yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-26 23:15:41 +01:00
Code Issues Packages Projects Releases Wiki Activity

Prevent SLOTH attacks

Browse Source
This commit is contained in:
Janos Follath 2016-10-25 10:50:22 +01:00
parent 1a6a15c795
commit 6eb6e1bdc3
2 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -1,5 +1,11 @@
mbed TLS ChangeLog (Sorted per branch, date) mbed TLS ChangeLog (Sorted per branch, date)
= mbed TLS 2.4.x branch released 2016-xx-xx
Security
* Removed MD5 from the allowed hash algorithms for CertificateRequest and
CertificateVerify messages, to prevent SLOTH attacks against TLS 1.2.
= mbed TLS 2.4.0 branch released 2016-10-17 = mbed TLS 2.4.0 branch released 2016-10-17
Security Security

3
library/ssl_tls.c
View File

@ -7644,8 +7644,7 @@ int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md )
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
#if defined(MBEDTLS_MD5_C) #if defined(MBEDTLS_MD5_C)
case MBEDTLS_SSL_HASH_MD5: case MBEDTLS_SSL_HASH_MD5:
ssl->handshake->calc_verify = ssl_calc_verify_tls; return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH;
break;
#endif #endif
#if defined(MBEDTLS_SHA1_C) #if defined(MBEDTLS_SHA1_C)
case MBEDTLS_SSL_HASH_SHA1: case MBEDTLS_SSL_HASH_SHA1: