deepcrayon/buildroot
deepcrayon/buildroot
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
buildroot/package/cryptopp/cryptopp.hash
Fabrice Fontaine e7c789d48f package/cryptopp: security bump to version 8.3.0 
- Fix CVE-2019-14318: Crypto++ 8.2.0 and earlier contains a timing side
  channel in ECDSA signature generation. This allows a local or remote
  attacker, able to measure the duration of hundreds to thousands of
  signing operations, to compute the private key used. The issue occurs
  because scalar multiplication in ecp.cpp (prime field curves, small
  leakage) and algebra.cpp (binary field curves, large leakage) is not
  constant time and leaks the bit length of the scalar among other
  information. For details, see:
  https://github.com/weidai11/cryptopp/issues/869

- Update license hash due to the addition of ARM SHA1 and SHA256 asm
  implementation from Cryptogams
  1a63112faf
  4c9ca6b723

https://www.cryptopp.com/release830.html

[Peter: adjust CVE info, issue is fixes in 8.3.0]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-21 10:45:08 +01:00

6 lines
321 B
Plaintext
Raw Blame History

# Hash from: https://www.cryptopp.com/release830.html:
sha512 ad5219a66c5924d330d3646d0ff996dd235006f6812074bc4eb9e8c662a4f000ba20449d377f24b133d19ce682f7b2a3b2eb4c08857ce0f5bb39743d1d425147 cryptopp830.zip
# Hash for license file:
sha256 e668af8c73a38a66a1e8951d14ec24e7582fee5254dd6c3dae488a416d105d5f License.txt
Reference in a new issue View git blame Copy permalink