aboutsummaryrefslogtreecommitdiffstats
path: root/package/libs/mbedtls
Commit message (Collapse)AuthorAgeFilesLines
* mbedtls: Update to version 2.16.12Hauke Mehrtens2022-02-121-2/+2
| | | | | | | | | | | | | | | | | | | | | This fixes the following security problems: * Zeroize several intermediate variables used to calculate the expected value when verifying a MAC or AEAD tag. This hardens the library in case the value leaks through a memory disclosure vulnerability. For example, a memory disclosure vulnerability could have allowed a man-in-the-middle to inject fake ciphertext into a DTLS connection. * Fix a double-free that happened after mbedtls_ssl_set_session() or mbedtls_ssl_get_session() failed with MBEDTLS_ERR_SSL_ALLOC_FAILED (out of memory). After that, calling mbedtls_ssl_session_free() and mbedtls_ssl_free() would cause an internal session buffer to be free()'d twice. CVE-2021-44732 The sizes of the ipk changed on MIPS 24Kc like this: 182454 libmbedtls12_2.16.11-2_mips_24kc.ipk 182742 libmbedtls12_2.16.12-1_mips_24kc.ipk Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 57f38e2c827e3be71d8b1709073e366afe011985)
* mbedtls: update to 2.16.11Rosen Penev2021-08-081-3/+3
| | | | | | | | | | Switched to AUTORELEASE to avoid manual increments. Release notes: https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.11 Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit fcfd741eb83520e496eb09de5f8b2f2b62792a80)
* mbedtls: update to 2.16.10Magnus Kroken2021-03-212-13/+13
| | | | | | | | | | | | | | | | | | | | This release of Mbed TLS provides bug fixes and minor enhancements. This release includes fixes for security issues. Security fixes: * Fix a buffer overflow in mbedtls_mpi_sub_abs() * Fix an errorneous estimation for an internal buffer in mbedtls_pk_write_key_pem() * Fix a stack buffer overflow with mbedtls_net_poll() and mbedtls_net_recv_timeout() * Guard against strong local side channel attack against base64 tables by making access aceess to them use constant flow code Full release announcement: https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.10 Signed-off-by: Magnus Kroken <mkroken@gmail.com> (cherry picked from commit dbde2bcf60b5d5f54501a4b440f25fe7d02fbe5d)
* mbedtls: update to 2.16.9Rosen Penev2021-01-181-2/+2
| | | | Signed-off-by: Rosen Penev <rosenp@gmail.com>
* mbedtls: add config option to compile with hkdfEtan Kissling2021-01-141-1/+18
| | | | | | | This adds a config option to allow compiling with HKDF algorithm support to support applications that require this feature. Signed-off-by: Etan Kissling <etan_kissling@apple.com>
* mbedtls: update to 2.16.8Magnus Kroken2020-09-022-25/+25
| | | | | | | | | | | | | | | | | This release of Mbed TLS provides bug fixes and minor enhancements. This release includes fixes for security issues and the most notable of them are described in more detail in the security advisories. * Local side channel attack on RSA and static Diffie-Hellman * Local side channel attack on classical CBC decryption in (D)TLS * When checking X.509 CRLs, a certificate was only considered as revoked if its revocationDate was in the past according to the local clock if available. Full release announcement: https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.8 Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* mbedtls: update to 2.16.7Magnus Kroken2020-08-242-27/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Mbed TLS 2.16.7 is a maintenance release of the Mbed TLS 2.16 branch, and provides bug fixes and minor enhancements. This release includes fixes for security issues and the most severe one is described in more detail in a security advisory: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-07 * Fix a side channel vulnerability in modular exponentiation that could reveal an RSA private key used in a secure enclave. * Fix side channel in mbedtls_ecp_check_pub_priv() and mbedtls_pk_parse_key() / mbedtls_pk_parse_keyfile() (when loading a private key that didn't include the uncompressed public key), as well as mbedtls_ecp_mul() / mbedtls_ecp_mul_restartable() when called with a NULL f_rng argument. An attacker with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave) could fully recover the ECC private key. * Fix issue in Lucky 13 counter-measure that could make it ineffective when hardware accelerators were used (using one of the MBEDTLS_SHAxxx_ALT macros). Due to Mbed TLS moving from ARMmbed to the Trusted Firmware project, some changes to the download URLs are required. For the time being, the ARMmbed/mbedtls Github repository is the canonical source for Mbed TLS. Signed-off-by: Magnus Kroken <mkroken@gmail.com> [Use https://codeload.github.com and new tar.gz file] Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: update to 2.16.6Magnus Kroken2020-04-171-2/+2
