./security/polarssl [SSL library with an intuitive API and readable source code]
[+] Add this package to your ports tracker

[ CVSweb ] [ Homepage ] [ RSS feed ]

Version: 2.16.8, Package name: mbedtls-2.16.8
Maintained by: Bjorn Ketelaars
Master sites:
Description
PolarSSL is a fully featured and standards compliant SSL library offering
server and client functionality (SSLv3, TLSv1.0, TLSv1.1 and TLSv1.2) with
an intuitive API and readable source code. Dual license (GPLv2+/commercial).

Non-standard extensions include: SSL Session Tickets (RFC 5077), Server
Name Indication (SNI) (RFC 6066), Truncated HMAC (RFC 6066), Max Fragment
Length (RFC 6066), and Secure Renegotiation (RFC 5746).

Symmetric algorithms: AES, Blowfish, 3DES, DES, ARC4, Camellia, XTEA
Modes: ECB, CBC, CFB, CTR, GCM
Hashes: MD2, MD4, MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, RIPEMD-160

PolarSSL has its own big number library. Its RSA implementation supports both
PKCS#1 v1.5 and PKCS#1 v2.1 padding. Its ECC implementation supports ECDHE
and ECDSA with various NIST/Koblitz/Brainpool curves and Curve25519.

PolarSSL includes extensive testing (over 6600 validation, regression and
code coverage tests) and uses a continuous integration system to check all
committed code. Automated tests are also done against GnuTLS and OpenSSL.


Filesize: 2600.515 KB
Version History (View Complete History)
  • (2020-09-09) Updated to version: mbedtls-2.16.8
  • (2020-07-03) Updated to version: mbedtls-2.16.7
  • (2020-04-15) Updated to version: mbedtls-2.16.6
  • (2020-02-22) Updated to version: mbedtls-2.16.5
  • (2020-01-31) Updated to version: mbedtls-2.16.4
  • (2019-10-18) Updated to version: mbedtls-2.16.3
  • (2019-06-27) Updated to version: mbedtls-2.16.2
  • (2019-03-29) Updated to version: mbedtls-2.16.1
  • (2019-01-12) Updated to version: mbedtls-2.16.0
  • (2018-12-07) Updated to version: mbedtls-2.14.1
[show/hide] View available PLISTS (Can be a lot of data)

CVS Commit History:

