aboutsummaryrefslogtreecommitdiffstats
path: root/package/libs/mbedtls/Makefile
Commit message (Collapse)AuthorAgeFilesLines
* mbedtls: update to version 2.16.1Josef Schlehofer2019-04-061-5/+5
| | | | | | | Refreshed patches Signed-off-by: Josef Schlehofer <josef.schlehofer@nic.cz> Tested-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* mbedtls: Kconfig option to enable/disable debug functionsMichael Heimpold2019-01-271-1/+28
| | | | | | | | | | | | | | | | | | | | | This introduces a new Kconfig option to switch on/off mbedtls' support for debug functions. The idea behind is to inspect TLS traffic with Wireshark for debug purposes. At the moment, there is no native or 'nice' support for this, but at https://github.com/Lekensteyn/mbedtls/commit/68aea15833e1ac9290b8f52a4223fb4585fb3986 an example implementation can be found which uses the debug functions of the library. However, this requires to have this debug stuff enabled in the library, but at the moment it is staticly patched out. So this patch removes the static part from the configuration patch and introduces a dynamic config file editing during build. When enabled, this heavily increases the library size, so I added a warning in the Kconfig help section. Signed-off-by: Michael Heimpold <mhei@heimpold.de>
* mbedtls: update to 2.16.0Deng Qingfang2019-01-271-3/+3
| | | | | | | | Refresh patch https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.0-2.7.9-and-2.1.18-released Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
* treewide: revise library packagingJo-Philipp Wich2019-01-241-2/+2
| | | | | | | | | | | - Annotate versionless libraries (such as libubox, libuci etc.) with a fixed ABI_VERSION resembling the source date of the last incompatible change - Annotate packages shipping versioned library objects with ABI_VERSION - Stop shipping unversioned library symlinks for packages with ABI_VERSION Ref: https://openwrt.org/docs/guide-developer/package-policies#shared_libraries Ref: https://github.com/KanjiMonster/maintainer-tools/blob/master/check-abi-versions.pl Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* packages: set more explicit ABI_VERSION valuesJo-Philipp Wich2019-01-191-1/+1
| | | | | | | | | | | | | | | | | | | | | | In the case of upstream libraries, set the ABI_VERSION variable to the soname value of the first version version after the last backwards incompatible change. For custom OpenWrt libraries, set the ABI_VERSION to the date of the last Git commit doing backwards incompatible changes to the source, such as changing function singatures or dropping exported symbols. The soname values have been determined by either checking https://abi-laboratory.pro/index.php?view=tracker or - in the case of OpenWrt libraries - by carefully reviewing the changes made to header files thorough the corresponding Git history. In the future, the ABI_VERSION values must be bumped whenever the library is updated to an incpompatible version but not with every package update, in order to reduce the dependency churn in the binary package repository. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* mbedtls: Update to 2.14.1Daniel Engberg2018-12-161-2/+2
| | | | | | | | | | | Update mbedtls to 2.14.1 This fixes: * CVE-2018-19608: Local timing attack on RSA decryption Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net> [Update to 2.14.1] Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: update to 2.13.0Magnus Kroken2018-09-221-2/+2
| | | | | | | | * Fixed a security issue in the X.509 module which could lead to a buffer overread during certificate extensions parsing. * Several bugfixes. * Improvements for better support for DTLS on low-bandwidth, high latency networks with high packet loss. Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* mbedtls: Update to 2.12.0Daniel Engberg2018-07-301-2/+2
| | | | | | | | | | | | | | | Update mbedtls to 2.12.0 Multiple security fixes Add support for Chacha20 and Poly1305 cryptographic primitives and their associated ciphersuites Difference in size on mips_24kc (ipk): 164kbytes (167882 bytes) 170kbytes (173563 bytes) https://tls.mbed.org/tech-updates/releases/mbedtls-2.12.0-2.7.5-and-2.1.14-released Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* mbedtls: Update to 2.11.0Daniel Engberg2018-07-071-2/+2
| | | | | | | | | | | | | | | | Update mbed TLS to 2.11.0 Disable OFB block mode and XTS block cipher mode, added in 2.11.0. The soVersion of mbedtls changed, bump PKG_RELEASE for packages that use mbedTLS This is to avoid having a mismatch between packages when upgrading. The size of mbedtls increased a little bit: ipkg for mips_24kc before: 163.846 Bytes ipkg for mips_24kc after: 164.382 Bytes Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* mbedtls: Cosmetic cleanupsDaniel Engberg2018-06-181-1/+1
| | | | | | | | | | | | | This is more of a cosmetic change and a reminder that the CMake script hardcodes -O2. Source: https://github.com/ARMmbed/mbedtls/blob/mbedtls-2.7/CMakeLists.txt#L73 https://github.com/ARMmbed/mbedtls/blob/master/CMakeLists.txt#L97 Remove the release type option as it's already provided by the toolchain. Source: https://github.com/openwrt/openwrt/blob/master/include/cmake.mk#L50 Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* mbedtls: update to version 2.9.0Hauke Mehrtens2018-05-221-2/+2
