||
* Revamped x509_verify() and the SSL f_vrfy callback implementations
|
||||
* Moved from unsigned long to fixed width uint32_t types throughout code
|
||||
* Renamed ciphersuites naming scheme to IANA reserved names
|
||||
|
||||
Bugfix
|
||||
* Fixed handling error in mpi_cmp_mpi() on longer B values (found by
|
||||
Hui Dong)
|
||||
* Fixed potential heap corruption in x509_name allocation
|
||||
* Fixed single RSA test that failed on Big Endian systems (Closes ticket #54)
|
||||
* mpi_exp_mod() now correctly handles negative base numbers (Closes ticket
|
||||
#52)
|
||||
* Handle encryption with private key and decryption with public key as per
|
||||
RFC 2313
|
||||
* Handle empty certificate subject names
|
||||
* Prevent reading over buffer boundaries on X509 certificate parsing
|
||||
* mpi_add_abs() now correctly handles adding short numbers to long numbers
|
||||
with carry rollover (found by Ruslan Yushchenko)
|
||||
* Handle existence of OpenSSL Trust Extensions at end of X.509 DER blob
|
||||
* Fixed MPI assembly for SPARC64 platform
|
||||
|
||||
Security
|
||||
* Fixed potential memory zeroization on miscrafted RSA key (found by Eloi
|
||||
Vanderbeken)
|
||||
|
||||
= Version 1.1.5 released on 2013-01-16
|
||||
Bugfix
|
||||
* Fixed MPI assembly for SPARC64 platform
|
||||
* Handle existence of OpenSSL Trust Extensions at end of X.509 DER blob
|
||||
* mpi_add_abs() now correctly handles adding short numbers to long numbers
|
||||
with carry rollover
|
||||
* Moved mpi_inv_mod() outside POLARSSL_GENPRIME
|
||||
* Prevent reading over buffer boundaries on X509 certificate parsing
|
||||
* mpi_exp_mod() now correctly handles negative base numbers (Closes ticket
|
||||
#52)
|
||||
* Fixed possible segfault in mpi_shift_r() (found by Manuel
|
||||
Pégourié-Gonnard)
|
||||
* Allow R and A to point to same mpi in mpi_div_mpi (found by Manuel
|
||||
Pégourié-Gonnard)
|
||||
* Added max length check for rsa_pkcs1_sign with PKCS#1 v2.1
|
||||
* Memory leak when using RSA_PKCS_V21 operations fixed
|
||||
* Handle encryption with private key and decryption with public key as per
|
||||
RFC 2313
|
||||
* Fixes for MSVC6
|
||||
|
||||
Security
|
||||
* Fixed potential memory zeroization on miscrafted RSA key (found by Eloi
|
||||
Vanderbeken)
|
||||
|
||||
= Version 1.1.4 released on 2012-05-31
|
||||
Bugfix
|
||||
* Correctly handle empty SSL/TLS packets (Found by James Yonan)
|
||||
* Fixed potential heap corruption in x509_name allocation
|
||||
* Fixed single RSA test that failed on Big Endian systems (Closes ticket #54)
|
||||
|
||||
= Version 1.1.3 released on 2012-04-29
|
||||
Bugfix
|
||||
* Fixed random MPI generation to not generate more size than requested.
|
||||
|
||||
= Version 1.1.2 released on 2012-04-26
|
||||
Bugfix
|
||||
* Fixed handling error in mpi_cmp_mpi() on longer B values (found by
|
||||
Hui Dong)
|
||||
|
||||
Security
|
||||
* Fixed potential memory corruption on miscrafted client messages (found by
|
||||
Frama-C team at CEA LIST)
|
||||
* Fixed generation of DHM parameters to correct length (found by Ruslan
|
||||
Yushchenko)
|
||||
|
||||
= Version 1.1.1 released on 2012-01-23
|
||||
Bugfix
|
||||
* Check for failed malloc() in ssl_set_hostname() and x509_get_entries()
|
||||
(Closes ticket #47, found by Hugo Leisink)
|
||||
* Fixed issues with Intel compiler on 64-bit systems (Closes ticket #50)
|
||||
* Fixed multiple compiler warnings for VS6 and armcc
|
||||
* Fixed bug in CTR_CRBG selftest
|
||||
|
||||
= Version 1.1.0 released on 2011-12-22
|
||||
Features
|
||||
* Added ssl_session_reset() to allow better multi-connection pools of
|
||||
SSL contexts without needing to set all non-connection-specific
|
||||
data and pointers again. Adapted ssl_server to use this functionality.
