mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-25 16:55:43 +01:00
Assemble ChangeLog
Executed scripts/assemble_changelog.py. Signed-off-by: Janos Follath <janos.follath@arm.com>
This commit is contained in:
parent
f69b919844
commit
49e6caf12e
52
ChangeLog
52
ChangeLog
@ -1,5 +1,57 @@
|
||||
mbed TLS ChangeLog (Sorted per branch, date)
|
||||
|
||||
= mbed TLS x.x.x branch released xxxx-xx-xx
|
||||
|
||||
Security
|
||||
* Fix a side channel vulnerability in modular exponentiation that could
|
||||
reveal an RSA private key used in a secure enclave. Noticed by Sangho Lee,
|
||||
Ming-Wei Shih, Prasun Gera, Taesoo Kim and Hyesoon Kim (Georgia Institute
|
||||
of Technology); and Marcus Peinado (Microsoft Research). Reported by Raoul
|
||||
Strackx (Fortanix) in #3394.
|
||||
* Fix side channel in mbedtls_ecp_check_pub_priv() and
|
||||
mbedtls_pk_parse_key() / mbedtls_pk_parse_keyfile() (when loading a
|
||||
private key that didn't include the uncompressed public key), as well as
|
||||
mbedtls_ecp_mul() / mbedtls_ecp_mul_restartable() when called with a NULL
|
||||
f_rng argument. An attacker with access to precise enough timing and
|
||||
memory access information (typically an untrusted operating system
|
||||
attacking a secure enclave) could fully recover the ECC private key.
|
||||
Found and reported by Alejandro Cabrera Aldaya and Billy Brumley.
|
||||
* Fix issue in Lucky 13 counter-measure that could make it ineffective when
|
||||
hardware accelerators were used (using one of the MBEDTLS_SHAxxx_ALT
|
||||
macros). This would cause the original Lucky 13 attack to be possible in
|
||||
those configurations, allowing an active network attacker to recover
|
||||
plaintext after repeated timing measurements under some conditions.
|
||||
Reported and fix suggested by Luc Perneel in #3246.
|
||||
|
||||
Bugfix
|
||||
* Fix the Visual Studio Release x64 build configuration for mbedtls itself.
|
||||
Completes a previous fix in Mbed TLS 2.16.3 that only fixed the build for
|
||||
the example programs. Reported in #1430 and fix contributed by irwir.
|
||||
* Fix undefined behavior in X.509 certificate parsing if the
|
||||
pathLenConstraint basic constraint value is equal to INT_MAX.
|
||||
The actual effect with almost every compiler is the intended
|
||||
behavior, so this is unlikely to be exploitable anywhere. #3197
|
||||
* Include asn1.h in error.c. Fixes #3328 reported by David Hu.
|
||||
* Fix potential memory leaks in ecp_randomize_jac() and ecp_randomize_mxz()
|
||||
when PRNG function fails. Contributed by Jonas Lejeune in #3318.
|
||||
* Add additional bounds checks in ssl_write_client_hello() preventing
|
||||
output buffer overflow if the configuration declared a buffer that was
|
||||
too small.
|
||||
|
||||
Changes
|
||||
* Unify the example programs termination to call mbedtls_exit() instead of
|
||||
using a return command. This has been done to enable customization of the
|
||||
behavior in bare metal environments.
|
||||
* Abort the ClientHello writing function as soon as some extension doesn't
|
||||
fit into the record buffer. Previously, such extensions were silently
|
||||
dropped. As a consequence, the TLS handshake now fails when the output
|
||||
buffer is not large enough to hold the ClientHello.
|
||||
* The ECP module, enabled by `MBEDTLS_ECP_C`, now depends on
|
||||
`MBEDTLS_CTR_DRBG_C`, `MBEDTLS_HMAC_DRBG_C`, `MBEDTLS_SHA512_C` or
|
||||
`MBEDTLS_SHA256_C` for some side-channel coutermeasures. If side channels
|
||||
are not a concern, this dependency can be avoided by enabling the new
|
||||
option `MBEDTLS_ECP_NO_INTERNAL_RNG`.
