Noteworthy changes in version 0.9.5 (2015-07-01)
------------------------------------------------
* Replaced the internal Assuan and gpg-error code by the standard
libassuan and libgpg-error libraries.
* Add a new Emacs pinentry and use as fallback for GUI programs.
* gnome3: The use-password-manager checkbox does now work.
* Gtk: Improved fallback to curses feature.
* curses: Recognize DEL as backspace.
Noteworthy changes in version 0.9.7 (2014-12-12)
------------------------------------------------
* Support sending keys for GnuPG 2.1.
Noteworthy changes in version 0.9.6 (2014-11-21)
------------------------------------------------
* Support keyserver operations for GnuPG 2.1.
* Implement the IMPORT_FILES server command.
* New "Refresh Key" action in the key manager's context menu.
Noteworthy changes in version 0.9.5 (2014-09-01)
------------------------------------------------
* GPA now starts with the UI server enabled and tests on startup
whether such a server is already running to open that one instead
of launching a second instance.
* GPA is now aware of ECC keys.
* Improved detection of CMS objects (which are used by S/MIME) and
detached OpenPGP signatures.
* Allow import and export of X.509 certificates. Allow backup of
X.509 keys.
* The key creation date is now displayed in the key listing.
* Armored detached signature files are now created with an ".asc"
suffix and not with ".sig".
* The GnuPG home directory is now detected using the gpgconf tool.
* Added launch-gpa wrapper for Windows.
* Fixed several bugs leading to crashs.
Noteworthy changes in version 0.9.4 (2013-05-01)
------------------------------------------------
* Added scrollbars to the verification result window.
* Improved searching in the key listing.
* Now uses the native theme under Windows.
Noteworthy changes in version 0.9.3 (2012-08-08)
------------------------------------------------
* Allow searching in the keylist.
* Collected bug fixes.
Noteworthy changes in version 0.9.2 (2012-05-02)
------------------------------------------------
* Adjust server mode to modern Libassuan.
* Add options --enable-logging for W32.
* Add options --gpg-binary, --gpgsm-binary and --debug-edit-fsm.
* Properly process CMS data in the clipboard and with the server's
VERIFY_FILES and DECRYPT_FILES commands.
* Minor code cleanups.
Noteworthy changes in version 0.9.1 (2012-04-18)
------------------------------------------------
* The key selection dialogs for encryption and signing do not anymore
list expired, revoked or otherwise invalid keys.
* If no recipients are given to the server, a generic key selection
dialog is now used.
* Now works with Libassuan 2.x.
* The card manager now displays the ATR for an unknown card.
Noteworthy changes in version 0.9.0 (2009-06-20)
------------------------------------------------
* Added a smartcard manager.
* GPA now requires GnuPG-2.
* X.509 support is now always enabled.
* Major internal cleanups. More to follow soon.
Noteworthy changes in version 0.8.0 (2008-09-04)
------------------------------------------------
* Add basic UI server mode and option --daemon.
* GPA now supports direct crypto operations to and from the
clipboard, and features a simple text edit area as well.
* GPA supports manipulating the backend configuration through
gpg-conf.
* GPA has now basic support for X.509; use the command line switch
--cms to enable this.
* The default keyserver is now taken from gpg.conf and not from
gpa.conf.
Noteworthy changes in version 0.7.6 (2007-05-24)
------------------------------------------------
* Czech translation by Zdenek Hatas.
* Russian translation by Maxim Britov.
* Files may now be dropped onto the file manager window.
Noteworthy changes in version 0.7.5 (2007-02-26)
------------------------------------------------
* Allow setting a password if it was empty.
* Fixed changing of expiration date for non-C-99 systems.
* Fixed a crash while encrypting several files.
* Fixed a bug while encrypting to several keys.
Noteworthy changes in version 0.7.4 (2006-07-25)
------------------------------------------------
* Added icon to the Windows version.
* Other minor fixes.
Noteworthy changes in version 0.7.3 (2006-03-21)
------------------------------------------------
* Minor fixes.
Noteworthy changes in version 0.7.2 (2006-03-03)
------------------------------------------------
* The key generation wizard does not allow to set a comment anymore.
This is an advanced feature available in the advanced GUI version
of key generation.
* Bug fixes for the Windows target, in particular
internationalization and binary mode file handling.
Noteworthy changes in version 0.7.1 (2006-01-09)
------------------------------------------------
* When verifying the signature on a file, GPA now tries to find
detached signatures and asks the user whether to verify them.
* A "refresh" command was added to the keyring. So, if the keyring is
modified outside GPA (i.e. by reading emails with auto-key-retrieve
on), you can see the new keys without restarting GPA.
* A .desktop file for integration with the Gnome and KDE menus is now
distributed with the tarball.
* The GPA icon has been changed. The new icon is now used by all
windows when minimized (and on the window title if supported by the
window manager).
* It is again possible to do a build for Windows using the latest
glib version along with a glib patch as available in the gpg4win
package.
Noteworthy changes in version 1.5.5 (2015-06-08) [C24/A13/R4]
------------------------------------------------
* Fixed crash in key listings for user ids with a backslash.
* Fixed regression for GPGSM use with GnuPG < 2.1.
* Properly set signature summary for revoked OpenPGP keys.
Noteworthy changes in version 1.5.4 (2015-04-13) [C24/A13/R3]
------------------------------------------------
* Fixed a possible crash in the debug code.
* Fixed building for Windows with newer versions of Mingw.
Noteworthy changes in version 1.5.3 (2014-12-11) [C24/A13/R2]
-------------------------------------------------------------
* The export key functions do now return an error if used with the
latest GnuPG version.
Noteworthy changes in version 1.5.2 (2014-11-21) [C24/A13/R1]
-------------------------------------------------------------
* gpgme-tool is now installed.
* Fix external listing for modern keyservers.
* Minor other fixes.
Noteworthy changes in version 1.3.3 (2015-04-10) [C19/A11/R4]
------------------------------------------------
* Fixed an integer overflow in the DN decoder.
* Now returns an error instead of terminating the process for certain
bad BER encodings.
* Improved the parsing of utf-8 strings in DNs.
* Allow building with newer versions of Bison.
* Improvement building on Windows with newer versions of Mingw.
Noteworthy changes in version 2.2.1 (2015-05-12) [C5/A5/R1]
------------------------------------------------
* Documentation updates.
* Fixed building for Windows with newer versions of Mingw.
Noteworthy changes in version 2.2.0 (2014-12-11) [C5/A5/R0]
------------------------------------------------
* Added support for socket redirection.
* Interface changes relative to the 2.1.3 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
assuan_sock_set_sockaddr_un NEW.
Noteworthy changes in version 2.1.3 (2014-11-07) [C4/A4/R3]
------------------------------------------------
* Performance fix for Windows.
Noteworthy changes in version 2.1.2 (2014-08-17) [C4/A4/R2]
------------------------------------------------
* Fixed portability bugs for Solaris and AIX.
* Added support for ppc64le.
Noteworthy changes in version 2.1.1 (2013-06-24) [C4/A4/R1]
------------------------------------------------
* Limited support for 64 bit Windows. This is sufficient for use by
GpgEX.
Noteworthy changes in version 2.1.0 (2013-02-22)
------------------------------------------------
* Support for the nPth library.
* Add assuan_check_version and two version macros.
* Interface changes relative to the 2.0.3 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ASSUAN_SYSTEM_NPTH_IMPL NEW macro.
ASSUAN_SYSTEM_NPTH NEW macro.
__assuan_read NEW (private).
__assuan_write NEW (private).
__assuan_recvmsg NEW (private).
__assuan_sendmsg NEW (private).
__assuan_waitpid NEW (private).
ASSUAN_VERSION NEW macro.
ASSUAN_VERSION_NUMBER NEW macro.
assuan_check_version NEW.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
GnuPG-2 provides several utilities that are used by mail clients,
such as Kmail and Balsa, including OpenPGP and S/MIME support.
GnuPG-2 has a different architecture than GnuPG-1 (e.g. 1.4.5) in that
it splits up functionality into several modules. However, both
versions may be installed alongside without any conflict. In fact,
the gpg version from GnuPG-1 is able to make use of the gpg-agent as
included in GnuPG-2 and allows for seamless passphrase caching. The
advantage of GnuPG-1 is its smaller size and the lack of dependency on
other modules at run and build time.
Packaged by adanbsd as pkgsrc/wip/gnupg21.
The Libassuan package contains an IPC library used by some of the
other GnuPG related packages. Libassuan's primary use is to allow
a client to interact with a non-persistent server. Libassuan is
not, however, limited to use with GnuPG servers and clients. It
was designed to be flexible enough to meet the demands of many
transaction based environments with non-persistent servers.
Packaged by adanbsd as pkgsrc/wip/libassuan22.
