mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-23 23:21:04 +00:00
Add ChangeLog entry
This commit is contained in:
parent
e8dd77ba58
commit
2347d4eb3b
16
ChangeLog
16
ChangeLog
|
@ -2,8 +2,22 @@ mbed TLS ChangeLog (Sorted per branch, date)
|
||||||
|
|
||||||
= mbed TLS x.x.x branch released xxxx-xx-xx
|
= mbed TLS x.x.x branch released xxxx-xx-xx
|
||||||
|
|
||||||
Bugfix
|
Security
|
||||||
|
* Fix a vulnerability in TLS ciphersuites based on CBC and using SHA-384,
|
||||||
|
in (D)TLS 1.0 to 1.2, that allowed an active network attacker to
|
||||||
|
partially recover the plaintext of messages under some conditions by
|
||||||
|
exploiting timing measurements. With DTLS, the attacker could perform
|
||||||
|
this recovery by sending many messages in the same connection. With TLS
|
||||||
|
or if mbedtls_ssl_conf_dtls_badmac_limit() was used, the attack only
|
||||||
|
worked if the same secret (for example a HTTP Cookie) has been repeatedly
|
||||||
|
sent over connections manipulated by the attacker. Connections using GCM
|
||||||
|
or CCM instead of CBC, using hash sizes other than SHA-384, or using
|
||||||
|
Encrypt-then-Mac (RFC 7366) were not affected. The vulnerability was
|
||||||
|
caused by a miscalculation (for SHA-384) in a countermeasure to the
|
||||||
|
original Lucky 13 attack. Found by Kenny Paterson, Eyal Ronen and Adi
|
||||||
|
Shamir.
|
||||||
|
|
||||||
|
Bugfix
|
||||||
* Fix braces in mbedtls_memory_buffer_alloc_status(). Found by sbranden, #552.
|
* Fix braces in mbedtls_memory_buffer_alloc_status(). Found by sbranden, #552.
|
||||||
* Added the macro MBEDTLS_X509_MAX_FILE_PATH_LEN that enables the user to
|
* Added the macro MBEDTLS_X509_MAX_FILE_PATH_LEN that enables the user to
|
||||||
configure the maximum length of a file path that can be buffered when
|
configure the maximum length of a file path that can be buffered when
|
||||||
|
|
Loading…
Reference in a new issue