Our parting gift for the year 2013: PolarSSL 1.3.3!
We'd really like to thank everybody for the great year we had! Loads of new features, great feedback from our users and the energy to push even further in 2014!
This feature release adds a bunch of new features, improvements and fixes.
On the feature-front this release introduces support for:
- new cryptographic constants, such as Curve25519, and the ECDH-RSA and ECDH-ECDSA key exchange methods and ciphersuites. optional optimizations for speeding up the NIST MODP elliptic curves.
Furthermore we've added support for EC key generation in the gen_key application.
Our ECP curves module now includes Curve25519, thus allowing you to perform operations with it.
ECDH-RSA and ECDH-ECDSA
Based on requests from our users we've added the non-ephemeral version of the ECDH key exchanges to our capabilities as well. The full list of supported ciphersuites and key exchanged can be seen in our (overview of supported ciphersuites).
We've incorporated support for AES-NI in our AES and GCM modules.
As a result we had a major speedup of our AES-GCM performance numbers:
cipher (1) (2) AES-GCM-128 22 13 cycles/byte AES-GCM-192 23 14 cycles/byte AES-GCM-256 25 15 cycles/byte (1) is without AES-NI support at all (2) is with full AES-NI support (AES + GCM tag)
Internally we introduced optimizations to speed up prime generation in
mpi_gen_prime() and ECP multiplications in addition to reducing the memory used in the ECP module.
ECP memory optimizations
The operational memory used within the ECP module for storing the used curves and performing operations has been reduced. So the improvement on a 64-bit platform with 521-bit curves is:
1.3.2: 86k 1.3.2bis: 38k 1.3.3: 16k 1.3.2: all default values 1.3.2bis: new default values for windows size and such in ECP module 1.3.3: curve to ROM and memory optimizations
Also on 32-bits, here are the numbers for 256-bit curves, with default config and with minimal memory usage:
default: 4.7k minimal: 1.8k
ECP Multiplication speed-up
In this version we introduce a time-memory trade-off for ECP multiplications, which speeds up ECDSA and ECDH(E).
Our before and after:
ECDSA-secp521r1 : 192 -> 566 sign/s ECDSA-secp521r1 : 92 -> 135 verify/s ECDSA-secp384r1 : 287 -> 837 sign/s ECDSA-secp384r1 : 138 -> 198 verify/s ECDSA-secp256r1 : 445 -> 1126 sign/s ECDSA-secp256r1 : 210 -> 293 verify/s ECDHE-secp521r1 : 93 -> 141 handshake/s ECDH-secp521r1 : 171 -> 183 handshake/s ECDHE-secp384r1 : 136 -> 210 handshake/s ECDH-secp384r1 : 250 -> 267 handshake/s ECDHE-secp256r1 : 211 -> 305 handshake/s ECDH-secp256r1 : 382 -> 407 handshake/s
- Potential memory leaks in corner cases
- Fixed x509_crt_parse_path() bug on Windows platforms
- Fixed bug in mpi_set_bit() on platforms where t_uint is wider than int
- Fixed X.509 hostname comparison (with non-regular characters)
- SSL now gracefully handles missing RNG
- crypt_and_hash app checks MAC before final decryption
A possible remotely-triggered out-of-bounds memory access was fixed as well. This issue was found by the great team at TrustInSoft!
Who should update
We advise users of PolarSSL to update if they:
- want to have faster ECP / ECDSA / ECDHE / AES / AES-GCM
- want to use less memory in the ECP modules
- want to play with Curve25519
- need to support EDCH-RSA or ECDH-ECDSA ciphersuites
Get your copy here: polarssl-1.3.3-gpl.tgz
The hashes for polarssl-1.3.3-gpl.tgz are:
SHA-1 : c1072e97b21e94721b8d37509a589ea10249fdbd SHA-256: 597d229876af8c962b14c98450ef2669bed3c639ba82762bd01488e094a23f93