| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This is more of a cosmetic change and a reminder that the CMake script hardcodes -O2.
Source:
https://github.com/ARMmbed/mbedtls/blob/mbedtls-2.7/CMakeLists.txt#L73
https://github.com/ARMmbed/mbedtls/blob/master/CMakeLists.txt#L97
Remove the release type option as it's already provided by the toolchain.
Source:
https://github.com/openwrt/openwrt/blob/master/include/cmake.mk#L50
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
|
| |
|
|
|
|
|
|
| |
The soversion was changed in this version again and is now aligned with
the 2.7.2 version.
The size of the ipkg file stayed mostly the same.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
| |
Add some basic binaries required for private key and CSR generation.
Signed-off-by: Paul Wassi <p.wassi@gmx.at>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This fixes some minor security problems.
Old size:
162262 bin/packages/mips_24kc/base/libmbedtls_2.7.0-1_mips_24kc.ipk
New size:
163162 bin/packages/mips_24kc/base/libmbedtls_2.8.0-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
| |
This fixes the following security problems:
* CVE-2018-0488: Risk of remote code execution when truncated HMAC is enabled
* CVE-2018-0487: Risk of remote code execution when verifying RSASSA-PSS signatures
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
|
|
| |
CPE ids helps to tracks CVE in packages.
https://cpe.mitre.org/specification/
Thanks to swalker for CPE to package mapping and
keep tracking CVEs.
Acked-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixed an authentication bypass issue in SSL/TLS. When the TLS
authentication mode was set to 'optional',
mbedtls_ssl_get_verify_result() would incorrectly return 0 when the
peer's X.509 certificate chain had more than
MBEDTLS_X509_MAX_INTERMEDIATE_CA intermediates (default: 8), even when
it was not trusted. This could be triggered remotely on both the client
and server side. (Note, with the authentication mode set by
mbedtls_ssl_conf_authmode()to be 'required' (the default), the handshake
was correctly aborted).
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Tested-by: Magnus Kroken <mkroken@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes some security issues (no remote exploits), and introduces
some changes. See release notes for details:
https://tls.mbed.org/tech-updates/releases/mbedtls-2.5.1-2.1.8-and-1.3.20-released
* Fixes an unlimited overread of heap-based buffers in mbedtls_ssl_read()
* Adds exponent blinding to RSA private operations
* Wipes stack buffers in RSA private key operations (rsa_rsaes_pkcs1_v15_decrypt(), rsa_rsaes_oaep_decrypt())
* Removes SHA-1 and RIPEMD-160 from the default hash algorithms for certificate verification.
* Fixes offset in FALLBACK_SCSV parsing that caused TLS server to fail to detect it sometimes.
* Tighten parsing of RSA PKCS#1 v1.5 signatures, to avoid a potential Bleichenbacher/BERserk-style attack.
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
This fixes the following security problems:
* CVE-2017-2784: Freeing of memory allocated on stack when validating a public key with a secp224k1 curve
* SLOTH vulnerability
* Denial of Service through Certificate Revocation List
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
| |
This allows binaries that links these libraries statically to be reduced
by using --gc-sections on link
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
| |
Signed-off-by: Domagoj Pintaric <domagoj.pintaric@sartura.hr>
Signed-off-by: Luka Perkov <luka.perkov@sartura.hr>
|
| |
|
|
|
|
| |
Replace *MD5SUM with *HASH, replace MD5 hashes with SHA256
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
| |
This option is required by OpenVPN, and OpenVPN 2.4 uses mbedTLS 2.x.
DHM_C is also already enabled in the PolarSSL 1.3.x config.h.
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
|
| |
|
|
|
|
| |
This fixes two minor security problems.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
| |
This backports a commit from mbedtls current git which adds missing
include for platform.h.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
| |
This fixes 3 minor security problems.
SSLv3 is deactivated by default now.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 48254
|
| |
|
|
|
|
|
|
| |
This fixes some non critical bugs.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 47725
|
| |
|
|
|
|
|
|
| |
This fixes CVE-2015-5291 and some other smaller security issues.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 47200
|
| |
|
|
|
|
| |
Signed-off-by: Luka Perkov <luka@openwrt.org>
SVN-Revision: 47197
|
|
|
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 46484
|
