mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-05-30 16:07:09 +00:00
Enhancement of ChangeLog entry
This commit is contained in:
Hanno Becker
parent
554c32dae6
commit
e2a73c13cf
27
ChangeLog
27
ChangeLog
|
|
@ -13,9 +13,15 @@ API Changes
|
||||||
independent setup and export of RSA contexts. Most notably,
|
independent setup and export of RSA contexts. Most notably,
|
||||||
mbedtls_rsa_import and mbedtls_rsa_complete are introduced for setting
|
mbedtls_rsa_import and mbedtls_rsa_complete are introduced for setting
|
||||||
up RSA contexts from partial key material and having them completed to the
|
up RSA contexts from partial key material and having them completed to the
|
||||||
needs of the implementation automatically. This allows to setup RSA
|
needs of the implementation automatically. This allows to setup private RSA
|
||||||
contexts from keys consisting of N,D,E only, even if P,Q are needed for the
|
contexts from keys consisting of N,D,E only, even if P,Q are needed for the
|
||||||
purpose or CRT and/or blinding.
|
purpose or CRT and/or blinding.
|
||||||
|
* The configuration option MBEDTLS_RSA_ALT can be used to define alternative
|
||||||
|
implementations of the RSA interface declared in rsa.h.
|
||||||
|
|
||||||
|
New deprecations
|
||||||
|
* Direct manipulation of structure fields of RSA contexts is deprecated.
|
||||||
|
Users are advised to use the extended RSA API instead.
|
||||||
|
|
||||||
= mbed TLS x.x.x branch released xxxx-xx-xx
|
= mbed TLS x.x.x branch released xxxx-xx-xx
|
||||||
|
|
||||||
|
|
@ -321,7 +327,7 @@ Security
|
||||||
* Fix potential integer overflow to buffer overflow in
|
* Fix potential integer overflow to buffer overflow in
|
||||||
mbedtls_rsa_rsaes_pkcs1_v15_encrypt and mbedtls_rsa_rsaes_oaep_encrypt
|
mbedtls_rsa_rsaes_pkcs1_v15_encrypt and mbedtls_rsa_rsaes_oaep_encrypt
|
||||||
(not triggerable remotely in (D)TLS).
|
(not triggerable remotely in (D)TLS).
|
||||||
* Fix a potential integer underflow to buffer overread in
|
* Fix a potential integer underflow to buffer overread in
|
||||||
mbedtls_rsa_rsaes_oaep_decrypt. It is not triggerable remotely in
|
mbedtls_rsa_rsaes_oaep_decrypt. It is not triggerable remotely in
|
||||||
SSL/TLS.
|
SSL/TLS.
|
||||||
|
|
||||||
|
|
@ -341,7 +347,7 @@ Bugfix
|
||||||
* Fix an issue that caused valid certificates to be rejected whenever an
|
* Fix an issue that caused valid certificates to be rejected whenever an
|
||||||
expired or not yet valid certificate was parsed before a valid certificate
|
expired or not yet valid certificate was parsed before a valid certificate
|
||||||
in the trusted certificate list.
|
in the trusted certificate list.
|
||||||
* Fix bug in mbedtls_x509_crt_parse that caused trailing extra data in the
|
* Fix bug in mbedtls_x509_crt_parse that caused trailing extra data in the
|
||||||
buffer after DER certificates to be included in the raw representation.
|
buffer after DER certificates to be included in the raw representation.
