Improve Changelog

This commit is contained in:
Janos Follath 2017-06-16 14:04:08 +01:00
parent bff031608f
commit 3fb1cc37a6

View file

@ -14,8 +14,8 @@ Security
Found and fix proposed by Michael Schwarz, Samuel Weiser, Daniel Gruss,
Clémentine Maurice and Stefan Mangard.
* Wipe stack buffers in RSA private key operations
(rsa_rsaes_pkcs1_v15_decrypt(), rsa_rsaes_oaep_decrypt).
Found by Laurent Simon.
(rsa_rsaes_pkcs1_v15_decrypt(), rsa_rsaes_oaep_decrypt). Found by Laurent
Simon.
* Removed SHA-1 and RIPEMD-160 from the default hash algorithms for
certificate verification. SHA-1 can be turned back on with a compile-time
option if needed.
@ -27,26 +27,26 @@ Security
Bugfix
* Remove macros from compat-1.3.h that correspond to deleted items from most
recent versions of the library. Found by Kyle Keen.
* Fixed issue in mutexes to failing to initialise. #667
* Fixed issue in the Threading module that prevented mutexes from
initialising. Found by sznaider. #667 #843
* Fix insufficient support for signature-hash-algorithm extension,
resulting in compatibility problems with Chrome. Found by hfloyrd. #823
* Accept empty trusted CA chain in authentication mode
MBEDTLS_SSL_VERIFY_OPTIONAL.
Fixes #864. Found by jethrogb.
* Fix implementation of mbedtls_ssl_parse_certificate
to not annihilate fatal errors in authentication mode
MBEDTLS_SSL_VERIFY_OPTIONAL and to reflect bad EC curves
within verification result.
* Fix modular inversion function on invalid modulus 1.
Found by blaufish. Fixes #641.
* Fix incorrect sign computation in modular exponentiation
when dealing with negative MPI. Found by Guido Vranken.
* Fix potential stack underflow in mpi_read_file.
Found by Guido Vranken.
MBEDTLS_SSL_VERIFY_OPTIONAL. Found by jethrogb. #864
* Fix implementation of mbedtls_ssl_parse_certificate() to not annihilate
fatal errors in authentication mode MBEDTLS_SSL_VERIFY_OPTIONAL and to
reflect bad EC curves within verification result.
* Fix bug that caused the modular inversion function to accept the invalid
modulus 1 and therefore to hang. Found by blaufish. #641.
* Fix incorrect sign computation in modular exponentiation when the base is
a negative MPI. Previously the result was always negative. Found by Guido
Vranken.
* Fix a numerical underflow leading to stack overflow in mpi_read_file()
that was triggered uppon reading an empty line. Found by Guido Vranken.
Changes
* Clarify ECDSA documentation and improve the sample code to avoid
misunderstandings and potentially dangerous use of the API. Pointed out
misunderstanding and potentially dangerous use of the API. Pointed out
by Jean-Philippe Aumasson.
= mbed TLS 2.1.7 branch released 2017-03-08