mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-26 01:55:52 +01:00
Fix style and missing item in ChangeLog
This commit is contained in:
parent
a418e82a35
commit
3f2557e6f1
43
ChangeLog
43
ChangeLog
@ -7,9 +7,9 @@ Security
|
|||||||
mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's
|
mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's
|
||||||
X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA
|
X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA
|
||||||
(default: 8) intermediates, even when it was not trusted. Could be
|
(default: 8) intermediates, even when it was not trusted. Could be
|
||||||
triggered remotely on both sides. (With auth_mode set to required
|
triggered remotely on both sides. (With auth_mode set to 'required'
|
||||||
(default), the handshake was correctly aborted.)
|
(the default), the handshake was correctly aborted).
|
||||||
* Reliably zeroize sensitive data after use in AES example applications
|
* Reliably wipe sensitive data after use in the AES example applications
|
||||||
programs/aes/aescrypt2 and programs/aes/crypt_and_hash.
|
programs/aes/aescrypt2 and programs/aes/crypt_and_hash.
|
||||||
Found by Laurent Simon.
|
Found by Laurent Simon.
|
||||||
|
|
||||||
@ -18,15 +18,16 @@ Features
|
|||||||
and the context struct mbedtls_platform_context to perform
|
and the context struct mbedtls_platform_context to perform
|
||||||
platform-specific setup and teardown operations. The macro
|
platform-specific setup and teardown operations. The macro
|
||||||
MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT allows the functions to be overridden
|
MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT allows the functions to be overridden
|
||||||
by the user in a platform_alt.h file. This new APIs are required in some
|
by the user in a platform_alt.h file. These new functions are required in
|
||||||
embedded environments that have hardware acceleration support.
|
some embedded environments to provide a means to initialise underlying
|
||||||
|
hardware acceleration.
|
||||||
|
|
||||||
API Changes
|
API Changes
|
||||||
* Reverted API/ABI breaking changes introduced in mbed TLS 2.5.1, to make the
|
* Reverted API/ABI breaking changes introduced in mbed TLS 2.5.1, to make the
|
||||||
API consistent with mbed TLS 2.5.0. Specifically removed the inline
|
API consistent with mbed TLS 2.5.0. Specifically removed the inline
|
||||||
qualifier from the functions mbedtls_aes_decrypt, mbedtls_aes_encrypt,
|
qualifier from the functions mbedtls_aes_decrypt, mbedtls_aes_encrypt,
|
||||||
mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. #978
|
mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. Found
|
||||||
Found by James Cowgill.
|
by James Cowgill. #978
|
||||||
* Certificate verification functions now set flags to -1 in case the full
|
* Certificate verification functions now set flags to -1 in case the full
|
||||||
chain was not verified due to an internal error (including in the verify
|
chain was not verified due to an internal error (including in the verify
|
||||||
callback) or chain length limitations.
|
callback) or chain length limitations.
|
||||||
@ -35,40 +36,45 @@ API Changes
|
|||||||
a fatal error in the vrfy callback.
|
a fatal error in the vrfy callback.
|
||||||
|
|
||||||
Bugfix
|
Bugfix
|
||||||
* Add a check if iv_len is zero, and return an error if it is zero. reported
|
* Add a check if iv_len is zero, and return an error if it is zero. Reported
|
||||||
by roberto. #716
|
by roberto. #716
|
||||||
* Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD)
|
* Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD)
|
||||||
to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will
|
to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will
|
||||||
always be implemented by pthread support. Fix for #696
|
always be implemented by pthread support. #696
|
||||||
* Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path.
|
* Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path.
|
||||||
In case of failure, when an error occures, goto cleanup.
|
In case of failure, when an error occures, goto cleanup.
|
||||||
Found by redplait #590
|
Found by redplait. #590
|
||||||
* Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random.
|
* Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random.
|
||||||
Reported and fix suggested by guidovranken in #740
|
Reported and fix suggested by guidovranken. #740
|
||||||
* Fix conditional preprocessor directives in bignum.h to enable 64-bit
|
* Fix conditional preprocessor directives in bignum.h to enable 64-bit
|
||||||
compilation when using ARM Compiler 6.
|
compilation when using ARM Compiler 6.
