hsist
/
freifunkist-firmware
6
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

mbedtls: update to 2.5.1

Browse Source 
Fixes some security issues (no remote exploits), and introduces
some changes. See release notes for details:
https://tls.mbed.org/tech-updates/releases/mbedtls-2.5.1-2.1.8-and-1.3.20-released

* Fixes an unlimited overread of heap-based buffers in mbedtls_ssl_read()
* Adds exponent blinding to RSA private operations
* Wipes stack buffers in RSA private key operations (rsa_rsaes_pkcs1_v15_decrypt(), rsa_rsaes_oaep_decrypt())
* Removes SHA-1 and RIPEMD-160 from the default hash algorithms for certificate verification.
* Fixes offset in FALLBACK_SCSV parsing that caused TLS server to fail to detect it sometimes.
* Tighten parsing of RSA PKCS#1 v1.5 signatures, to avoid a potential Bleichenbacher/BERserk-style attack.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
master
Magnus Kroken 8 years ago committed by Jo-Philipp Wich
parent d98cafc7b6
commit 329f6a96b7
2 changed files with 27 additions and 27 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 4
      package/libs/mbedtls/Makefile
  2. 50
      package/libs/mbedtls/patches/200-config.patch

4
package/libs/mbedtls/Makefile
Unescape View File

@ -8,13 +8,13 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=mbedtls PKG_NAME:=mbedtls
PKG_VERSION:=2.4.2 PKG_VERSION:=2.5.1
PKG_RELEASE:=1 PKG_RELEASE:=1
PKG_USE_MIPS16:=0 PKG_USE_MIPS16:=0
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-gpl.tgz PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-gpl.tgz
PKG_SOURCE_URL:=https://tls.mbed.org/download/ PKG_SOURCE_URL:=https://tls.mbed.org/download/
PKG_HASH:=d01f2d5586a52055329d194d909103f445bd2d0b6b2b5f1c830fbf828ac6299f PKG_HASH:=312f020006f0d8e9ede3ed8e73d907a629baf6475229703941769372ab0adee2
PKG_BUILD_PARALLEL:=1 PKG_BUILD_PARALLEL:=1
PKG_LICENSE:=GPL-2.0+ PKG_LICENSE:=GPL-2.0+

