Require polarssl >= 1.2.10 for polarssl-builds, which fixes CVE-2013-5915.

PolarSSL 1.2.9 fixes a possible timing attack in PolarSSL's RSA-CRT
implementation. See CVE-2013-5915 for details. This commit bumps the
minimum polarssl version required by configure.ac to 1.2.10, because 1.2.9
also introduced a memory leak, which is fixed in 1.2.10.

Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1382445917-2974-1-git-send-email-steffan.karger@fox-it.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7925
Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/configure.ac b/configure.ac
index 073dde7f5c569f08044e3cd658795d49351e5de9..5fad0af685fd7877866afc9f00e4aceb37d02aad 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -814,13 +814,13 @@ if test "${with_crypto_library}" = "polarssl" ; then
 #include <polarssl/version.h>
                        ]],
                        [[
-#if POLARSSL_VERSION_NUMBER < 0x01020500
+#if POLARSSL_VERSION_NUMBER < 0x01020A00
 #error invalid version
 #endif
                        ]]
                )],
                [AC_MSG_RESULT([ok])],
-               [AC_MSG_ERROR([PolarSSL 1.2.5 or newer required])]
+               [AC_MSG_ERROR([PolarSSL 1.2.10 or newer required])]
        )
 
        polarssl_with_pkcs11="no"