diff --git a/ChangeLog b/ChangeLog index a042c4e51..84a05d003 100644 --- a/ChangeLog +++ b/ChangeLog @@ -17,39 +17,45 @@ Security potential Bleichenbacher/BERserk-style attack. Bugfix - * Remove invalid use of size zero arrays in ECJPAKE test suite. + * Remove size zero arrays from ECJPAKE test suite. Size zero arrays are not + valid C and they prevented the test from compiling in Visual Studio 2015 + and with GCC using the -Wpedantic compilation option. * Fix insufficient support for signature-hash-algorithm extension, resulting in compatibility problems with Chrome. Found by hfloyrd. #823 - * If sending a fatal alert fails, make sure not to hide the error + * Fix behaviour that hid the original cause of fatal alerts in some cases + when sending the alert failed. The fix makes sure not to hide the error that triggered the alert. - * In SSLv3, if refusing a renegotiation attempt, don't process any further - data. + * Fix SSLv3 renegotiation behaviour and stop processing data received from + peer after sending a fatal alert to refuse a renegotiation attempt. + Previous behaviour was to keep processing data even after the alert has + been sent. * Accept empty trusted CA chain in authentication mode MBEDTLS_SSL_VERIFY_OPTIONAL. - Fixes #864. Found by jethrogb. - * Fix implementation of mbedtls_ssl_parse_certificate - to not annihilate fatal errors in authentication mode - MBEDTLS_SSL_VERIFY_OPTIONAL and to reflect bad EC curves - within verification result. - * Fix modular inversion function on invalid modulus 1. - Found by blaufish. Fixes #641. - * Fix incorrect sign computation in modular exponentiation - when dealing with negative MPI. Found by Guido Vranken. - * Fix potential stack underflow in mpi_read_file. - Found by Guido Vranken. + Found by jethrogb. #864 + * Fix implementation of mbedtls_ssl_parse_certificate() to not annihilate + fatal errors in authentication mode MBEDTLS_SSL_VERIFY_OPTIONAL and to + reflect bad EC curves within verification result. + * Fix bug that caused the modular inversion function to accept the invalid + modulus 1 and therefore to hang. Found by blaufish. #641. + * Fix incorrect sign computation in modular exponentiation when the base is + a negative MPI. Previously the result was always negative. Found by Guido + Vranken. + * Fix a numerical underflow leading to stack overflow in mpi_read_file() + that was triggered uppon reading an empty line. Found by Guido Vranken. Changes - * Send fatal alerts in many more cases instead of dropping the connection. + * Send fatal alerts in more cases. The previous behaviour was to skip + sending the fatal alert and just drop the connection. * Clarify ECDSA documentation and improve the sample code to avoid - misunderstandings and potentially dangerous use of the API. Pointed out + misunderstanding and potentially dangerous use of the API. Pointed out by Jean-Philippe Aumasson. = mbed TLS 2.5.0 branch released 2017-05-17 Security * Wipe stack buffers in RSA private key operations - (rsa_rsaes_pkcs1_v15_decrypt(), rsa_rsaes_oaep_decrypt). - Found by Laurent Simon. + (rsa_rsaes_pkcs1_v15_decrypt(), rsa_rsaes_oaep_decrypt). Found by Laurent + Simon. * Add exponent blinding to RSA private operations as a countermeasure against side-channel attacks like the cache attack described in https://arxiv.org/abs/1702.08719v2. @@ -57,8 +63,10 @@ Security Clémentine Maurice and Stefan Mangard. Features - * Exposed parts of the Elliptic Curve Point internal interface, to provide - interface for external hardware acceleration code. + * Add hardware acceleration support for the Elliptic Curve Point module. + This involved exposing parts of the internal interface to enable + replacing the core functions and adding and alternative, module level + replacement support for enabling the extension of the interface. * Add a new configuration option to 'mbedtls_ssl_config' to enable suppressing the CA list in Certificate Request messages. The default behaviour has not changed, namely every configured CAs name is included. @@ -74,7 +82,12 @@ API Changes Bugfix * Remove macros from compat-1.3.h that correspond to deleted items from most recent versions of the library. Found by Kyle Keen. - * Fixed issue in mutexes to failing to initialise. #667 + * Fixed issue in the Threading module that prevented mutexes from + initialising. Found by sznaider. #667 #843 + * Add checks in the PK module for the RSA functions on 64-bit systems. + The PK and RSA modules use different types for passing hash length and + without these checks the type cast could lead to data loss. Found by Guido + Vranken. = mbed TLS 2.4.2 branch released 2017-03-08