| | | | | | | | | | | | Security fixes for: * CVE-2020-10932 * a potentially remotely exploitable buffer overread in a DTLS client * bug in DTLS handling of new associations with the same parameters Full release announement: https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* mbedtls: use correct SPDX License Identifier and add License fileJosef Schlehofer2020-02-241-1/+2
| | | | | | | | | | License "GPL-2.0+" is deprecated License Identifier according to SPDX License list [1]. The correct one is GPL-2.0-or-later. While at it, also add the License file. [1] https://spdx.org/licenses/ Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
* mbedtls: update to version 2.16.5Josef Schlehofer2020-02-241-2/+2
| | | | | | | | | | Changelog: https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.5-and-2.7.14-released Security advisory: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-02 Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
* mbedtls: update to 2.16.4Magnus Kroken2020-01-262-24/+24
| | | | | | | | | | | | | | | Fixes side channel vulnerabilities in mbed TLS' implementation of ECDSA. Release announcement: https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.4-and-2.7.13-released Security advisory: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12 Fixes: * CVE-2019-18222: Side channel attack on ECDSA Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* mbedtls: update to 2.16.3Magnus Kroken2019-09-203-52/+25
| | | | | | | Remove 300-bn_mul.h-Use-optimized-MULADDC-code-only-on-ARM-6.patch, the issue has been fixed upstream. Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* mbedtls: Update to version 2.16.2Josef Schlehofer2019-06-241-2/+2
| | | | Signed-off-by: Josef Schlehofer <josef.schlehofer@nic.cz>
* mbedtls: update to version 2.16.1Josef Schlehofer2019-04-063-28/+28
| | | | | | | Refreshed patches Signed-off-by: Josef Schlehofer <josef.schlehofer@nic.cz> Tested-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* mbedtls: Kconfig option to enable/disable debug functionsMichael Heimpold2019-01-272-10/+28
| | | | | | | | | | | | | | | | | | | | | This introduces a new Kconfig option to switch on/off mbedtls' support for debug functions. The idea behind is to inspect TLS traffic with Wireshark for debug purposes. At the moment, there is no native or 'nice' support for this, but at https://github.com/Lekensteyn/mbedtls/commit/68aea15833e1ac9290b8f52a4223fb4585fb3986 an example implementation can be found which uses the debug functions of the library. However, this requires to have this debug stuff enabled in the library, but at the moment it is staticly patched out. So this patch removes the static part from the configuration patch and introduces a dynamic config file editing during build. When enabled, this heavily increases the library size, so I added a warning in the Kconfig help section. Signed-off-by: Michael Heimpold <mhei@heimpold.de>
* mbedtls: update to 2.16.0Deng Qingfang2019-01-272-27/+27
| | | | | | | | Refresh patch https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.0-2.7.9-and-2.1.18-released Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
* treewide: revise library packagingJo-Philipp Wich2019-01-241-2/+2
| | | | | | | | | | | - Annotate versionless libraries (such as libubox, libuci etc.) with a fixed ABI_VERSION resembling the source date of the last incompatible change - Annotate packages shipping versioned library objects with ABI_VERSION - Stop shipping unversioned library symlinks for packages with ABI_VERSION Ref: https://openwrt.org/docs/guide-developer/package-policies#shared_libraries Ref: https://github.com/KanjiMonster/maintainer-tools/blob/master/check-abi-versions.pl Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* packages: set more explicit ABI_VERSION valuesJo-Philipp Wich2019-01-191-1/+1
