Mbed TLS is now part of TrustedFirmware.org.

PolarSSL 1.3.4 released


The first feature release for the year 2014: PolarSSL 1.3.4!

It's a small release that mainly just adds support for some new features. PolarSSL 1.3.4 adds some features required within Bitcoin applications, such as support for the RIPEMD-160 hash algorithm and support for Koblitz elliptic curves, and then specifically secp256k1.


On the feature-front this release introduces support for:

  • Support for Koblitz curves: secp192k1, secp224k1, secp256k1
  • Support for RIPEMD-160
  • Support for AES CFB8 mode
  • Support for deterministic ECDSA (RFC 6979)

In addition outstanding bugs were fixed.

Koblitz curves

Support for three standardized Koblitz curves from RFC 4492 has been added: secp192k1, secp224k1, secp256k1.

Their performance is slightly less then the other curves:

ECDHE-secp256r1 : 311 handshake/s vs. ECDHE-secp256k1 : 291 handshake/s
ECDHE-secp224r1 : 470 handshake/s vs. ECDHE-secp224k1 : 330 handshake/s
ECDHE-secp192r1 : 643 handshake/s vs. ECDHE-secp192k1 : 406 handshake/s


The RIPEMD-160 hash function is added in the ripemd160.h and ripemd160.c files and can be enabled with the POLARSSL_RIPEMD160_C flag in config.h.

The MD layer has been updated to support RIPEMD-160 as well.

AES-CFB8 mode

Before PolarSSL 1.3.4, only full-width CFB-mode was supported. That is 128-bit CFB for AES and Camellia. The standard also specifies CFB8 and CFB1 as options. We have now added CFB8 to the AES module as for direct use. It is not yet supported in the cipher layer, but will be added there in the future.

Bug fixes

Fixes include:

  • Potential memory leak in the Bignum selftest function
  • Replaced expired test certificate that caused two tests of the test framework to fail
  • The ssl_mail_client application now terminates lines with CRLF, instead of LF (as per the RFC)
  • The Net module handles timeouts on blocking sockets better (found by Tilman Sauerbeck)
  • Assembly format fixes in bn_mul.h to support different compilers better


  • Missing MPI_CHK() calls added around unguarded mpi_* calls (found by TrustInSoft)

Who should update

We advise users of PolarSSL to update if they:

  • want to use PolarSSL in Bitcoin projects
  • want to have their tests succeed (because of the expired test certificate)
  • want to remove possible security vulnerabilities in the Bignum module

Download links

Get your copy here: polarssl-1.3.4-gpl.tgz


The hashes for polarssl-1.3.4-gpl.tgz are:

SHA-1  : e43dc467e36ae2761ca2e4fa02c54f5771ee51a1
SHA-256: faed0c813ea4e6abeaffe9a56e65db3d3b191b5aa76b86d5bf1e09e1a1a9ea7e

Like this?




Last updated:
Jan 27, 2014


Want to stay up to date?

To sign up for Mbed TLS news, log in to or create an Mbed account and update your marketing preferences.