This is a small release adds a few new features but mostly increases support for different platforms and interoperability with other libraries.
On the feature-front this release introduces optional optimizations for speeding up the NIST MODP elliptic curves. This feature can be enabled/disabled with POLARSSL_ECP_NIST_OPTIM.
Furthermore we've added support for Camellia GCM mode and the known ciphersuites that use Camellia in GCM mode (overview of supported ciphersuites).
More of the internal checks, such as padding checks in the cipher layer and value comparisons in the SSL layer, have been made constant-time. Although these specific instances are not known to be vulnerable for remote attacks in the way they are used in the current library, we wanted to pre-empt possible future issues.
Certificate parsing now also supports usage of serialNumber, postalAddress and postalCode in the issues / subject of a certificate.
SSL renegotiation on the server has been refactored.
- better support for the UEFI environment under Microsoft Visual Studio
- reduction of compiler warnings
- SSL Server does not send out extensions not advertised by client
- Fix for a ECDSA corner case: missing reduction mod N (found by DualTachyon)
Who should update
We advise users of PolarSSL to update if they:
- want to have faster NIST curves
- want to use Camellia-GCM ciphersuites
- depend on SSL renegotiation
Get your copy here: polarssl-1.3.2-gpl.tgz
The hashes for polarssl-1.3.2-gpl.tgz are:
SHA-1 : 2e671bb1bc60ce00db2352be63c4ea38ad2c8b03 SHA-256: 7e939228034460b202b4d355b003d905245f4e78e8221b36d9aa6fa94fbabd10