PolarSSL 1.2.8 released

Description

Features

This release adds parsing of PKCS#8 encrypted private key files (-----BEGIN ENCRYPTED PRIVATE KEY-----) with Password Based Encryption (PBE) functions as defined in PKCS#5 v2 (3-key Triple DES) and in PKCS#12 (3-key Triple DES, 2-key Triple DES, RC4-128).

The user-changeable value configuration defines in the module headers can now also be controlled centrally from config.h.

Changes

The HAVEGE random generator is now disabled by default. Although it provides (limited) entropy on most systems, it should in our opinion never be the primary entropy source for the system.

A mechanism was added in config.h to allow overriding of the base PolarSSL implementations of the core symmetric cipher and hash algorithm functions. E.g. by defining POLARSSL_AES_ALT in config.h, aes_alt.h is included in PolarSSL to allow a self-provided implementation of the core AES functions.

The PBKDF2 module has been moved to a PKCS#5-specific module.

Bug fixes

Secure renegotiation extension is now only sent in case the client supports secure renegotiation. Improves compatibility with older clients.

Fixed support for Thumb2 and LLVM compiler (thanks to James Yonan from OpenVPN)

Other smaller fixes, see the ChangeLog for more details.

Security

A possible DoS during the SSL Handshake has been found by Jack Lloyd and fixed in this release. More details can be found in Security Advisory 2013-03.

Who should update

Our advice for users of the PolarSSL 1.2 branch is to update!

Download links

Get your copy here: polarssl-1.2.8-gpl.tgz

Hashes

The hashes for polarssl-1.2.8-gpl.tgz are:

SHA-1  : a3e69d4e9302529c5006dcb7d8ecab9c99488036
SHA-256: 23cf931e322ab397d26c89b7e805cf2229df46c5196f4f67ebfc0e285848637b

Like this?

Section:
Releases

Author:


Published:


Last updated:
Jun 21, 2013

Sharing:


Want to stay up to date?