50
package/libs/mbedtls/patches/200-config.patch
Unescape View File

@ -9,7 +9,7 @@
/* \} name SECTION: System support */ /* \} name SECTION: System support */
@@ -441,17 +441,17 @@ @@ -504,17 +504,17 @@
* *
* Comment macros to disable the curve and functions for it * Comment macros to disable the curve and functions for it
*/ */
@ -35,7 +35,7 @@
#define MBEDTLS_ECP_DP_CURVE25519_ENABLED #define MBEDTLS_ECP_DP_CURVE25519_ENABLED
/** /**
@@ -476,8 +476,8 @@ @@ -539,8 +539,8 @@
* Requires: MBEDTLS_HMAC_DRBG_C * Requires: MBEDTLS_HMAC_DRBG_C
* *
* Comment this macro to disable deterministic ECDSA. * Comment this macro to disable deterministic ECDSA.
@ -45,7 +45,7 @@
/** /**
* \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
@@ -523,7 +523,7 @@ @@ -586,7 +586,7 @@
* MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
*/ */
@ -54,7 +54,7 @@
/** /**
* \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
@@ -542,8 +542,8 @@ @@ -605,8 +605,8 @@
* MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
* MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
@ -64,7 +64,7 @@
/** /**
* \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
@@ -568,7 +568,7 @@ @@ -631,7 +631,7 @@
* MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
*/ */
@ -73,7 +73,7 @@
/** /**
* \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
@@ -695,7 +695,7 @@ @@ -758,7 +758,7 @@
* MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
*/ */
@ -82,7 +82,7 @@
/** /**
* \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
@@ -719,7 +719,7 @@ @@ -782,7 +782,7 @@
* MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
*/ */
@ -91,7 +91,7 @@
/** /**
* \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
@@ -823,7 +823,7 @@ @@ -886,7 +886,7 @@
* This option is only useful if both MBEDTLS_SHA256_C and * This option is only useful if both MBEDTLS_SHA256_C and
* MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used. * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used.
*/ */
@ -100,7 +100,7 @@
/** /**
* \def MBEDTLS_ENTROPY_NV_SEED * \def MBEDTLS_ENTROPY_NV_SEED
@@ -917,14 +917,14 @@ @@ -980,14 +980,14 @@
* Uncomment this macro to disable the use of CRT in RSA. * Uncomment this macro to disable the use of CRT in RSA.
* *
*/ */
@ -117,7 +117,7 @@
/** /**
* \def MBEDTLS_SHA256_SMALLER * \def MBEDTLS_SHA256_SMALLER
@@ -940,7 +940,7 @@ @@ -1003,7 +1003,7 @@
* *
* Uncomment to enable the smaller implementation of SHA256. * Uncomment to enable the smaller implementation of SHA256.
*/ */
@ -126,7 +126,7 @@
/** /**
* \def MBEDTLS_SSL_ALL_ALERT_MESSAGES * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES
@@ -1059,8 +1059,8 @@ @@ -1122,8 +1122,8 @@
* misuse/misunderstand. * misuse/misunderstand.
* *
* Comment this to disable support for renegotiation. * Comment this to disable support for renegotiation.
@ -136,7 +136,7 @@
/** /**
* \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
@@ -1234,8 +1234,8 @@ @@ -1297,8 +1297,8 @@
* callbacks are provided by MBEDTLS_SSL_TICKET_C. * callbacks are provided by MBEDTLS_SSL_TICKET_C.
* *
* Comment this macro to disable support for SSL session tickets * Comment this macro to disable support for SSL session tickets
@ -146,7 +146,7 @@
/** /**
* \def MBEDTLS_SSL_EXPORT_KEYS * \def MBEDTLS_SSL_EXPORT_KEYS
@@ -1265,7 +1265,7 @@ @@ -1328,7 +1328,7 @@
* *
* Comment this macro to disable support for truncated HMAC in SSL * Comment this macro to disable support for truncated HMAC in SSL
*/ */
@ -155,7 +155,7 @@
/** /**
* \def MBEDTLS_THREADING_ALT * \def MBEDTLS_THREADING_ALT
@@ -1299,8 +1299,8 @@ @@ -1362,8 +1362,8 @@
* Requires: MBEDTLS_VERSION_C * Requires: MBEDTLS_VERSION_C
* *
* Comment this to disable run-time checking and save ROM space * Comment this to disable run-time checking and save ROM space
@ -165,7 +165,7 @@
/** /**
* \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
@@ -1621,7 +1621,7 @@ @@ -1684,7 +1684,7 @@
* MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
*/ */
@ -174,7 +174,7 @@
/** /**
* \def MBEDTLS_CCM_C * \def MBEDTLS_CCM_C
@@ -1635,7 +1635,7 @@ @@ -1698,7 +1698,7 @@
* This module enables the AES-CCM ciphersuites, if other requisites are * This module enables the AES-CCM ciphersuites, if other requisites are
* enabled as well. * enabled as well.
*/ */
@ -183,7 +183,7 @@
/** /**
* \def MBEDTLS_CERTS_C * \def MBEDTLS_CERTS_C
@@ -1647,7 +1647,7 @@ @@ -1710,7 +1710,7 @@
* *
* This module is used for testing (ssl_client/server). * This module is used for testing (ssl_client/server).
*/ */
@ -192,7 +192,7 @@
/** /**
* \def MBEDTLS_CIPHER_C * \def MBEDTLS_CIPHER_C
@@ -1700,7 +1700,7 @@ @@ -1763,7 +1763,7 @@
* *
* This module provides debugging functions. * This module provides debugging functions.
*/ */
@ -201,7 +201,7 @@
/** /**
* \def MBEDTLS_DES_C * \def MBEDTLS_DES_C
@@ -1725,8 +1725,8 @@ @@ -1788,8 +1788,8 @@
* MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
* *
* PEM_PARSE uses DES/3DES for decrypting encrypted keys. * PEM_PARSE uses DES/3DES for decrypting encrypted keys.
@ -211,7 +211,7 @@
/** /**
* \def MBEDTLS_DHM_C * \def MBEDTLS_DHM_C
@@ -1880,8 +1880,8 @@ @@ -1943,8 +1943,8 @@
* Requires: MBEDTLS_MD_C * Requires: MBEDTLS_MD_C
* *
* Uncomment to enable the HMAC_DRBG random number geerator. * Uncomment to enable the HMAC_DRBG random number geerator.
@ -221,7 +221,7 @@
/** /**
* \def MBEDTLS_MD_C * \def MBEDTLS_MD_C
@@ -2158,7 +2158,7 @@ @@ -2221,7 +2221,7 @@
* Caller: library/md.c * Caller: library/md.c
* *
*/ */
@ -230,7 +230,7 @@
/** /**
* \def MBEDTLS_RSA_C * \def MBEDTLS_RSA_C
@@ -2235,8 +2235,8 @@ @@ -2299,8 +2299,8 @@
* Caller: * Caller:
* *
* Requires: MBEDTLS_SSL_CACHE_C * Requires: MBEDTLS_SSL_CACHE_C
@ -240,7 +240,7 @@
/** /**
* \def MBEDTLS_SSL_COOKIE_C * \def MBEDTLS_SSL_COOKIE_C
@@ -2257,8 +2257,8 @@ @@ -2321,8 +2321,8 @@
* Caller: * Caller:
* *
* Requires: MBEDTLS_CIPHER_C * Requires: MBEDTLS_CIPHER_C
@ -250,7 +250,7 @@
/** /**
* \def MBEDTLS_SSL_CLI_C * \def MBEDTLS_SSL_CLI_C
@@ -2357,8 +2357,8 @@ @@ -2421,8 +2421,8 @@
* Module: library/version.c * Module: library/version.c
* *
* This module provides run-time version information. * This module provides run-time version information.
@ -260,7 +260,7 @@
/** /**
* \def MBEDTLS_X509_USE_C * \def MBEDTLS_X509_USE_C
@@ -2468,7 +2468,7 @@ @@ -2532,7 +2532,7 @@
* Module: library/xtea.c * Module: library/xtea.c
* Caller: * Caller:
*/ */

Write Preview
Loading…
Cancel
Save