329f6a96b7
Fixes some security issues (no remote exploits), and introduces some changes. See release notes for details: https://tls.mbed.org/tech-updates/releases/mbedtls-2.5.1-2.1.8-and-1.3.20-released * Fixes an unlimited overread of heap-based buffers in mbedtls_ssl_read() * Adds exponent blinding to RSA private operations * Wipes stack buffers in RSA private key operations (rsa_rsaes_pkcs1_v15_decrypt(), rsa_rsaes_oaep_decrypt()) * Removes SHA-1 and RIPEMD-160 from the default hash algorithms for certificate verification. * Fixes offset in FALLBACK_SCSV parsing that caused TLS server to fail to detect it sometimes. * Tighten parsing of RSA PKCS#1 v1.5 signatures, to avoid a potential Bleichenbacher/BERserk-style attack. Signed-off-by: Magnus Kroken <mkroken@gmail.com> |
||
|---|---|---|
| .. | ||
| argp-standalone | ||
| cyassl | ||
| elfutils | ||
| gettext | ||
| gettext-full | ||
| gmp | ||
| libbsd | ||
| libconfig | ||
| libevent2 | ||
| libiconv | ||
| libiconv-full | ||
| libjson-c | ||
| libmnl | ||
| libnetfilter-conntrack | ||
| libnetfilter-cthelper | ||
| libnetfilter-cttimeout | ||
| libnetfilter-log | ||
| libnetfilter-queue | ||
| libnfnetlink | ||
| libnftnl | ||
| libnl | ||
| libnl-tiny | ||
| libpcap | ||
| libroxml | ||
| librpc | ||
| libtool | ||
| libubox | ||
| libunwind | ||
| libusb | ||
| libusb-compat | ||
| lzo | ||
| mbedtls | ||
| ncurses | ||
| nettle | ||
| openssl | ||
| popt | ||
| readline | ||
| sysfsutils | ||
| toolchain | ||
| uclibc++ | ||
| uclient | ||
| ustream-ssl | ||
| zlib | ||