Correct indentation and labelling in ChangeLog

This commit is contained in:
Hanno Becker 2017-07-26 11:49:40 +01:00
parent 745bcf454f
commit 01a0e07e9d

View file

@ -4,13 +4,13 @@ mbed TLS ChangeLog (Sorted per branch, date)
Security Security
* Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional,
mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's
X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA
(default: 8) intermediates, even when it was not trusted. Could be (default: 8) intermediates, even when it was not trusted. Could be
triggered remotely on both sides. (With auth_mode set to required triggered remotely on both sides. (With auth_mode set to required
(default), the handshake was correctly aborted.) (default), the handshake was correctly aborted.)
Changes API changes
* Certificate verification functions now set flags to -1 in case the full * Certificate verification functions now set flags to -1 in case the full
chain was not verified due to an internal error (including in the verify chain was not verified due to an internal error (including in the verify
callback) or chain length limitations. callback) or chain length limitations.
@ -271,7 +271,7 @@ Security
* Fix potential integer overflow to buffer overflow in * Fix potential integer overflow to buffer overflow in
mbedtls_rsa_rsaes_pkcs1_v15_encrypt and mbedtls_rsa_rsaes_oaep_encrypt mbedtls_rsa_rsaes_pkcs1_v15_encrypt and mbedtls_rsa_rsaes_oaep_encrypt
(not triggerable remotely in (D)TLS). (not triggerable remotely in (D)TLS).
* Fix a potential integer underflow to buffer overread in * Fix a potential integer underflow to buffer overread in
mbedtls_rsa_rsaes_oaep_decrypt. It is not triggerable remotely in mbedtls_rsa_rsaes_oaep_decrypt. It is not triggerable remotely in
SSL/TLS. SSL/TLS.
@ -291,7 +291,7 @@ Bugfix
* Fix an issue that caused valid certificates to be rejected whenever an * Fix an issue that caused valid certificates to be rejected whenever an
expired or not yet valid certificate was parsed before a valid certificate expired or not yet valid certificate was parsed before a valid certificate
in the trusted certificate list. in the trusted certificate list.
* Fix bug in mbedtls_x509_crt_parse that caused trailing extra data in the * Fix bug in mbedtls_x509_crt_parse that caused trailing extra data in the
buffer after DER certificates to be included in the raw representation. buffer after DER certificates to be included in the raw representation.
* Fix issue that caused a hang when generating RSA keys of odd bitlength * Fix issue that caused a hang when generating RSA keys of odd bitlength
* Fix bug in mbedtls_rsa_rsaes_pkcs1_v15_encrypt that made null pointer * Fix bug in mbedtls_rsa_rsaes_pkcs1_v15_encrypt that made null pointer
@ -1547,7 +1547,7 @@ Security
Changes Changes
* Allow enabling of dummy error_strerror() to support some use-cases * Allow enabling of dummy error_strerror() to support some use-cases
* Debug messages about padding errors during SSL message decryption are * Debug messages about padding errors during SSL message decryption are
disabled by default and can be enabled with POLARSSL_SSL_DEBUG_ALL disabled by default and can be enabled with POLARSSL_SSL_DEBUG_ALL
* Sending of security-relevant alert messages that do not break * Sending of security-relevant alert messages that do not break
interoperability can be switched on/off with the flag interoperability can be switched on/off with the flag
POLARSSL_SSL_ALL_ALERT_MESSAGES POLARSSL_SSL_ALL_ALERT_MESSAGES
@ -1576,7 +1576,7 @@ Bugfix
Changes Changes
* Added p_hw_data to ssl_context for context specific hardware acceleration * Added p_hw_data to ssl_context for context specific hardware acceleration
data data
* During verify trust-CA is only checked for expiration and CRL presence * During verify trust-CA is only checked for expiration and CRL presence
Bugfixes Bugfixes
* Fixed client authentication compatibility * Fixed client authentication compatibility
@ -1874,9 +1874,9 @@ Features
with random data (Fixed ticket #10) with random data (Fixed ticket #10)
Changes Changes
* Debug print of MPI now removes leading zero octets and * Debug print of MPI now removes leading zero octets and
displays actual bit size of the value. displays actual bit size of the value.
* x509parse_key() (and as a consequence x509parse_keyfile()) * x509parse_key() (and as a consequence x509parse_keyfile())
does not zeroize memory in advance anymore. Use rsa_init() does not zeroize memory in advance anymore. Use rsa_init()
before parsing a key or keyfile! before parsing a key or keyfile!
@ -1898,7 +1898,7 @@ Features
printing of X509 CRLs from file printing of X509 CRLs from file
Changes Changes
* Parsing of PEM files moved to separate module (Fixes * Parsing of PEM files moved to separate module (Fixes
ticket #13). Also possible to remove PEM support for ticket #13). Also possible to remove PEM support for
systems only using DER encoding systems only using DER encoding
@ -2041,7 +2041,7 @@ Bug fixes
* Fixed HMAC-MD2 by modifying md2_starts(), so that the * Fixed HMAC-MD2 by modifying md2_starts(), so that the
required HMAC ipad and opad variables are not cleared. required HMAC ipad and opad variables are not cleared.
(found by code coverage tests) (found by code coverage tests)
* Prevented use of long long in bignum if * Prevented use of long long in bignum if
POLARSSL_HAVE_LONGLONG not defined (found by Giles POLARSSL_HAVE_LONGLONG not defined (found by Giles
Bathgate). Bathgate).
* Fixed incorrect handling of negative strings in * Fixed incorrect handling of negative strings in
@ -2082,7 +2082,7 @@ Bug fixes
* Made definition of net_htons() endian-clean for big endian * Made definition of net_htons() endian-clean for big endian
systems (Found by Gernot). systems (Found by Gernot).
* Undefining POLARSSL_HAVE_ASM now also handles prevents asm in * Undefining POLARSSL_HAVE_ASM now also handles prevents asm in
padlock and timing code. padlock and timing code.
* Fixed an off-by-one buffer allocation in ssl_set_hostname() * Fixed an off-by-one buffer allocation in ssl_set_hostname()
responsible for crashes and unwanted behaviour. responsible for crashes and unwanted behaviour.
* Added support for Certificate Revocation List (CRL) parsing. * Added support for Certificate Revocation List (CRL) parsing.
@ -2256,4 +2256,3 @@ XySSL ChangeLog
who maintains the Debian package :-) who maintains the Debian package :-)
= Version 0.1 released on 2006-11-01 = Version 0.1 released on 2006-11-01