Revision 0.0.6
--------------
- Typo fix to id_kp_serverAuth object value
- A test case for indefinite length encoding eliminated as it's
forbidden in DER.
Revision 0.1.8
--------------
- ObjectIdentifier codec fixed to work properly with arc 0 and arc 2 values.
- Explicit limit on ObjectIdentifier arc value size removed.
- Unicode initializer support added to OctetString type and derivatives.
- New prettyPrintType() abstract method implemented to base pyasn1 types
to facilitate encoding errors analisys.
- The __str__() method implemented to Tag, TagSet and TagMap classes to
ease encoding errors troubleshooting.
easing encoding errors
- Fix to SEQUENCE and SET types to give them their private componentTypes
collection (which is a NamedTypes object) so that they won't collide in
a MT execution environment.
- Missing T61String,ISO646String character types and ObjectDescriptor useful
type added.
- Distribute is gone, switched to setuptools completely.
- Missing NamedValues.__repr__() added.
- The base.NoValue() class, that indicates uninitialized ASN.1 object,
made public.
- The base.NoValue() class instances now support __repr__() what makes
possible to perform repr() on uninitialized pyasn1 types objects.
- When comparing ASN.1 types, by-tag and/or by-constraints matching
can now be performed with the isSuperTypeOf()/isSameTypeWith() optional
flags.
- Constructed types now verify their consistency by invoking
isSameTypeWith(matchTags=True, matchConstraints=False) and
isSuperTypeOf(matchTags=False, matchConstraints=True) for each of their
components rather than isSuperTypeOf() as it used to be. Constriants check
could be enforced to isSameTypeWith() with the strictConstraints=True
constructed classes attribute.
- Constructed types can now be initialized with new .setComponents() method
which accepts both var-args and keyword-args. Default repr() modified to
reflect this change.
- NamedTypes() and NamedValues() made comparable.
- Test coverage extended to cover pyasn1 types __repr__() function.
- The abs(Integer()) & abs(Real()) operation now returns respective pyasn1
type, not a Python type.
- More Python magic methods implementations added to Integer & Real classes
(e.g. __pos__, __neg__, __round__, __floor__, __ceil__, __trunc__)
- The Integer.__invert__ Python magic method implemented.
- The OctetString.__int__() and .__float__() magic methods implemented.
- Handle the case of null writer at Debug printer.
- BitString encoder/decoder performance improved.
- Built-in debugging is now based on Python logging module.
- Fix to NamedType.__repr__() to work properly.
- Fixes to __repr__() implementation of many built-in ASN.1 types to take into
account all of their initializers such as tagSet, subtypeSpec etc.
- String typed float initializer to REAL type now supported.
- Float typed mantissa initializer to REAL type for base 2 added.
- Encoding bases 8 and 16 support for REAL type binary encoder added.
- More strict CER/DER encoders added for GeneralizedTime and UTCTime types.
- Asn1Item.hasValue() added to easily distinguish initalized ASN.1 objects
from uninitialized ones (e.g. pure types).
- Fix to REAL type binary decoder to handle different bases and scale factor.
- Fix to TagSet.repr() to include [obsolete] baseTag information.
- Fix to broken REAL type decoding handling.
- Fix to BitString and OctetString decoders dealing with constructed
encoding -- it used to be possible to embed other types in substrate.
- Fix to end-of-octest sentinel handling:
* require strict two-zeros sentinel encoding
* recognize EOO sentinel only when explicitly requested by caller
of the decoder via allowEoo=True parameter (warning: API change)
- DER codec hardened not to tolerate indefinite length encoding/decoding.
1.70 2015-06-26
Patch from Alexander Bluhm: The new OpenSSL 1.0.2 X509_check_* functions are not available in
current LibreSSL. So disable them in SSLeay.xs.
Fixed a problem with building against OSX homebrew's openssl. Patch from
Shoichi Kaji.
Removed a test in t/local/33_x509_create_cert.t which fails due to
changes in 1.0.1n and later
--------------------------------
pkgsrc changes:
- Adjust EGG_NAME
Upstream changes:
* Release 0.13 (07 Feb 2015)
Fix the argument order for Curve constructor (put openssl_name= at the end,
with a default value) to unbreak compatibility with external callers who used
the 0.11 convention.