|
||||
|
||||
= mbed TLS 2.16.6 branch released 2020-04-14
|
||||
|
||||
Security
|
||||
|
@ -1,4 +0,0 @@
|
||||
Bugfix
|
||||
* Fix the Visual Studio Release x64 build configuration for mbedtls itself.
|
||||
Completes a previous fix in Mbed TLS 2.16.3 that only fixed the build for
|
||||
the example programs. Reported in #1430 and fix contributed by irwir.
|
@ -1,16 +0,0 @@
|
||||
Changes
|
||||
* The ECP module, enabled by `MBEDTLS_ECP_C`, now depends on
|
||||
`MBEDTLS_CTR_DRBG_C`, `MBEDTLS_HMAC_DRBG_C`, `MBEDTLS_SHA512_C` or
|
||||
`MBEDTLS_SHA256_C` for some side-channel coutermeasures. If side channels
|
||||
are not a concern, this dependency can be avoided by enabling the new
|
||||
option `MBEDTLS_ECP_NO_INTERNAL_RNG`.
|
||||
|
||||
Security
|
||||
* Fix side channel in mbedtls_ecp_check_pub_priv() and
|
||||
mbedtls_pk_parse_key() / mbedtls_pk_parse_keyfile() (when loading a
|
||||
private key that didn't include the uncompressed public key), as well as
|
||||
mbedtls_ecp_mul() / mbedtls_ecp_mul_restartable() when called with a NULL
|
||||
f_rng argument. An attacker with access to precise enough timing and
|
||||
memory access information (typically an untrusted operating system
|
||||
attacking a secure enclave) could fully recover the ECC private key.
|
||||
Found and reported by Alejandro Cabrera Aldaya and Billy Brumley.
|
@ -1,2 +0,0 @@
|
||||
Bugfix
|
||||
* Include asn1.h in error.c. Fixes #3328 reported by David Hu.
|
@ -1,3 +0,0 @@
|
||||
Bugfix
|
||||
* Fix potential memory leaks in ecp_randomize_jac() and ecp_randomize_mxz()
|
||||
when PRNG function fails. Contributed by Jonas Lejeune in #3318.
|
@ -1,7 +0,0 @@
|
||||
Security
|
||||
* Fix issue in Lucky 13 counter-measure that could make it ineffective when
|
||||
hardware accelerators were used (using one of the MBEDTLS_SHAxxx_ALT
|
||||
macros). This would cause the original Lucky 13 attack to be possible in
|
||||
those configurations, allowing an active network attacker to recover
|
||||
plaintext after repeated timing measurements under some conditions.
|
||||
Reported and fix suggested by Luc Perneel in #3246.
|
@ -1,5 +0,0 @@
|
||||
Bugfix
|
||||
* Fix undefined behavior in X.509 certificate parsing if the
|
||||
pathLenConstraint basic constraint value is equal to INT_MAX.
|
||||
The actual effect with almost every compiler is the intended
|
||||
behavior, so this is unlikely to be exploitable anywhere. #3197
|
@ -1,6 +0,0 @@
|
||||
Security
|
||||
* Fix a side channel vulnerability in modular exponentiation that could
|
||||
reveal an RSA private key used in a secure enclave. Noticed by Sangho Lee,
|
||||
Ming-Wei Shih, Prasun Gera, Taesoo Kim and Hyesoon Kim (Georgia Institute
|
||||
of Technology); and Marcus Peinado (Microsoft Research). Reported by Raoul
|
||||
Strackx (Fortanix) in #3394.
|
@ -1,4 +0,0 @@
|
||||
Changes
|
||||
* Unify the example programs termination to call mbedtls_exit() instead of
|
||||
using a return command. This has been done to enable customization of the
|
||||
behavior in bare metal environments.
|
@ -1,9 +0,0 @@
|
||||
Bugfix
|
||||
* Add additional bounds checks in ssl_write_client_hello() preventing
|
||||
output buffer overflow if the configuration declared a buffer that was
|
||||
too small.
|
||||
Changes
|
||||
* Abort the ClientHello writing function as soon as some extension doesn't
|
||||
fit into the record buffer. Previously, such extensions were silently
|
||||
dropped. As a consequence, the TLS handshake now fails when the output
|
||||
buffer is not large enough to hold the ClientHello.
|
Loading…
Reference in New Issue
Block a user