| | | | | | | | | | | | | | | | | | | | | | In the case of upstream libraries, set the ABI_VERSION variable to the soname value of the first version version after the last backwards incompatible change. For custom OpenWrt libraries, set the ABI_VERSION to the date of the last Git commit doing backwards incompatible changes to the source, such as changing function singatures or dropping exported symbols. The soname values have been determined by either checking https://abi-laboratory.pro/index.php?view=tracker or - in the case of OpenWrt libraries - by carefully reviewing the changes made to header files thorough the corresponding Git history. In the future, the ABI_VERSION values must be bumped whenever the library is updated to an incpompatible version but not with every package update, in order to reduce the dependency churn in the binary package repository. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* mbedtls: fix compilation on ARM < 6Hauke Mehrtens2018-12-161-0/+27
| | | | | | | | mbedtls uses some instructions introduced in ARMv6 which are not available in older architectures. Fixes: 3f7dd06fd85 ("mbedtls: Update to 2.14.1") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: Update to 2.14.1Daniel Engberg2018-12-162-26/+26
| | | | | | | | | | | Update mbedtls to 2.14.1 This fixes: * CVE-2018-19608: Local timing attack on RSA decryption Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net> [Update to 2.14.1] Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: update to 2.13.0Magnus Kroken2018-09-221-2/+2
| | | | | | | | * Fixed a security issue in the X.509 module which could lead to a buffer overread during certificate extensions parsing. * Several bugfixes. * Improvements for better support for DTLS on low-bandwidth, high latency networks with high packet loss. Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* mbedtls: Update to 2.12.0Daniel Engberg2018-07-302-28/+28
| | | | | | | | | | | | | | | Update mbedtls to 2.12.0 Multiple security fixes Add support for Chacha20 and Poly1305 cryptographic primitives and their associated ciphersuites Difference in size on mips_24kc (ipk): 164kbytes (167882 bytes) 170kbytes (173563 bytes) https://tls.mbed.org/tech-updates/releases/mbedtls-2.12.0-2.7.5-and-2.1.14-released Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* mbedtls: Activate deterministic ECDSAHauke Mehrtens2018-07-071-18/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | With deterministic ECDSA the value k needed for the ECDSA signature is not randomly generated any more, but generated from a hash over the private key and the message to sign. If the value k used in a ECDSA signature or the relationship between the two values k used in two different ECDSA signatures over the same content is know to an attacker he can derive the private key pretty easily. Using deterministic ECDSA as defined in the RFC6979 removes this problem by deriving the value k deterministically from the private key and the content which gets signed. The resulting signature is still compatible to signatures generated not deterministic. This increases the size of the ipk on mips 24Kc by about 2 KByte. old: 166.240 libmbedtls_2.11.0-1_mips_24kc.ipk new: 167.811 libmbedtls_2.11.0-1_mips_24kc.ipk This does not change the ECDSA performance in a measurable way. Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: Disable MBEDTLS_SHA256_SMALLER implementationDaniel Engberg2018-07-071-9/+0
| | | | | | | | | | | | | | | | | | | | | | | | Disable MBEDTLS_SHA256_SMALLER implementation, not enabled by default in upstream and reduces performance by quite a bit. Source: include/mbedtls/config.h Enable an implementation of SHA-256 that has lower ROM footprint but also lower performance. The default implementation is meant to be a reasonnable compromise between performance and size. This version optimizes more aggressively for size at the expense of performance. Eg on Cortex-M4 it reduces the size of mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about 30%. The size of mbedtls increased a little bit: ipkg for mips_24kc before: 164.382 Bytes ipkg for mips_24kc after: 166.240 Bytes Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* mbedtls: Update to 2.11.0Daniel Engberg2018-07-072-28/+54
