From b35e59d36d00eb0bf9763a8c068ec7683bfebd82 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 19 Nov 2018 15:49:26 +0000 Subject: [PATCH] Refine the language in the ChangeLog Fix the language and descriptions in the ChangeLog following review of the Release Notes for the next release. --- ChangeLog | 29 ++++++++++++++--------------- 1 file changed, 14 insertions(+), 15 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9f7a6fd5f..9137396f6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,16 +4,16 @@ mbed TLS ChangeLog (Sorted per branch, date) Security * Fix overly strict DN comparison when looking for CRLs belonging to a - particular CA. This previously lead to ignoring CRLs when the CRL's issuer + particular CA. This previously led to ignoring CRLs when the CRL's issuer name and the CA's subject name differed in their string encoding (e.g., one using PrintableString and the other UTF8String) or in the choice of upper and lower case. Reported by Henrik Andersson of Bosch GmbH in issue #1784. * Fix a flawed bounds check in server PSK hint parsing. In case the - incoming message buffer was placed within the first 64KB of address + incoming message buffer was placed within the first 64KiB of address space and a PSK-(EC)DHE ciphersuite was used, this allowed an attacker - to trigger a memory access up to 64KB beyond the incoming message buffer, - potentially leading to application crash or information disclosure. + to trigger a memory access up to 64KiB beyond the incoming message buffer, + potentially leading to an application crash or information disclosure. * Fix mbedtls_mpi_is_prime() to use more rounds of probabilistic testing. The previous settings for the number of rounds made it practical for an adversary to construct non-primes that would be erroneously accepted as @@ -28,11 +28,11 @@ Security Features * Add support for temporarily suspending expensive ECC computations after - some configurable amount of operations, to be used in single-threaded - constrained systems where ECC is time consuming and blocking until - completion cannot be tolerated. This is enabled by - MBEDTLS_ECP_RESTARTABLE at compile time (disabled by default) and - configured by mbedtls_ecp_set_max_ops() at runtime. It applies to new + some configurable amount of operations. This is intended to be used in + constrained, single-threaded systems where ECC is time consuming and can + block other operations until they complete. This is disabled by default, + but can be enabled by MBEDTLS_ECP_RESTARTABLE at compile time and + configured by mbedtls_ecp_set_max_ops() at runtime. It applies to the new xxx_restartable functions in ECP, ECDSA, PK and X.509 (CRL not supported yet), and to existing functions in ECDH and SSL (currently only implemented client-side, for ECDHE-ECDSA ciphersuites in TLS 1.2, @@ -41,12 +41,11 @@ Features operations. On CPUs where the extensions are available, they can accelerate MPI multiplications used in ECC and RSA cryptography. Contributed by Aurelien Jarno. - * Extend RSASSA-PSS signature to allow slightly a smaller salt size. - Previously, PSS signature always used a salt with the same length as the - hash, and returned an error if this was not possible. Now the salt size - may be up to two bytes shorter. This allows the library to support all - hash and signature sizes that comply with FIPS 186-4, including SHA-512 - with a 1024-bit key. + * Extend RSASSA-PSS signature to allow a smaller salt size. Previously, PSS + signature always used a salt with the same length as the hash, and returned + an error if this was not possible. Now the salt size may be up to two bytes + shorter. This allows the library to support all hash and signature sizes + that comply with FIPS 186-4, including SHA-512 with a 1024-bit key. * Add support for 128-bit keys in CTR_DRBG. Note that using keys shorter than 256 bits limits the security of generated material to 128 bits.