git.openwrt.org Git - openwrt/staging/mkresin.git/commit

author	Magnus Kroken <mkroken@gmail.com>
	Wed, 21 Jun 2017 19:05:09 +0000 (21:05 +0200)
committer	Jo-Philipp Wich <jo@mein.io>
	Mon, 26 Jun 2017 07:56:07 +0000 (09:56 +0200)
commit	329f6a96b70a652beb73686a0ee0d17670d2dc23
tree	5d2537cf35ced366529a392dc8c4a08d5ea13b35	tree \| snapshot
parent	d98cafc7b6b06618ecc774efbb862b5e18b08831	commit \| diff

mbedtls: update to 2.5.1

Fixes some security issues (no remote exploits), and introduces
some changes. See release notes for details:
https://tls.mbed.org/tech-updates/releases/mbedtls-2.5.1-2.1.8-and-1.3.20-released

* Fixes an unlimited overread of heap-based buffers in mbedtls_ssl_read()
* Adds exponent blinding to RSA private operations
* Wipes stack buffers in RSA private key operations (rsa_rsaes_pkcs1_v15_decrypt(), rsa_rsaes_oaep_decrypt())
* Removes SHA-1 and RIPEMD-160 from the default hash algorithms for certificate verification.
* Fixes offset in FALLBACK_SCSV parsing that caused TLS server to fail to detect it sometimes.
* Tighten parsing of RSA PKCS#1 v1.5 signatures, to avoid a potential Bleichenbacher/BERserk-style attack.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>

package/libs/mbedtls/Makefile		diff \| blob \| history
package/libs/mbedtls/patches/200-config.patch		diff \| blob \| history