PolarSSL is now part of ARM Official announcement and rebranded as mbed TLS.

PolarSSL 1.2.13 released

Description

PolarSSL 1.2.13 has been released!

Note: Although PolarSSL has been renamed to mbed TLS, no changes reflecting this will be made in the 1.2 branch at this point.

This release is a back-port of all bug fixes and security fixes that are in the 1.3 branch and are relevant for the 1.2 branch.

Security

Most important are the security fixes that have been back-ported to the 1.2 branch. PolarSSL 1.2.13 fixes four remotely-triggerable issues that were found by the Codenomicon Defensics tool, including the one in Security Advisory 2014-04.

Changes

Important changes in this release include:

  • Blind RSA private operations even when POLARSSL_RSA_NO_CRT is defined.
  • Forbid repeated extensions in X.509 certificates.
  • Add compile-time option POLARSSL_X509_MAX_INTERMEDIATE_CA to limit the length of an X.509 verification chain (default = 8).

Bug fixes

Fixes include:

  • Fix potential undefined behaviour in Camellia.
  • Fix memory leaks in PKCS#5 and PKCS#12.
  • Stack buffer overflow if ctr_drbg_update() is called with too large add_len (found by Jean-Philippe Aumasson) (not triggerable remotely).
  • Fix bug in MPI/bignum on s390/s390x (reported by Dan HorĂ¡k) (introduced in 1.2.12).
  • Fix unchecked return code in x509_crt_parse_path() on Windows (found by Peter Vaskovic).
  • Fix assembly selection for MIPS64 (thanks to James Cowgill).
  • ssl_get_verify_result() now works even if the handshake was aborted due to a failed verification (found by Fredrik Axelsson).
  • Skip writing and parsing signature_algorithm extension if none of the key exchanges enabled needs certificates. This fixes a possible interop issue with some servers when a zero-length extension was sent. (Reported by Peter Dettman.)
  • On a 0-length input, base64_encode() did not correctly set output length (found by Hendrik van den Boogaard).

Who should update

We advise users of PolarSSL to update if they:

  • use any branch other than the 1.3 branch.

Download links

Get your copy here: polarssl-1.2.13-gpl.tgz

Hashes

The hashes for polarssl-1.2.13-gpl.tgz are:

SHA-1  : 08ee40ee8385fc0fde05ca762adff9bd31f79fe7
SHA-256: 62f44f2a9f39b5cefb229e5dd2644ca20ead477cb1843d6ff30671624315b021

Like this?

Section:
Releases

Author:


Published:


Last updated:
Feb 16, 2015

Sharing:


Want to stay up to date?