PolarSSL version 0.14.0 has been released!

This release introduces support for TLS 1.1 and compile-time and run-time version information. The version information allows for better managing of PolarSSL as a plugin in other projects.

This release (0.14.0) removes the dependency on rand() in rsa_pkcs1_encrypt(), but also changes the function prototypes of rsa_init(), rsa_gen_key() and rsa_pkcs1_encrypt() as a result. In addition a possible deadlock was fixed and support for PKCS1v2 keys fixed.

From the ChangeLog

Features

   * Added support for SSL_EDH_RSA_AES_128_SHA and
     SSL_EDH_RSA_CAMELLIA_128_SHA ciphersuites
   * Added compile-time and run-time version information
   * Expanded ssl_client2 arguments for more flexibility
   * Added support for TLS v1.1

Changes

   * Made Makefile cleaner
   * Removed dependency on rand() in rsa_pkcs1_encrypt().
     Now using random fuction provided to function and
         changed the prototype of rsa_pkcs1_encrypt(),
         rsa_init() and rsa_gen_key().
   * Some SSL defines were renamed in order to avoid
     future confusion

Bug fixes

   * Fixed CMake out of source build for tests (found by
     kkert)
   * rsa_check_private() now supports PKCS1v2 keys as well
   * Fixed deadlock in rsa_pkcs1_encrypt() on failing random
     generator

Download link: polarssl-0.14.0-gpl.tgz

polarssl-0.14.0-gpl.tgz:
MD5    : 669a0582a27a5ec381542f0c67e966b7
SHA-1  : 581a90dc0e911edf87816e38fbd2e5826247b255
SHA-256: 0b4b4cf79cdae5254c5a7a2bbadbc84c9e3644c7bb9975a94c149682010f84c0

Trac integrated

Trac has been integrated into the site to add support for Tickets and Bug reporting . Trac accounts are currently separate from Forum accounts, so you need to register twice. Please use the Ticket and Bug reporting options to request new features, communicate bugs and patches.

PolarSSL version 0.13.1 has been released!

This is a bugfix release that fixes a faulty Makefile that was merged into 0.13.0 and adds a missing const qualifier.

Version 0.13.0 has been removed from the site because of these bugs.

This release (0.13.0 / 0.13.1) fixes the known open bugs, in addition to better standardizing the historic crypto interface for some algorithms. The largest change is the addition of const correctness in the code.

If anybody notices anything weird with the const correctness or anything else, please let me know!

From the ChangeLog

Features

   * Added option parsing for host and port selection to
     ssl_client2
   * Added support for GeneralizedTime in X509 parsing
   * Added cert_app program to allow easy reading and
     printing of X509 certificates from file or SSL
     connection.

Changes

   * Added const correctness for main code base
   * X509 signature algorithm determination is now
     in a function to allow easy future expansion
   * Changed symmetric cipher functions to
     identical interface (returning int result values)
   * Changed ARC4 to use seperate input/output buffer
   * Added reset function for HMAC context as speed-up
     for specific use-cases

Bug fixes

   * Fixed bug resulting in failure to send the last
     certificate in the chain in ssl_write_certificate() and
     ssl_write_certificate_request() (found by fatbob)
   * Added small fixes for compiler warnings on a Mac
     (found by Frank de Brabander)
   * Fixed algorithmic bug in mpi_is_prime() (found by
     Smbat Tonoyan)

Download link: polarssl-0.13.1-gpl.tgz

polarssl-0.13.1-gpl.tgz:
MD5    : 298224a1830bef2525acae0535cd5a4f
SHA-1  : b4fcbd59da670e54ff4048fbdc334edb965b460d
SHA-256: f880cbb8d69ed6edc2b022475f03999f2717eb0e2a4472351df0465a924500a0

PolarSSL version 0.12.1 has been released!

Small bugfix release to let the tests honor some of the config defines, instead of throwing errors. Not everything is honored, but MD2 and MD4 related tests do honor their defines.

From the ChangeLog

Changes:

   * Coverage test definitions now support 'depends_on'
     tagging system.
   * Tests requiring specific hashing algorithms now honor
     the defines.

Bug fixes:

   * Changed typo in #ifdef in x509parse.c (found
     by Eduardo)

Download links: polarssl-0.12.1-gpl.tgz

polarssl-0.12.1-gpl.tgz:
MD5    : 08bc85a19bbe65493076b9968b421e80  
SHA-1  : 31a85ae0b1365de5575e4f7b3c982bd14de0870b
SHA-256: 4bd79758b22e04b653e3e825847e3c72b4aab51685fa2acdb6fe00431c8bb8f3

PolarSSL version 0.12.0 has been released!

The largest change with regards to the previous versions is the addition of a suite of regression and coverage tests. These tests currently cover all basic functionality of the PolarSSL library except the network and SSL communication. Over 900 tests are implemented and they cover over 90% of the actual runtime code in the currently tested files.

From the ChangeLog

Features:

   * Added CMake makefiles as alternative to regular Makefiles.
     The normal Makefiles still work.
   * Added Regression and Code Coverage tests for AES, ARC4,
     Base64, MPI, SHA-family, MD-family, HMAC-SHA-family,
     Camellia, DES, 3-DES, RSA PKCS#1, XTEA, Diffie-Hellman
     and X509parse.

