Softpedia >Mac >Security >MatrixSSL >  Changelog

MatrixSSL Changelog

What's new in MatrixSSL 3.7.2

Apr 15, 2015
  • Various Improvements Many changes and improvements are included in this release that are not detailed below. Please see the Release Notes included in the package for a full list of changes.
  • CONFIGURATION CHANGES:
  • Default Ciphers - Four default ciphers are now enabled: TLS_RSA_WITH_AES_[128,256]_CBC_[SHA,SHA256]
  • Disabled Ciphers - 3DES ciphers join RC4 in the disabled by default ciphers list. PKCS5 and PKCS8 password protected private key parsing are not enabled by default.
  • Compile Options - For Linux, OS X and Windows platforms, -O3 is now the default optimization level. Assembly language optimizations are always enabled on all supported platforms. Algorithm optimizations trading size for speed now default to speed, unless compiling without optimizations (-O0) or optimizing for size (-Os).
  • Static Libraries - Static libraries have been renamed. Please see detailed release notes for more info.
  • SECURITY IMPROVEMENTS:
  • Stack Zeroing - BURN_STACK is enabled by default to clear sensitive data from the stack. In addition, memset_s() is now used to ensure that the compiler does not optimize away the memset of local stack variables. This change and other compiler warnings were suggested by Pavel Pimenov using PVS-Studio and Cppcheck. The issues are listed in this blog post and all have been fixed: http://www.viva64.com/en/b/0304/
  • X.509 Certificates - Improved certificate date validation, as well as distinguished name and key usage fields for older certificates.
  • ECC Key Generation - Now ensuring random number is less than the order value when performing ECDH key generation.

New in MatrixSSL 3.7.1 (Dec 5, 2014)

  • Security Fixes:
  • X.509 and ASN.1 Parsing Improvements - A security audit revealed a handful of parsing issues related to boundary testing which could result in reading beyond a memory buffer. These have been fixed, and the getAsnLength() internal API also does a double check against the remaining buffer length in all cases.
  • Constant-Time Memory Compare - Calls to memcmp() have been replaced with a memcmpct() implementation to reduce the effectiveness of future timing based attacks.
  • New Features:
  • Application-Layer Protocol Negotiation - Implemented RFC 7301.
  • X.509 RSASSA-PSS Signatures - MatrixSSL now supports the more secure RSASSA-PSS signature algorithm in X.509 certificates.
  • Run-Time TLS Feature Control - Truncated HMAC use, Maximum Fragment Length requests, and Elliptic Curve specification can now be enabled on a per-session basis when creating a new session..
  • API Changes:
  • Several - Please see the release notes included in the package for details.

New in MatrixSSL 3.6.2 (Sep 9, 2014)

  • BUG FIXES AND IMPROVEMENTS:
  • ECC public point validation
  • Previous versions of MatrixSSL were not testing ECC public keys for validity when ECDHE suites were used. Security researchers at Matsano Security crafted a malicious public ECC key that was able to cause a memory read access violation on some platforms and an infinite loop on others.
  • Fixed AES_GCM for big endian platforms
  • A bug was preventing the AES_GCM tag from being created correctly on big endian platforms
  • Additional sanity tests in math module
  • Some bad keys have shown to cause problem when put through the math operations. Some additional sanity tests have been added to fail on the calculations when unexpected conditions are found.
  • X.509 path length for servers that send root CA
  • Clients were incorrectly calculating the pathLen constraint in X.509 certificate chains when servers sent the root CA as part of the chain. It is not advised servers send the root CA but it is now handled correctly if those servers are encountered.
  • Both client and server initiate a re-handshake
  • A client will now ignore a HELLO_REQUEST message from a server if that client had just sent a CLIENT_HELLO re-handhake request. The assumption is that both peers had decided to re-handshake simultaneously and the client received the request after sending its own request.
  • FRAMEWORKS CHANGES:
  • Makefile build system creates module libraries
  • The Makefile framework now generates three module libraries when compiling MatrixSSL. The modules are core, crypto, and matrixssl and correspond to the source code underneath those directories. This change was made to mirror the development environment of the code maintainers to more easily capture build system improvements when generating product packages.
  • The standalone crypto library is also a commonly requested package for those only wanting to work with the raw crypto APIs.
  • Client example application command line parameters
  • The client example application (./apps/client.c) now accepts getopt style parameters rather than strict ordered parameters. The runClient.sh script has been updated to show the new usage or simply run ./client to see the usage.
  • CLIENT_KEY_EXCHANGE added to “postponed” PKA framework
  • To better support asynchronous hardware operations, the creation of handshake flights that require public key crypto operations use a two-step process. First, the entire plaintext flight is written to the buffer and the location of the public key crypto output is left empty. Second, the public key operations are performed and the results are written to the empty areas that were left for them. This version has added client side support to this framework with the CLIENT_KEY_EXCHANGE message. This has no impact on the public API.