| | | | | | | | | | | | | | | | Update mbed TLS to 2.11.0 Disable OFB block mode and XTS block cipher mode, added in 2.11.0. The soVersion of mbedtls changed, bump PKG_RELEASE for packages that use mbedTLS This is to avoid having a mismatch between packages when upgrading. The size of mbedtls increased a little bit: ipkg for mips_24kc before: 163.846 Bytes ipkg for mips_24kc after: 164.382 Bytes Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* mbedtls: cleanup config patchDaniel Engberg2018-07-071-35/+28
| | | | | | | Clean up patch, use "//" consistently. Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: Cosmetic cleanupsDaniel Engberg2018-06-181-1/+1
| | | | | | | | | | | | | This is more of a cosmetic change and a reminder that the CMake script hardcodes -O2. Source: https://github.com/ARMmbed/mbedtls/blob/mbedtls-2.7/CMakeLists.txt#L73 https://github.com/ARMmbed/mbedtls/blob/master/CMakeLists.txt#L97 Remove the release type option as it's already provided by the toolchain. Source: https://github.com/openwrt/openwrt/blob/master/include/cmake.mk#L50 Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* mbedtls: Deactivate platform abstractionHauke Mehrtens2018-05-221-0/+9
| | | | | | | | This makes mbedtls use the POSIX API directly and not use the own abstraction layer. The size of the ipkg decreased by about 100 bytes. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: Activate the session cacheHauke Mehrtens2018-05-221-10/+0
| | | | | | | | | | This make sit possible to store informations about a session and reuse it later. When used by a server it increases the time to create a new TLS session from about 1 second to less than 0.1 seconds. The size of the ipkg file increased by about 800 Bytes. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: update to version 2.9.0Hauke Mehrtens2018-05-222-27/+30
| | | | | | | | The soversion was changed in this version again and is now aligned with the 2.7.2 version. The size of the ipkg file stayed mostly the same. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* package/libs/mbedtls: add package with some mbedtls binaries.Paul Wassi2018-03-311-2/+23
| | | | | | Add some basic binaries required for private key and CSR generation. Signed-off-by: Paul Wassi <p.wassi@gmx.at>
* mbedtls: update to version 2.8.0Hauke Mehrtens2018-03-312-20/+20
| | | | | | | | | | | | This fixes some minor security problems. Old size: 162262 bin/packages/mips_24kc/base/libmbedtls_2.7.0-1_mips_24kc.ipk New size: 163162 bin/packages/mips_24kc/base/libmbedtls_2.8.0-1_mips_24kc.ipk Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: activate deprecated functionsHauke Mehrtens2018-02-161-9/+0
| | | | | | | | | Some functions used by a lot of other software was renamed and is only active when deprecated functions are allowed, deactivate the removal of deprecated functions for now. Fixes: 75c5ab4caf9 ("mbedtls: update to version 2.7.0") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: update to version 2.7.0Hauke Mehrtens2018-02-152-41/+39
| | | | | | | | This fixes the following security problems: * CVE-2018-0488: Risk of remote code execution when truncated HMAC is enabled * CVE-2018-0487: Risk of remote code execution when verifying RSASSA-PSS signatures Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* add PKG_CPE_ID ids to package and toolsAlexander Couzens2017-11-171-0/+1
| | | | | | | | | | | CPE ids helps to tracks CVE in packages. https://cpe.mitre.org/specification/ Thanks to swalker for CPE to package mapping and keep tracking CVEs. Acked-by: Jo-Philipp Wich <jo@mein.io> Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
* mbedtls: update to 2.6.0 CVE-2017-14032Kevin Darbyshire-Bryant2017-09-112-28/+28
| | | | | | | | | | | | | | | Fixed an authentication bypass issue in SSL/TLS. When the TLS authentication mode was set to 'optional', mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA intermediates (default: 8), even when it was not trusted. This could be triggered remotely on both the client and server side. (Note, with the authentication mode set by mbedtls_ssl_conf_authmode()to be 'required' (the default), the handshake was correctly aborted). Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> Tested-by: Magnus Kroken <mkroken@gmail.com>
