mbedtls-devel - Open Source embedded SSL/TLS cryptographic library

Property Value
Distribution openSUSE Leap 42.2
Repository openSUSE Update Oss all
Package name mbedtls-devel
Package version 1.3.19
Package release 15.1
Package architecture x86_64
Package type rpm
Installed size 685.05 KB
Download size 120.64 KB
Official Mirror ftp.gwdg.de
A portable, easy to use, readable and flexible SSL library.


Package Version Architecture Repository
mbedtls-devel-1.3.19-16.1.x86_64.rpm 1.3.19 x86_64 openSUSE Update Oss
mbedtls-devel-1.3.17-13.1.x86_64.rpm 1.3.17 x86_64 openSUSE Oss
mbedtls-devel - - -


Name Value
libmbedtls9 = 1.3.19-15.1


Name Value
libpolarssl-devel = 1.3.19
mbedtls-devel = 1.3.19-15.1
mbedtls-devel(x86-64) = 1.3.19-15.1
polarssl-devel = 1.3.19


Name Value
libpolarssl-devel < 1.3.19
polarssl-devel < 1.3.19


Type URL
Binary Package mbedtls-devel-1.3.19-15.1.x86_64.rpm
Source Package mbedtls-1.3.19-15.1.src.rpm

Install Howto

Install mbedtls-devel rpm package:

# zypper install mbedtls-devel




2017-03-11 - mpluskal@suse.com
- Update to version 1.3.19 (boo#1029017):
* Add checks to prevent signature forgeries for very large messages while
using RSA through the PK module in 64-bit systems. The issue was caused by
some data loss when casting a size_t to an unsigned int value in the
functions rsa_verify_wrap(), rsa_sign_wrap(), rsa_alt_sign_wrap() and
pk_sign(). Found by Jean-Philippe Aumasson.
* Fixed potential livelock during the parsing of a CRL in PEM format in
mbedtls_x509_crl_parse(). A string containing a CRL followed by trailing
characters after the footer could result in the execution of an infinite
loop. The issue can be triggered remotely. Found by Greg Zaverucha,
* Fixed a bug that caused freeing a buffer that was allocated on the stack,
when verifying the validity of a key on secp224k1. This could be
triggered remotely for example with a maliciously constructed certificate
and potentially could lead to remote code execution on some platforms.
Reported independently by rongsaws and Aleksandar Nikolic, Cisco Talos
team. #569 CVE-2017-2784
2016-07-14 - mpluskal@suse.com
- Update to version 1.3.17 (boo#988956):
* Security
+ Fix missing padding length check in
mbedtls_rsa_rsaes_pkcs1_v15_decrypt required by PKCS1 v2.2
+ Fix a potential integer underflow to buffer overread in
mbedtls_rsa_rsaes_oaep_decrypt. It is not triggerable
remotely in SSL/TLS.
+ Fix potential integer overflow to buffer overflow in
mbedtls_rsa_rsaes_pkcs1_v15_encrypt and
* Bugfix
+ Fix bug in mbedtls_mpi_add_mpi() that caused wrong results
when the three arguments where the same (in-place doubling).
Found and fixed by Janos Follath. #309
+ Fix issue in Makefile that prevented building using armar.
+ Fix issue that caused a hang up when generating RSA keys of
odd bitlength
+ Fix bug in mbedtls_rsa_rsaes_pkcs1_v15_encrypt that made
null pointer dereference possible.
+ Fix issue that caused a crash if invalid curves were passed
to mbedtls_ssl_conf_curves. #373
* Changes
+ On ARM platforms, when compiling with -O0 with GCC, Clang or
armcc5, don't use the optimized assembly for bignum
multiplication. This removes the need to pass
- fomit-frame-pointer to avoid a build error with -O0.
+ Disabled SSLv3 in the default configuration.
+ Fix non-compliance server extension handling. Extensions for
SSLv3 are now ignored, as required by RFC6101.
2016-01-10 - mpluskal@suse.com
- Update to 1.3.16
* Fixes a potential double free when
mbedtls_asn1_store_named_data() fails to allocate memory. This
was only used for certificate generation and was not
triggerable remotely in SSL/TLS. boo#961290
* Disables by default MD5 handshake signatures in TLS 1.2 to
prevent the  SLOTH (CVE-2015-7575) attack on TLS 1.2 server
authentication (other attacks from the SLOTH paper do not apply
to any version of mbed TLS or PolarSSL). boo#961284
* Fixes an over-restrictive length limit in GCM.
* Fixes a bug in certificate validation that caused valid chains
to be rejected when the first intermediate certificate has a
pathLenConstraint equal to zero.
* Removed potential leak in mbedtls_rsa_rsassa_pkcs1_v15_sign()
* Added config.h option POLARSSL_SSL_ENABLE_MD5_SIGNATURES to
control use of MD5-based signatures for TLS 1.2 handshake
(disabled by default).

See Also

Package Description
mc-4.8.15-7.3.1.x86_64.rpm Midnight Commander
mc-lang-4.8.15-7.3.1.noarch.rpm Languages for package mc
mcabber-1.0.4-3.1.x86_64.rpm Modular XMPP client on ncurses
mcabber-1.0.5-6.1.x86_64.rpm Modular XMPP client on ncurses
mcabber-devel-1.0.4-3.1.x86_64.rpm Headers for modular XMPP client on ncurses
mcabber-devel-1.0.5-6.1.x86_64.rpm Headers for modular XMPP client on ncurses
mcelog-1.20-5.3.1.x86_64.rpm Log Machine Check Events
md_monitor-6.3-5.3.1.x86_64.rpm MD device monitor
mdadm-3.4-7.3.1.x86_64.rpm Utility for Configuring MD Setup
mdds-1_2-devel-1.2.2-2.1.noarch.rpm A collection of multi-dimensional data structure and indexing algorithm
memcached-1.4.33-7.1.x86_64.rpm A high-performance, distributed memory object caching system
memcached-1.4.33-9.3.1.x86_64.rpm A high-performance, distributed memory object caching system
memcached-devel-1.4.33-7.1.x86_64.rpm Files needed for development using memcached protocol
memcached-devel-1.4.33-9.3.1.x86_64.rpm Files needed for development using memcached protocol
mercurial-3.8.3-2.11.1.x86_64.rpm Scalable Distributed SCM