Libraries for crypto and SSL/TLS protocols
https://tls.mbed.org
mbedtls implements the SSL3, TLS 1.0, 1.1 and 1.2 protocols. It
supports a number of extensions such as SSL Session Tickets (RFC
5077), Server Name Indication (SNI) (RFC 6066), Truncated HMAC (RFC
6066), Max Fragment Length (RFC 6066), Secure Renegotiation (RFC
5746) and Application Layer Protocol Negotiation (ALPN). It
understands the RSA, (EC)DH(E)-RSA, (EC)DH(E)-PSK and RSA-PSK key
exchanges.
- Devel package for openSUSE:Factory
-
5
derived packages
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout security:tls/mbedtls && cd $_
- Create Badge
Refresh
Refresh
Source Files
Filename | Size | Changed |
---|---|---|
_link | 0000000210 210 Bytes | |
mbedtls-2.14.1-apache.tgz | 0002468132 2.35 MB | |
project.diff | 0000014770 14.4 KB |
Revision 4 (latest revision is 50)
Tomáš Chvátal (scarabeus_iv)
accepted
request 657220
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 4)
- Library package version bumped to libmbedtls12 - Update to version 2.14.1: [bsc#1118727, CVE-2018-19608] Security * Fix timing variations and memory access variations in RSA PKCS#1 v1.5 decryption that could lead to a Bleichenbacher-style padding oracle attack. In TLS, this affects servers that accept ciphersuites based on RSA decryption (i.e. ciphersuites whose name contains RSA but not (EC)DH(E)). Discovered by Eyal Ronen (Weizmann Institute), Robert Gillham (University of Adelaide), Daniel Genkin (University of Michigan), Adi Shamir (Weizmann Institute), David Wong (NCC Group), and Yuval Yarom (University of Adelaide, Data61). The attack is described in more detail in the paper available here: http://cat.eyalro.net/cat.pdf CVE-2018-19608 * In mbedtls_mpi_write_binary(), don't leak the exact size of the number via branching and memory access patterns. An attacker who could submit a plaintext for RSA PKCS#1 v1.5 decryption but only observe the timing of the decryption and not its result could nonetheless decrypt RSA plaintexts and forge RSA signatures. Other asymmetric algorithms may have been similarly vulnerable. Reported by Eyal Ronen, Robert Gillham, Daniel Genkin, Adi Shamir, David Wong and Yuval Yarom. * Wipe sensitive buffers on the stack in the CTR_DRBG and HMAC_DRBG modules. API Changes * The new functions mbedtls_ctr_drbg_update_ret() and mbedtls_hmac_drbg_update_ret() are similar to mbedtls_ctr_drbg_update() and mbedtls_hmac_drbg_update() respectively, but the new functions report errors whereas the old functions return void. We recommend that applications use the new functions. - Version 2.14.0: Security
Comments 0