bearssl-0.4.tar.gz, released on April 3rd, 2017.
New AES and GHASH implementations for POWER8 processors (provides AES/GCM at more than 2 gigabytes per second!).
Improved GHASH implementation with AES-NI opcodes (
New Poly1305 implementation with 64→128 multiplications, available on some 64-bit architectures.
New “i62” big-integer code with 64→128 multiplications, available on some 64-bit architectures (RSA is much faster).
Some mostly cosmetic patches to support very old systems (BearSSL now compiles and run on Debian 2.2 “potato” from 2000, with GCC 2.95).
bearssl-0.3.tar.gz, released on January 29th, 2017.
Support for ALPN extension (RFC 7301).
New big-integers support code (“i15”), that uses 15-bit words internally; this offers better performance and constant-time code on the ARM Cortex M series.
On the ARM Cortex M, a bit of inline assembly can be used to speed up multiplications and modular exponentations.
Many new elliptic curve implementations:
ec_prime_i15: supports P-256, P-384 and P-521 with the “i15” big integers.
ec_p256_m15: specialised implementation for P-256; similar to “i15” but faster. Internally, 13-bit words are used (for easier carry propagation).
ec_p256_m15, but using 30-bit words.
ecc25519_i31implement Curve25519 with the “i15” and “i31” big integers, respectively.
ecc25519_m31are specialised implementations of Curve25519 with 13-bit and 30-bit words, respectively; they are faster, but with a larger compiled code size.
ec_all_m31are aggregate wrappers that provide support for the three NIST curves and Curve25519, with the “m15/i15” or the “m31/i31” code, respectively.
New API for server-side private key handling: when using ECDHE, the pluggable module that computes the signature on the ServerKeyExchange message can now obtain the actual data, not just a hash thereof (this should help with EdDSA integration when that function is implemented).
Revamped Makefile structure:
Simplified configuration files (in the
conf/directory) to allow for selectable sets of parameters, including build directory.
Visual Studio +
nmake.exeis now a supported target.
AES implementation with the AES-NI opcodes; works with GCC, Clang and Visual Studio, both in 32-bit and 64-bit modes.
GHASH implementation with
pclmulqdq; works with GCC, Clang and Visual Studio, both in 32-bit and 64-bit modes.
Many fixes, including a buffer overrun.
bearssl-0.2.tar.gz, released on December 13th, 2016.
Support for ClientHello padding (RFC 7685).
Support for TLS_FALLBACK_SCSV (RFC 7507) (server-side; on the client, this is entirely under control of the caller).
New flag to prohibit renegotiations.
API for saving and restoring session parameters (controllable session resumption on the client side).
Client certificates: API to request a client certificate (on the server side), and to provide a client certificate (on the client side).
API for generic name extraction from X.509 certificates (from the subject DN and the SAN extension).
Improved T0 compilation (threaded code is about 10% shorter).
ChaCha20+Poly1305 support (RFC 7905).
Lots of fixes (including a couple of buffer overruns).
bearssl-0.1.tar.gz, released on November 3rd, 2016.
- Initial release.