mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-07 09:55:35 +00:00
Merge remote-tracking branch 'upstream-restricted/pr/478' into development-restricted
This commit is contained in:
commit
78d2f7d5df
94
ChangeLog
94
ChangeLog
|
@ -3,43 +3,46 @@ mbed TLS ChangeLog (Sorted per branch, date)
|
||||||
= mbed TLS 2.9.0 branch released 2018-04-30
|
= mbed TLS 2.9.0 branch released 2018-04-30
|
||||||
|
|
||||||
Security
|
Security
|
||||||
* Fix a bug in the X.509 module potentially leading to a buffer overread
|
* Fix an issue in the X.509 module which could lead to a buffer overread
|
||||||
during CRT verification or to invalid or omitted checks for certificate
|
during certificate validation. Additionally, the issue could also lead to
|
||||||
validity. The former can be triggered remotely, while the latter requires
|
unnecessary callback checks being made or to some validation checks to be
|
||||||
a non DER-compliant certificate correctly signed by a trusted CA, or a
|
omitted. The overread could be triggered remotely, while the other issues
|
||||||
trusted CA with a non DER-compliant certificate. Found by luocm on GitHub.
|
would require a non DER-compliant certificate to be correctly signed by a
|
||||||
Fixes #825.
|
trusted CA, or a trusted CA with a non DER-compliant certificate. Found by
|
||||||
* Fix buffer length assertion in the ssl_parse_certificate_request()
|
luocm. Fixes #825.
|
||||||
function which leads to an arbitrary overread of the message buffer. The
|
* Fix the buffer length assertion in the ssl_parse_certificate_request()
|
||||||
overreads could occur upon receiving a message malformed at the point
|
function which led to an arbitrary overread of the message buffer. The
|
||||||
where an optional signature algorithms list is expected in the cases of
|
overreads could be caused by receiving a malformed message at the point
|
||||||
the signature algorithms section being too short. In the debug builds
|
where an optional signature algorithms list is expected when the signature
|
||||||
the overread data is printed to the standard output.
|
algorithms section is too short. In builds with debug output, the overread
|
||||||
|
data is output with the debug data.
|
||||||
* Fix a client-side bug in the validation of the server's ciphersuite choice
|
* Fix a client-side bug in the validation of the server's ciphersuite choice
|
||||||
potentially leading to the client accepting a ciphersuite it didn't offer
|
which could potentially lead to the client accepting a ciphersuite it didn't
|
||||||
or one that cannot be used with the (D)TLS version chosen by the server.
|
offer or a ciphersuite that cannot be used with the TLS or DTLS version
|
||||||
This may lead to corruption of internal data structures for some
|
chosen by the server. This could lead to corruption of internal data
|
||||||
configurations.
|
structures for some configurations.
|
||||||
|
|
||||||
Features
|
Features
|
||||||
* Add option MBEDTLS_AES_FEWER_TABLES to dynamically compute 3/4 of the AES tables
|
* Add an option, MBEDTLS_AES_FEWER_TABLES, to dynamically compute smaller AES
|
||||||
during runtime, thereby reducing the RAM/ROM footprint by ~6kb. Suggested
|
tables during runtime, thereby reducing the RAM/ROM footprint by ~6KiB.
|
||||||
and contributed by jkivilin in #394.
|
Suggested and contributed by jkivilin in pull request #394.
|
||||||
* Add initial support for Curve448 (RFC 7748). Only mbedtls_ecp_mul() and
|
* Add initial support for Curve448 (RFC 7748). Only mbedtls_ecp_mul() and
|
||||||
ECDH primitive functions (mbedtls_ecdh_gen_public(),
|
ECDH primitive functions (mbedtls_ecdh_gen_public(),
|
||||||
mbedtls_ecdh_compute_shared()) are supported for now. Contributed by
|
mbedtls_ecdh_compute_shared()) are supported for now. Contributed by
|
||||||
Nicholas Wilson (#348).