|
||||
* Added ssl_set_max_version() to allow clients to offer a lower maximum
|
||||
supported version to a server to help buggy server implementations.
|
||||
(Closes ticket #36)
|
||||
* Added cipher_get_cipher_mode() and cipher_get_cipher_operation()
|
||||
introspection functions (Closes ticket #40)
|
||||
* Added CTR_DRBG based on AES-256-CTR (NIST SP 800-90) random generator
|
||||
* Added a generic entropy accumulator that provides support for adding
|
||||
custom entropy sources and added some generic and platform dependent
|
||||
entropy sources
|
||||
|
||||
Changes
|
||||
* Documentation for AES and Camellia in modes CTR and CFB128 clarified.
|
||||
* Fixed rsa_encrypt and rsa_decrypt examples to use public key for
|
||||
encryption and private key for decryption. (Closes ticket #34)
|
||||
* Inceased maximum size of ASN1 length reads to 32-bits.
|
||||
* Added an EXPLICIT tag number parameter to x509_get_ext()
|
||||
* Added a separate CRL entry extension parsing function
|
||||
* Separated the ASN.1 parsing code from the X.509 specific parsing code.
|
||||
So now there is a module that is controlled with POLARSSL_ASN1_PARSE_C.
|
||||
* Changed the defined key-length of DES ciphers in cipher.h to include the
|
||||
parity bits, to prevent mistakes in copying data. (Closes ticket #33)
|
||||
* Loads of minimal changes to better support WINCE as a build target
|
||||
(Credits go to Marco Lizza)
|
||||
* Added POLARSSL_MPI_WINDOW_SIZE definition to allow easier time to memory
|
||||
trade-off
|
||||
* Introduced POLARSSL_MPI_MAX_SIZE and POLARSSL_MPI_MAX_BITS for MPI size
|
||||
management (Closes ticket #44)
|
||||
* Changed the used random function pointer to more flexible format. Renamed
|
||||
havege_rand() to havege_random() to prevent mistakes. Lots of changes as
|
||||
a consequence in library code and programs
|
||||
* Moved all examples programs to use the new entropy and CTR_DRBG
|
||||
* Added permissive certificate parsing to x509parse_crt() and
|
||||
x509parse_crtfile(). With permissive parsing the parsing does not stop on
|
||||
encountering a parse-error. Beware that the meaning of return values has
|
||||
changed!
|
||||
* All error codes are now negative. Even on mermory failures and IO errors.
|
||||
|
||||
Bugfix
|
||||
* Fixed faulty HMAC-MD2 implementation. Found by dibac. (Closes
|
||||
ticket #37)
|
||||
* Fixed a bug where the CRL parser expected an EXPLICIT ASN.1 tag
|
||||
before version numbers
|
||||
* Allowed X509 key usage parsing to accept 4 byte values instead of the
|
||||
standard 1 byte version sometimes used by Microsoft. (Closes ticket #38)
|
||||
* Fixed incorrect behaviour in case of RSASSA-PSS with a salt length
|
||||
smaller than the hash length. (Closes ticket #41)
|
||||
* If certificate serial is longer than 32 octets, serial number is now
|
||||
appended with '....' after first 28 octets
|
||||
* Improved build support for s390x and sparc64 in bignum.h
|
||||
* Fixed MS Visual C++ name clash with int64 in sha4.h
|
||||
* Corrected removal of leading "00:" in printing serial numbers in
|
||||
certificates and CRLs
|
||||
|
||||
= Version 1.0.0 released on 2011-07-27
|
||||
Features
|
||||
* Expanded cipher layer with support for CFB128 and CTR mode
|
||||
* Added rsa_encrypt and rsa_decrypt simple example programs.
