Tidied up style and phrasing of ChangeLog

This commit is contained in:
Simon Butcher 2016-10-16 00:18:54 +01:00
parent c83f470eb8
commit 657c010884

View file

@ -3,29 +3,30 @@ mbed TLS ChangeLog (Sorted per branch, date)
= mbed TLS 2.1.x branch released 2016-xx-xx
Security
* Remove MBEDTLS_SSL_AEAD_RANDOM_IV option, because it was not compliant
with RFC5116 and could lead to session key recovery in very long TLS
sessions. (H. Bock, A. Zauner, S. Devlin, J. Somorovsky, P. Jovanovic -
"Nonce-Disrespecting Adversaries Practical Forgery Attacks on GCM in TLS")
* Fix potential stack corruption in mbedtls_x509write_crt_der() and
* Removed the MBEDTLS_SSL_AEAD_RANDOM_IV option, because it was not compliant
with RFC-5116 and could lead to session key recovery in very long TLS
sessions. "Nonce-Disrespecting Adversaries Practical Forgery Attacks on GCM in
TLS" - H. Bock, A. Zauner, S. Devlin, J. Somorovsky, P. Jovanovic.
https://eprint.iacr.org/2016/475.pdf
* Fixed potential stack corruption in mbedtls_x509write_crt_der() and
mbedtls_x509write_csr_der() when the signature is copied to the buffer
without checking whether there is enough space in the destination. The
issue cannot be triggered remotely. (found by Jethro Beekman)
issue cannot be triggered remotely. Found by Jethro Beekman.
Bugfix
* Fix an issue that caused valid certificates being rejected whenever an
expired or not yet valid version of the trusted certificate was before the
valid version in the trusted certificate list.
* Fix incorrect handling of block lengths in crypt_and_hash sample program,
when GCM is used. #441
* Fix incorrect handling of block lengths in crypt_and_hash.c sample program,
when GCM is used. Found by udf2457. #441
* Fix for key exchanges based on ECDH-RSA or ECDH-ECDSA which weren't
enabled unless others were also present. Found by David Fernandez. #428
* Fixed cert_app sample program for debug output and for use when no root
* Fixed cert_app.c sample program for debug output and for use when no root
certificates are provided.
* Fix conditional statement that would cause a 1 byte overread in
mbedtls_asn1_get_int(). Found and fixed by Guido Vranken. #599
* Fixed pthread implementation to avoid unintended double initialisations
and double frees. (found by Niklas Amnebratt)
and double frees. Found by Niklas Amnebratt.
* Fixed the sample applications gen_key.c, cert_req.c and cert_write.c for
builds where the configuration MBEDTLS_PEM_WRITE_C is not defined. Found
by inestlerode. #559.