Dec 4, 2014
- X.509 and ASN.1 Parsing Improvements - The Advanced Threat Research team at Intel
discovered several issues as part of their research on the BERSerk attack on RSA signature verification.
MatrixSSL does not contain this vulnerability which can result in a MITM attack, however some other ASN.1 fields were not consistently checked against remaining buffer length when parsed.
These have each been fixed, and the getAsnLength() internal API now also does a double check against the remaining buffer length for variable length fields in all cases.
- Constant-Time Memory Compare - Calls to memcmp() have been replaced with a memcmpct() implementation to reduce the effectiveness of future timing based attacks.
- Application-Layer Protocol Negotiation - Implemented RFC 7301.
- X.509 RSASSA-PSS Signatures - MatrixSSL now supports the more secure RSASSA-PSS signature algorithm in X.509 certificates.
- Run-Time TLS Feature Control - Truncated HMAC use, Maximum Fragment Length requests, and Elliptic Curve specification can now be enabled on a per-session basis when creating a new session..
- Several - Please see the release notes included in the package for details.