|
||||
|
||||
Changes
|
||||
* The generic cipher and message digest layer now have normal error
|
||||
codes instead of integers
|
||||
|
||||
Bugfix
|
||||
* Undid faulty bug fix in ssl_write() when flushing old data (Ticket
|
||||
#18)
|
||||
|
||||
= Version 0.99-pre5 released on 2011-05-26
|
||||
Features
|
||||
* Added additional Cipher Block Modes to symmetric ciphers
|
||||
(AES CTR, Camellia CTR, XTEA CBC) including the option to
|
||||
enable and disable individual modes when needed
|
||||
* Functions requiring File System functions can now be disabled
|
||||
by undefining POLARSSL_FS_IO
|
||||
* A error_strerror function() has been added to translate between
|
||||
error codes and their description.
|
||||
* Added mpi_get_bit() and mpi_set_bit() individual bit setter/getter
|
||||
functions.
|
||||
* Added ssl_mail_client and ssl_fork_server as example programs.
|
||||
|
||||
Changes
|
||||
* Major argument / variable rewrite. Introduced use of size_t
|
||||
instead of int for buffer lengths and loop variables for
|
||||
better unsigned / signed use. Renamed internal bigint types
|
||||
t_int and t_dbl to t_uint and t_udbl in the process
|
||||
* mpi_init() and mpi_free() now only accept a single MPI
|
||||
argument and do not accept variable argument lists anymore.
|
||||
* The error codes have been remapped and combining error codes
|
||||
is now done with a PLUS instead of an OR as error codes
|
||||
used are negative.
|
||||
* Changed behaviour of net_read(), ssl_fetch_input() and ssl_recv().
|
||||
net_recv() now returns 0 on EOF instead of
|
||||
POLARSSL_ERR_NET_CONN_RESET. ssl_fetch_input() returns
|
||||
POLARSSL_ERR_SSL_CONN_EOF on an EOF from its f_recv() function.
|
||||
ssl_read() returns 0 if a POLARSSL_ERR_SSL_CONN_EOF is received
|
||||
after the handshake.
|
||||
* Network functions now return POLARSSL_ERR_NET_WANT_READ or
|
||||
POLARSSL_ERR_NET_WANT_WRITE instead of the ambiguous
|
||||
POLARSSL_ERR_NET_TRY_AGAIN
|
||||
|
||||
= Version 0.99-pre4 released on 2011-04-01
|
||||
Features
|
||||
* Added support for PKCS#1 v2.1 encoding and thus support
|
||||
for the RSAES-OAEP and RSASSA-PSS operations.
|
||||
* Reading of Public Key files incorporated into default x509
|
||||
functionality as well.
|
||||
* Added mpi_fill_random() for centralized filling of big numbers
|
||||
with random data (Fixed ticket #10)
|
||||
|
||||
Changes
|
||||
* Debug print of MPI now removes leading zero octets and
|
||||
displays actual bit size of the value.
|
||||
* x509parse_key() (and as a consequence x509parse_keyfile())
|
||||
does not zeroize memory in advance anymore. Use rsa_init()
|
||||
before parsing a key or keyfile!
|
||||
|
||||
Bugfix
|
||||
* Debug output of MPI's now the same independent of underlying
|
||||
platform (32-bit / 64-bit) (Fixes ticket #19, found by Mads
|
||||
Kiilerich and Mihai Militaru)
|
||||
* Fixed bug in ssl_write() when flushing old data (Fixed ticket
|
||||
#18, found by Nikolay Epifanov)
|
||||
* Fixed proper handling of RSASSA-PSS verification with variable
|
||||
length salt lengths
|
||||
|
||||
= Version 0.99-pre3 released on 2011-02-28
|
||||
This release replaces version 0.99-pre2 which had possible copyright issues.
