This release contains backported patches from the PolarSSL 1.2 branch to the PolarSSL 1.1 branch!
The main reason of this release is the reduction of a possible timing side channel in the PolarSSL SSL module during decryption of the buffer due to badly formatted padding in the incoming message. Check out PolarSSL Security Advisory 2013-01 for more information. To help some flags have been added to manipulate behaviour of the SSL module with regards to debugging of bad padding bytes.
In addition, a possible timing difference due to bad padding in PKCS#1 v1.5 operations has been reduced.
- CVE-2013-0169 - TLS and DTLS protocol issue (Lucky Thirteen)
- CVE-2013-1621 - Out-of-bounds comparisons
A dummy error_strerror() function has been added that makes it easier to use the function in code without needing constant checks to see if POLARSSL_ERROR_C is defined.
Some minor bug fixes and typo fixes are included as well.
Who should update
Our advice for users of the PolarSSL 1.1 branch is to update:
- in order to further remove possible RSA and SSL timing side channels (See PolarSSL Security Advisory 2013-01)
Our advice for users of the PolarSSL 1.2 branch is to update to the released PolarSSL 1.2.6 instead!
Users of other branches (1.0.x or 0.14.x) are advised to consider upgrading!
Get your copy here: polarssl-1.1.6-gpl.tgz
The hashes for polarssl-1.1.6-gpl.tgz are:
SHA-1 : 330f603f21187b2acbf0da3dde4400c29e912db2 SHA-256: eca9e1af00d772316b76e41bfebcf118d18d1c2f81dece25de8ac614f3e3b891