Version 0.4

bearssl-0.4.tar.gz, released on April 3rd, 2017.

  • New AES and GHASH implementations for POWER8 processors (provides AES/GCM at more than 2 gigabytes per second!).

  • Improved GHASH implementation with AES-NI opcodes (pclmulqdq).

  • New Poly1305 implementation with 64→128 multiplications, available on some 64-bit architectures.

  • New “i62” big-integer code with 64→128 multiplications, available on some 64-bit architectures (RSA is much faster).

  • Some mostly cosmetic patches to support very old systems (BearSSL now compiles and run on Debian 2.2 “potato” from 2000, with GCC 2.95).

Version 0.3

bearssl-0.3.tar.gz, released on January 29th, 2017.

  • Support for ALPN extension (RFC 7301).

  • New big-integers support code (“i15”), that uses 15-bit words internally; this offers better performance and constant-time code on the ARM Cortex M series.

    On the ARM Cortex M, a bit of inline assembly can be used to speed up multiplications and modular exponentations.

  • Many new elliptic curve implementations:

    • ec_prime_i15: supports P-256, P-384 and P-521 with the “i15” big integers.

    • ec_p256_m15: specialised implementation for P-256; similar to “i15” but faster. Internally, 13-bit words are used (for easier carry propagation).

    • ec_p256_m31: like ec_p256_m15, but using 30-bit words.

    • ec_c25519_i15 and ecc25519_i31 implement Curve25519 with the “i15” and “i31” big integers, respectively.

    • ec_c25519_m15 and ecc25519_m31 are specialised implementations of Curve25519 with 13-bit and 30-bit words, respectively; they are faster, but with a larger compiled code size.

    • ec_all_m15 and ec_all_m31 are aggregate wrappers that provide support for the three NIST curves and Curve25519, with the “m15/i15” or the “m31/i31” code, respectively.

  • New API for server-side private key handling: when using ECDHE, the pluggable module that computes the signature on the ServerKeyExchange message can now obtain the actual data, not just a hash thereof (this should help with EdDSA integration when that function is implemented).

  • Revamped Makefile structure:

    • Simplified configuration files (in the conf/ directory) to allow for selectable sets of parameters, including build directory.

    • Visual Studio + nmake.exe is now a supported target.

  • AES implementation with the AES-NI opcodes; works with GCC, Clang and Visual Studio, both in 32-bit and 64-bit modes.

  • GHASH implementation with pclmulqdq; works with GCC, Clang and Visual Studio, both in 32-bit and 64-bit modes.

  • Many fixes, including a buffer overrun.

Version 0.2

bearssl-0.2.tar.gz, released on December 13th, 2016.

  • Support for ClientHello padding (RFC 7685).

  • Support for TLS_FALLBACK_SCSV (RFC 7507) (server-side; on the client, this is entirely under control of the caller).

  • New flag to prohibit renegotiations.

  • API for saving and restoring session parameters (controllable session resumption on the client side).

  • Client certificates: API to request a client certificate (on the server side), and to provide a client certificate (on the client side).

  • API for generic name extraction from X.509 certificates (from the subject DN and the SAN extension).

  • Improved T0 compilation (threaded code is about 10% shorter).

  • ChaCha20+Poly1305 support (RFC 7905).

  • Lots of fixes (including a couple of buffer overruns).

Version 0.1

bearssl-0.1.tar.gz, released on November 3rd, 2016.

  • Initial release.