kumquat-buildroot/package/mbedtls/mbedtls.hash
Fabrice Fontaine a7186d0913 package/mbedtls: security bump to version 2.16.4
Fix CVE-2019-18222: Our bignum implementation is not constant
time/constant trace, so side channel attacks can retrieve the blinded
value, factor it (as it is smaller than RSA keys and not guaranteed to
have only large prime factors), and then, by brute force, recover the
key. Reported by Alejandro Cabrera Aldaya and Billy Brumley.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-01-18 13:44:22 +01:00

6 lines
363 B
Plaintext

# From https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.4-and-2.7.13-released
sha1 e446cbac7d24fc3ff1b1c4ee7c021694ede86db6 mbedtls-2.16.4-apache.tgz
sha256 3441f32bda9c8ef58acc9e18028d09eb9c17d199eb27141bec074905152fb2fb mbedtls-2.16.4-apache.tgz
# Locally calculated
sha256 cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30 apache-2.0.txt