mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-30 01:14:23 +01:00
Note incompatibility of truncated HMAC extension in ChangeLog
The change in the truncated HMAC extension aligns Mbed TLS with the standard, but breaks interoperability with previous versions. Indicate this in the ChangeLog, as well as how to restore the old behavior.
This commit is contained in:
parent
de42c59b91
commit
e9256c5f46
20
ChangeLog
20
ChangeLog
@ -3,6 +3,16 @@ mbed TLS ChangeLog (Sorted per branch, date)
|
|||||||
|
|
||||||
= mbed TLS 2.1.10 branch released 2017-xx-xx
|
= mbed TLS 2.1.10 branch released 2017-xx-xx
|
||||||
|
|
||||||
|
Default behavior changes
|
||||||
|
* The truncated HMAC extension now conforms to RFC 6066. This means
|
||||||
|
that when both sides of a TLS connection negotiate the truncated
|
||||||
|
HMAC extension, Mbed TLS can now interoperate with other
|
||||||
|
compliant implementations, but this breaks interoperability with
|
||||||
|
prior versions of Mbed TLS. To restore the old behavior, enable
|
||||||
|
the (deprecated) option MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT in
|
||||||
|
config.h. Found by Andreas Walz (ivESK, Offenburg University of
|
||||||
|
Applied Sciences).
|
||||||
|
|
||||||
Security
|
Security
|
||||||
* Fix heap corruption in implementation of truncated HMAC extension.
|
* Fix heap corruption in implementation of truncated HMAC extension.
|
||||||
When the truncated HMAC extension is enabled and CBC is used,
|
When the truncated HMAC extension is enabled and CBC is used,
|
||||||
@ -10,12 +20,10 @@ Security
|
|||||||
corrupt 6 bytes on the peer's heap, potentially leading to crash or
|
corrupt 6 bytes on the peer's heap, potentially leading to crash or
|
||||||
remote code execution. This can be triggered remotely from either
|
remote code execution. This can be triggered remotely from either
|
||||||
side in both TLS and DTLS.
|
side in both TLS and DTLS.
|
||||||
* Fix implementation of truncated HMAC extension leading to
|
* Fix implementation of the truncated HMAC extension. The previous
|
||||||
compatibility problems with non Mbed TLS peers and allowing
|
implementation allowed an offline 2^80 brute force attack on the
|
||||||
an offline 2^80 brute force attack on the HMAC key of a single,
|
HMAC key of a single, uninterrupted connection (with no
|
||||||
uninterrupted (excluding session resumption) connection.
|
resumption of the session).
|
||||||
Found by Andreas Walz (ivESK, Offenburg University of Applied
|
|
||||||
Sciences).
|
|
||||||
|
|
||||||
Bugfix
|
Bugfix
|
||||||
* Fix ssl_parse_record_header() to silently discard invalid DTLS records
|
* Fix ssl_parse_record_header() to silently discard invalid DTLS records
|
||||||
|
Loading…
Reference in New Issue
Block a user