轻量级SSL库PolarSSL发布1.3.4.2014-01-27。上个版本2014-01-01的1.3.3。遗留产品线1.2.10/1.1.8 越来越多重量级应用已支持PolarSSL如hiawatha,OpenVPN。
完全改进:
It's a small release that mainly just adds support for some new features. PolarSSL 1.3.4 adds some features required within Bitcoin applications, such as support for the RIPEMD-160 hash algorithm and support for Koblitz elliptic curves, and then specifically secp256k1.
Features
On the feature-front this release introduces support for:
Support for Koblitz curves: secp192k1, secp224k1, secp256k1
Support for RIPEMD-160
Support for AES CFB8 mode
Support for deterministic ECDSA (RFC 6979)
In addition outstanding bugs were fixed.
Koblitz curves
Support for three standardized Koblitz curves from RFC 4492 has been added: secp192k1, secp224k1, secp256k1.
Their performance is slightly less then the other curves:
ECDHE-secp256r1 : 311 handshake/s vs. ECDHE-secp256k1 : 291 handshake/s
ECDHE-secp224r1 : 470 handshake/s vs. ECDHE-secp224k1 : 330 handshake/s
ECDHE-secp192r1 : 643 handshake/s vs. ECDHE-secp192k1 : 406 handshake/sRIPEMD-160
The RIPEMD-160 hash function is added in the ripemd160.h and ripemd160.c files and can be enabled with the POLARSSL_RIPEMD160_C flag in config.h.
The MD layer has been updated to support RIPEMD-160 as well.
AES-CFB8 mode
Before PolarSSL 1.3.4, only full-width CFB-mode was supported. That is 128-bit CFB for AES and Camellia. The standard also specifies CFB8 and CFB1 as options. We have now added CFB8 to the AES module as for direct use. It is not yet supported in the cipher layer, but will be added there in the future.
Bug fixes
Fixes include:
Potential memory leak in the Bignum selftest function
Replaced expired test certificate that caused two tests of the test framework to fail
The ssl_mail_client application now terminates lines with CRLF, instead of LF (as per the RFC)
The Net module handles timeouts on blocking sockets better (found by Tilman Sauerbeck)
Assembly format fixes in bn_mul.h to support different compilers better
Security
MissingMPI_CHK()calls added around unguardedmpi_*calls (found by TrustInSoft)
Who should update
We advise users of PolarSSL to update if they:
want to use PolarSSL in Bitcoin projects
want to have their tests succeed (because of the expired test certificate)
want to remove possible security vulnerabilities in the Bignum module
下载:https://polarssl.org/download/start/polarssl-1.3.4-gpl.tgz
来自:开源中国社区
