mbedTLS v1.2.8 Release Notes

Release Date: 2013-06-19 // almost 11 years ago
  • ๐Ÿ”‹ Features

    • Parsing of PKCS#8 encrypted private key files
    • PKCS#12 PBE and derivation functions
    • Centralized module option values in config.h to allow user-defined settings without editing header files by using POLARSSL_CONFIG_OPTIONS

    ๐Ÿ”„ Changes

    • HAVEGE random generator disabled by default
    • Internally split up x509parse_key() into a (PEM) handler function and specific DER parser functions for the PKCS#1 and unencrypted PKCS#8 private key formats
    • Added mechanism to provide alternative implementations for all symmetric cipher and hash algorithms (e.g. POLARSSL_AES_ALT in config.h)
    • PKCS#5 module added. Moved PBKDF2 functionality inside and deprecated old PBKDF2 module

    ๐Ÿ›  Bugfix

    • Secure renegotiation extension should only be sent in case client supports secure renegotiation
    • Fixed offset for cert_type list in ssl_parse_certificate_request()
    • Fixed const correctness issues that have no impact on the ABI
    • x509parse_crt() now better handles PEM error situations
    • ssl_parse_certificate() now calls x509parse_crt_der() directly instead of the x509parse_crt() wrapper that can also parse PEM certificates
    • x509parse_crtpath() is now reentrant and uses more portable stat()
    • Fixed bignum.c and bn_mul.h to support Thumb2 and LLVM compiler
    • Fixed values for 2-key Triple DES in cipher layer
    • ssl_write_certificate_request() can handle empty ca_chain

    ๐Ÿ”’ Security

    • A possible DoS during the SSL Handshake, due to faulty parsing of PEM-encoded certificates has been fixed (found by Jack Lloyd)