buildroot/package/mbedtls
Fabrice Fontaine 0710fe08f4 package/mbedtls: security bump to version 2.16.4
Fix CVE-2019-18222: Our bignum implementation is not constant
time/constant trace, so side channel attacks can retrieve the blinded
value, factor it (as it is smaller than RSA keys and not guaranteed to
have only large prime factors), and then, by brute force, recover the
key. Reported by Alejandro Cabrera Aldaya and Billy Brumley.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit a7186d0913)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-02-29 18:10:56 +01:00
..
0001-bn_mul.h-fix-x86-PIC-inline-ASM-compilation-with-GCC.patch
Config.in
mbedtls.hash package/mbedtls: security bump to version 2.16.4 2020-02-29 18:10:56 +01:00
mbedtls.mk package/mbedtls: security bump to version 2.16.4 2020-02-29 18:10:56 +01:00