yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-05 14:25:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix language and formatting in ChangeLog

Browse source 
Changed the formatting and language in the ChangeLog to the house-style.
This commit is contained in:
Simon Butcher 2018-11-08 13:47:40 +00:00
parent 3bc2b8be36
commit a2c8691c0d
1 changed files with 19 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

42
ChangeLog
View file

@ -3,13 +3,23 @@ mbed TLS ChangeLog (Sorted per branch, date)
= mbed TLS x.x.x branch released xxxx-xx-xx
Security
* Fix overly strict DN comparison when looking for CRLs
belonging to a particular CA. This previously lead to
ignoring CRLs when the CRL's issuer name and the CA's
subject name differed in their string encoding (e.g.,
one using PrintableString and the other UTF8String) or
in the choice of upper and lower case. Reported by
HenrikRosenquistAndersson in #1784.
* Fix overly strict DN comparison when looking for CRLs belonging to a
particular CA. This previously lead to ignoring CRLs when the CRL's issuer
name and the CA's subject name differed in their string encoding (e.g.,
one using PrintableString and the other UTF8String) or in the choice of
upper and lower case. Reported by Henrik Andersson of Bosch GmbH in issue
#1784.
* Fix mbedtls_mpi_is_prime() to use more rounds of probabilistic testing. The
previous settings for the number of rounds made it practical for an
adversary to construct non-primes that would be erroneously accepted as
primes with high probability. This does not have an impact on the
security of TLS, but can matter in other contexts with potentially
adversarially-chosen numbers that should be prime and can be validated.
For example, the number of rounds was enough to securely generate RSA key
pairs or Diffie-Hellman parameters, but was insufficient to validate
Diffie-Hellman parameters properly.
See "Prime and Prejudice" by by Martin R. Albrecht and Jake Massimo and
Kenneth G. Paterson and Juraj Somorovsky.
* Fix a flawed bounds check in server PSK hint parsing. In case the
incoming message buffer was placed within the first 64KB of address
space and a PSK-(EC)DHE ciphersuite was used, this allowed an attacker
@ -32,8 +42,8 @@ Bugfix
Fixes #2069.
* Fix memory leak and freeing without initialization in the example
program programs/x509/cert_write. Fixes #1422.
* Ignore iv in mbedtls_cipher_set_iv() when the cipher mode is MBEDTLS_MODE_ECB
Fix for #1091 raised by ezdevelop
* Ignore IV in mbedtls_cipher_set_iv() when the cipher mode is
MBEDTLS_MODE_ECB. Found by ezdevelop, Fixes #1091.
* Fix failure in hmac_drbg in the benchmark sample application, when
MBEDTLS_THREADING_C is defined. Found by TrinityTonic, #1095
* Fix a bug in the update function for SSL ticket keys which previously
@ -65,20 +75,6 @@ Changes
* Improve documentation of mbedtls_ssl_get_verify_result().
Fixes #517 reported by github-monoculture.
Security
* Fix mbedtls_mpi_is_prime() to use more rounds of probabilistic testing. The
previous settings for the number of rounds made it practical for an
adversary to construct non-primes that would be erroneously accepted as
primes with high probability. This does not have an impact on the
security of TLS, but can matter in other contexts with potentially
adversarially-chosen numbers that should be prime and can be validated.
For example, the number of rounds was enough to securely generate RSA key
pairs or Diffie-Hellman parameters, but was insufficient to validate
Diffie-Hellman parameters properly.
See "Prime and Prejudice" by by Martin R. Albrecht and Jake Massimo and
Kenneth G. Paterson and Juraj Somorovsky.
= mbed TLS 2.1.15 branch released 2018-08-31
Security