It's a small release that mainly just adds support for some new features. PolarSSL 1.3.4 adds some features required within Bitcoin applications, such as support for the RIPEMD-160 hash algorithm and support for Koblitz elliptic curves, and then specifically secp256k1.
On the feature-front this release introduces support for:
Support for Koblitz curves: secp192k1, secp224k1, secp256k1
Support for RIPEMD-160
Support for AES CFB8 mode
Support for deterministic ECDSA (RFC 6979)
In addition outstanding bugs were fixed.
Support for three standardized Koblitz curves from RFC 4492 has been added: secp192k1, secp224k1, secp256k1.
Their performance is slightly less then the other curves:
ECDHE-secp256r1 : 311 handshake/s vs. ECDHE-secp256k1 : 291 handshake/s ECDHE-secp224r1 : 470 handshake/s vs. ECDHE-secp224k1 : 330 handshake/s ECDHE-secp192r1 : 643 handshake/s vs. ECDHE-secp192k1 : 406 handshake/s
The RIPEMD-160 hash function is added in the ripemd160.h and ripemd160.c files and can be enabled with the POLARSSL_RIPEMD160_C flag in config.h.
The MD layer has been updated to support RIPEMD-160 as well.
Before PolarSSL 1.3.4, only full-width CFB-mode was supported. That is 128-bit CFB for AES and Camellia. The standard also specifies CFB8 and CFB1 as options. We have now added CFB8 to the AES module as for direct use. It is not yet supported in the cipher layer, but will be added there in the future.
Potential memory leak in the Bignum selftest function
Replaced expired test certificate that caused two tests of the test framework to fail
The ssl_mail_client application now terminates lines with CRLF, instead of LF (as per the RFC)
The Net module handles timeouts on blocking sockets better (found by Tilman Sauerbeck)
Assembly format fixes in bn_mul.h to support different compilers better
MissingMPI_CHK()calls added around unguardedmpi_*calls (found by TrustInSoft)
Who should update
We advise users of PolarSSL to update if they:
want to use PolarSSL in Bitcoin projects
want to have their tests succeed (because of the expired test certificate)
want to remove possible security vulnerabilities in the Bignum module