New in MatrixSSL 3.6.1 (Apr 15, 2014)

  • Security Fixes:
  • Explicit Length Testing in Parsing Code - A security researcher reported a 'length underflow' vulnerability, which led to an internal audit of message parsing in MatrixSSL. This identified a handful of places in which explicit tests were needed in areas that read 'length' bytes from message streams. The primary areas of change were the TLS extension parsing for ECC cipher suite parameters and Secure Renegotiation. The code now confirms values are within valid ranges to prevent underflow decrements of unsigned integer counters that would result in bad loop logic and could potentially cause a memory access violation.

New in MatrixSSL 3.6.0 (Apr 15, 2014)

  • Security Features:
  • Stronger X.509 Enforcement - Improved X.509 certificate parsing and validation. V1 and V2 certs no longer supported. Enforcement of critical extensions, certificate chain path length, subject alt name, AuthorityKeyIdentifier, minimum key strength and several other constraints. Moved date range parsing into X.509 library.
  • Runtime Configuration of Ciphersuites - CipherSuite, TLS version and AllowResumption can now be set on a per SSL session basis.
  • Heartbleed Bug - All versions of MatrixSSL are unaffected by the recent OpenSSL "Heartbleed" bug. That bug is due to an OpenSSL implementation error, not an attack against the SSL/TLS protocol.
  • New Features:
  • TLS 1.2 - Full support open sourced from commercial codebase.
  • ECC Cipher Suites - ECDHE_ECDSA, ECDH_ECDSA, ECDHE_RSA and ECDH_RSA open sourced.
  • DH Cipher Suites - DH, DHE and DH_anon open sourced.
  • AES-GCM Cipher Suites - Full suite of GCM ciphers open sourced, optimized for Intel AES-NI extensions.
  • Preshared Key Cipher Suites - Full suite of PSK ciphers open sourced.
  • IDEA and Seed Ciphers - Open sourced.
  • SHA-2 Hashes - SHA-256, SHA384, SHA512 and HMAC counterparts open sourced.
  • Server Name Indication - SNI extension now supported.
  • Stateless Session Tickets - Session Tickets now supported for cacheless session resumption.
  • Session Cache Improvement - Very large session caches are now managed more efficiently and can effectively scale to memory constraints.
  • Truncated HMAC - Truncated HMAC extension open sourced.
  • ZLIB Support - Minimal SSL compression support, disabled by default for security reasons.
  • API Changes:
  • Several - Please see the release notes included in the package for details.

New in MatrixSSL 3.4.2 (Apr 15, 2014)

