Rebex Security 2020 R4

Released: Sep 30, 2020

Updates in 2020 R4

Features

  • All: Rebex assemblies targeting Microsoft .NET Standard 2.1 have been fully tested on Microsoft .NET 5.0 RC1 and are suitable to be used in production on Microsoft's latest .NET platform.
  • Cryptography: Added Ed25519 support to Certificate class. (Not yet supported by the built-in certificate validator due to lack of support in Microsoft Windows and Microsoft .NET).
  • Cryptography: Prohibited usage of Chacha20/Poly1305 in TLS 1.3 in FIPS-only mode. (Already prohibited in TLS 1.2 or earlier.)
  • Cryptography: Updated RSAManaged constructor logic to make it suitable as a base for derived classes on Microsoft .NET Framework in FIPS-compliant mode.
  • Cryptography: Added the ability to use Microsoft Windows CNG API for Diffie-Hellman parameter generation on Microsoft Windows 10 and Windows Server 2016/2019.
  • Common: Optimized internal cancellation infrastructure on old platforms.
  • Common: Removed usage of BinaryFormatter which has been found to be insecure.
  • Common: Updated EncodingTools.GetEncoding method to prefer encodings provided by Microsoft .NET.

Fixes

  • All: Fixed several minor compatibility issues on .NET 5.0 RC1.
  • Security: Fixed behavior of XtsStream.CanSeek and CanRead properties.
  • Cryptography: Fixed handling of non-content data in Certificate(byte[]) constructor and CertificateChain.LoadP7b(Stream)/certificateRevocationList.Load(Stream) methods.
  • Cryptography: Fixed parsing of constructed primitive ASN.1 types with more than two layers of nesting.
  • Cryptography: Fixed version number in PKCS #10 CertificationRequest structure.