mbedtls-devel - Open Source embedded SSL/TLS cryptographic library

Distribution: openSUSE 42.2
Repository: openSUSE Update Oss all
Package name: mbedtls-devel
Package version: 1.3.19
Package release: 15.1
Package architecture: x86_64
Package type: rpm
Installed size: 685.05 KB
Download size: 120.64 KB
Official Mirror: ftp.gwdg.de
A portable, easy to use, readable and flexible SSL library.



  • libpolarssl-devel = 1.3.19
  • mbedtls-devel = 1.3.19-15.1
  • mbedtls-devel(x86-64) = 1.3.19-15.1
  • polarssl-devel = 1.3.19


  • libpolarssl-devel < 1.3.19
  • polarssl-devel < 1.3.19


    Install Howto

    Install mbedtls-devel rpm package:

    # zypper install mbedtls-devel


    • /usr/include/polarssl/aes.h
    • /usr/include/polarssl/aesni.h
    • /usr/include/polarssl/arc4.h
    • /usr/include/polarssl/asn1.h
    • /usr/include/polarssl/asn1write.h
    • /usr/include/polarssl/base64.h
    • /usr/include/polarssl/bignum.h
    • /usr/include/polarssl/blowfish.h
    • /usr/include/polarssl/bn_mul.h
    • /usr/include/polarssl/camellia.h
    • /usr/include/polarssl/ccm.h
    • /usr/include/polarssl/certs.h
    • /usr/include/polarssl/check_config.h
    • /usr/include/polarssl/cipher.h
    • /usr/include/polarssl/cipher_wrap.h
    • /usr/include/polarssl/compat-1.2.h
    • /usr/include/polarssl/config.h
    • /usr/include/polarssl/ctr_drbg.h
    • /usr/include/polarssl/debug.h
    • /usr/include/polarssl/des.h
    • /usr/include/polarssl/dhm.h
    • /usr/include/polarssl/ecdh.h
    • /usr/include/polarssl/ecdsa.h
    • /usr/include/polarssl/ecp.h
    • /usr/include/polarssl/entropy.h
    • /usr/include/polarssl/entropy_poll.h
    • /usr/include/polarssl/error.h
    • /usr/include/polarssl/gcm.h
    • /usr/include/polarssl/havege.h
    • /usr/include/polarssl/hmac_drbg.h
    • /usr/include/polarssl/md.h
    • /usr/include/polarssl/md2.h
    • /usr/include/polarssl/md4.h
    • /usr/include/polarssl/md5.h
    • /usr/include/polarssl/md_wrap.h
    • /usr/include/polarssl/memory.h
    • /usr/include/polarssl/memory_buffer_alloc.h
    • /usr/include/polarssl/net.h
    • /usr/include/polarssl/oid.h
    • /usr/include/polarssl/openssl.h
    • /usr/include/polarssl/padlock.h
    • /usr/include/polarssl/pbkdf2.h
    • /usr/include/polarssl/pem.h
    • /usr/include/polarssl/pk.h
    • /usr/include/polarssl/pk_wrap.h
    • /usr/include/polarssl/pkcs11.h
    • /usr/include/polarssl/pkcs12.h
    • /usr/include/polarssl/pkcs5.h
    • /usr/include/polarssl/platform.h
    • /usr/include/polarssl/ripemd160.h
    • /usr/include/polarssl/rsa.h
    • /usr/include/polarssl/sha1.h
    • /usr/include/polarssl/sha256.h
    • /usr/include/polarssl/sha512.h
    • /usr/include/polarssl/ssl.h
    • /usr/include/polarssl/ssl_cache.h
    • /usr/include/polarssl/ssl_ciphersuites.h
    • /usr/include/polarssl/threading.h
    • /usr/include/polarssl/timing.h
    • /usr/include/polarssl/version.h
    • /usr/include/polarssl/x509.h
    • /usr/include/polarssl/x509_crl.h
    • /usr/include/polarssl/x509_crt.h
    • /usr/include/polarssl/x509_csr.h
    • /usr/include/polarssl/xtea.h
    • /usr/lib64/libmbedtls.so
    • /usr/lib64/libpolarssl.so


    2017-03-11 - mpluskal@suse.com - Update to version 1.3.19 (boo#1029017): * Add checks to prevent signature forgeries for very large messages while using RSA through the PK module in 64-bit systems. The issue was caused by some data loss when casting a size_t to an unsigned int value in the functions rsa_verify_wrap(), rsa_sign_wrap(), rsa_alt_sign_wrap() and pk_sign(). Found by Jean-Philippe Aumasson. * Fixed potential livelock during the parsing of a CRL in PEM format in mbedtls_x509_crl_parse(). A string containing a CRL followed by trailing characters after the footer could result in the execution of an infinite loop. The issue can be triggered remotely. Found by Greg Zaverucha, Microsoft. * Fixed a bug that caused freeing a buffer that was allocated on the stack, when verifying the validity of a key on secp224k1. This could be triggered remotely for example with a maliciously constructed certificate and potentially could lead to remote code execution on some platforms. Reported independently by rongsaws and Aleksandar Nikolic, Cisco Talos team. #569 CVE-2017-2784

    2016-07-14 - mpluskal@suse.com - Update to version 1.3.17 (boo#988956): * Security + Fix missing padding length check in mbedtls_rsa_rsaes_pkcs1_v15_decrypt required by PKCS1 v2.2 + Fix a potential integer underflow to buffer overread in mbedtls_rsa_rsaes_oaep_decrypt. It is not triggerable remotely in SSL/TLS. + Fix potential integer overflow to buffer overflow in mbedtls_rsa_rsaes_pkcs1_v15_encrypt and mbedtls_rsa_rsaes_oaep_encrypt * Bugfix + Fix bug in mbedtls_mpi_add_mpi() that caused wrong results when the three arguments where the same (in-place doubling). Found and fixed by Janos Follath. #309 + Fix issue in Makefile that prevented building using armar. + Fix issue that caused a hang up when generating RSA keys of odd bitlength + Fix bug in mbedtls_rsa_rsaes_pkcs1_v15_encrypt that made null pointer dereference possible. + Fix issue that caused a crash if invalid curves were passed to mbedtls_ssl_conf_curves. #373 * Changes + On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5, don't use the optimized assembly for bignum multiplication. This removes the need to pass - fomit-frame-pointer to avoid a build error with -O0. + Disabled SSLv3 in the default configuration. + Fix non-compliance server extension handling. Extensions for SSLv3 are now ignored, as required by RFC6101.

    2016-01-10 - mpluskal@suse.com - Update to 1.3.16 * Fixes a potential double free when mbedtls_asn1_store_named_data() fails to allocate memory. This was only used for certificate generation and was not triggerable remotely in SSL/TLS. boo#961290 * Disables by default MD5 handshake signatures in TLS 1.2 to prevent the SLOTH (CVE-2015-7575) attack on TLS 1.2 server authentication (other attacks from the SLOTH paper do not apply to any version of mbed TLS or PolarSSL). boo#961284 * Fixes an over-restrictive length limit in GCM. * Fixes a bug in certificate validation that caused valid chains to be rejected when the first intermediate certificate has a pathLenConstraint equal to zero. * Removed potential leak in mbedtls_rsa_rsassa_pkcs1_v15_sign() * Added config.h option POLARSSL_SSL_ENABLE_MD5_SIGNATURES to control use of MD5-based signatures for TLS 1.2 handshake (disabled by default).