yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-02-03 23:21:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Improve ChangeLog description of X509 MD5 changes

Browse source
This commit is contained in:
Manuel Pégourié-Gonnard 2017-06-09 14:52:09 +02:00
parent 7d810939b5
commit 6d61e9751b
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
ChangeLog
View file

@ -11,7 +11,7 @@ Security
* Wipe stack buffers in RSA private key operations * Wipe stack buffers in RSA private key operations
(rsa_rsaes_pkcs1_v15_decrypt(), rsa_rsaes_oaep_decrypt). (rsa_rsaes_pkcs1_v15_decrypt(), rsa_rsaes_oaep_decrypt).
Found by Laurent Simon. Found by Laurent Simon.
Tighten parsing of RSA PKCS#1 v1.5 signatures, to avoid a * Tighten parsing of RSA PKCS#1 v1.5 signatures, to avoid a
potential Bleichenbacher/BERserk-style attack. potential Bleichenbacher/BERserk-style attack.
* Remove support for X509 certificates signed with MD5. * Remove support for X509 certificates signed with MD5.
Issue raised by Harm Verhagen Issue raised by Harm Verhagen
@ -36,6 +36,9 @@ Changes
* Clarify ECDSA documentation and improve the sample code to avoid * Clarify ECDSA documentation and improve the sample code to avoid
misunderstandings and potentially dangerous use of the API. Pointed out misunderstandings and potentially dangerous use of the API. Pointed out
by Jean-Philippe Aumasson. by Jean-Philippe Aumasson.
* Add new config.h flag POLARSSL_X509_MIN_VERIFY_MD_ALG to set the minimum
hash accepted when verifying certificate chains. Defaults to SHA1, which
means SHA1 is accepted but MD5 and below are rejected.
= mbed TLS 1.3.19 branch released 2017-03-08 = mbed TLS 1.3.19 branch released 2017-03-08