|
Nicholas Wilson (#348).
|
||||||
|
|
||||||
API Changes
|
API Changes
|
||||||
* Add function mbedtls_net_poll to public API allowing to wait for a
|
* Extend the public API with the function of mbedtls_net_poll() to allow user
|
||||||
network context to become ready for reading or writing.
|
applications to wait for a network context to become ready before reading
|
||||||
* Add function mbedtls_ssl_check_pending to public API allowing to check
|
or writing.
|
||||||
if more data is pending to be processed in the internal message buffers.
|
* Add function mbedtls_ssl_check_pending() to the public API to allow
|
||||||
|
a check for whether more more data is pending to be processed in the
|
||||||
|
internal message buffers.
|
||||||
This function is necessary to determine when it is safe to idle on the
|
This function is necessary to determine when it is safe to idle on the
|
||||||
underlying transport in case event-driven IO is used.
|
underlying transport in case event-driven IO is used.
|
||||||
|
|
||||||
Bugfix
|
Bugfix
|
||||||
* Fix spurious uninitialized variable warning in cmac.c. Fix independently
|
* Fix a spurious uninitialized variable warning in cmac.c. Fix independently
|
||||||
contributed by Brian J Murray and David Brown.
|
contributed by Brian J Murray and David Brown.
|
||||||
* Add missing dependencies in test suites that led to build failures
|
* Add missing dependencies in test suites that led to build failures
|
||||||
in configurations that omit certain hashes or public-key algorithms.
|
in configurations that omit certain hashes or public-key algorithms.
|
||||||
|
@ -47,15 +50,16 @@ Bugfix
|
||||||
* Fix C89 incompatibility in benchmark.c. Contributed by Brendan Shanks.
|
* Fix C89 incompatibility in benchmark.c. Contributed by Brendan Shanks.
|
||||||
#1353
|
#1353
|
||||||
* Add missing dependencies for MBEDTLS_HAVE_TIME_DATE and
|
* Add missing dependencies for MBEDTLS_HAVE_TIME_DATE and
|
||||||
MBEDTLS_VERSION_FEATURES in test suites. Contributed by Deomid Ryabkov.
|
MBEDTLS_VERSION_FEATURES in some test suites. Contributed by
|
||||||
Fixes #1299, #1475.
|
Deomid Ryabkov. Fixes #1299, #1475.
|
||||||
* Fix dynamic library building process with Makefile on Mac OS X. Fixed by
|
* Fix the Makefile build process for building shared libraries on Mac OS X.
|
||||||
mnacamura.
|
Fixed by mnacamura.
|
||||||
* Fix parsing of PKCS#8 encoded Elliptic Curve keys. Previously Mbed TLS was
|
* Fix parsing of PKCS#8 encoded Elliptic Curve keys. Previously Mbed TLS was
|
||||||
unable to parse keys with only the optional parameters field of the
|
unable to parse keys which had only the optional parameters field of the
|
||||||
ECPrivateKey structure. Found by Jethro Beekman, fixed in #1379.
|
ECPrivateKey structure. Found by Jethro Beekman, fixed in #1379.
|
||||||
* Return plaintext data sooner on unpadded CBC decryption, as stated in
|
* Return the plaintext data more quickly on unpadded CBC decryption, as
|
||||||
the mbedtls_cipher_update() documentation. Contributed by Andy Leiserson.
|
stated in the mbedtls_cipher_update() documentation. Contributed by
|
||||||
|
Andy Leiserson.
|
||||||
* Fix overriding and ignoring return values when parsing and writing to
|
* Fix overriding and ignoring return values when parsing and writing to
|
||||||
a file in pk_sign program. Found by kevlut in #1142.
|
a file in pk_sign program. Found by kevlut in #1142.
