mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-22 11:45:42 +01:00
Fix language in Changelog for clarity
This commit is contained in:
parent
85b602e5d0
commit
01971d094e
25
ChangeLog
25
ChangeLog
@ -3,11 +3,11 @@ mbed TLS ChangeLog (Sorted per branch, date)
|
||||
= mbed TLS x.x.x branch released xxxx-xx-xx
|
||||
|
||||
Security
|
||||
* Fix authentication bypass in SSL/TLS: when auth_mode is set to optional,
|
||||
* Fix authentication bypass in SSL/TLS: when authmode is set to optional,
|
||||
mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's
|
||||
X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA
|
||||
(default: 8) intermediates, even when it was not trusted. Could be
|
||||
triggered remotely on both sides. (With auth_mode set to 'required'
|
||||
(default: 8) intermediates, even when it was not trusted. This could be
|
||||
triggered remotely from either side. (With authmode set to 'required'
|
||||
(the default), the handshake was correctly aborted).
|
||||
* Reliably wipe sensitive data after use in the AES example applications
|
||||
programs/aes/aescrypt2 and programs/aes/crypt_and_hash.
|
||||
@ -19,8 +19,8 @@ Features
|
||||
platform-specific setup and teardown operations. The macro
|
||||
MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT allows the functions to be overridden
|
||||
by the user in a platform_alt.h file. These new functions are required in
|
||||
some embedded environments to provide a means to initialise underlying
|
||||
hardware acceleration.
|
||||
some embedded environments to provide a means of initialising underlying
|
||||
cryptographic acceleration hardware.
|
||||
|
||||
API Changes
|
||||
* Reverted API/ABI breaking changes introduced in mbed TLS 2.5.1, to make the
|
||||
@ -31,19 +31,18 @@ API Changes
|
||||
* Certificate verification functions now set flags to -1 in case the full
|
||||
chain was not verified due to an internal error (including in the verify
|
||||
callback) or chain length limitations.
|
||||
* With authmode set to optional, handshake is now aborted if the
|
||||
* With authmode set to optional, the TLS handshake is now aborted if the
|
||||
verification of the peer's certificate failed due to an overlong chain or
|
||||
a fatal error in the vrfy callback.
|
||||
a fatal error in the verify callback.
|
||||
|
||||
Bugfix
|
||||
* Add a check if iv_len is zero, and return an error if it is zero. Reported
|
||||
by roberto. #716
|
||||
* Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD)
|
||||
* Add a check if iv_len is zero in GCM, and return an error if it is zero.
|
||||
Reported by roberto. #716
|
||||
* Replace preprocessor condition from #if defined(MBEDTLS_THREADING_PTHREAD)
|
||||
to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will
|
||||
always be implemented by pthread support. #696
|
||||
* Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path.
|
||||
In case of failure, when an error occures, goto cleanup.
|
||||
Found by redplait. #590
|
||||
* Fix a resource leak on Windows platforms in mbedtls_x509_crt_parse_path(),
|
||||
in the case of an error. Found by redplait. #590
|
||||
* Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random.
|
||||
Reported and fix suggested by guidovranken. #740
|
||||
* Fix conditional preprocessor directives in bignum.h to enable 64-bit
|
||||
|
Loading…
Reference in New Issue
Block a user