  • Bug Fixes and Improvements:
  • Improved Run-Time Checks of Certificate Algorithms Against Cipher Suites Checking the public key and signature algorithms of the certificate material during initialization and cipher suite negotiation is now stricter. Servers now look at the signature algorithm of their certificate when negotiating cipher suites to ensure the authentication mechanism is consistent with the cipher suite. This enables the handshake to fail early in the process if the certificate material does not support a requested cipher suite. This is mainly a protection against user configuration errors because a server should not enable cipher suites it isn't prepared to support. Clients now confirm the server certificate signature algorithm as a pre-emptive measure during the parsing of the CERTIFICATE message. Previous versions would terminate the connection later in the handshake process when the unsupported algorithm was encountered for the public key operation itself.
  • SSL Alert Sent on Handshake Message Creation Failure Previous versions would silently terminate the SSL connection if handshake message creation failed. Now an INTERNAL_ERROR alert is sent before closing the connection.
  • Expired Session Resumption Fix Fixed server support for scenarios in which a session that is already in a resumed handshake state will correctly fall back to a full handshake if the client attempts a resumed re-handshake after the session has expired in the server cache.
  • Disable Yarrow by Default and Simplified PRNG Reseeding The USE_YARROW define is now disabled by default in cryptoConfig.h because the two default entropy gathering sources are PRNG sources themselves so it isn't necessary to run that data through Yarrow. This change will result in a minor connection speed improvement. If Yarrow is needed, the logic for reseeding that algorithm has been simplified to update only on the amount of data read rather than including the number of function calls to the PRNG retrieval function.
  • Removed the USE_RSA Configuration Define The open source version of MatrixSSL only supports RSA cipher suites so the removal of that option makes this explicit.
  • Example Applications Load Full CA List To aid in testing, the example client and server applications now load the full list of sample Certificate Authority files so a recompile is not needed if changing the sample certificate material of the peer.

New in MatrixSSL 3.4.1 (Apr 15, 2014)

  • Security Features:
  • Lucky Thirteen Countermeasure - An attack against block cipher padding was proven to be feasible. This affects CBC ciphers including AES and 3DES. This update adds timing countermeasures that reduce the effectiveness of this attack.

New in MatrixSSL 3.4.0 (Apr 15, 2014)

  • Security Features:
  • Certificate Revocation List (CRL) - Two new APIs have been added to support CRLs. If a Certificate Authority uses the CRL Distribution Points extension to identify the URI where a CRL can be found, use the new matrixSslGetCRL API to aid in the fetch. If a local CRL is available use the matrixSslLoadCRL API to register the revoked certificates with the CA for testing during the SSL handshake. The client example application implements these two new APIs as a reference..
  • Client Certificate Authentication - This has been a feature in the commercial MatrixSSL release for some time. Client Certs are being deployed more often now, so we were asked by some open source users to include this feature under GPL. Enable the USE_CLIENT_AUTH define in matrixsslConfig.h to add support for this feature to the library. Clients and servers are both supported and the example applications implement client authentication for reference. The sslTest utility will exercise the client authentication handshake variations as well.
  • New Features:
  • Assembly Language Opimizations - Assembly code optimizations that were previously only available in commercial versions of MatrixSSL are now included in the open source packages. Optimizations for common processors such as ARM, x86, x86_64, and MIPS32 can now be enabled with the use of compile-time defines. RSA operations gain a significant speed advantage using these optimizations.
  • Public API Changes:
  • Client management of the session ID for resumption is now more explicit. The new matrixSslNewSessionId and matrixSslDeleteSessionId APIs enable library control of the sslSessionId_t parameter used in matrixSslNewClientSession. Refer to the API documentation for more details.
  • An additional parameter has been added to the matrixSslNewServerSession and matrixSslNewClientSession APIs for compatibility with MatrixDTLS packages. For SSL usage, the final parameter should be 0 to both of these functions.
  • This function prototype previously used a void return value. This change to an int return type was made simply to keep the core/ module APIs consistent.
  • Bug Fixes and Improvements:
  • X.509 certificate parsing now includes separate time format fields for the notBefore and notAfter identifiers. UTCTIME and GENERALIZEDTIME are still supported. However, it is not correct to assume both must be the same type. The psX509Cert_t structure accessible through the certificate callback will contain notBeforeTimeType and notAfterTimeType members instead of timeType.
  • The alert type and description were not correctly passed to the user via matrixSslReceivedData when the TLS 1.1 protocol was being used.
  • The length parser in the internal X.509 parseGeneralNames function assumed values less than 255. All lengths are supported now. Optional Attributes in a PKCS#8 format are now properly recognized. The PKCS#12 key generation algorithm is now more flexible. Previous implementations assumed a salt length of 8 bytes. Salts may now be up to 20 bytes. Also, certificates will be re-ordered in a child-to-parent hierarchy after the parse is complete.