|
||||||
* Fix a potential integer overflow in the version verification for DER
|
* Fix a potential integer overflow in the version verification for DER
|
||||||
encoded X509 CRLs. The overflow would enable maliciously constructed CRLs
|
encoded X.509 CRLs. The overflow could enable maliciously constructed CRLs
|
||||||
to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin,
|
to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin,
|
||||||
KNOX Security, Samsung Research America
|
KNOX Security, Samsung Research America
|
||||||
* Fix potential integer overflow in the version verification for DER
|
* Fix potential integer overflow in the version verification for DER
|
||||||
encoded X509 CSRs. The overflow would enable maliciously constructed CSRs
|
encoded X.509 CSRs. The overflow could enable maliciously constructed CSRs
|
||||||
to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin,
|
to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin,
|
||||||
KNOX Security, Samsung Research America
|
KNOX Security, Samsung Research America
|
||||||
* Fix a potential integer overflow in the version verification for DER
|
* Fix a potential integer overflow in the version verification for DER
|
||||||
encoded X509 certificates. The overflow would enable maliciously
|
encoded X.509 certificates. The overflow could enable maliciously
|
||||||
constructed certificates to bypass the certificate verification check.
|
constructed certificates to bypass the certificate verification check.
|
||||||
* Fix a call to the libc function time() to call the platform abstraction
|
* Fix a call to the libc function time() to call the platform abstraction
|
||||||
function mbedtls_time() instead. Found by wairua. Fix for #666
|
function mbedtls_time() instead. Found by wairua. #666
|
||||||
|
* Avoid shadowing of time and index functions through mbed TLS function
|
||||||
|
arguments. Found by inestlerode. #557.
|
||||||
|
|
||||||
Changes
|
Changes
|
||||||
* Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of
|
* Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of
|
||||||
64-bit division. #708
|
64-bit division. This is useful on embedded platforms where 64-bit division
|
||||||
|
created a dependency on external libraries. #708
|
||||||
* Removed mutexes from ECP hardware accelerator code. Now all hardware
|
* Removed mutexes from ECP hardware accelerator code. Now all hardware
|
||||||
accelerator code in the library leaves concurrency handling to the
|
accelerator code in the library leaves concurrency handling to the
|
||||||
platform. Reported by Steven Cooreman. #863
|
platform. Reported by Steven Cooreman. #863
|
||||||
* Define the macro MBEDTLS_AES_ROM_TABLES in the configuration file
|
* Define the macro MBEDTLS_AES_ROM_TABLES in the configuration file
|
||||||
config-no-entropy.h to reduce the RAM footprint.
|
config-no-entropy.h to reduce the RAM footprint.
|
||||||
|
* Added a test script that can be hooked into git that verifies commits
|
||||||
|
before they are pushed.
|
||||||
|
|
||||||
= mbed TLS 2.5.1 released 2017-06-21
|
= mbed TLS 2.5.1 released 2017-06-21
|
||||||
|
|
||||||
@ -158,8 +164,6 @@ Bugfix
|
|||||||
The PK and RSA modules use different types for passing hash length and
|
The PK and RSA modules use different types for passing hash length and
|
||||||
without these checks the type cast could lead to data loss. Found by Guido
|
without these checks the type cast could lead to data loss. Found by Guido
|
||||||
Vranken.
|
Vranken.
|
||||||
* Avoid shadowing of time and index functions through mbed TLS function
|
|
||||||
arguments. Found by inestlerode. Fixes #557.
|
|
||||||
|
|
||||||
= mbed TLS 2.4.2 branch released 2017-03-08
|
= mbed TLS 2.4.2 branch released 2017-03-08
|
||||||
|
|
||||||
@ -228,9 +232,6 @@ Bugfix
|
|||||||
digits. Found and fixed by Guido Vranken.
|
digits. Found and fixed by Guido Vranken.
|
||||||
* Fix unlisted DES configuration dependency in some pkparse test cases. Found
|
* Fix unlisted DES configuration dependency in some pkparse test cases. Found
|
||||||
by inestlerode. #555
|
by inestlerode. #555
|
||||||
* Fix a potential integer overflow in the version verification for DER
|
|
||||||
encoded X509 certificates. The overflow would enable maliciously
|
|
||||||
constructed certificates to bypass the certificate verification check.
|
|
||||||
|
|
||||||
= mbed TLS 2.4.1 branch released 2016-12-13
|
= mbed TLS 2.4.1 branch released 2016-12-13
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user