yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-07-08 21:30:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix language in Changelog for clarity

Browse source
This commit is contained in:
Simon Butcher 2017-08-10 10:49:32 +01:00
parent 1af21bfa38
commit 9ee5910f65
1 changed files with 14 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
ChangeLog
View file

@ -3,13 +3,13 @@ mbed TLS ChangeLog (Sorted per branch, date)
= mbed TLS 1.3.21 branch released xxxx-xx-xx = mbed TLS 1.3.21 branch released xxxx-xx-xx
Security Security
* Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, * Fix authentication bypass in SSL/TLS: when authmode is set to optional,
ssl_get_verify_result() would incorrectly return 0 when the peer's mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's
X.509 certificate chain had more than POLARSSL_X509_MAX_INTERMEDIATE_CA X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA
(default: 8) intermediates, even when it was not trusted. Could be (default: 8) intermediates, even when it was not trusted. This could be
triggered remotely on both sides. (With auth_mode set to required triggered remotely from either side. (With authmode set to 'required'
(default), the handshake was correctly aborted.) (the default), the handshake was correctly aborted).
* Realiably zeroize sensitive data after use in AES example applications * Reliably zeroize sensitive data after use in AES example applications
programs/aes/aescrypt2 and programs/aes/crypt_and_hash. programs/aes/aescrypt2 and programs/aes/crypt_and_hash.
Found by Laurent Simon. Found by Laurent Simon.
@ -17,16 +17,18 @@ API Changes
* Certificate verification functions now set flags to -1 in case the full * Certificate verification functions now set flags to -1 in case the full
chain was not verified due to an internal error (including in the verify chain was not verified due to an internal error (including in the verify
callback) or chain length limitations. callback) or chain length limitations.
* With authmode set to optional, handshake is now aborted if the * With authmode set to optional, the TLS handshake is now aborted if the
verification of the peer's certificate failed due to an overlong chain or verification of the peer's certificate failed due to an overlong chain or
a fatal error in the vrfy callback. a fatal error in the verify callback.
Bugfix Bugfix
* Add a check if iv_len is zero, and return an error if it is zero. reported * Add a check if iv_len is zero in GCM, and return an error if it is zero.
by roberto. #716 Reported by roberto. #716
* Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) * Replace preprocessor condition from #if defined(MBEDTLS_THREADING_PTHREAD)
to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will
always be implemented by pthread support. Fix for #696 always be implemented by pthread support. Fix for #696
* Fix a resource leak on Windows platforms in mbedtls_x509_crt_parse_path(),
in the case of an error. Found by redplait. #590
* Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path.
In case of failure, when an error occures, goto cleanup. In case of failure, when an error occures, goto cleanup.
Found by redplait #590 Found by redplait #590