mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 00:45:39 +00:00
Assemble ChangeLog
Executed scripts/assemble_changelog.py. Signed-off-by: Janos Follath <janos.follath@arm.com>
This commit is contained in:
parent
36169d479f
commit
4ac5a7be5a
65
ChangeLog
65
ChangeLog
|
@ -1,5 +1,70 @@
|
||||||
mbed TLS ChangeLog (Sorted per branch, date)
|
mbed TLS ChangeLog (Sorted per branch, date)
|
||||||
|
|
||||||
|
= mbed TLS x.x.x branch released xxxx-xx-xx
|
||||||
|
|
||||||
|
Features
|
||||||
|
* Support building on e2k (Elbrus) architecture: correctly enable
|
||||||
|
-Wformat-signedness, and fix the code that causes signed-one-bit-field
|
||||||
|
and sign-compare warnings. Contributed by makise-homura (Igor Molchanov)
|
||||||
|
<akemi_homura@kurisa.ch>.
|
||||||
|
|
||||||
|
Security
|
||||||
|
* When checking X.509 CRLs, a certificate was only considered as revoked if
|
||||||
|
its revocationDate was in the past according to the local clock if
|
||||||
|
available. In particular, on builds without MBEDTLS_HAVE_TIME_DATE,
|
||||||
|
certificates were never considered as revoked. On builds with
|
||||||
|
MBEDTLS_HAVE_TIME_DATE, an attacker able to control the local clock (for
|
||||||
|
example, an untrusted OS attacking a secure enclave) could prevent
|
||||||
|
revocation of certificates via CRLs. Fixed by no longer checking the
|
||||||
|
revocationDate field, in accordance with RFC 5280. Reported by
|
||||||
|
yuemonangong in #3340. Reported independently and fixed by
|
||||||
|
Raoul Strackx and Jethro Beekman in #3433.
|
||||||
|
* In (D)TLS record decryption, when using a CBC ciphersuites without the
|
||||||
|
Encrypt-then-Mac extension, use constant code flow memory access patterns
|
||||||
|
to extract and check the MAC. This is an improvement to the existing
|
||||||
|
countermeasure against Lucky 13 attacks. The previous countermeasure was
|
||||||
|
effective against network-based attackers, but less so against local
|
||||||
|
attackers. The new countermeasure defends against local attackers, even
|
||||||
|
if they have access to fine-grained measurements. In particular, this
|
||||||
|
fixes a local Lucky 13 cache attack found and reported by Tuba Yavuz,
|
||||||
|
Farhaan Fowze, Ken (Yihan) Bai, Grant Hernandez, and Kevin Butler
|
||||||
|
(University of Florida) and Dave Tian (Purdue University).
|
||||||
|
* Fix side channel in RSA private key operations and static (finite-field)
|
||||||
|
Diffie-Hellman. An adversary with precise enough timing and memory access
|
||||||
|
information (typically an untrusted operating system attacking a secure
|
||||||
|
enclave) could bypass an existing counter-measure (base blinding) and
|
||||||
|
potentially fully recover the private key.
|
||||||
|
* Fix a 1-byte buffer overread in mbedtls_x509_crl_parse_der().
|
||||||
|
Credit to OSS-Fuzz for detecting the problem and to Philippe Antoine
|
||||||
|
for pinpointing the problematic code.
|
||||||
|
* Zeroising of plaintext buffers in mbedtls_ssl_read() to erase unused
|
||||||
|
application data from memory. Reported in #689 by
|
||||||
|
Johan Uppman Bruce of Sectra.
|
||||||
|
|
||||||
|
Bugfix
|
||||||
|
* Avoid use of statically sized stack buffers for certificate writing.
|
||||||
|
This previously limited the maximum size of DER encoded certificates
|
||||||
|
in mbedtls_x509write_crt_der() to 2Kb. Reported by soccerGB in #2631.
|
||||||
|
* Reduce the stack consumption of mbedtls_x509write_csr_der() which
|
||||||
|
previously could lead to stack overflow on constrained devices.
|
||||||
|
Contributed by Doru Gucea and Simon Leet in #3464.
|
||||||
|
* Use arc4random_buf on NetBSD instead of rand implementation with cyclical
|
||||||
|
lower bits. Fix contributed in #3540.
|
||||||
|
* Fix building library/net_sockets.c and the ssl_mail_client program on
|
||||||
|
NetBSD. NetBSD conditionals were added for the backport to avoid the risk
|
||||||
|
of breaking a platform. Original fix contributed by Nia Alarie in #3422.
|
||||||
|
Adapted for long-term support branch 2.16 in #3558.
|
||||||
|
* Fix bug in redirection of unit test outputs on platforms where stdout is
|
||||||
|
defined as a macro. First reported in #2311 and fix contributed in #3528.
|
||||||
|
Adopted for LTS branch 2.16 in #3601.
|
||||||
|
|
||||||
|
Changes
|
||||||
|
* Update copyright notices to use Linux Foundation guidance. As a result,
|
||||||
|
the copyright of contributors other than Arm is now acknowledged, and the
|
||||||
|
years of publishing are no longer tracked in the source files. This also
|
||||||
|
eliminates the need for the lines declaring the files to be part of
|
||||||
|
MbedTLS. Fixes #3457.
|
||||||
|
|
||||||
= mbed TLS 2.16.7 branch released 2020-07-01
|
= mbed TLS 2.16.7 branch released 2020-07-01
|
||||||
|
|
||||||
Security
|
Security
|
||||||
|
|
|
@ -1,4 +0,0 @@
|
||||||
Bugfix
|
|
||||||
* Avoid use of statically sized stack buffers for certificate writing.