New in MatrixSSL 3.1.3 (Sep 3, 2010)

  • Feature Updates:
  • New server-side configuration option to decrease binary executable size - Servers may now disable a new USE_CERT_PARSE define in crytpoConfig.h to exclude a relatively large portion of the x509.c source code. Previous versions of MatrixSSL would always pass the server certificate through an X.509 parse phase during initialization. This allowed the library to confirm the format of the certificate and perform algorithm tests based on the chosen cipher suite. However, these tests were in place primarily to prevent user error so if USE_CERT_PARSE is disabled, the user must be confident the certificate material is valid for the cipher suites that have been enabled in matrixsslConfig.h.
  • New Pseudo-Random Number Generation algorithms -An implementation of Yarrow is now included in the MatrixSSL source code package. Random numbers are now retrieved through Yarrow by default. An entropy source and implementation of psGetEntropy is still required for each platform.
  • Windows project files updated to Microsoft Visual C++ 2010 Express - Previous versions used the 2008 Express Edition of Visual C++.
  • Public API Changes:
  • New members in x509DNattributes_t structure - The Distinguished Name attributes in X.509 certificates such as Common Name, Organization, and Country are now accompanied by the explicit ASN.1 data type and length. Previous versions of MatrixSSL attempted to treat these fields as NULL terminated strings using single byte characters. In order to support a larger variety of certificate formats the Type and Len fields have been added so the user will have all the needed information to interpret certificate information that is passed into the certificate callback routine.
  • Bug Fixes:
  • Error return code fixed for matrixSslReceivedData - One code path through matrixSslReceivedData was performing an ‘unsigned char’ typecast on a potentially negative return code which converted it to a positive value. This resulted in an undocumented and ambiguous return code. The typecast has been removed and all error cases now return negative values as documented.

New in MatrixSSL 3.1.1 (Apr 21, 2010)

  • Enhancements to Features and Functionality:
  • Secure Renegotiations CLIENT_HELLO extension support
  • Client cipher suites on re-handshakes Makefile auto detects 32 and 64 bit platforms New documents: Migration to 3.1 and OS Porting Guide Public API
  • Changes:
  • New matrixSslNewClientSession prototype USE_INT64 renamed to HAVE_NATIVE_INT64
  • Bug Fixes:
  • Changing Cipher Suites on Re-handshake Default size for pstm_digit

New in MatrixSSL 1.8.7d (Aug 13, 2009)

  • Features:
  • Windows project files for library and example application builds are now based on the freely available Microsoft Visual Studio C++ 2008 Express Edition
  • Functional Changes:
  • The USE_MULTITHREADING define in matrixConfig.h is now off by default so that POSIX platforms will not require pthreads by default.
  • Fixes:
  • Fixed the size calculations for SSL_FULL conditions when encoding the FINISHED flight of handshake messages
  • Additional checks and proper error handling for the following types of malformed X.509 certificates as tested by Orange Labs
  • Testing for Serial Number encodings that use bad length specifications
  • Testing for Distinguished Name extension encodings that use bad length specifications
  • Error handling for Subject Alternate Name extensions that use bad length specifications

New in MatrixSSL 1.8.7 (Jun 29, 2009)

  • Features:
  • Windows project files for library and example application builds are now based on the freely
  • available Microsoft Visual Studio C++ 2008 Express Edition
  • Functional Changes:
  • The USE_MULTITHREADING define in matrixConfig.h is now off by default so that POSIX platforms will not require pthreads by default.
  • Fixes:
  • Fixed the size calculations for SSL_FULL conditions when encoding the FINISHED flight of handshake messages
  • Additional checks and proper error handling for the following types of malformed X.509 certificates as tested by Orange Labs
  • Testing for Serial Number encodings that use bad length specifications
  • Testing for Distinguished Name extension encodings that use bad length specifications
  • Error handling for Subject Alternate Name extensions that use bad length specifications

New in MatrixSSL 1.8.6 (Sep 11, 2008)

  • The matrixRsaParsePubKey routine has added support for X.509
  • SubjectPublicKeyInfo formatted keys
  • Full parsing support of the subjectAltName extension in certificates
  • Allowing clients to send multiple compression parameters in the
  • CLIENT_HELLO message
  • The matrixX509ReadCert routine supports additional PEM file
  • header and footer formats
  • Corrected filename misspelling in httpsReflector.c for lexample CAcertCln.der certificate