|
||||||
* Fix issue that caused a hang when generating RSA keys of odd bitlength
|
* Fix issue that caused a hang when generating RSA keys of odd bitlength
|
||||||
* Fix bug in mbedtls_rsa_rsaes_pkcs1_v15_encrypt that made null pointer
|
* Fix bug in mbedtls_rsa_rsaes_pkcs1_v15_encrypt that made null pointer
|
||||||
|
|
@ -1597,7 +1603,7 @@ Security
|
||||||
Changes
|
Changes
|
||||||
* Allow enabling of dummy error_strerror() to support some use-cases
|
* Allow enabling of dummy error_strerror() to support some use-cases
|
||||||
* Debug messages about padding errors during SSL message decryption are
|
* Debug messages about padding errors during SSL message decryption are
|
||||||
disabled by default and can be enabled with POLARSSL_SSL_DEBUG_ALL
|
disabled by default and can be enabled with POLARSSL_SSL_DEBUG_ALL
|
||||||
* Sending of security-relevant alert messages that do not break
|
* Sending of security-relevant alert messages that do not break
|
||||||
interoperability can be switched on/off with the flag
|
interoperability can be switched on/off with the flag
|
||||||
POLARSSL_SSL_ALL_ALERT_MESSAGES
|
POLARSSL_SSL_ALL_ALERT_MESSAGES
|
||||||
|
|
@ -1626,7 +1632,7 @@ Bugfix
|
||||||
Changes
|
Changes
|
||||||
* Added p_hw_data to ssl_context for context specific hardware acceleration
|
* Added p_hw_data to ssl_context for context specific hardware acceleration
|
||||||
data
|
data
|
||||||
* During verify trust-CA is only checked for expiration and CRL presence
|
* During verify trust-CA is only checked for expiration and CRL presence
|
||||||
|
|
||||||
Bugfixes
|
Bugfixes
|
||||||
* Fixed client authentication compatibility
|
* Fixed client authentication compatibility
|
||||||
|
|
@ -1924,9 +1930,9 @@ Features
|
||||||
with random data (Fixed ticket #10)
|
with random data (Fixed ticket #10)
|
||||||
|
|
||||||
Changes
|
Changes
|
||||||
* Debug print of MPI now removes leading zero octets and
|
* Debug print of MPI now removes leading zero octets and
|
||||||
displays actual bit size of the value.
|
displays actual bit size of the value.
|
||||||
* x509parse_key() (and as a consequence x509parse_keyfile())
|
* x509parse_key() (and as a consequence x509parse_keyfile())
|
||||||
does not zeroize memory in advance anymore. Use rsa_init()
|
does not zeroize memory in advance anymore. Use rsa_init()
|
||||||
before parsing a key or keyfile!
|
before parsing a key or keyfile!
|
||||||
|
|
||||||
|
|
@ -1948,7 +1954,7 @@ Features
|
||||||
printing of X509 CRLs from file
|
printing of X509 CRLs from file
|
||||||
|
|
||||||
Changes
|
Changes
|
||||||
* Parsing of PEM files moved to separate module (Fixes
|
* Parsing of PEM files moved to separate module (Fixes
|
||||||
ticket #13). Also possible to remove PEM support for
|
ticket #13). Also possible to remove PEM support for
|
||||||
systems only using DER encoding
|
systems only using DER encoding
|
||||||
|
|
||||||
|
|
@ -2091,7 +2097,7 @@ Bug fixes
|
||||||
* Fixed HMAC-MD2 by modifying md2_starts(), so that the
|
* Fixed HMAC-MD2 by modifying md2_starts(), so that the
|
||||||
required HMAC ipad and opad variables are not cleared.
|
required HMAC ipad and opad variables are not cleared.
|
||||||
(found by code coverage tests)
|
(found by code coverage tests)
|
||||||
* Prevented use of long long in bignum if
|
* Prevented use of long long in bignum if
|
||||||
POLARSSL_HAVE_LONGLONG not defined (found by Giles
|
POLARSSL_HAVE_LONGLONG not defined (found by Giles
|
||||||
Bathgate).
|
Bathgate).
|
||||||
* Fixed incorrect handling of negative strings in
|
* Fixed incorrect handling of negative strings in
|
||||||
|
|
@ -2132,7 +2138,7 @@ Bug fixes
|
||||||
* Made definition of net_htons() endian-clean for big endian
|
* Made definition of net_htons() endian-clean for big endian
|
||||||
systems (Found by Gernot).
|
systems (Found by Gernot).
|
||||||
* Undefining POLARSSL_HAVE_ASM now also handles prevents asm in
|
* Undefining POLARSSL_HAVE_ASM now also handles prevents asm in
|
||||||
padlock and timing code.
|
padlock and timing code.
|
||||||
* Fixed an off-by-one buffer allocation in ssl_set_hostname()
|
* Fixed an off-by-one buffer allocation in ssl_set_hostname()
|
||||||
responsible for crashes and unwanted behaviour.
|
responsible for crashes and unwanted behaviour.
|
||||||
* Added support for Certificate Revocation List (CRL) parsing.
|
* Added support for Certificate Revocation List (CRL) parsing.
|
||||||
|
|
@ -2306,4 +2312,3 @@ XySSL ChangeLog
|
||||||
who maintains the Debian package :-)
|
who maintains the Debian package :-)
|
||||||
|
|
||||||
= Version 0.1 released on 2006-11-01
|
= Version 0.1 released on 2006-11-01
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue