MatrixSSL 3.7.1

MatrixSSL 3.7.1

Dec 4, 2014

  • X.509 and ASN.1 Parsing Improvements - The Advanced Threat Research team at Intel Security discovered several issues as part of their research on the BERSerk attack on RSA signature verification. MatrixSSL does not contain this vulnerability which can result in a MITM attack, however some other ASN.1 fields were not consistently checked against remaining buffer length when parsed. These have each been fixed, and the getAsnLength() internal API now also does a double check against the remaining buffer length for variable length fields in all cases.
  • Constant-Time Memory Compare - Calls to memcmp() have been replaced with a memcmpct() implementation to reduce the effectiveness of future timing based attacks.


New Features

  • Application-Layer Protocol Negotiation - Implemented RFC 7301.
  • X.509 RSASSA-PSS Signatures - MatrixSSL now supports the more secure RSASSA-PSS signature algorithm in X.509 certificates.
  • Run-Time TLS Feature Control - Truncated HMAC use, Maximum Fragment Length requests, and Elliptic Curve specification can now be enabled on a per-session basis when creating a new session..


API Changes

  • Several - Please see the release notes included in the package for details.


Subscribe

Subscribe via RSS.

Tags

News (22) Releases (50)

Recent Posts

About

MatrixSSL™ is an embedded SSL and TLS implementation designed for small footprint applications and devices.

Links

Company

Copyright (c) INSIDE Secure Corp., 2002-2017. All Rights Reserved.