yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-25 19:55:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Revised and clarified ChangeLog

Browse Source 
Minor changes to fix language, merge mistakes and incorrect classifications of
changes.
This commit is contained in:
Simon Butcher 2018-08-31 11:59:56 +01:00
parent 0bbb4fc132
commit b5afb97244
1 changed files with 7 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
ChangeLog
View File

@ -3,9 +3,6 @@ mbed TLS ChangeLog (Sorted per branch, date)
= mbed TLS x.x.x branch released xxxx-xx-xx = mbed TLS x.x.x branch released xxxx-xx-xx
Security Security
* Fix a potential memory leak in mbedtls_ssl_setup( ) function. An allocation
failure could leave an unreleased buffer. A handshake init failure would
lead to leaving two unreleased buffers.
* Fix an issue in the X.509 module which could lead to a buffer overread * Fix an issue in the X.509 module which could lead to a buffer overread
during certificate extensions parsing. In case of receiving malformed during certificate extensions parsing. In case of receiving malformed
input (extensions length field equal to 0), an illegal read of one byte input (extensions length field equal to 0), an illegal read of one byte
@ -31,6 +28,8 @@ API Changes
the use of datagram packing (enabled by default). the use of datagram packing (enabled by default).
Bugfix Bugfix
* Fix a potential memory leak in mbedtls_ssl_setup() function. An allocation
failure in the function could lead to other buffers being leaked.
* Fixes an issue with MBEDTLS_CHACHAPOLY_C which would not compile if * Fixes an issue with MBEDTLS_CHACHAPOLY_C which would not compile if
MBEDTLS_ARC4_C and MBEDTLS_CIPHER_NULL_CIPHER weren't also defined. #1890 MBEDTLS_ARC4_C and MBEDTLS_CIPHER_NULL_CIPHER weren't also defined. #1890
* Fix a memory leak in ecp_mul_comb() if ecp_precompute_comb() fails. * Fix a memory leak in ecp_mul_comb() if ecp_precompute_comb() fails.
@ -38,7 +37,8 @@ Bugfix
* Add ecc extensions only if an ecc based ciphersuite is used. * Add ecc extensions only if an ecc based ciphersuite is used.
This improves compliance to RFC 4492, and as a result, solves This improves compliance to RFC 4492, and as a result, solves
interoperability issues with BouncyCastle. Raised by milenamil in #1157. interoperability issues with BouncyCastle. Raised by milenamil in #1157.
* Replace printf with mbedtls_printf in aria. Found by TrinityTonic in #1908. * Replace printf with mbedtls_printf in the ARIA module. Found by
TrinityTonic in #1908.
* Fix potential use-after-free in mbedtls_ssl_get_max_frag_len() * Fix potential use-after-free in mbedtls_ssl_get_max_frag_len()
and mbedtls_ssl_get_record_expansion() after a session reset. Fixes #1941. and mbedtls_ssl_get_record_expansion() after a session reset. Fixes #1941.
* Fix a bug that caused SSL/TLS clients to incorrectly abort the handshake * Fix a bug that caused SSL/TLS clients to incorrectly abort the handshake
@ -54,11 +54,11 @@ Bugfix
* Fix overly strict bounds check in ssl_parse_certificate_request() * Fix overly strict bounds check in ssl_parse_certificate_request()
which could lead to valid CertificateRequest messages being rejected. which could lead to valid CertificateRequest messages being rejected.
Fixes #1954. Fixes #1954.
* Fix undefined shifts with negative values in certificates parsing
(found by Catena cyber using oss-fuzz)
* Fix memory leak and free without initialization in pk_encrypt * Fix memory leak and free without initialization in pk_encrypt
and pk_decrypt example programs. Reported by Brace Stout. Fixes #1128. and pk_decrypt example programs. Reported by Brace Stout. Fixes #1128.
* Remove redundant else statement, which is not readable, and the positive * Remove redundant else statement. Raised by irwir. Fixes #1776.
path in the if statement results in exiting the funciton. Raised by irwir
in #1776.
Changes Changes
* Copy headers preserving timestamps when doing a "make install". * Copy headers preserving timestamps when doing a "make install".
@ -67,15 +67,7 @@ Changes
Drozd. Fixes #1215 raised by randombit. Drozd. Fixes #1215 raised by randombit.
* Improve compatibility with some alternative CCM implementations by using * Improve compatibility with some alternative CCM implementations by using
CCM test vectors from RAM. CCM test vectors from RAM.
* Fix a miscalculation of the maximum record expansion in
mbedtls_ssl_get_record_expansion() in case of ChachaPoly ciphersuites,
or CBC ciphersuites in (D)TLS versions 1.1 or higher. Fixes #1913, #1914.
* Add support for buffering of out-of-order handshake messages. * Add support for buffering of out-of-order handshake messages.
INTERNAL NOTE: need to bump soversion of libmbedtls:
- added new member 'mtu' to public 'mbedtls_ssl_conf' structure
Changes
* Add warnings to the documentation of the HKDF module to reduce the risk * Add warnings to the documentation of the HKDF module to reduce the risk
of misusing the mbedtls_hkdf_extract() and mbedtls_hkdf_expand() of misusing the mbedtls_hkdf_extract() and mbedtls_hkdf_expand()
functions. Fixes #1775. Reported by Brian J. Murray. functions. Fixes #1775. Reported by Brian J. Murray.
@ -228,8 +220,6 @@ API Changes
Bugfix Bugfix
* Fix an issue with MicroBlaze support in bn_mul.h which was causing the * Fix an issue with MicroBlaze support in bn_mul.h which was causing the
build to fail. Found by zv-io. Fixes #1651. build to fail. Found by zv-io. Fixes #1651.
* Fix undefined shifts with negative values in certificates parsing
(found by Catena cyber using oss-fuzz)
Changes Changes
* Support TLS testing in out-of-source builds using cmake. Fixes #1193. * Support TLS testing in out-of-source builds using cmake. Fixes #1193.