| | | | | | | | The soversion was changed in this version again and is now aligned with the 2.7.2 version. The size of the ipkg file stayed mostly the same. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* package/libs/mbedtls: add package with some mbedtls binaries.Paul Wassi2018-03-311-2/+23
| | | | | | Add some basic binaries required for private key and CSR generation. Signed-off-by: Paul Wassi <p.wassi@gmx.at>
* mbedtls: update to version 2.8.0Hauke Mehrtens2018-03-311-2/+2
| | | | | | | | | | | | This fixes some minor security problems. Old size: 162262 bin/packages/mips_24kc/base/libmbedtls_2.7.0-1_mips_24kc.ipk New size: 163162 bin/packages/mips_24kc/base/libmbedtls_2.8.0-1_mips_24kc.ipk Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: update to version 2.7.0Hauke Mehrtens2018-02-151-2/+2
| | | | | | | | This fixes the following security problems: * CVE-2018-0488: Risk of remote code execution when truncated HMAC is enabled * CVE-2018-0487: Risk of remote code execution when verifying RSASSA-PSS signatures Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* add PKG_CPE_ID ids to package and toolsAlexander Couzens2017-11-171-0/+1
| | | | | | | | | | | CPE ids helps to tracks CVE in packages. https://cpe.mitre.org/specification/ Thanks to swalker for CPE to package mapping and keep tracking CVEs. Acked-by: Jo-Philipp Wich <jo@mein.io> Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
* mbedtls: update to 2.6.0 CVE-2017-14032Kevin Darbyshire-Bryant2017-09-111-2/+2
| | | | | | | | | | | | | | | Fixed an authentication bypass issue in SSL/TLS. When the TLS authentication mode was set to 'optional', mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA intermediates (default: 8), even when it was not trusted. This could be triggered remotely on both the client and server side. (Note, with the authentication mode set by mbedtls_ssl_conf_authmode()to be 'required' (the default), the handshake was correctly aborted). Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> Tested-by: Magnus Kroken <mkroken@gmail.com>
* mbedtls: update to 2.5.1Magnus Kroken2017-06-261-2/+2
| | | | | | | | | | | | | | | Fixes some security issues (no remote exploits), and introduces some changes. See release notes for details: https://tls.mbed.org/tech-updates/releases/mbedtls-2.5.1-2.1.8-and-1.3.20-released * Fixes an unlimited overread of heap-based buffers in mbedtls_ssl_read() * Adds exponent blinding to RSA private operations * Wipes stack buffers in RSA private key operations (rsa_rsaes_pkcs1_v15_decrypt(), rsa_rsaes_oaep_decrypt()) * Removes SHA-1 and RIPEMD-160 from the default hash algorithms for certificate verification. * Fixes offset in FALLBACK_SCSV parsing that caused TLS server to fail to detect it sometimes. * Tighten parsing of RSA PKCS#1 v1.5 signatures, to avoid a potential Bleichenbacher/BERserk-style attack. Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* mbedtls: update to version 2.4.2Hauke Mehrtens2017-03-131-3/+3
| | | | | | | | | This fixes the following security problems: * CVE-2017-2784: Freeing of memory allocated on stack when validating a public key with a secp224k1 curve * SLOTH vulnerability * Denial of Service through Certificate Revocation List Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: add --function-sections and --data-sections to CFLAGSFelix Fietkau2017-02-211-0/+2
| | | | | | | This allows binaries that links these libraries statically to be reduced by using --gc-sections on link Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mbedtls: add static files in staging_dirDomagoj Pintaric2017-01-161-0/+1
| | | | | Signed-off-by: Domagoj Pintaric <domagoj.pintaric@sartura.hr> Signed-off-by: Luka Perkov <luka.perkov@sartura.hr>
* treewide: clean up download hashesFelix Fietkau2016-12-161-1/+1
| | | | | | Replace *MD5SUM with *HASH, replace MD5 hashes with SHA256 Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mbedtls: enable MBEDTLS_DHM_CMagnus Kroken2016-12-121-1/+1
| | | | | | | This option is required by OpenVPN, and OpenVPN 2.4 uses mbedTLS 2.x. DHM_C is also already enabled in the PolarSSL 1.3.x config.h. Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* mbedtls: update to version 2.4.0Hauke Mehrtens2016-12-031-3/+3
| | | | | | This fixes two minor security problems. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: fix missing mbedtls_time_t bug in mbedtls 2.3.0Hauke Mehrtens2016-07-141-1/+1
| | | | | | | This backports a commit from mbedtls current git which adds missing include for platform.h. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: update to version 2.3.0Hauke Mehrtens2016-07-131-2/+2
| | | | | | | This fixes 3 minor security problems. SSLv3 is deactivated by default now. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: update to version 2.2.1Felix Fietkau2016-01-161-2/+2
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48254
* mbedtls: update to version 2.1.3Hauke Mehrtens2015-12-031-2/+2
| | | | | | | | This fixes some non critical bugs. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> SVN-Revision: 47725
* mbedtls: update to version 2.1.2Hauke Mehrtens2015-10-181-2/+2
| | | | | | | | This fixes CVE-2015-5291 and some other smaller security issues. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> SVN-Revision: 47200
* cosmetic: remove trailing whitespacesLuka Perkov2015-10-151-1/+1
| | | | | | Signed-off-by: Luka Perkov <luka@openwrt.org> SVN-Revision: 47197
* mbedtls: package version 2.0, make polarssl compatibleSteven Barth2015-07-241-0/+69
Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 46484