The first feature release for the year 2014: PolarSSL 1.3.4!
It's a small release that mainly just adds support for some new features. PolarSSL 1.3.4 adds some features required within Bitcoin applications, such as support for the RIPEMD-160 hash algorithm and support for Koblitz elliptic curves, and then specifically secp256k1.
On the feature-front this release introduces support for:
- Support for Koblitz curves: secp192k1, secp224k1, secp256k1
- Support for RIPEMD-160
- Support for AES CFB8 mode
- Support for deterministic ECDSA (RFC 6979)
In addition outstanding bugs were fixed.
Support for three standardized Koblitz curves from RFC 4492 has been added: secp192k1, secp224k1, secp256k1.
Their performance is slightly less then the other curves:
ECDHE-secp256r1 : 311 handshake/s vs. ECDHE-secp256k1 : 291 handshake/s ECDHE-secp224r1 : 470 handshake/s vs. ECDHE-secp224k1 : 330 handshake/s ECDHE-secp192r1 : 643 handshake/s vs. ECDHE-secp192k1 : 406 handshake/s
The RIPEMD-160 hash function is added in the ripemd160.h and ripemd160.c files and can be enabled with the POLARSSL_RIPEMD160_C flag in config.h.
The MD layer has been updated to support RIPEMD-160 as well.
Before PolarSSL 1.3.4, only full-width CFB-mode was supported. That is 128-bit CFB for AES and Camellia. The standard also specifies CFB8 and CFB1 as options. We have now added CFB8 to the AES module as for direct use. It is not yet supported in the cipher layer, but will be added there in the future.
- Potential memory leak in the Bignum selftest function
- Replaced expired test certificate that caused two tests of the test framework to fail
- The ssl_mail_client application now terminates lines with CRLF, instead of LF (as per the RFC)
- The Net module handles timeouts on blocking sockets better (found by Tilman Sauerbeck)
- Assembly format fixes in bn_mul.h to support different compilers better
MPI_CHK()calls added around unguarded
mpi_*calls (found by TrustInSoft)
Who should update
We advise users of PolarSSL to update if they:
- want to use PolarSSL in Bitcoin projects
- want to have their tests succeed (because of the expired test certificate)
- want to remove possible security vulnerabilities in the Bignum module
Get your copy here: polarssl-1.3.4-gpl.tgz
The hashes for polarssl-1.3.4-gpl.tgz are:
SHA-1 : e43dc467e36ae2761ca2e4fa02c54f5771ee51a1 SHA-256: faed0c813ea4e6abeaffe9a56e65db3d3b191b5aa76b86d5bf1e09e1a1a9ea7e