From 01a0e07e9df5c91446ff758c11c7e7576cb3e872 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 26 Jul 2017 11:49:40 +0100 Subject: [PATCH] Correct indentation and labelling in ChangeLog --- ChangeLog | 31 +++++++++++++++---------------- 1 file changed, 15 insertions(+), 16 deletions(-) diff --git a/ChangeLog b/ChangeLog index ce1c411f0..66883d4bb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,13 +4,13 @@ mbed TLS ChangeLog (Sorted per branch, date) Security * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, - mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's - X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA - (default: 8) intermediates, even when it was not trusted. Could be - triggered remotely on both sides. (With auth_mode set to required - (default), the handshake was correctly aborted.) + mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's + X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA + (default: 8) intermediates, even when it was not trusted. Could be + triggered remotely on both sides. (With auth_mode set to required + (default), the handshake was correctly aborted.) -Changes +API changes * Certificate verification functions now set flags to -1 in case the full chain was not verified due to an internal error (including in the verify callback) or chain length limitations. @@ -271,7 +271,7 @@ Security * Fix potential integer overflow to buffer overflow in mbedtls_rsa_rsaes_pkcs1_v15_encrypt and mbedtls_rsa_rsaes_oaep_encrypt (not triggerable remotely in (D)TLS). - * Fix a potential integer underflow to buffer overread in + * Fix a potential integer underflow to buffer overread in mbedtls_rsa_rsaes_oaep_decrypt. It is not triggerable remotely in SSL/TLS. @@ -291,7 +291,7 @@ Bugfix * Fix an issue that caused valid certificates to be rejected whenever an expired or not yet valid certificate was parsed before a valid certificate in the trusted certificate list. - * Fix bug in mbedtls_x509_crt_parse that caused trailing extra data in the + * Fix bug in mbedtls_x509_crt_parse that caused trailing extra data in the buffer after DER certificates to be included in the raw representation. * Fix issue that caused a hang when generating RSA keys of odd bitlength * Fix bug in mbedtls_rsa_rsaes_pkcs1_v15_encrypt that made null pointer @@ -1547,7 +1547,7 @@ Security Changes * Allow enabling of dummy error_strerror() to support some use-cases * Debug messages about padding errors during SSL message decryption are - disabled by default and can be enabled with POLARSSL_SSL_DEBUG_ALL + disabled by default and can be enabled with POLARSSL_SSL_DEBUG_ALL * Sending of security-relevant alert messages that do not break interoperability can be switched on/off with the flag POLARSSL_SSL_ALL_ALERT_MESSAGES @@ -1576,7 +1576,7 @@ Bugfix Changes * Added p_hw_data to ssl_context for context specific hardware acceleration data - * During verify trust-CA is only checked for expiration and CRL presence + * During verify trust-CA is only checked for expiration and CRL presence Bugfixes * Fixed client authentication compatibility @@ -1874,9 +1874,9 @@ Features with random data (Fixed ticket #10) Changes - * Debug print of MPI now removes leading zero octets and + * Debug print of MPI now removes leading zero octets and displays actual bit size of the value. - * x509parse_key() (and as a consequence x509parse_keyfile()) + * x509parse_key() (and as a consequence x509parse_keyfile()) does not zeroize memory in advance anymore. Use rsa_init() before parsing a key or keyfile! @@ -1898,7 +1898,7 @@ Features printing of X509 CRLs from file Changes - * Parsing of PEM files moved to separate module (Fixes + * Parsing of PEM files moved to separate module (Fixes ticket #13). Also possible to remove PEM support for systems only using DER encoding @@ -2041,7 +2041,7 @@ Bug fixes * Fixed HMAC-MD2 by modifying md2_starts(), so that the required HMAC ipad and opad variables are not cleared. (found by code coverage tests) - * Prevented use of long long in bignum if + * Prevented use of long long in bignum if POLARSSL_HAVE_LONGLONG not defined (found by Giles Bathgate). * Fixed incorrect handling of negative strings in @@ -2082,7 +2082,7 @@ Bug fixes * Made definition of net_htons() endian-clean for big endian systems (Found by Gernot). * Undefining POLARSSL_HAVE_ASM now also handles prevents asm in - padlock and timing code. + padlock and timing code. * Fixed an off-by-one buffer allocation in ssl_set_hostname() responsible for crashes and unwanted behaviour. * Added support for Certificate Revocation List (CRL) parsing. @@ -2256,4 +2256,3 @@ XySSL ChangeLog who maintains the Debian package :-) = Version 0.1 released on 2006-11-01 -