mbed TLS 2.1.1/1.3.13/PolarSSL 1.2.16 发布
欢迎加入运维网交流群:263444886mbed TLS 2.1.1,mbed TLS 1.3.13 和 PolarSSL1.2.16 发布,都是维护版本,主要修复了一些 bug 和安全问题。
安全问题
[*] Florian Weimar from Red Hat published on Lenstra's RSA-CRT attach for PKCS#1 v1.5 signatures
[*] Fabian Foerg of Gotham Digital Science found a possible client-side NULL pointer dereference, using the AFL Fuzzer.
改进
[*] mbed TLS 1.3.13 在信任中间证书的情况下可以接收一个证书链。
[*] mbed TLS 2.1.1 修改了一个 API 调用原型 (mbedtls_ssl_conf_cert_profile()) 。
Bug 修复
[*] Setting SSL_MIN_DHM_BYTES in config.h had no effect (overriden in ssl.h) (found by Fabio Solari) (#256)
[*] Fix bug in mbedtls_rsa_public() and mbedtls_rsa_private() that could result trying to unlock an unlocked mutex on invalid input (found by Fredrik Axelsson) (#257)
[*] Fix -Wshadow warnings (found by hnrkp) (#240)
[*] Fix unused function warning when using MBEDTLS_MDx_ALT or MBEDTLS_SHAxxx_ALT (found by Henrik) (#239)
[*] Fix memory corruption in pkey programs (found by yankuncheng) (#210)
[*] Fix memory corruption on client with overlong PSK identity, around SSL_MAX_CONTENT_LEN or higher - not triggerrable remotely (found by Aleksandrs Saveljevs) (#238)
[*] Fix off-by-one error in parsing Supported Point Format extension that caused some handshakes to fail.
下载
[*] mbedtls-2.1.1-apache.tgz
[*] mbedtls-2.1.1-gpl.tgz
[*] mbedtls-1.3.13-gpl.tgz
[*] polarssl-1.2.16-gpl.tgz
详细改进内容请看发行说明。
页:
[1]