mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-29 17:54:21 +01:00
Merge remote-tracking branch 'upstream-restricted/pr/454' into mbedtls-1.3-restricted
This commit is contained in:
commit
2774c6746c
86
ChangeLog
86
ChangeLog
@ -1,39 +1,40 @@
|
|||||||
mbed TLS ChangeLog (Sorted per branch, date)
|
mbed TLS ChangeLog (Sorted per branch, date)
|
||||||
|
|
||||||
= mbed TLS 1.3.22 branch released 2017-xx-xx
|
= mbed TLS 1.3.22 branch released 2018-02-03
|
||||||
|
|
||||||
Security
|
Security
|
||||||
* Fix heap corruption in implementation of truncated HMAC extension.
|
* Fix a heap corruption issue in the implementation of the truncated HMAC
|
||||||
When the truncated HMAC extension is enabled and CBC is used,
|
extension. When the truncated HMAC extension is enabled and CBC is used,
|
||||||
sending a malicious application packet can be used to selectively
|
sending a malicious application packet could be used to selectively corrupt
|
||||||
corrupt 6 bytes on the peer's heap, potentially leading to crash or
|
6 bytes on the peer's heap, which could potentially lead to crash or remote
|
||||||
remote code execution. This can be triggered remotely from either
|
code execution. The issue could be triggered remotely from either side in
|
||||||
side.
|
both TLS and DTLS. CVE-2018-0488
|
||||||
* Fix buffer overflow in RSA-PSS verification when the hash is too
|
* Fix a buffer overflow in RSA-PSS verification when the hash was too large
|
||||||
large for the key size. Found by Seth Terashima, Qualcomm Product
|
for the key size, which could potentially lead to crash or remote code
|
||||||
Security Initiative, Qualcomm Technologies Inc.
|
execution. Found by Seth Terashima, Qualcomm Product Security Initiative,
|
||||||
* Fix buffer overflow in RSA-PSS verification when the unmasked
|
Qualcomm Technologies Inc. CVE-2018-0487
|
||||||
data is all zeros.
|
* Fix buffer overflow in RSA-PSS verification when the unmasked data is all
|
||||||
* Fix unsafe bounds check in ssl_parse_client_psk_identity() when adding
|
zeros.
|
||||||
64kB to the address of the SSL buffer wraps around.
|
* Fix an unsafe bounds check in ssl_parse_client_psk_identity() when adding
|
||||||
* Tighten should-be-constant-time memcmp against compiler optimizations.
|
64 KiB to the address of the SSL buffer and causing a wrap around.
|
||||||
|
* Add a provision to prevent compiler optimizations breaking the time
|
||||||
|
constancy of the internal function safer_memcmp().
|
||||||
* Ensure that buffers are cleared after use if they contain sensitive data.
|
* Ensure that buffers are cleared after use if they contain sensitive data.
|
||||||
Changes were introduced in multiple places in the library.
|
Changes were introduced in multiple places in the library.
|
||||||
* Set PEM buffer to zero before freeing it, to avoid decoded private keys
|
* Set PEM buffer to zero before freeing it, to avoid decoded private keys
|
||||||
being leaked to memory after release.
|
being leaked to memory after release.
|
||||||
* Fix dhm_check_range() failing to detect trivial subgroups and potentially
|
* Fix dhm_check_range() failing to detect trivial subgroups and potentially
|
||||||
leaking 1 bit of the private key. Reported by prashantkspatil.
|
leaking 1 bit of the private key. Reported by prashantkspatil.
|
||||||
* Make mpi_read_binary constant-time with respect to
|
* Make mpi_read_binary() constant-time with respect to the input
|
||||||
the input data. Previously, trailing zero bytes were detected
|
data. Previously, trailing zero bytes were detected and omitted for the
|
||||||
and omitted for the sake of saving memory, but potentially
|
sake of saving memory, but potentially leading to slight timing
|
||||||
leading to slight timing differences.
|
differences. Reported by Marco Macchetti, Kudelski Group.
|
||||||
Reported by Marco Macchetti, Kudelski Group.
|
|
||||||
* Wipe stack buffer temporarily holding EC private exponent
|
* Wipe stack buffer temporarily holding EC private exponent
|
||||||
after keypair generation.
