diff --git a/ChangeLog b/ChangeLog index cefea8344..6ec00d366 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,29 +3,30 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS 2.1.x branch released 2016-xx-xx Security - * Remove MBEDTLS_SSL_AEAD_RANDOM_IV option, because it was not compliant - with RFC5116 and could lead to session key recovery in very long TLS - sessions. (H. Bock, A. Zauner, S. Devlin, J. Somorovsky, P. Jovanovic - - "Nonce-Disrespecting Adversaries Practical Forgery Attacks on GCM in TLS") - * Fix potential stack corruption in mbedtls_x509write_crt_der() and + * Removed the MBEDTLS_SSL_AEAD_RANDOM_IV option, because it was not compliant + with RFC-5116 and could lead to session key recovery in very long TLS + sessions. "Nonce-Disrespecting Adversaries Practical Forgery Attacks on GCM in + TLS" - H. Bock, A. Zauner, S. Devlin, J. Somorovsky, P. Jovanovic. + https://eprint.iacr.org/2016/475.pdf + * Fixed potential stack corruption in mbedtls_x509write_crt_der() and mbedtls_x509write_csr_der() when the signature is copied to the buffer without checking whether there is enough space in the destination. The - issue cannot be triggered remotely. (found by Jethro Beekman) + issue cannot be triggered remotely. Found by Jethro Beekman. Bugfix * Fix an issue that caused valid certificates being rejected whenever an expired or not yet valid version of the trusted certificate was before the valid version in the trusted certificate list. - * Fix incorrect handling of block lengths in crypt_and_hash sample program, - when GCM is used. #441 + * Fix incorrect handling of block lengths in crypt_and_hash.c sample program, + when GCM is used. Found by udf2457. #441 * Fix for key exchanges based on ECDH-RSA or ECDH-ECDSA which weren't enabled unless others were also present. Found by David Fernandez. #428 - * Fixed cert_app sample program for debug output and for use when no root + * Fixed cert_app.c sample program for debug output and for use when no root certificates are provided. * Fix conditional statement that would cause a 1 byte overread in mbedtls_asn1_get_int(). Found and fixed by Guido Vranken. #599 * Fixed pthread implementation to avoid unintended double initialisations - and double frees. (found by Niklas Amnebratt) + and double frees. Found by Niklas Amnebratt. * Fixed the sample applications gen_key.c, cert_req.c and cert_write.c for builds where the configuration MBEDTLS_PEM_WRITE_C is not defined. Found by inestlerode. #559.