Changes:

   * Error codes are not (necessarily) negative. Keep
     this is mind when checking for errors.
   * RSA_RAW renamed to SIG_RSA_RAW for consistency.
   * Fixed typo in name of POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE.
   * Changed interface for AES and Camellia setkey functions
     to indicate invalid key lengths.

Bug fixes:

   * Fixed include location of endian.h on FreeBSD (found by
     Gabriel)
   * Fixed include location of endian.h and name clash on
     Apples (found by Martin van Hensbergen)
   * Fixed HMAC-MD2 by modifying md2_starts(), so that the
     required HMAC ipad and opad variables are not cleared.
     (found by code coverage tests)
   * Prevented use of long long in bignum if
     POLARSSL_HAVE_LONGLONG not defined (found by Giles
     Bathgate).
   * Fixed incorrect handling of negative strings in
     mpi_read_string() (found by code coverage tests).
   * Fixed segfault on handling empty rsa_context in
     rsa_check_pubkey() and rsa_check_privkey() (found by
     code coverage tests).
   * Fixed incorrect handling of one single negative input
     value in mpi_add_abs() (found by code coverage tests).
   * Fixed incorrect handling of negative first input
     value in mpi_sub_abs() (found by code coverage tests).
   * Fixed incorrect handling of negative first input
     value in mpi_mod_mpi() and mpi_mod_int(). Resulting
     change also affects mpi_write_string() (found by code
     coverage tests).
   * Corrected is_prime() results for 0, 1 and 2 (found by
     code coverage tests).
   * Fixed Camellia and XTEA for 64-bit Windows systems.

Download links: polarssl-0.12.0-gpl.tgz

polarssl-0.12.0-gpl.tgz:
MD5    : 585db0934ee507ff818be74305103e70  
SHA-1  : 980c245310fbd6b2f1e0bb5f9eab20f6515c723b
SHA-256: 71e69a9071a73f501fbc08743b7b0e2fb84cfae1f2ca5c368dc0c4e33cfafb08

Bug fixes:

   * Fixed missing code block for support of SHA-224, SHA-256,
     SHA-384 and SHA-512 in rsa_pkcs1_sign().

Download links: polarssl-0.11.1-gpl.tgz

polarssl-0.11.1-gpl.tgz:
MD5    : 885d70f15d31eb736975e5473d8ea7ec  
SHA-1  : f6831d2c870aa0d8b5f056da4f4d535d60c7c845
SHA-256: 5a652075140fbff46c3c8df937923671e83ff098a6038a01128ff968a17c7986

New features:

   * Added support for SHA-224, SHA-256, SHA-384 and SHA-512
     one way hash functions with the PKCS#1 v1.5 signing and
     verification.
   * Added support for Certificate Revocation List (CRL) parsing.
   * Added support for CRL revocation to x509parse_verify() and
     SSL/TLS code.

Bug fixes:

   * Fixed a bug in mpi_gcd() so that it also works when both
     input numbers are even and added testcases to check
     (found by Pierre Habouzit).
   * Fixed minor bug regarding mpi_gcd located within the
     POLARSSL_GENPRIME block.
   * Fixed minor memory leak in x509parse_crt() and added better
     handling of 'full' certificate chains (found by Mathias
     Olsson).
   * Centralized file opening and reading for x509 files into
     load_file()
   * Made definition of net_htons() endian-clean for big endian
     systems (Found by Gernot).
   * Undefining POLARSSL_HAVE_ASM now also handles prevents asm in
     padlock and timing code.
   * Fixed an off-by-one buffer allocation in ssl_set_hostname()
     responsible for crashes and unwanted behaviour.
   * Fixed compatibility of XTEA and Camellia on a 64-bit system
     (found by Felix von Leitner).

Download links: polarssl-0.11.0-gpl.tgz

MD5 checksums:
7433101affb3dd2febaf5e5fc7e0f2e3  polarssl-0.11.0-gpl.tgz

SHA-1 checksums:
86b4f1dd98fb4f2d408a9b699910b0b599a7e7b9  polarssl-0.11.0-gpl.tgz

To accommodate multiple requests for more information on the site and to support future enhancements and additions, the layout has slightly changed.

It took a while, but there is a forum again. It seems IE has some issues with the visual side of the entire site code. (X)HTML and CSS improvements are always welcome.

Made available the BSD and corrected GPL version of the PolarSSL library

Download links: polarssl-0.10.1-gpl.tgz | polarssl-0.10.1-bsd.tgz

MD5 checksums:
492a4a82a7985e7f824e2617ef33b62c  polarssl-0.10.1-bsd.tgz
49bd1c6b46a8699d8bf215d3a318899e  polarssl-0.10.1-gpl.tgz

SHA-1 checksums:
4b1d763d2c7a8526c8facf443473c6eb12ccc257  polarssl-0.10.1-bsd.tgz
65c18f3d007a843fa4b2fc9b45e90e03da1de4cf  polarssl-0.10.1-gpl.tgz