|
||||
Features
|
||||
* Parsing PEM private keys encrypted with DES and AES
|
||||
are now supported as well (Fixes ticket #5)
|
||||
* Added crl_app program to allow easy reading and
|
||||
printing of X509 CRLs from file
|
||||
|
||||
Changes
|
||||
* Parsing of PEM files moved to separate module (Fixes
|
||||
ticket #13). Also possible to remove PEM support for
|
||||
systems only using DER encoding
|
||||
|
||||
Bugfixes
|
||||
* Corrected parsing of UTCTime dates before 1990 and
|
||||
after 1950
|
||||
* Support more exotic OID's when parsing certificates
|
||||
(found by Mads Kiilerich)
|
||||
* Support more exotic name representations when parsing
|
||||
certificates (found by Mads Kiilerich)
|
||||
* Replaced the expired test certificates
|
||||
* Do not bail out if no client certificate specified. Try
|
||||
to negotiate anonymous connection (Fixes ticket #12,
|
||||
found by Boris Krasnovskiy)
|
||||
|
||||
Security fixes
|
||||
* Fixed a possible Man-in-the-Middle attack on the
|
||||
Diffie Hellman key exchange (thanks to Larry Highsmith,
|
||||
Subreption LLC)
|
||||
|
||||
= Version 0.99-pre1 released on 2011-01-30
|
||||
Features
|
||||
Note: Most of these features have been donated by Fox-IT
|
||||
* Added Doxygen source code documentation parts
|
||||
* Added reading of DHM context from memory and file
|
||||
* Improved X509 certificate parsing to include extended
|
||||
certificate fields, including Key Usage
|
||||
* Improved certificate verification and verification
|
||||
against the available CRLs
|
||||
* Detection for DES weak keys and parity bits added
|
||||
* Improvements to support integration in other
|
||||
applications:
|
||||
+ Added generic message digest and cipher wrapper
|
||||
+ Improved information about current capabilities,
|
||||
status, objects and configuration
|
||||
+ Added verification callback on certificate chain
|
||||
verification to allow external blacklisting
|
||||
+ Additional example programs to show usage
|
||||
* Added support for PKCS#11 through the use of the
|
||||
libpkcs11-helper library
|
||||
|
||||
Changes
|
||||
* x509parse_time_expired() checks time in addition to
|
||||
the existing date check
|
||||
* The ciphers member of ssl_context and the cipher member
|
||||
of ssl_session have been renamed to ciphersuites and
|
||||
ciphersuite respectively. This clarifies the difference
|
||||
with the generic cipher layer and is better naming
|
||||
altogether
|
||||
|
||||
= Version 0.14.0 released on 2010-08-16
|
||||
Features
|
||||
* Added support for SSL_EDH_RSA_AES_128_SHA and
|
||||
@ -245,7 +633,7 @@ XySSL ChangeLog
|
||||
* Ciphers used in SSL/TLS can now be disabled at compile
|
||||
time, to reduce the memory footprint on embedded systems
|
||||
* Added multiply assembly code for the TriCore and modified
|
||||
havege_struct for this processor, thanks to David Patiño
|
||||
havege_struct for this processor, thanks to David Patiño
|
||||
* Added multiply assembly code for 64-bit PowerPCs,
|
||||
thanks to Peking University and the OSU Open Source Lab
|
||||
* Added experimental support of Quantum Cryptography
|
||||
@ -282,7 +670,7 @@ XySSL ChangeLog
|
||||
|
||||
* Added server-side SSLv3 and TLSv1.0 support
|
||||
* Multiple fixes to enhance the compatibility with g++,
|
||||
thanks to Xosé Antón Otero Ferreira
|
||||
thanks to Xosé Antón Otero Ferreira
|
||||
* Fixed a bug in the CBC code, thanks to dowst; also,
|
||||
the bignum code is no longer dependant on long long
|
||||
* Updated rsa_pkcs1_sign to handle arbitrary large inputs
|
||||
@ -295,14 +683,14 @@ XySSL ChangeLog
|
||||
* Updated the MPI code to support 8086 on MSVC 1.5
|
||||
* Added the copyright notice at the top of havege.h
|
||||
* Fixed a bug in sha2_hmac, thanks to newsoft/Wenfang Zhang
|
||||
* Fixed a bug reported by Adrian Rüegsegger in x509_read_key
|
||||
* Fixed a bug reported by Adrian Rüegsegger in x509_read_key
|
||||
* Fixed a bug reported by Torsten Lauter in ssl_read_record
|
||||
* Fixed a bug in rsa_check_privkey that would wrongly cause
|
||||
valid RSA keys to be dismissed (thanks to oldwolf)
|
||||
* Fixed a bug in mpi_is_prime that caused some primes to fail
|
||||
the Miller-Rabin primality test
|
||||
|
||||
I'd also like to thank Younès Hafri for the CRUX linux port,
|
||||
I'd also like to thank Younès Hafri for the CRUX linux port,
|
||||
Khalil Petit who added XySSL into pkgsrc and Arnaud Cornet
|
||||
who maintains the Debian package :-)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user