yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-25 00:11:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

Improve ChangeLog description of X509 MD5 changes

Browse source
This commit is contained in:
Manuel Pégourié-Gonnard 2017-06-09 14:52:09 +02:00
parent 7d810939b5
commit 6d61e9751b
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
ChangeLog
View file

@ -11,7 +11,7 @@ Security
* Wipe stack buffers in RSA private key operations
(rsa_rsaes_pkcs1_v15_decrypt(), rsa_rsaes_oaep_decrypt).
Found by Laurent Simon.
Tighten parsing of RSA PKCS#1 v1.5 signatures, to avoid a
* Tighten parsing of RSA PKCS#1 v1.5 signatures, to avoid a
potential Bleichenbacher/BERserk-style attack.
* Remove support for X509 certificates signed with MD5.
Issue raised by Harm Verhagen
@ -36,6 +36,9 @@ Changes
* Clarify ECDSA documentation and improve the sample code to avoid
misunderstandings and potentially dangerous use of the API. Pointed out
by Jean-Philippe Aumasson.
* Add new config.h flag POLARSSL_X509_MIN_VERIFY_MD_ALG to set the minimum
hash accepted when verifying certificate chains. Defaults to SHA1, which
means SHA1 is accepted but MD5 and below are rejected.
= mbed TLS 1.3.19 branch released 2017-03-08