This release adds parsing of PKCS#8 encrypted private key files (
-----BEGIN ENCRYPTED PRIVATE KEY-----) with Password Based Encryption (PBE) functions as defined in PKCS#5 v2 (3-key Triple DES) and in PKCS#12 (3-key Triple DES, 2-key Triple DES, RC4-128).
The user-changeable value configuration defines in the module headers can now also be controlled centrally from config.h.
The HAVEGE random generator is now disabled by default. Although it provides (limited) entropy on most systems, it should in our opinion never be the primary entropy source for the system.
A mechanism was added in config.h to allow overriding of the base PolarSSL implementations of the core symmetric cipher and hash algorithm functions. E.g. by defining POLARSSL_AES_ALT in config.h, aes_alt.h is included in PolarSSL to allow a self-provided implementation of the core AES functions.
The PBKDF2 module has been moved to a PKCS#5-specific module.
Secure renegotiation extension is now only sent in case the client supports secure renegotiation. Improves compatibility with older clients.
Fixed support for Thumb2 and LLVM compiler (thanks to James Yonan from OpenVPN)
Other smaller fixes, see the ChangeLog for more details.
A possible DoS during the SSL Handshake has been found by Jack Lloyd and fixed in this release. More details can be found in Security Advisory 2013-03.
Who should update
Our advice for users of the PolarSSL 1.2 branch is to update!
Get your copy here: polarssl-1.2.8-gpl.tgz
The hashes for polarssl-1.2.8-gpl.tgz are:
SHA-1 : a3e69d4e9302529c5006dcb7d8ecab9c99488036 SHA-256: 23cf931e322ab397d26c89b7e805cf2229df46c5196f4f67ebfc0e285848637b