Fix language in Changelog for clarity

This commit is contained in:
Simon Butcher 2017-08-10 10:48:01 +01:00
parent 85b602e5d0
commit 01971d094e

View File

@ -3,11 +3,11 @@ mbed TLS ChangeLog (Sorted per branch, date)
= mbed TLS x.x.x branch released xxxx-xx-xx = mbed TLS x.x.x branch released xxxx-xx-xx
Security Security
* Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, * Fix authentication bypass in SSL/TLS: when authmode is set to optional,
mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's
X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA
(default: 8) intermediates, even when it was not trusted. Could be (default: 8) intermediates, even when it was not trusted. This could be
triggered remotely on both sides. (With auth_mode set to 'required' triggered remotely from either side. (With authmode set to 'required'
(the default), the handshake was correctly aborted). (the default), the handshake was correctly aborted).
* Reliably wipe sensitive data after use in the AES example applications * Reliably wipe sensitive data after use in the AES example applications
programs/aes/aescrypt2 and programs/aes/crypt_and_hash. programs/aes/aescrypt2 and programs/aes/crypt_and_hash.
@ -19,8 +19,8 @@ Features
platform-specific setup and teardown operations. The macro platform-specific setup and teardown operations. The macro
MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT allows the functions to be overridden MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT allows the functions to be overridden
by the user in a platform_alt.h file. These new functions are required in by the user in a platform_alt.h file. These new functions are required in
some embedded environments to provide a means to initialise underlying some embedded environments to provide a means of initialising underlying
hardware acceleration. cryptographic acceleration hardware.
API Changes API Changes
* Reverted API/ABI breaking changes introduced in mbed TLS 2.5.1, to make the * Reverted API/ABI breaking changes introduced in mbed TLS 2.5.1, to make the
@ -31,19 +31,18 @@ API Changes
* Certificate verification functions now set flags to -1 in case the full * Certificate verification functions now set flags to -1 in case the full
chain was not verified due to an internal error (including in the verify chain was not verified due to an internal error (including in the verify
callback) or chain length limitations. callback) or chain length limitations.
* With authmode set to optional, handshake is now aborted if the * With authmode set to optional, the TLS handshake is now aborted if the
verification of the peer's certificate failed due to an overlong chain or verification of the peer's certificate failed due to an overlong chain or
a fatal error in the vrfy callback. a fatal error in the verify callback.
Bugfix Bugfix
* Add a check if iv_len is zero, and return an error if it is zero. Reported * Add a check if iv_len is zero in GCM, and return an error if it is zero.
by roberto. #716 Reported by roberto. #716
* Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) * Replace preprocessor condition from #if defined(MBEDTLS_THREADING_PTHREAD)
to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will
always be implemented by pthread support. #696 always be implemented by pthread support. #696
* Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. * Fix a resource leak on Windows platforms in mbedtls_x509_crt_parse_path(),
In case of failure, when an error occures, goto cleanup. in the case of an error. Found by redplait. #590
Found by redplait. #590
* Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random.
Reported and fix suggested by guidovranken. #740 Reported and fix suggested by guidovranken. #740
* Fix conditional preprocessor directives in bignum.h to enable 64-bit * Fix conditional preprocessor directives in bignum.h to enable 64-bit