6bab018ee8
- Remove second patch (already in version) - Fix a missing error detection in ECJPAKE. This could have caused a predictable shared secret if a hardware accelerator failed and the other side of the key exchange had a similar bug. - When writing a private EC key, use a constant size for the private value, as specified in RFC 5915. Previously, the value was written as an ASN.1 INTEGER, which caused the size of the key to leak about 1 bit of information on average and could cause the value to be 1 byte too large for the output buffer. - The deterministic ECDSA calculation reused the scheme's HMAC-DRBG to implement blinding. Because of this for the same key and message the same blinding value was generated. This reduced the effectiveness of the countermeasure and leaked information about the private key through side channels. Reported by Jack Lloyd. Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 lines
363 B
Plaintext
6 lines
363 B
Plaintext
# From https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.3-and-2.7.12-released
|
|
sha1 dce8550f8f9465f3aea44cb7d0f9d0ba8140034a mbedtls-2.16.3-apache.tgz
|
|
sha256 ec1bee6d82090ed6ea2690784ea4b294ab576a65d428da9fe8750f932d2da661 mbedtls-2.16.3-apache.tgz
|
|
# Locally calculated
|
|
sha256 cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30 apache-2.0.txt
|