* Release 0.12 (06 Feb 2015)
Switch to Versioneer for version-string management (fixing the broken
`ecdsa.__version__` attribute). Add Curve.openssl_name property. Mention
secp256k1 in README, test against OpenSSL. Produce "wheel" distributions. Add
py3.4 and pypy3 compatibility testing. Other minor fixes.
forensics and security. Based on the dd program found in the GNU
Coreutils package, dcfldd has the following additional features:
* Hashing on-the-fly - dcfldd can hash the input data as it is being
transferred, helping to ensure data integrity.
* Status output - dcfldd can update the user of its progress in terms
of the amount of data transferred and how much longer operation will take.
* Flexible disk wipes - dcfldd can be used to wipe disks quickly and
with a known pattern if desired.
* Image/wipe Verify - dcfldd can verify that a target drive is a
bit-for-bit match of the specified input file or pattern.
* Multiple outputs - dcfldd can output to multiple files or disks at
the same time.
* Split output - dcfldd can split output to multiple files with more
configurability than the split command.
* Piped output and logs - dcfldd can send all its log data and output
to commands as well as files natively.
- Fix HMAC ABI incompatibility. The previous version introduced an ABI
incompatibility in the handling of HMAC. The previous ABI has now been
restored.
- Malformed ECParameters causes infinite loop
When processing an ECParameters structure OpenSSL enters an infinite loop
if the curve specified is over a specially malformed binary polynomial
field.
This can be used to perform denial of service against any
system which processes public keys, certificate requests or
certificates. This includes TLS clients and TLS servers with
client authentication enabled.
This issue was reported to OpenSSL by Joseph Barr-Pixton.
(CVE-2015-1788)
[Andy Polyakov]
- Exploitable out-of-bounds read in X509_cmp_time
X509_cmp_time does not properly check the length of the ASN1_TIME
string and can read a few bytes out of bounds. In addition,
X509_cmp_time accepts an arbitrary number of fractional seconds in the
time string.
An attacker can use this to craft malformed certificates and CRLs of
various sizes and potentially cause a segmentation fault, resulting in
a DoS on applications that verify certificates or CRLs. TLS clients
that verify CRLs are affected. TLS clients and servers with client
authentication enabled may be affected if they use custom verification
callbacks.
This issue was reported to OpenSSL by Robert Swiecki (Google), and
independently by Hanno Böck.
(CVE-2015-1789)
[Emilia Käsper]
- PKCS7 crash with missing EnvelopedContent
The PKCS#7 parsing code does not handle missing inner EncryptedContent
correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs
with missing content and trigger a NULL pointer dereference on parsing.
Applications that decrypt PKCS#7 data or otherwise parse PKCS#7
structures from untrusted sources are affected. OpenSSL clients and
servers are not affected.
This issue was reported to OpenSSL by Michal Zalewski (Google).
(CVE-2015-1790)
[Emilia Käsper]
- CMS verify infinite loop with unknown hash function
When verifying a signedData message the CMS code can enter an infinite loop
if presented with an unknown hash function OID. This can be used to perform
denial of service against any system which verifies signedData messages using
the CMS code.
This issue was reported to OpenSSL by Johannes Bauer.
(CVE-2015-1792)
[Stephen Henson]
- Race condition handling NewSessionTicket
If a NewSessionTicket is received by a multi-threaded client when
attempting to reuse a previous ticket then a race condition can occur
potentially leading to a double free of the ticket data.
(CVE-2015-1791)
[Matt Caswell]
- Removed support for the two export grade static DH ciphersuites
EXP-DH-RSA-DES-CBC-SHA and EXP-DH-DSS-DES-CBC-SHA. These two ciphersuites
were newly added (along with a number of other static DH ciphersuites) to
1.0.2. However the two export ones have *never* worked since they were
introduced. It seems strange in any case to be adding new export
ciphersuites, and given "logjam" it also does not seem correct to fix them.
[Matt Caswell]
- Only support 256-bit or stronger elliptic curves with the
'ecdh_auto' setting (server) or by default (client). Of supported
curves, prefer P-256 (both).
[Emilia Kasper]
- Reject DH handshakes with parameters shorter than 768 bits.
[Kurt Roeckx and Emilia Kasper]
This is former security/polarssl rebranded under a new name, keeping the same
API though and providing the previous libs as symlinks, so should be used as
as drop-in replacement for security/polarssl.
Changelog since polarssl-1.3.9 follows.
= mbed TLS 1.3.11 released 2015-06-04
Security
* With authmode set to SSL_VERIFY_OPTIONAL, verification of keyUsage and
extendedKeyUsage on the leaf certificate was lost (results not accessible
via ssl_get_verify_results()).