   2020-09-09 02:08:22 by Bjorn Ketelaars | Files touched by this commit (3)
Log message:
Update to mbedtls-2.16.8
Security update that addresses:
- Local side channel attack on RSA and static Diffie-Hellman
- Local side channel attack on classical CBC decryption in (D)TLS
Other changes are listed at
https://github.com/ARMmbed/mbedtls/blob/mbedtls-2.16.8/ChangeLog
Minor of libmbedtls has been bumped because of the addition of a symbol.
OK tb@
   2020-09-09 02:01:32 by Bjorn Ketelaars | Files touched by this commit (5)
Log message:
Update to mbedtls-2.16.8
Security update that addresses:
- Local side channel attack on RSA and static Diffie-Hellman
- Local side channel attack on classical CBC decryption in (D)TLS
Other changes are listed at
https://github.com/ARMmbed/mbedtls/blob/mbedtls-2.16.8/ChangeLog
Minor of libmbedtls has been bumped because of the addition of a symbol.
OK tb@
   2020-07-03 01:38:50 by Bjorn Ketelaars | Files touched by this commit (2)
Log message:
Update to mbedtls-2.16.7
This update includes a fix for a side-channel attack on ECC key import
and validation. Overview on changes can be found at
https://github.com/ARMmbed/mbedtls/releases/tag/mbedtls-2.16.7.
OK inoguchi@
   2020-07-03 01:35:42 by Bjorn Ketelaars | Files touched by this commit (4)
Log message:
Update to mbedtls-2.16.7
This update includes a fix for a side-channel attack on ECC key import
and validation. Overview on changes can be found at
https://github.com/ARMmbed/mbedtls/releases/tag/mbedtls-2.16.7.
OK inoguchi@
   2020-04-15 07:11:53 by Bjorn Ketelaars | Files touched by this commit (2)
Log message:
Update to mbedtls-2.16.6
Fix side channel in ECC code that allowed an adversary with access to
precise enough timing and memory access information to fully recover an
ECDSA private key (CVE-2020-10932).
OK sthen@
   2020-04-15 07:04:41 by Bjorn Ketelaars | Files touched by this commit (3)
Log message:
Update to mbedtls-2.16.6
Fix side channel in ECC code that allowed an adversary with access to
precise enough timing and memory access information to fully recover an
ECDSA private key (CVE-2020-10932).
   2020-02-21 23:40:38 by Bjorn Ketelaars | Files touched by this commit (1)
Log message:
Update to mbedtls-2.16.5
This release fixes a potential memory overread when performing an ECDSA
signature operation. Release notes:
https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.5-and-2.7.14-released.
   2020-02-21 23:38:12 by Bjorn Ketelaars | Files touched by this commit (2)
Log message:
Update to mbedtls-2.16.5
This release fixes a potential memory overread when performing an ECDSA
signature operation. Release notes:
https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.5-and-2.7.14-released.
   2020-01-30 21:22:42 by Bjorn Ketelaars | Files touched by this commit (2)
Log message:
Update to mbedtls-2.16.4
This release fixes a side channel attack on ECDSA (CVE-2019-18222).
Release notes can be found at
https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.4-and-2.7.13-released
Minor of libmbedcrypto has been bumped as a symbol has been added.
OK rsadowski@
   2020-01-30 21:14:43 by Bjorn Ketelaars | Files touched by this commit (4)
Log message:
Update to mbedtls-2.16.4
This release fixes a side channel attack on ECDSA (CVE-2019-18222).
Release notes can be found at
https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.4-and-2.7.13-released
Minor of libmbedcrypto has been bumped as a symbol has been added.
OK rsadowski@
   2019-10-17 22:56:37 by Bjorn Ketelaars | Files touched by this commit (4)
Log message:
Update to mbedtls-2.16.3.
Mbed TLS 2.16.3 is a maintenance release of the Mbed TLS 2.16 branch,
and provides bug fixes and minor enhancements. Overview of changes can
be found at
https://github.com/ARMmbed/mbedtls/releases/tag/mbedtls-2.16.3.
Minor of mbedcrypto has been bumped as symbols have been added.
OK sthen@
   2019-07-12 14:50:18 by Stuart Henderson | Files touched by this commit (845)
Log message:
replace simple PERMIT_PACKAGE_CDROM=Yes with PERMIT_PACKAGE=Yes
   2019-06-26 23:05:49 by Bjorn Ketelaars | Files touched by this commit (4)
Log message:
Update to mbedtls-2.16.2.
Maintenance release. Release notes can be found at
https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.2-and-2.7.11-released
Bump minor of libmbedx509 as symbols have been added.
   2019-03-28 22:39:09 by Bjorn Ketelaars | Files touched by this commit (4)
Log message:
Update to mbedtls-2.16.1.
Maintenance release of the Mbed TLS 2.16 branch. Overview of changes can
be found at https://github.com/ARMmbed/mbedtls/releases
   2019-01-11 23:24:56 by Bjorn Ketelaars | Files touched by this commit (4)
Log message:
Update mbedtls to 2.16.0.
This is the first release in a new long term support branch, which fixes
a couple of bugs, and adds some new features. Changelog can be found at
https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.0-2.7.9-and-2.1.18-released
- Minors of mbedtls and mbedcrypt have been bumped as symbols have been
added
- Tell PORTROACH to follow the LTS branch
- Take maintainership
OK juanfra@
   2018-12-07 11:21:15 by Bjorn Ketelaars | Files touched by this commit (2)
Log message:
