This release further reduces a possible timing side channel in the PolarSSL SSL module during decryption of the buffer due to badly formatted padding in the incoming message.
In addition, a possible timing difference due to bad padding in PKCS#1 v1.5 operations has been reduced.
Contains fixes for:
- CVE-2013-0169 - TLS and DTLS protocol issue (Lucky Thirteen)
- CVE-2013-1621 - Out-of-bounds comparisons
The internals for
rsa_pkcs1_verify() have been cleaned up and split up as to separate PKCS#1 v1.5 and PKCS#1 v2.1 functionality. The PKCS#1 v2.1 RSA encrypt and decrypt functions now have support for custom labels.
On request, we have re-added handling of SSLv2 Client Hello messages when the define POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO is set.
As a minor change, the provided SSL session cache module (ssl_cache) now also retains peer_cert information (just the peer certificate, not the entire chain) to use after session re-use.
Bug fixes include fixes to remove a memory leak from the SSL module and to fix a counter bug in the GCM module and fixes to enhance support for MS Visual Studio on 64-bit systems, for the ARM platform and little endian systems.
Who should update
Our advice for users of the PolarSSL 1.2 branch is to update:
- in order to further remove possible RSA and SSL timing side channels (See PolarSSL Security Advisory 2013-01)
- in order to remove a possible memory leak in the SSL module
Our advice for users of the PolarSSL 1.1 branch is to update to PolarSSL 1.1.6.
Users of other branches (1.0.x or 0.14.x) are advised to consider upgrading!
Get your copy here: polarssl-1.2.6-gpl.tgz
The hashes for polarssl-1.2.6-gpl.tgz are:
SHA-1 : 063b953bb8bc65442c2c39551c5235e51c674055 SHA-256: 0c486bb5ed7f7ed2b44798b638c76d4196b1b6134e0a9c7d2a6955603db46a45