mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-20 18:11:00 +00:00
Revised and clarified ChangeLog
Minor changes to fix language, merge mistakes and incorrect classifications of changes.
This commit is contained in:
parent
0bbb4fc132
commit
b5afb97244
24
ChangeLog
24
ChangeLog
|
@ -3,9 +3,6 @@ mbed TLS ChangeLog (Sorted per branch, date)
|
||||||
= mbed TLS x.x.x branch released xxxx-xx-xx
|
= mbed TLS x.x.x branch released xxxx-xx-xx
|
||||||
|
|
||||||
Security
|
Security
|
||||||
* Fix a potential memory leak in mbedtls_ssl_setup( ) function. An allocation
|
|
||||||
failure could leave an unreleased buffer. A handshake init failure would
|
|
||||||
lead to leaving two unreleased buffers.
|
|
||||||
* Fix an issue in the X.509 module which could lead to a buffer overread
|
* Fix an issue in the X.509 module which could lead to a buffer overread
|
||||||
during certificate extensions parsing. In case of receiving malformed
|
during certificate extensions parsing. In case of receiving malformed
|
||||||
input (extensions length field equal to 0), an illegal read of one byte
|
input (extensions length field equal to 0), an illegal read of one byte
|
||||||
|
@ -31,6 +28,8 @@ API Changes
|
||||||
the use of datagram packing (enabled by default).
|
the use of datagram packing (enabled by default).
|
||||||
|
|
||||||
Bugfix
|
Bugfix
|
||||||
|
* Fix a potential memory leak in mbedtls_ssl_setup() function. An allocation
|
||||||
|
failure in the function could lead to other buffers being leaked.
|
||||||
* Fixes an issue with MBEDTLS_CHACHAPOLY_C which would not compile if
|
* Fixes an issue with MBEDTLS_CHACHAPOLY_C which would not compile if
|
||||||
MBEDTLS_ARC4_C and MBEDTLS_CIPHER_NULL_CIPHER weren't also defined. #1890
|
MBEDTLS_ARC4_C and MBEDTLS_CIPHER_NULL_CIPHER weren't also defined. #1890
|
||||||
* Fix a memory leak in ecp_mul_comb() if ecp_precompute_comb() fails.
|
* Fix a memory leak in ecp_mul_comb() if ecp_precompute_comb() fails.
|
||||||
|
@ -38,7 +37,8 @@ Bugfix
|
||||||
* Add ecc extensions only if an ecc based ciphersuite is used.
|
* Add ecc extensions only if an ecc based ciphersuite is used.
|
||||||
This improves compliance to RFC 4492, and as a result, solves
|
This improves compliance to RFC 4492, and as a result, solves
|
||||||
interoperability issues with BouncyCastle. Raised by milenamil in #1157.
|
interoperability issues with BouncyCastle. Raised by milenamil in #1157.
|
||||||
* Replace printf with mbedtls_printf in aria. Found by TrinityTonic in #1908.
|
* Replace printf with mbedtls_printf in the ARIA module. Found by
|
||||||
|
TrinityTonic in #1908.
|
||||||
* Fix potential use-after-free in mbedtls_ssl_get_max_frag_len()
|
* Fix potential use-after-free in mbedtls_ssl_get_max_frag_len()
|
||||||
and mbedtls_ssl_get_record_expansion() after a session reset. Fixes #1941.
|
and mbedtls_ssl_get_record_expansion() after a session reset. Fixes #1941.
|
||||||
* Fix a bug that caused SSL/TLS clients to incorrectly abort the handshake
|
* Fix a bug that caused SSL/TLS clients to incorrectly abort the handshake
|
||||||
|
@ -54,11 +54,11 @@ Bugfix
|
||||||
* Fix overly strict bounds check in ssl_parse_certificate_request()
|
* Fix overly strict bounds check in ssl_parse_certificate_request()
|
||||||
which could lead to valid CertificateRequest messages being rejected.
|
which could lead to valid CertificateRequest messages being rejected.
|
||||||
Fixes #1954.
|
Fixes #1954.
|
||||||
|
* Fix undefined shifts with negative values in certificates parsing
|
||||||
|
(found by Catena cyber using oss-fuzz)
|
||||||
* Fix memory leak and free without initialization in pk_encrypt
|
* Fix memory leak and free without initialization in pk_encrypt
|
||||||
and pk_decrypt example programs. Reported by Brace Stout. Fixes #1128.
|
and pk_decrypt example programs. Reported by Brace Stout. Fixes #1128.
|
||||||
* Remove redundant else statement, which is not readable, and the positive
|
* Remove redundant else statement. Raised by irwir. Fixes #1776.
|
||||||
path in the if statement results in exiting the funciton. Raised by irwir
|
|
||||||
in #1776.
|
|
||||||
|
|
||||||
Changes
|
Changes
|
||||||
* Copy headers preserving timestamps when doing a "make install".
|
* Copy headers preserving timestamps when doing a "make install".
|
||||||
|
@ -67,15 +67,7 @@ Changes
|
||||||
Drozd. Fixes #1215 raised by randombit.
|
Drozd. Fixes #1215 raised by randombit.
|
||||||
* Improve compatibility with some alternative CCM implementations by using
|
* Improve compatibility with some alternative CCM implementations by using
|
||||||
CCM test vectors from RAM.
|
CCM test vectors from RAM.
|
||||||
* Fix a miscalculation of the maximum record expansion in
|
|
||||||
mbedtls_ssl_get_record_expansion() in case of ChachaPoly ciphersuites,
|
|
||||||
or CBC ciphersuites in (D)TLS versions 1.1 or higher. Fixes #1913, #1914.
|
|
||||||
* Add support for buffering of out-of-order handshake messages.
|
* Add support for buffering of out-of-order handshake messages.
|
||||||
|
|
||||||
INTERNAL NOTE: need to bump soversion of libmbedtls:
|
|
||||||
- added new member 'mtu' to public 'mbedtls_ssl_conf' structure
|
|
||||||
|
|
||||||
Changes
|
|
||||||
* Add warnings to the documentation of the HKDF module to reduce the risk
|
* Add warnings to the documentation of the HKDF module to reduce the risk
|
||||||
of misusing the mbedtls_hkdf_extract() and mbedtls_hkdf_expand()
|
of misusing the mbedtls_hkdf_extract() and mbedtls_hkdf_expand()
|
||||||
functions. Fixes #1775. Reported by Brian J. Murray.
|
functions. Fixes #1775. Reported by Brian J. Murray.
|
||||||
|
@ -228,8 +220,6 @@ API Changes
|
||||||
Bugfix
|
Bugfix
|
||||||
* Fix an issue with MicroBlaze support in bn_mul.h which was causing the
|
* Fix an issue with MicroBlaze support in bn_mul.h which was causing the
|
||||||
build to fail. Found by zv-io. Fixes #1651.
|
build to fail. Found by zv-io. Fixes #1651.
|
||||||
* Fix undefined shifts with negative values in certificates parsing
|
|
||||||
(found by Catena cyber using oss-fuzz)
|
|
||||||
|
|
||||||
Changes
|
Changes
|
||||||
* Support TLS testing in out-of-source builds using cmake. Fixes #1193.
|
* Support TLS testing in out-of-source builds using cmake. Fixes #1193.
|
||||||
|
|
Loading…
Reference in a new issue