mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-24 12:15:28 +00:00
Tidied up style and phrasing of ChangeLog
This commit is contained in:
parent
c83f470eb8
commit
657c010884
21
ChangeLog
21
ChangeLog
|
@ -3,29 +3,30 @@ mbed TLS ChangeLog (Sorted per branch, date)
|
|||
= mbed TLS 2.1.x branch released 2016-xx-xx
|
||||
|
||||
Security
|
||||
* Remove MBEDTLS_SSL_AEAD_RANDOM_IV option, because it was not compliant
|
||||
with RFC5116 and could lead to session key recovery in very long TLS
|
||||
sessions. (H. Bock, A. Zauner, S. Devlin, J. Somorovsky, P. Jovanovic -
|
||||
"Nonce-Disrespecting Adversaries Practical Forgery Attacks on GCM in TLS")
|
||||
* Fix potential stack corruption in mbedtls_x509write_crt_der() and
|
||||
* Removed the MBEDTLS_SSL_AEAD_RANDOM_IV option, because it was not compliant
|
||||
with RFC-5116 and could lead to session key recovery in very long TLS
|
||||
sessions. "Nonce-Disrespecting Adversaries Practical Forgery Attacks on GCM in
|
||||
TLS" - H. Bock, A. Zauner, S. Devlin, J. Somorovsky, P. Jovanovic.
|
||||
https://eprint.iacr.org/2016/475.pdf
|
||||
* Fixed potential stack corruption in mbedtls_x509write_crt_der() and
|
||||
mbedtls_x509write_csr_der() when the signature is copied to the buffer
|
||||
without checking whether there is enough space in the destination. The
|
||||
issue cannot be triggered remotely. (found by Jethro Beekman)
|
||||
issue cannot be triggered remotely. Found by Jethro Beekman.
|
||||
|
||||
Bugfix
|
||||
* Fix an issue that caused valid certificates being rejected whenever an
|
||||
expired or not yet valid version of the trusted certificate was before the
|
||||
valid version in the trusted certificate list.
|
||||
* Fix incorrect handling of block lengths in crypt_and_hash sample program,
|
||||
when GCM is used. #441
|
||||
* Fix incorrect handling of block lengths in crypt_and_hash.c sample program,
|
||||
when GCM is used. Found by udf2457. #441
|
||||
* Fix for key exchanges based on ECDH-RSA or ECDH-ECDSA which weren't
|
||||
enabled unless others were also present. Found by David Fernandez. #428
|
||||
* Fixed cert_app sample program for debug output and for use when no root
|
||||
* Fixed cert_app.c sample program for debug output and for use when no root
|
||||
certificates are provided.
|
||||
* Fix conditional statement that would cause a 1 byte overread in
|
||||
mbedtls_asn1_get_int(). Found and fixed by Guido Vranken. #599
|
||||
* Fixed pthread implementation to avoid unintended double initialisations
|
||||
and double frees. (found by Niklas Amnebratt)
|
||||
and double frees. Found by Niklas Amnebratt.
|
||||
* Fixed the sample applications gen_key.c, cert_req.c and cert_write.c for
|
||||
builds where the configuration MBEDTLS_PEM_WRITE_C is not defined. Found
|
||||
by inestlerode. #559.
|
||||
|
|
Loading…
Reference in a new issue