yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-08 10:05:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

Improve Changelog

Browse source
This commit is contained in:
Janos Follath 2017-06-16 14:04:08 +01:00
parent bff031608f
commit 3fb1cc37a6
1 changed files with 16 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
ChangeLog
View file

@ -14,8 +14,8 @@ Security
Found and fix proposed by Michael Schwarz, Samuel Weiser, Daniel Gruss, Found and fix proposed by Michael Schwarz, Samuel Weiser, Daniel Gruss,
Clémentine Maurice and Stefan Mangard. Clémentine Maurice and Stefan Mangard.
* Wipe stack buffers in RSA private key operations * Wipe stack buffers in RSA private key operations
(rsa_rsaes_pkcs1_v15_decrypt(), rsa_rsaes_oaep_decrypt). (rsa_rsaes_pkcs1_v15_decrypt(), rsa_rsaes_oaep_decrypt). Found by Laurent
Found by Laurent Simon. Simon.
* Removed SHA-1 and RIPEMD-160 from the default hash algorithms for * Removed SHA-1 and RIPEMD-160 from the default hash algorithms for
certificate verification. SHA-1 can be turned back on with a compile-time certificate verification. SHA-1 can be turned back on with a compile-time
option if needed. option if needed.
@ -27,26 +27,26 @@ Security
Bugfix Bugfix
* Remove macros from compat-1.3.h that correspond to deleted items from most * Remove macros from compat-1.3.h that correspond to deleted items from most
recent versions of the library. Found by Kyle Keen. recent versions of the library. Found by Kyle Keen.
* Fixed issue in mutexes to failing to initialise. #667 * Fixed issue in the Threading module that prevented mutexes from
initialising. Found by sznaider. #667 #843
* Fix insufficient support for signature-hash-algorithm extension, * Fix insufficient support for signature-hash-algorithm extension,
resulting in compatibility problems with Chrome. Found by hfloyrd. #823 resulting in compatibility problems with Chrome. Found by hfloyrd. #823
* Accept empty trusted CA chain in authentication mode * Accept empty trusted CA chain in authentication mode
MBEDTLS_SSL_VERIFY_OPTIONAL. MBEDTLS_SSL_VERIFY_OPTIONAL. Found by jethrogb. #864
Fixes #864. Found by jethrogb. * Fix implementation of mbedtls_ssl_parse_certificate() to not annihilate
* Fix implementation of mbedtls_ssl_parse_certificate fatal errors in authentication mode MBEDTLS_SSL_VERIFY_OPTIONAL and to
to not annihilate fatal errors in authentication mode reflect bad EC curves within verification result.
MBEDTLS_SSL_VERIFY_OPTIONAL and to reflect bad EC curves * Fix bug that caused the modular inversion function to accept the invalid
within verification result. modulus 1 and therefore to hang. Found by blaufish. #641.
* Fix modular inversion function on invalid modulus 1. * Fix incorrect sign computation in modular exponentiation when the base is
Found by blaufish. Fixes #641. a negative MPI. Previously the result was always negative. Found by Guido
* Fix incorrect sign computation in modular exponentiation Vranken.
when dealing with negative MPI. Found by Guido Vranken. * Fix a numerical underflow leading to stack overflow in mpi_read_file()
* Fix potential stack underflow in mpi_read_file. that was triggered uppon reading an empty line. Found by Guido Vranken.
Found by Guido Vranken.
Changes Changes
* Clarify ECDSA documentation and improve the sample code to avoid * Clarify ECDSA documentation and improve the sample code to avoid
misunderstandings and potentially dangerous use of the API. Pointed out misunderstanding and potentially dangerous use of the API. Pointed out
by Jean-Philippe Aumasson. by Jean-Philippe Aumasson.
= mbed TLS 2.1.7 branch released 2017-03-08 = mbed TLS 2.1.7 branch released 2017-03-08