|
||||||
* Restrict usage of error code MBEDTLS_ERR_SSL_WANT_READ to situations
|
* Restrict usage of error code MBEDTLS_ERR_SSL_WANT_READ to situations
|
||||||
|
@ -63,9 +67,8 @@ Bugfix
|
||||||
to make progress. Previously, this error code was also occasionally
|
to make progress. Previously, this error code was also occasionally
|
||||||
returned when unexpected messages were being discarded, ignoring that
|
returned when unexpected messages were being discarded, ignoring that
|
||||||
further messages could potentially already be pending to be processed
|
further messages could potentially already be pending to be processed
|
||||||
in the internal buffers; these cases lead to deadlocks in case
|
in the internal buffers; these cases led to deadlocks when event-driven
|
||||||
event-driven I/O was used.
|
I/O was used. Found and reported by Hubert Mis in #772.
|
||||||
Found and reported by Hubert Mis in #772.
|
|
||||||
* Fix buffer length assertions in the ssl_parse_certificate_request()
|
* Fix buffer length assertions in the ssl_parse_certificate_request()
|
||||||
function which leads to a potential one byte overread of the message
|
function which leads to a potential one byte overread of the message
|
||||||
buffer.
|
buffer.
|
||||||
|
@ -74,18 +77,18 @@ Bugfix
|
||||||
|
|
||||||
Changes
|
Changes
|
||||||
* Remove some redundant code in bignum.c. Contributed by Alexey Skalozub.
|
* Remove some redundant code in bignum.c. Contributed by Alexey Skalozub.
|
||||||
* Support cmake build where Mbed TLS is a subproject. Fix
|
* Support cmake builds where Mbed TLS is a subproject. Fix contributed
|
||||||
contributed independently by Matthieu Volat and Arne Schwabe.
|
independently by Matthieu Volat and Arne Schwabe.
|
||||||
* Improve testing in configurations that omit certain hashes or
|
* Improve testing in configurations that omit certain hashes or
|
||||||
public-key algorithms. Includes contributions by Gert van Dijk.
|
public-key algorithms. Includes contributions by Gert van Dijk.
|
||||||
* Improve negative testing of X.509 parsing.
|
* Improve negative testing of X.509 parsing.
|
||||||
* Do not define global mutexes around readdir() and gmtime() in
|
* Do not define global mutexes around readdir() and gmtime() in
|
||||||
configurations where the feature is disabled. Found and fixed by Gergely
|
configurations where the feature is disabled. Found and fixed by Gergely
|
||||||
Budai.
|
Budai.
|
||||||
* Harden mbedtls_ssl_config_free() against misuse, so that it doesn't
|
* Harden the function mbedtls_ssl_config_free() against misuse, so that it
|
||||||
leak memory in case the user doesn't use mbedtls_ssl_conf_psk() and
|
doesn't leak memory if the user doesn't use mbedtls_ssl_conf_psk() and
|
||||||
instead incorrectly manipulates conf->psk and/or conf->psk_identity
|
instead incorrectly manipulates the configuration structure directly.
|
||||||
directly. Found and fix submitted by junyeonLEE in #1220.
|
Found and fix submitted by junyeonLEE in #1220.
|
||||||
* Provide an empty implementation of mbedtls_pkcs5_pbes2() when
|
* Provide an empty implementation of mbedtls_pkcs5_pbes2() when
|
||||||
MBEDTLS_ASN1_PARSE_C is not enabled. This allows the use of PBKDF2
|
MBEDTLS_ASN1_PARSE_C is not enabled. This allows the use of PBKDF2
|
||||||
without PBES2. Fixed by Marcos Del Sol Vives.
|
without PBES2. Fixed by Marcos Del Sol Vives.
|
||||||
|
@ -96,7 +99,7 @@ Changes
|
||||||
Krylov.
|
Krylov.
|
||||||
* Improve the documentation of mbedtls_ssl_write(). Suggested by
|
* Improve the documentation of mbedtls_ssl_write(). Suggested by
|
||||||
Paul Sokolovsky in #1356.