Backport security update mbedtls 2.13.0 -> 2.14.1
Fixes CVE-2018-19608
OK jca@
   2018-12-07 06:11:24 by Bjorn Ketelaars | Files touched by this commit (2)
Log message:
Update to mbedtls-2.14.1
Addresses CVE-2018-19608. Bump minor of mbedcrypto as symbols have been
added.
OK kn@, jca@
   2018-11-26 08:18:28 by Bjorn Ketelaars | Files touched by this commit (4)
Log message:
Update to mbedtls-2.14.0.
Bump major number of shared libs, as symbols have been removed.
OK jca@
   2018-10-08 05:58:07 by Antoine Jacoutot | Files touched by this commit (1)
Log message:
Needs python to build.
ok bket@
   2018-10-02 09:13:04 by Bjorn Ketelaars | Files touched by this commit (5)
Log message:
Update to mbedtls-2.13.0.
libmbedtls requires a bump as a symbol has been removed (and new ones
have been added).
OK sthen@
   2018-08-08 06:51:09 by Bjorn Ketelaars | Files touched by this commit (6)
Log message:
Update to mbedtls-2.12.0.
Fixes vulnerabilities in the TLS ciphersuites (CVE-2018-0497 and
CVE-2018-0498). Major number of all SHARED_LIBS have been bumped as
symbols have been removed.
OK sthen@
   2018-05-15 11:42:34 by Bjorn Ketelaars | Files touched by this commit (2)
Log message:
Update to polarssl-2.9.0.
Fixes various security issues, and bugs,
https://tls.mbed.org/tech-updates/releases/mbedtls-2.9.0-2.7.3-and-2.1.12-released
Minor of mbedtls has been bumped as symbols have been added.
OK jca@
   2018-05-15 11:39:19 by Bjorn Ketelaars | Files touched by this commit (4)
Log message:
Update to polarssl-2.9.0.
Fixes various security issues, and bugs,
https://tls.mbed.org/tech-updates/releases/mbedtls-2.9.0-2.7.3-and-2.1.12-released
Minor of mbedtls has been bumped as symbols have been added.
OK jca@
   2018-04-02 12:43:09 by Bjorn Ketelaars | Files touched by this commit (2)
Log message:
Update to mbedtls-2.8.0. Various security fixes, see
https://github.com/ARMmbed/mbedtls/blob/development/ChangeLog
OK jca@
   2018-04-02 11:16:20 by Bjorn Ketelaars | Files touched by this commit (3)
Log message:
Update to mbedtls-2.8.0. Various security fixes, see
https://github.com/ARMmbed/mbedtls/blob/development/ChangeLog
Tested ok on amd64 and sparc64 (jca@). A single test fails on arm (also
happens with 2.7.0).
Minor number of mbedcrypto has been bumped as symbols have been added.
OK jca@
   2018-02-06 03:26:31 by Stuart Henderson | Files touched by this commit (5)
Log message:
update to mbedtls-2.7.0, from Björn Ketelaars. various security fixes, see
https://github.com/ARMmbed/mbedtls/blob/development/ChangeLog
   2016-08-27 01:46:50 by Juan Francisco Cantero Hurtado | Files touched by this commit (2)
Log message:
Enable pthreads support on polarssl. OK jca@.
   2016-03-11 11:13:19 by Christian Weisgerber | Files touched by this commit (6)
Log message:
remove NO_SHARED_LIBS
   2016-01-06 03:59:59 by Stuart Henderson | Files touched by this commit (2)
Log message:
update to mbedtls-2.2.1
   2015-11-11 14:01:44 by Benoit Lecocq | Files touched by this commit (3)
Log message:
Update to mbedtls-2.2.0.
   2015-10-18 07:59:15 by Benoit Lecocq | Files touched by this commit (2)
Log message:
Update to polarssl/mbedtls-2.1.2.
   2015-09-21 05:44:50 by Benoit Lecocq | Files touched by this commit (2)
Log message:
Update to polarssl/mbedtls-2.1.1.
   2015-09-12 14:30:00 by Stuart Henderson | Files touched by this commit (4)
Log message:
update to polarssl/mbedtls-2.1.0
   2015-06-29 14:33:28 by Stuart Henderson | Files touched by this commit (1)
Log message:
update HOMEPAGE/MASTER_SITES (polarssl -> tls.mbed.org)
   2015-06-10 03:28:08 by Benoit Lecocq | Files touched by this commit (3)
Log message:
Update to mbedtls-1.3.11.
ok sthen@
   2015-02-11 07:07:29 by Stuart Henderson | Files touched by this commit (1)
Log message:
fix paths
   2015-02-11 04:13:27 by Stuart Henderson | Files touched by this commit (1)
Log message:
missed cvs rm
   2015-02-10 05:21:55 by Stuart Henderson | Files touched by this commit (4)
Log message:
Update to mbedtls 1.3.10 (the name changed). This version is still under GPL
but a forthcoming version moves to the Apache license.
   2015-01-20 02:47:47 by Stuart Henderson | Files touched by this commit (2)
Log message:
Patch PolarSSL for CVE-2015-1182.
An error during parsing of an ASN.1 sequence (triggerable during certificate
parsing) results in an uninitialized pointer being freed.
https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04
   2014-11-05 02:40:05 by David Coppa | Files touched by this commit (2)
Log message:
Respect our CFLAGS and remove default optimizations
   2014-11-04 12:45:41 by Stuart Henderson | Files touched by this commit (3)
Log message:
update to polarssl 1.3.9, security fixes (but note that nothing in the ports
tree currently uses this library)
* Lowest common hash was selected from signature_algorithms extension in
TLS 1.2 (found by Darren Bane) (introduced in 1.3.8).
* Remotely-triggerable memory leak when parsing some X.509 certificates
(server is not affected if it doesn't ask for a client certificate)
(found using Codenomicon Defensics).
* Remotely-triggerable memory leak when parsing crafted ClientHello
(not affected if ECC support was compiled out) (found using Codenomicon
Defensics).