Version 0.6

bearssl-0.6.tar.gz, released on August 14th, 2018.

  • Added general-purpose implementations of EAX and CCM modes (including shared precomputation support for EAX).

  • Added general-purpose RSA/OAEP implementation.

  • Added general-purpose HKDF implementation.

  • Added support for CCM and CCM_8 TLS cipher suites (RFC 6655 and RFC 7251).

  • Added RSA and EC key generation.

  • Added private key encoding support (“raw” and PKCS#8 formats, both in DER and PEM, for RSA and EC key pairs).

  • Made Base64 encoding/decoding constant-time (with regards to the encoded data bytes).

  • Added a generic API for random seed providers.

  • Added an extra DRBG based on AES/CTR + Hirose construction for reseeding.

  • Some cosmetic fixes to avoid warnings with picky compilers.

  • Makefile fix to achieve compatibility with OpenBSD.

  • Fixed a bug in bit length computation for big integers (this was breaking RSA signatures with some specific implementations and key lengths).

  • Made SSL/TLS client stricter in cipher suite selection (to align with server behaviour).

Version 0.5

bearssl-0.5.tar.gz, released on July 30th, 2017.

  • Added support for the BoarSSL / Twrch test framework.

  • Header files now include the ritual mantras that make them compatible with C++.

  • Better Makefile behaviour with Clang (FreeBSD compatibility).

  • Worked around a bug of GCC 4.8 and 4.9 in 32-bit x86 mode.

  • Incoming application data after initiating closure is now properly ignored.

  • Some instances of (critical) Certificate Policies extensions are now ignored (when it is safe to do so).

  • Fixed some behavioural bugs with regards to renegotiation (all were failing safe).

  • Added encoded OID for hash functions in the public API, to help with using RSA signatures in non-SSL contexts.

  • Fixed bug in AES/CBC decryption on x86 with AES-NI opcode (this was breaking decryption with AES/CBC cipher suites and TLS 1.0 only).

  • Added an explicit stack buffer initialisation (some provably harmless accesses to uninitialised data were performed, Valgrind was not happy).

  • Fixed bug in the search tree for the cache of SSL sessions (occasional lock-ups).

  • Fixed bug in modular reduction in the special field for P-256 (this was infrequently breaking ECDSA signatures).

  • Added support for exporting keying material (RFC 5705).

  • Added new general-purpose API for AEAD implementations (in non-SSL contexts) and an AES/GCM implementation that follows that API.

  • Added a function to forget saved session parameter in the LRU cache.

  • Added a new ChaCha20 implementation that uses SSE2 on x86 architectures (both 32-bit and 64-bit).

Version 0.4

bearssl-0.4.tar.gz, released on April 3rd, 2017.

  • New AES and GHASH implementations for POWER8 processors (provides AES/GCM at more than 2 gigabytes per second!).

  • Improved GHASH implementation with AES-NI opcodes (pclmulqdq).

  • New Poly1305 implementation with 64→128 multiplications, available on some 64-bit architectures.

  • New “i62” big-integer code with 64→128 multiplications, available on some 64-bit architectures (RSA is much faster).

  • Some mostly cosmetic patches to support very old systems (BearSSL now compiles and run on Debian 2.2 “potato” from 2000, with GCC 2.95).

Version 0.3

bearssl-0.3.tar.gz, released on January 29th, 2017.

  • Support for ALPN extension (RFC 7301).

  • New big-integers support code (“i15”), that uses 15-bit words internally; this offers better performance and constant-time code on the ARM Cortex M series.

    On the ARM Cortex M, a bit of inline assembly can be used to speed up multiplications and modular exponentations.

  • Many new elliptic curve implementations:

    • ec_prime_i15: supports P-256, P-384 and P-521 with the “i15” big integers.

    • ec_p256_m15: specialised implementation for P-256; similar to “i15” but faster. Internally, 13-bit words are used (for easier carry propagation).

    • ec_p256_m31: like ec_p256_m15, but using 30-bit words.

    • ec_c25519_i15 and ecc25519_i31 implement Curve25519 with the “i15” and “i31” big integers, respectively.

    • ec_c25519_m15 and ecc25519_m31 are specialised implementations of Curve25519 with 13-bit and 30-bit words, respectively; they are faster, but with a larger compiled code size.

    • ec_all_m15 and ec_all_m31 are aggregate wrappers that provide support for the three NIST curves and Curve25519, with the “m15/i15” or the “m31/i31” code, respectively.

  • New API for server-side private key handling: when using ECDHE, the pluggable module that computes the signature on the ServerKeyExchange message can now obtain the actual data, not just a hash thereof (this should help with EdDSA integration when that function is implemented).

  • Revamped Makefile structure:

    • Simplified configuration files (in the conf/ directory) to allow for selectable sets of parameters, including build directory.

    • Visual Studio + nmake.exe is now a supported target.

  • AES implementation with the AES-NI opcodes; works with GCC, Clang and Visual Studio, both in 32-bit and 64-bit modes.

  • GHASH implementation with pclmulqdq; works with GCC, Clang and Visual Studio, both in 32-bit and 64-bit modes.

  • Many fixes, including a buffer overrun.

Version 0.2

bearssl-0.2.tar.gz, released on December 13th, 2016.

  • Support for ClientHello padding (RFC 7685).

  • Support for TLS_FALLBACK_SCSV (RFC 7507) (server-side; on the client, this is entirely under control of the caller).

  • New flag to prohibit renegotiations.

  • API for saving and restoring session parameters (controllable session resumption on the client side).

  • Client certificates: API to request a client certificate (on the server side), and to provide a client certificate (on the client side).

  • API for generic name extraction from X.509 certificates (from the subject DN and the SAN extension).

  • Improved T0 compilation (threaded code is about 10% shorter).

  • ChaCha20+Poly1305 support (RFC 7905).

  • Lots of fixes (including a couple of buffer overruns).

Version 0.1

bearssl-0.1.tar.gz, released on November 3rd, 2016.

  • Initial release.