|
after keypair generation.
|
||||||
* Change default choice of DHE parameters from untrustworthy RFC 5114
|
* Change default choice of DHE parameters from untrustworthy RFC 5114
|
||||||
to RFC 3526 containing parameters generated in a nothing-up-my-sleeve
|
to RFC 3526 containing parameters generated in a nothing-up-my-sleeve
|
||||||
manner.
|
manner.
|
||||||
* Fix a potential heap buffer overread in ALPN extension parsing
|
* Fix a potential heap buffer over-read in ALPN extension parsing
|
||||||
(server-side). Could result in application crash, but only if an ALPN
|
(server-side). Could result in application crash, but only if an ALPN
|
||||||
name larger than 16 bytes had been configured on the server.
|
name larger than 16 bytes had been configured on the server.
|
||||||
|
|
||||||
@ -72,24 +73,25 @@ Bugfix
|
|||||||
RSA implementations. Raised by J.B. in the Mbed TLS forum. Fixes #1011.
|
RSA implementations. Raised by J.B. in the Mbed TLS forum. Fixes #1011.
|
||||||
* Don't print X.509 version tag for v1 CRT's, and omit extensions for
|
* Don't print X.509 version tag for v1 CRT's, and omit extensions for
|
||||||
non-v3 CRT's.
|
non-v3 CRT's.
|
||||||
* Fix bugs in RSA test suite under MBEDTLS_NO_PLATFORM_ENTROPY. #1023 #1024
|
* Fix bugs in RSA test suite under POLARSSL_NO_PLATFORM_ENTROPY. #1023 #1024
|
||||||
* Fix net_would_block to avoid modification by errno through fcntl call.
|
* Fix net_would_block() to avoid modification by errno through fcntl() call.
|
||||||
Found by nkolban. Fixes #845.
|
Found by nkolban. Fixes #845.
|
||||||
* Fix handling of handshake messages in ssl_read in case
|
* Fix handling of handshake messages in ssl_read() in case
|
||||||
POLARSSL_SSL_DISABLE_RENEGOTIATION is set. Found by erja-gp.
|
POLARSSL_SSL_DISABLE_RENEGOTIATION is set. Found by erja-gp.
|
||||||
* Add a check for invalid private parameters in ecdsa_sign.
|
* Add a check for invalid private parameters in ecdsa_sign().
|
||||||
Reported by Yolan Romailler.
|
Reported by Yolan Romailler.
|
||||||
* Fix word size check in in pk.c to not depend on MBEDTLS_HAVE_INT64.
|
* Fix word size check in in pk.c to not depend on POLARSSL_HAVE_INT64.
|
||||||
* Fix crash when calling mbedtls_ssl_cache_free() twice. Found by
|
* Fix crash when calling ssl_cache_free() twice. Found by MilenkoMitrovic.
|
||||||
MilenkoMitrovic, #1104
|
#1104
|
||||||
* Fix mbedtls_timing_alarm(0) on Unix and MinGW.
|
* Fix set_alarm(0) on Unix and MinGW.
|
||||||
* Fix use of uninitialized memory in mbedtls_timing_get_timer when reset=1.
|
* Fix use of uninitialized memory in get_timer() when reset=1.
|
||||||
* Fix issue in RSA key generation program programs/x509/rsa_genkey
|
* Fix issue in RSA key generation program programs/x509/rsa_genkey
|
||||||
where the failure of CTR DRBG initialization lead to freeing an
|
where the failure of CTR DRBG initialization lead to freeing an
|
||||||
RSA context without proper initialization beforehand.
|
RSA context without proper initialization beforehand.
|
||||||
* Fix bug in cipher decryption with POLARSSL_PADDING_ONE_AND_ZEROS that
|
* Fix an issue in the cipher decryption with the mode
|
||||||
sometimes accepted invalid padding. (Not used in TLS.) Found and fixed
|
POLARSSL_PADDING_ONE_AND_ZEROS that sometimes accepted invalid padding.
|
||||||
by Micha Kraus.
|
Note, this padding mode is not used by the TLS protocol. Found and fixed by
|
||||||
|
Micha Kraus.