* Add countermeasure against "Lucky 13 strikes back" cache-based attack,
https://dl.acm.org/citation.cfm?id=2714625
Features
* Improve ECC performance by using more efficient doubling formulas
(contributed by Peter Dettman).
* Add x509_crt_verify_info() to display certificate verification results.
* Add support for reading DH parameters with privateValueLength included
(contributed by Daniel Kahn Gillmor).
* Add support for bit strings in X.509 names (request by Fredrik Axelsson).
* Add support for id-at-uniqueIdentifier in X.509 names.
* Add support for overriding snprintf() (except on Windows) and exit() in
the platform layer.
* Add an option to use macros instead of function pointers in the platform
layer (helps get rid of unwanted references).
* Improved Makefiles for Windows targets by fixing library targets and making
cross-compilation easier (thanks to Alon Bar-Lev).
* The benchmark program also prints heap usage for public-key primitives
if POLARSSL_MEMORY_BUFFER_ALLOC_C and POLARSSL_MEMORY_DEBUG are defined.
* New script ecc-heap.sh helps measuring the impact of ECC parameters on
speed and RAM (heap only for now) usage.
* New script memory.sh helps measuring the ROM and RAM requirements of two
reduced configurations (PSK-CCM and NSA suite B).
* Add config flag POLARSSL_DEPRECATED_WARNING (off by default) to produce
warnings on use of deprecated functions (with GCC and Clang only).
* Add config flag POLARSSL_DEPRECATED_REMOVED (off by default) to produce
errors on use of deprecated functions.
Bugfix
* Fix compile errors with PLATFORM_NO_STD_FUNCTIONS.
* Fix compile error with PLATFORM_EXIT_ALT (thanks to Rafał Przywara).
* Fix bug in entropy.c when THREADING_C is also enabled that caused
entropy_free() to crash (thanks to Rafał Przywara).
* Fix memory leak when gcm_setkey() and ccm_setkey() are used more than
once on the same context.
* Fix bug in ssl_mail_client when password is longer that username (found
by Bruno Pape).
* Fix undefined behaviour (memcmp( NULL, NULL, 0 );) in X.509 modules
(detected by Clang's 3.6 UBSan).
* mpi_size() and mpi_msb() would segfault when called on an mpi that is
initialized but not set (found by pravic).
* Fix detection of support for getrandom() on Linux (reported by syzzer) by
doing it at runtime (using uname) rather that compile time.
* Fix handling of symlinks by "make install" (found by Gaël PORTAY).
* Fix potential NULL pointer dereference (not trigerrable remotely) when
ssl_write() is called before the handshake is finished (introduced in
1.3.10) (first reported by Martin Blumenstingl).
* Fix bug in pk_parse_key() that caused some valid private EC keys to be
rejected.
* Fix bug in Via Padlock support (found by Nikos Mavrogiannopoulos).
* Fix thread safety bug in RSA operations (found by Fredrik Axelsson).
* Fix hardclock() (only used in the benchmarking program) with some
versions of mingw64 (found by kxjhlele).
* Fix warnings from mingw64 in timing.c (found by kxjklele).
* Fix potential unintended sign extension in asn1_get_len() on 64-bit
platforms.
* Fix potential memory leak in ssl_set_psk() (found by Mansour Moufid).
* Fix compile error when POLARSSL_SSL_DISABLE_RENEGOTATION and
POLARSSL_SSL_SSESSION_TICKETS where both enabled in config.h (introduced
in 1.3.10).
* Add missing extern "C" guard in aesni.h (reported by amir zamani).
* Add missing dependency on SHA-256 in some x509 programs (reported by
Gergely Budai).
* Fix bug related to ssl_set_curves(): the client didn't check that the
curve picked by the server was actually allowed.
Changes
* Remove bias in mpi_gen_prime (contributed by Pascal Junod).
* Remove potential sources of timing variations (some contributed by Pascal
Junod).
* Options POLARSSL_HAVE_INT8 and POLARSSL_HAVE_INT16 are deprecated.
* Enabling POLARSSL_NET_C without POLARSSL_HAVE_IPV6 is deprecated.
* compat-1.2.h and openssl.h are deprecated.
* Adjusting/overriding CFLAGS and LDFLAGS with the make build system is now
more flexible (warning: OFLAGS is not used any more) (see the README)
(contributed by Alon Bar-Lev).
* ssl_set_own_cert() no longer calls pk_check_pair() since the
performance impact was bad for some users (this was introduced in 1.3.10).