* mbedtls: update to 2.5.1Magnus Kroken2017-06-262-27/+27
| | | | | | | | | | | | | | | Fixes some security issues (no remote exploits), and introduces some changes. See release notes for details: https://tls.mbed.org/tech-updates/releases/mbedtls-2.5.1-2.1.8-and-1.3.20-released * Fixes an unlimited overread of heap-based buffers in mbedtls_ssl_read() * Adds exponent blinding to RSA private operations * Wipes stack buffers in RSA private key operations (rsa_rsaes_pkcs1_v15_decrypt(), rsa_rsaes_oaep_decrypt()) * Removes SHA-1 and RIPEMD-160 from the default hash algorithms for certificate verification. * Fixes offset in FALLBACK_SCSV parsing that caused TLS server to fail to detect it sometimes. * Tighten parsing of RSA PKCS#1 v1.5 signatures, to avoid a potential Bleichenbacher/BERserk-style attack. Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* mbedtls: update to version 2.4.2Hauke Mehrtens2017-03-132-4/+4
| | | | | | | | | This fixes the following security problems: * CVE-2017-2784: Freeing of memory allocated on stack when validating a public key with a secp224k1 curve * SLOTH vulnerability * Denial of Service through Certificate Revocation List Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: add --function-sections and --data-sections to CFLAGSFelix Fietkau2017-02-211-0/+2
| | | | | | | This allows binaries that links these libraries statically to be reduced by using --gc-sections on link Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mbedtls: add static files in staging_dirDomagoj Pintaric2017-01-161-0/+1
| | | | | Signed-off-by: Domagoj Pintaric <domagoj.pintaric@sartura.hr> Signed-off-by: Luka Perkov <luka.perkov@sartura.hr>
* mbedtls: re-enable CFB supportFelix Fietkau2017-01-091-9/+0
| | | | | | It is safe and required by some software, e.g. shadowsocks Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mbedtls: re-enable RC4 support (needed by transmission and others)Felix Fietkau2017-01-081-9/+0
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mbedtls: enable DHE-RSA key exchangeMagnus Kroken2016-12-301-9/+0
| | | | | | | | | | | | Later OpenVPN 2.3-openssl versions only enable TLS cipher suites with perfect forward secrecy, i.e. DHE and ECDHE cipher suites. ECDHE key exchange is not supported by OpenVPN 2.3-openssl, enable DHE key exchange to allow LEDE OpenVPN 2.4-mbedtls clients to connect to such servers. Signed-off-by: Magnus Kroken <mkroken@gmail.com> Reported-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com> Reported-by: Lucian Cristian <luci@createc.ro>
* mbedtls: enable secp384r1 elliptic curve supportMagnus Kroken2016-12-301-2/+1
| | | | | | | | | Secp384r1 is the default curve for OpenVPN 2.4+. Enable this to make OpenVPN-mbedtls clients able to perform ECDHE key exchange with remote OpenVPN 2.4-openssl servers that use the default OpenVPN curve. Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* mbedtls: enable support for external private RSA keys to fix openvpn build issueFelix Fietkau2016-12-281-9/+0
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* treewide: clean up download hashesFelix Fietkau2016-12-161-1/+1
| | | | | | Replace *MD5SUM with *HASH, replace MD5 hashes with SHA256 Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mbedtls: tune config to reduce size and improve performanceFelix Fietkau2016-12-121-5/+43
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mbedtls: sync with polarssl configFelix Fietkau2016-12-121-9/+80
| | | | | | | One of those changes is re-enabling blowfish support to make openvpn-mbedtls compatible with common configurations Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mbedtls: enable MBEDTLS_DHM_CMagnus Kroken2016-12-122-10/+1
| | | | | | | This option is required by OpenVPN, and OpenVPN 2.4 uses mbedTLS 2.x. DHM_C is also already enabled in the PolarSSL 1.3.x config.h. Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* mbedtls: update to version 2.4.0Hauke Mehrtens2016-12-033-46/+25
| | | | | | This fixes two minor security problems. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>