mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-29 08:44:22 +01:00
Tidied up style and phrasing of ChangeLog
This commit is contained in:
parent
240f185b79
commit
ef8fa012ea
25
ChangeLog
25
ChangeLog
@ -3,14 +3,15 @@ mbed TLS ChangeLog (Sorted per branch, date)
|
|||||||
= mbed TLS 2.3.x branch released 2016-xx-xx
|
= mbed TLS 2.3.x branch released 2016-xx-xx
|
||||||
|
|
||||||
Security
|
Security
|
||||||
* Remove MBEDTLS_SSL_AEAD_RANDOM_IV option, because it was not compliant
|
* Removed the MBEDTLS_SSL_AEAD_RANDOM_IV option, because it was not compliant
|
||||||
with RFC5116 and could lead to session key recovery in very long TLS
|
with RFC-5116 and could lead to session key recovery in very long TLS
|
||||||
sessions. (H. Bock, A. Zauner, S. Devlin, J. Somorovsky, P. Jovanovic -
|
sessions. "Nonce-Disrespecting Adversaries Practical Forgery Attacks on GCM in
|
||||||
"Nonce-Disrespecting Adversaries Practical Forgery Attacks on GCM in TLS")
|
TLS" - H. Bock, A. Zauner, S. Devlin, J. Somorovsky, P. Jovanovic.
|
||||||
* Fix potential stack corruption in mbedtls_x509write_crt_der() and
|
https://eprint.iacr.org/2016/475.pdf
|
||||||
|
* Fixed potential stack corruption in mbedtls_x509write_crt_der() and
|
||||||
mbedtls_x509write_csr_der() when the signature is copied to the buffer
|
mbedtls_x509write_csr_der() when the signature is copied to the buffer
|
||||||
without checking whether there is enough space in the destination. The
|
without checking whether there is enough space in the destination. The
|
||||||
issue cannot be triggered remotely. (found by Jethro Beekman)
|
issue cannot be triggered remotely. Found by Jethro Beekman.
|
||||||
|
|
||||||
Features
|
Features
|
||||||
* Added support for CMAC for AES and 3DES and AES-CMAC-PRF-128, as defined by
|
* Added support for CMAC for AES and 3DES and AES-CMAC-PRF-128, as defined by
|
||||||
@ -22,7 +23,7 @@ Features
|
|||||||
* Added the macro MBEDTLS_X509_MAX_FILE_PATH_LEN that enables the user to
|
* Added the macro MBEDTLS_X509_MAX_FILE_PATH_LEN that enables the user to
|
||||||
configure the maximum length of a file path that can be buffered when
|
configure the maximum length of a file path that can be buffered when
|
||||||
calling mbedtls_x509_crt_parse_path().
|
calling mbedtls_x509_crt_parse_path().
|
||||||
* Added a configuration file config-no-entropy.h that enables a subset of
|
* Added a configuration file config-no-entropy.h that configures the subset of
|
||||||
library features that do not require an entropy source.
|
library features that do not require an entropy source.
|
||||||
* Added the macro MBEDTLS_ENTROPY_MIN_HARDWARE in config.h. This allows users
|
* Added the macro MBEDTLS_ENTROPY_MIN_HARDWARE in config.h. This allows users
|
||||||
to configure the minimum number of bytes for entropy sources using the
|
to configure the minimum number of bytes for entropy sources using the
|
||||||
@ -33,18 +34,18 @@ Bugfix
|
|||||||
may need time but not the standard C library abstraction, and added
|
may need time but not the standard C library abstraction, and added
|
||||||
configuration consistency checks to check_config.h
|
configuration consistency checks to check_config.h
|
||||||
* Fix dependency issue in Makefile to allow parallel builds.
|
* Fix dependency issue in Makefile to allow parallel builds.
|
||||||
* Fix incorrect handling of block lengths in crypt_and_hash sample program,
|
* Fix incorrect handling of block lengths in crypt_and_hash.c sample program,
|
||||||
when GCM is used. #441
|
when GCM is used. Found by udf2457. #441
|
||||||
* Fix for key exchanges based on ECDH-RSA or ECDH-ECDSA which weren't
|
* Fix for key exchanges based on ECDH-RSA or ECDH-ECDSA which weren't
|
||||||
enabled unless others were also present. Found by David Fernandez. #428
|
enabled unless others were also present. Found by David Fernandez. #428
|
||||||
* Fix for out-of-tree builds using CMake. Found by jwurzer, and fix based on
|
* Fix for out-of-tree builds using CMake. Found by jwurzer, and fix based on
|
||||||
a contribution from Tobias Tangemann. #541
|
a contribution from Tobias Tangemann. #541
|
||||||
* Fixed cert_app sample program for debug output and for use when no root
|
* Fixed cert_app.c sample program for debug output and for use when no root
|
||||||
certificates are provided.
|
certificates are provided.
|
||||||
* Fix conditional statement that would cause a 1 byte overread in
|
* Fix conditional statement that would cause a 1 byte overread in
|
||||||
mbedtls_asn1_get_int(). Found and fixed by Guido Vranken. #599
|
mbedtls_asn1_get_int(). Found and fixed by Guido Vranken. #599
|
||||||
* Fixed pthread implementation to avoid unintended double initialisations
|
* Fixed pthread implementation to avoid unintended double initialisations
|
||||||
and double frees. (found by Niklas Amnebratt)
|
and double frees. Found by Niklas Amnebratt.
|
||||||
* Fixed the sample applications gen_key.c, cert_req.c and cert_write.c for
|
* Fixed the sample applications gen_key.c, cert_req.c and cert_write.c for
|
||||||
builds where the configuration MBEDTLS_PEM_WRITE_C is not defined. Found
|
builds where the configuration MBEDTLS_PEM_WRITE_C is not defined. Found
|
||||||
by inestlerode. #559.
|
by inestlerode. #559.
|
||||||
@ -72,7 +73,7 @@ Changes
|
|||||||
* Added support for a Yotta specific configuration file -
|
* Added support for a Yotta specific configuration file -
|
||||||
through the symbol YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE.
|
through the symbol YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE.
|
||||||
* Added optimization for code space for X.509/OID based on configured
|
* Added optimization for code space for X.509/OID based on configured
|
||||||
features. (contributed by Aviv Palivoda)
|
features. Contributed by Aviv Palivoda.
|
||||||
* Renamed source file library/net.c to library/net_sockets.c to avoid
|
* Renamed source file library/net.c to library/net_sockets.c to avoid
|
||||||
naming collision in projects which also have files with the common name
|
naming collision in projects which also have files with the common name
|
||||||
net.c. For consistency, the corresponding header file, net.h, is marked as
|
net.c. For consistency, the corresponding header file, net.h, is marked as
|
||||||
|
Loading…
Reference in New Issue
Block a user