From b060cc21b111c44dbe8d0957d996d69de44cf0bc Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 28 Jul 2017 01:04:34 +0100 Subject: [PATCH] Reorder and group sections in the ChangeLog --- ChangeLog | 30 ++++++++++++++---------------- 1 file changed, 14 insertions(+), 16 deletions(-) diff --git a/ChangeLog b/ChangeLog index 55595640e..55cccd5e6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,14 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx +Security + * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, + mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's + X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA + (default: 8) intermediates, even when it was not trusted. Could be + triggered remotely on both sides. (With auth_mode set to required + (default), the handshake was correctly aborted.) + Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() and the context struct mbedtls_platform_context to perform @@ -16,6 +24,12 @@ API Changes qualifier from the functions mbedtls_aes_decrypt, mbedtls_aes_encrypt, mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. #978 Found by James Cowgill. + * Certificate verification functions now set flags to -1 in case the full + chain was not verified due to an internal error (including in the verify + callback) or chain length limitations. + * With authmode set to optional, handshake is now aborted if the + verification of the peer's certificate failed due to an overlong chain or + a fatal error in the vrfy callback. Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported @@ -42,22 +56,6 @@ Bugfix encoded X509 certificates. The overflow would enable maliciously constructed certificates to bypass the certificate verification check. -Security - * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, - mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's - X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA - (default: 8) intermediates, even when it was not trusted. Could be - triggered remotely on both sides. (With auth_mode set to required - (default), the handshake was correctly aborted.) - -API changes - * Certificate verification functions now set flags to -1 in case the full - chain was not verified due to an internal error (including in the verify - callback) or chain length limitations. - * With authmode set to optional, handshake is now aborted if the - verification of the peer's certificate failed due to an overlong chain or - a fatal error in the vrfy callback. - Changes * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of 64-bit division. #708