* Move from SHA-1 to SHA-256 in example programs using signatures
(suggested by Thorsten Mühlfelder).
* Remove some unneeded inclusions of header files from the standard library
"minimize" others (eg use stddef.h if only size_t is needed).
* Change #include lines in test files to use double quotes instead of angle
brackets for uniformity with the rest of the code.
* Remove dependency on sscanf() in X.509 parsing modules.
= mbed TLS 1.3.10 released 2015-02-09
Security
* NULL pointer dereference in the buffer-based allocator when the buffer is
full and polarssl_free() is called (found by Mark Hasemeyer)
(only possible if POLARSSL_MEMORY_BUFFER_ALLOC_C is enabled, which it is
not by default).
* Fix remotely-triggerable uninitialised pointer dereference caused by
crafted X.509 certificate (TLS server is not affected if it doesn't ask for a
client certificate) (found using Codenomicon Defensics).
* Fix remotely-triggerable memory leak caused by crafted X.509 certificates
(TLS server is not affected if it doesn't ask for a client certificate)
(found using Codenomicon Defensics).
* Fix potential stack overflow while parsing crafted X.509 certificates
(TLS server is not affected if it doesn't ask for a client certificate)
(found using Codenomicon Defensics).
* Fix timing difference that could theoretically lead to a
Bleichenbacher-style attack in the RSA and RSA-PSK key exchanges
(reported by Sebastian Schinzel).
Features
* Add support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv).
* Add support for Extended Master Secret (draft-ietf-tls-session-hash).
* Add support for Encrypt-then-MAC (RFC 7366).
* Add function pk_check_pair() to test if public and private keys match.
* Add x509_crl_parse_der().
* Add compile-time option POLARSSL_X509_MAX_INTERMEDIATE_CA to limit the
length of an X.509 verification chain.
* Support for renegotiation can now be disabled at compile-time
* Support for 1/n-1 record splitting, a countermeasure against BEAST.
* Certificate selection based on signature hash, preferring SHA-1 over SHA-2
for pre-1.2 clients when multiple certificates are available.
* Add support for getrandom() syscall on recent Linux kernels with Glibc or
a compatible enough libc (eg uClibc).
* Add ssl_set_arc4_support() to make it easier to disable RC4 at runtime
while using the default ciphersuite list.
* Added new error codes and debug messages about selection of
ciphersuite/certificate.
Bugfix
* Stack buffer overflow if ctr_drbg_update() is called with too large
add_len (found by Jean-Philippe Aumasson) (not triggerable remotely).
* Possible buffer overflow of length at most POLARSSL_MEMORY_ALIGN_MULTIPLE
if memory_buffer_alloc_init() was called with buf not aligned and len not
a multiple of POLARSSL_MEMORY_ALIGN_MULTIPLE (not triggerable remotely).
* User set CFLAGS were ignored by Cmake with gcc (introduced in 1.3.9, found
by Julian Ospald).
* Fix potential undefined behaviour in Camellia.
* Fix potential failure in ECDSA signatures when POLARSSL_ECP_MAX_BITS is a
multiple of 8 (found by Gergely Budai).
* Fix unchecked return code in x509_crt_parse_path() on Windows (found by
Peter Vaskovic).
* Fix assembly selection for MIPS64 (thanks to James Cowgill).
* ssl_get_verify_result() now works even if the handshake was aborted due
to a failed verification (found by Fredrik Axelsson).
* Skip writing and parsing signature_algorithm extension if none of the
key exchanges enabled needs certificates. This fixes a possible interop
issue with some servers when a zero-length extension was sent. (Reported
by Peter Dettman.)
* On a 0-length input, base64_encode() did not correctly set output length
(found by Hendrik van den Boogaard).
Changes
* Use deterministic nonces for AEAD ciphers in TLS by default (possible to
switch back to random with POLARSSL_SSL_AEAD_RANDOM_IV in config.h).
* Blind RSA private operations even when POLARSSL_RSA_NO_CRT is defined.
* ssl_set_own_cert() now returns an error on key-certificate mismatch.
* Forbid repeated extensions in X.509 certificates.
* debug_print_buf() now prints a text view in addition to hexadecimal.
* A specific error is now returned when there are ciphersuites in common
but none of them is usable due to external factors such as no certificate
with a suitable (extended)KeyUsage or curve or no PSK set.
* It is now possible to disable negotiation of truncated HMAC server-side