|
Paul Sokolovsky in #1356.
|
||||||
* Add an option in the makefile to support ar utilities where the operation
|
* Add an option in the Makefile to support ar utilities where the operation
|
||||||
letter must not be prefixed by '-', such as LLVM. Found and fixed by
|
letter must not be prefixed by '-', such as LLVM. Found and fixed by
|
||||||
Alex Hixon.
|
Alex Hixon.
|
||||||
* Allow configuring the shared library extension by setting the DLEXT
|
* Allow configuring the shared library extension by setting the DLEXT
|
||||||
|
@ -109,8 +112,8 @@ Changes
|
||||||
* Improve robustness of mbedtls_ssl_derive_keys against the use of
|
* Improve robustness of mbedtls_ssl_derive_keys against the use of
|
||||||
HMAC functions with non-HMAC ciphersuites. Independently contributed
|
HMAC functions with non-HMAC ciphersuites. Independently contributed
|
||||||
by Jiayuan Chen in #1377. Fixes #1437.
|
by Jiayuan Chen in #1377. Fixes #1437.
|
||||||
* Improve security of RSA key generation by including criteria from FIPS
|
* Improve security of RSA key generation by including criteria from
|
||||||
186-4. Contributed by Jethro Beekman. #1380
|
FIPS 186-4. Contributed by Jethro Beekman. #1380
|
||||||
* Declare functions in header files even when an alternative implementation
|
* Declare functions in header files even when an alternative implementation
|
||||||
of the corresponding module is activated by defining the corresponding
|
of the corresponding module is activated by defining the corresponding
|
||||||
MBEDTLS_XXX_ALT macro. This means that alternative implementations do
|
MBEDTLS_XXX_ALT macro. This means that alternative implementations do
|
||||||
|
@ -314,7 +317,7 @@ Bugfix
|
||||||
* Fix ssl_parse_record_header() to silently discard invalid DTLS records
|
* Fix ssl_parse_record_header() to silently discard invalid DTLS records
|
||||||
as recommended in RFC 6347 Section 4.1.2.7.
|
as recommended in RFC 6347 Section 4.1.2.7.
|
||||||
* Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times.
|
* Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times.
|
||||||
Found by projectgus and jethrogb, #836.
|
Found by projectgus and Jethro Beekman, #836.
|
||||||
* Fix usage help in ssl_server2 example. Found and fixed by Bei Lin.
|
* Fix usage help in ssl_server2 example. Found and fixed by Bei Lin.
|
||||||
* Parse signature algorithm extension when renegotiating. Previously,
|
* Parse signature algorithm extension when renegotiating. Previously,
|
||||||
renegotiated handshakes would only accept signatures using SHA-1
|
renegotiated handshakes would only accept signatures using SHA-1
|
||||||
|
@ -508,8 +511,7 @@ Bugfix
|
||||||
Previous behaviour was to keep processing data even after the alert has
|
Previous behaviour was to keep processing data even after the alert has
|
||||||
been sent.
|
been sent.
|
||||||
* Accept empty trusted CA chain in authentication mode
|
* Accept empty trusted CA chain in authentication mode
|
||||||
MBEDTLS_SSL_VERIFY_OPTIONAL.
|
MBEDTLS_SSL_VERIFY_OPTIONAL. Found by Jethro Beekman. #864
|
||||||
Found by jethrogb. #864
|
|
||||||
* Fix implementation of mbedtls_ssl_parse_certificate() to not annihilate
|
* Fix implementation of mbedtls_ssl_parse_certificate() to not annihilate
|
||||||
fatal errors in authentication mode MBEDTLS_SSL_VERIFY_OPTIONAL and to
|
fatal errors in authentication mode MBEDTLS_SSL_VERIFY_OPTIONAL and to
|
||||||
reflect bad EC curves within verification result.
|
reflect bad EC curves within verification result.
|
||||||
|
|
Loading…
Reference in a new issue