From 357fbee3fda55efbafba3b5f12f19851d1084096 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 8 Nov 2018 13:47:21 +0000 Subject: [PATCH] Fix language and formatting in ChangeLog Changed the formatting and language in the ChangeLog to the house-style. --- ChangeLog | 41 +++++++++++++++++++---------------------- 1 file changed, 19 insertions(+), 22 deletions(-) diff --git a/ChangeLog b/ChangeLog index b9d3a7295..d70d19a14 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,13 +3,23 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx Security - * Fix overly strict DN comparison when looking for CRLs - belonging to a particular CA. This previously lead to - ignoring CRLs when the CRL's issuer name and the CA's - subject name differed in their string encoding (e.g., - one using PrintableString and the other UTF8String) or - in the choice of upper and lower case. Reported by - HenrikRosenquistAndersson in #1784. + * Fix overly strict DN comparison when looking for CRLs belonging to a + particular CA. This previously lead to ignoring CRLs when the CRL's issuer + name and the CA's subject name differed in their string encoding (e.g., + one using PrintableString and the other UTF8String) or in the choice of + upper and lower case. Reported by Henrik Andersson of Bosch GmbH in issue + #1784. + * Fix mbedtls_mpi_is_prime() to use more rounds of probabilistic testing. The + previous settings for the number of rounds made it practical for an + adversary to construct non-primes that would be erroneously accepted as + primes with high probability. This does not have an impact on the + security of TLS, but can matter in other contexts with potentially + adversarially-chosen numbers that should be prime and can be validated. + For example, the number of rounds was enough to securely generate RSA key + pairs or Diffie-Hellman parameters, but was insufficient to validate + Diffie-Hellman parameters properly. + See "Prime and Prejudice" by by Martin R. Albrecht and Jake Massimo and + Kenneth G. Paterson and Juraj Somorovsky. * Fix a flawed bounds check in server PSK hint parsing. In case the incoming message buffer was placed within the first 64KB of address space and a PSK-(EC)DHE ciphersuite was used, this allowed an attacker @@ -30,8 +40,8 @@ Bugfix Fixes #2069. * Fix memory leak and freeing without initialization in the example program programs/x509/cert_write. Fixes #1422. - * Ignore iv in mbedtls_cipher_set_iv() when the cipher mode is MBEDTLS_MODE_ECB - Fix for #1091 raised by ezdevelop + * Ignore IV in mbedtls_cipher_set_iv() when the cipher mode is + MBEDTLS_MODE_ECB. Found by ezdevelop. Fixes for #1091. * Zeroize memory used for reassembling handshake messages after use. * Use `mbedtls_zeroize()` instead of `memset()` for zeroization of sensitive data in the example programs aescrypt2 and crypt_and_hash. @@ -53,19 +63,6 @@ Changes * Improve documentation of mbedtls_ssl_get_verify_result(). Fixes #517 reported by github-monoculture. -Security - * Fix mbedtls_mpi_is_prime() to use more rounds of probabilistic testing. The - previous settings for the number of rounds made it practical for an - adversary to construct non-primes that would be erroneously accepted as - primes with high probability. This does not have an impact on the - security of TLS, but can matter in other contexts with potentially - adversarially-chosen numbers that should be prime and can be validated. - For example, the number of rounds was enough to securely generate RSA key - pairs or Diffie-Hellman parameters, but was insufficient to validate - Diffie-Hellman parameters properly. - See "Prime and Prejudice" by by Martin R. Albrecht and Jake Massimo and - Kenneth G. Paterson and Juraj Somorovsky. - = mbed TLS 2.7.6 branch released 2018-08-31 Security