PolarSSL 1.3.4 发布,SSL 加密库

发布于 2014年01月29日
收藏 5

轻量级SSL库PolarSSL发布1.3.4.2014-01-27。上个版本2014-01-01的1.3.3。遗留产品线1.2.10/1.1.8 越来越多重量级应用已支持PolarSSL如hiawatha,OpenVPN。


It's a small release that mainly just adds support for some new features. PolarSSL 1.3.4 adds some features required within Bitcoin applications, such as support for the RIPEMD-160 hash algorithm and support for Koblitz elliptic curves, and then specifically secp256k1.


On the feature-front this release introduces support for:

  • Support for Koblitz curves: secp192k1, secp224k1, secp256k1

  • Support for RIPEMD-160

  • Support for AES CFB8 mode

  • Support for deterministic ECDSA (RFC 6979)

In addition outstanding bugs were fixed.

Koblitz curves

Support for three standardized Koblitz curves from RFC 4492 has been added: secp192k1, secp224k1, secp256k1.

Their performance is slightly less then the other curves:

ECDHE-secp256r1 : 311 handshake/s vs. ECDHE-secp256k1 : 291 handshake/s
ECDHE-secp224r1 : 470 handshake/s vs. ECDHE-secp224k1 : 330 handshake/s
ECDHE-secp192r1 : 643 handshake/s vs. ECDHE-secp192k1 : 406 handshake/s


The RIPEMD-160 hash function is added in the ripemd160.h and ripemd160.c files and can be enabled with the POLARSSL_RIPEMD160_C flag in config.h.

The MD layer has been updated to support RIPEMD-160 as well.

AES-CFB8 mode

Before PolarSSL 1.3.4, only full-width CFB-mode was supported. That is 128-bit CFB for AES and Camellia. The standard also specifies CFB8 and CFB1 as options. We have now added CFB8 to the AES module as for direct use. It is not yet supported in the cipher layer, but will be added there in the future.

Bug fixes

Fixes include:

  • Potential memory leak in the Bignum selftest function

  • Replaced expired test certificate that caused two tests of the test framework to fail

  • The ssl_mail_client application now terminates lines with CRLF, instead of LF (as per the RFC)

  • The Net module handles timeouts on blocking sockets better (found by Tilman Sauerbeck)

  • Assembly format fixes in bn_mul.h to support different compilers better


  • MissingMPI_CHK()calls added around unguardedmpi_*calls (found by TrustInSoft)

Who should update

We advise users of PolarSSL to update if they:

  • want to use PolarSSL in Bitcoin projects

  • want to have their tests succeed (because of the expired test certificate)

  • want to remove possible security vulnerabilities in the Bignum module


转载请注明:文章转载自 OSCHINA 社区 [http://www.oschina.net]
本文标题:PolarSSL 1.3.4 发布,SSL 加密库