Sep 5, 2014
- ECC Key Validation -
A security researcher reported that maliciously crafted ECDHE keys could be used to expose an error in the library that could cause an infinite loop or crash, on some platforms.
ECDHE cipher suites are not enabled in the default configuration, however users that have enabled ECDHE cipher suites should update to the current version of MatrixSSL.
- AES-GCM Mode on Big Endian -
Fixed a bug that was preventing the AES_GCM tag from being created correctly on big endian platforms.
- X.509 PathLen with Root Certs -
Clients were incorrectly calculating the pathLen constraint in X.509 certificate chains when servers sent the root CA as part of the chain. It is not advised servers send the root CA but it is now handled correctly if those servers are encountered.
- Simultaneous Re-handshake -
Clarified the behaviour if client and server sent a re-handshake simultaneously.
- Library Repackaging -
The Makefile framework now generates three module libraries when compiling MatrixSSL: core, crypto and matrixssl. Previously these were packaged as a single library. This change makes it easier to share crypto and core libraries with other libs like MatrixSSH, MatrixDTLS and MatrixCMS.
- Additional Changes -
See the relase notes in the package for a complete list of changes in this version.