|
|
||||||
This previously limited the maximum size of DER encoded certificates
|
|
||||||
in mbedtls_x509write_crt_der() to 2Kb. Reported by soccerGB in #2631.
|
|
|
@ -1,6 +0,0 @@
|
||||||
Changes
|
|
||||||
* Update copyright notices to use Linux Foundation guidance. As a result,
|
|
||||||
the copyright of contributors other than Arm is now acknowledged, and the
|
|
||||||
years of publishing are no longer tracked in the source files. This also
|
|
||||||
eliminates the need for the lines declaring the files to be part of
|
|
||||||
MbedTLS. Fixes #3457.
|
|
|
@ -1,11 +0,0 @@
|
||||||
Security
|
|
||||||
* When checking X.509 CRLs, a certificate was only considered as revoked if
|
|
||||||
its revocationDate was in the past according to the local clock if
|
|
||||||
available. In particular, on builds without MBEDTLS_HAVE_TIME_DATE,
|
|
||||||
certificates were never considered as revoked. On builds with
|
|
||||||
MBEDTLS_HAVE_TIME_DATE, an attacker able to control the local clock (for
|
|
||||||
example, an untrusted OS attacking a secure enclave) could prevent
|
|
||||||
revocation of certificates via CRLs. Fixed by no longer checking the
|
|
||||||
revocationDate field, in accordance with RFC 5280. Reported by
|
|
||||||
yuemonangong in #3340. Reported independently and fixed by
|
|
||||||
Raoul Strackx and Jethro Beekman in #3433.
|
|
|
@ -1,5 +0,0 @@
|
||||||
Features
|
|
||||||
* Support building on e2k (Elbrus) architecture: correctly enable
|
|
||||||
-Wformat-signedness, and fix the code that causes signed-one-bit-field
|
|
||||||
and sign-compare warnings. Contributed by makise-homura (Igor Molchanov)
|
|
||||||
<akemi_homura@kurisa.ch>.
|
|
|
@ -1,5 +0,0 @@
|
||||||
Bugfix
|
|
||||||
* Fix building library/net_sockets.c and the ssl_mail_client program on
|
|
||||||
NetBSD. NetBSD conditionals were added for the backport to avoid the risk
|
|
||||||
of breaking a platform. Original fix contributed by Nia Alarie in #3422.
|
|
||||||
Adapted for long-term support branch 2.16 in #3558.
|
|
|
@ -1,11 +0,0 @@
|
||||||
Security
|
|
||||||
* In (D)TLS record decryption, when using a CBC ciphersuites without the
|
|
||||||
Encrypt-then-Mac extension, use constant code flow memory access patterns
|
|
||||||
to extract and check the MAC. This is an improvement to the existing
|
|
||||||
countermeasure against Lucky 13 attacks. The previous countermeasure was
|
|
||||||
effective against network-based attackers, but less so against local
|
|
||||||
attackers. The new countermeasure defends against local attackers, even
|
|
||||||
if they have access to fine-grained measurements. In particular, this
|
|
||||||
fixes a local Lucky 13 cache attack found and reported by Tuba Yavuz,
|
|
||||||
Farhaan Fowze, Ken (Yihan) Bai, Grant Hernandez, and Kevin Butler
|
|
||||||
(University of Florida) and Dave Tian (Purdue University).
|
|
|
@ -1,3 +0,0 @@
|
||||||
Bugfix
|
|
||||||
* Use arc4random_buf on NetBSD instead of rand implementation with cyclical
|
|
||||||
lower bits. Fix contributed in #3540.
|
|
|
@ -1,6 +0,0 @@
|
||||||
Security
|
|
||||||
* Fix side channel in RSA private key operations and static (finite-field)
|
|
||||||
Diffie-Hellman. An adversary with precise enough timing and memory access
|
|
||||||
information (typically an untrusted operating system attacking a secure
|
|
||||||
enclave) could bypass an existing counter-measure (base blinding) and
|
|
||||||
potentially fully recover the private key.
|
|
|
@ -1,4 +0,0 @@
|
||||||
Bugfix
|
|
||||||
* Fix bug in redirection of unit test outputs on platforms where stdout is
|
|
||||||
defined as a macro. First reported in #2311 and fix contributed in #3528.
|
|
||||||
Adopted for LTS branch 2.16 in #3601.
|
|
|
@ -1,4 +0,0 @@
|
||||||
Security
|
|
||||||
* Fix a 1-byte buffer overread in mbedtls_x509_crl_parse_der().
|
|
||||||
Credit to OSS-Fuzz for detecting the problem and to Philippe Antoine
|
|
||||||
for pinpointing the problematic code.
|
|
|
@ -1,4 +0,0 @@
|
||||||
Bugfix
|
|
||||||
* Reduce the stack consumption of mbedtls_x509write_csr_der() which
|
|
||||||
previously could lead to stack overflow on constrained devices.
|
|
||||||
Contributed by Doru Gucea and Simon Leet in #3464.
|
|
|
@ -1,4 +0,0 @@
|
||||||
Security
|
|
||||||
* Zeroising of plaintext buffers in mbedtls_ssl_read() to erase unused
|
|
||||||
application data from memory. Reported in #689 by
|
|
||||||
Johan Uppman Bruce of Sectra.
|
|
Loading…
Reference in a new issue