|
||||||
|
|
||||||
Changes
|
Changes
|
||||||
* Extend cert_write example program by options to set the CRT version
|
* Extend cert_write example program by options to set the CRT version
|
||||||
@ -103,8 +105,8 @@ Changes
|
|||||||
|
|
||||||
Security
|
Security
|
||||||
* Fix authentication bypass in SSL/TLS: when authmode is set to optional,
|
* Fix authentication bypass in SSL/TLS: when authmode is set to optional,
|
||||||
mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's
|
ssl_get_verify_result() would incorrectly return 0 when the peer's
|
||||||
X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA
|
X.509 certificate chain had more than POLARSSL_X509_MAX_INTERMEDIATE_CA
|
||||||
(default: 8) intermediates, even when it was not trusted. This could be
|
(default: 8) intermediates, even when it was not trusted. This could be
|
||||||
triggered remotely from either side. (With authmode set to 'required'
|
triggered remotely from either side. (With authmode set to 'required'
|
||||||
(the default), the handshake was correctly aborted).
|
(the default), the handshake was correctly aborted).
|
||||||
@ -123,11 +125,11 @@ API Changes
|
|||||||
Bugfix
|
Bugfix
|
||||||
* Add a check if iv_len is zero in GCM, and return an error if it is zero.
|
* Add a check if iv_len is zero in GCM, and return an error if it is zero.
|
||||||
Reported by roberto. #716
|
Reported by roberto. #716
|
||||||
* Replace preprocessor condition from #if defined(MBEDTLS_THREADING_PTHREAD)
|
* Replace preprocessor condition from #if defined(POLARSSL_THREADING_PTHREAD)
|
||||||
to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will
|
to #if defined(POLARSSL_THREADING_C) as the library cannot assume they will
|
||||||
always be implemented by pthread support. Fix for #696
|
always be implemented by pthread support. Fix for #696
|
||||||
* Fix a resource leak on Windows platforms in mbedtls_x509_crt_parse_path(),
|
* Fix a resource leak on Windows platforms in x509_crt_parse_path(), in the
|
||||||
in the case of an error. Found by redplait. #590
|
case of an error. Found by redplait. #590
|
||||||
* Add MPI_CHK to check for error value of mpi_fill_random.
|
* Add MPI_CHK to check for error value of mpi_fill_random.
|
||||||
Backported from a report and fix suggestion by guidovranken in #740
|
Backported from a report and fix suggestion by guidovranken in #740
|
||||||
* Fix a potential integer overflow in the version verification for DER
|
* Fix a potential integer overflow in the version verification for DER
|
||||||
@ -175,9 +177,9 @@ Bugfix
|
|||||||
resulting in compatibility problems with Chrome. Found by hfloyrd. #823
|
resulting in compatibility problems with Chrome. Found by hfloyrd. #823
|
||||||
* Accept empty trusted CA chain in authentication mode
|
* Accept empty trusted CA chain in authentication mode
|
||||||
SSL_VERIFY_OPTIONAL. Found by jethrogb. #864.
|
SSL_VERIFY_OPTIONAL. Found by jethrogb. #864.
|
||||||
* Fix implementation of mbedtls_ssl_parse_certificate() to not annihilate
|
* Fix implementation of ssl_parse_certificate() to not annihilate fatal
|
||||||
fatal errors in authentication mode MBEDTLS_SSL_VERIFY_OPTIONAL and to
|
errors in authentication mode MBEDTLS_SSL_VERIFY_OPTIONAL and to reflect
|
||||||
reflect bad EC curves within verification result.
|
bad EC curves within verification result.
|
||||||
* Fix bug that caused the modular inversion function to accept the invalid
|
* Fix bug that caused the modular inversion function to accept the invalid
|
||||||
modulus 1 and therefore to hang. Found by blaufish. #641.
|
modulus 1 and therefore to hang. Found by blaufish. #641.
|
||||||
* Fix incorrect sign computation in modular exponentiation when the base is
|
* Fix incorrect sign computation in modular exponentiation when the base is
|
||||||
|
Loading…
Reference in New Issue
Block a user