0d336a4850
Security - Fixed missing padding length check required by PKCS1 v2.2 in mbedtls_rsa_rsaes_pkcs1_v15_decrypt(). (considered low impact) - Fixed potential integer overflow to buffer overflow in mbedtls_rsa_rsaes_pkcs1_v15_encrypt() and mbedtls_rsa_rsaes_oaep_encrypt(). (not triggerable remotely in (D)TLS). - Fixed potential integer underflow to buffer overread in mbedtls_rsa_rsaes_oaep_decrypt(). It is not triggerable remotely in SSL/TLS. Bugfix - Fixed bug in mbedtls_mpi_add_mpi() that caused wrong results when the three arguments were the same (in-place doubling). #309 - Fixed issue in Makefile that prevented building using armar. #386 - Fixed issue that caused a hang when generating RSA keys of odd bitlength. - Fixed bug in mbedtls_rsa_rsaes_pkcs1_v15_encrypt() that made null pointer dereference possible. - Fixed issue that caused a crash if invalid curves were passed to mbedtls_ssl_conf_curves(). #373 Changes - On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5, don't use the optimized assembly for bignum multiplication. This removes the need to pass -fomit-frame-pointer to avoid a build error with -O0. - Disabled SSLv3 in the default configuration. |
||
|---|---|---|
| .. | ||
| patches | ||
| buildlink3.mk | ||
| DESCR | ||
| distinfo | ||
| Makefile | ||
| options.mk | ||
| PLIST | ||