yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-27 03:54:19 +01:00
Code Issues Packages Projects Releases Wiki Activity

Tidied up style and phrasing of ChangeLog

Browse Source
This commit is contained in:
Simon Butcher 2016-10-16 00:48:37 +01:00
parent 60371454bd
commit fd8d7991a0
1 changed files with 12 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
ChangeLog
View File

@ -3,24 +3,25 @@ mbed TLS ChangeLog (Sorted per branch, date)
= mbed TLS 1.3.x branch 2016-xx-xx
Security
* Remove MBEDTLS_SSL_AEAD_RANDOM_IV option, because it was not compliant
with RFC5116 and could lead to session key recovery in very long TLS
sessions. (H. Bock, A. Zauner, S. Devlin, J. Somorovsky, P. Jovanovic -
"Nonce-Disrespecting Adversaries Practical Forgery Attacks on GCM in TLS")
* Fix potential stack corruption in mbedtls_x509write_crt_der() and
* Removed the MBEDTLS_SSL_AEAD_RANDOM_IV option, because it was not compliant
with RFC-5116 and could lead to session key recovery in very long TLS
sessions. "Nonce-Disrespecting Adversaries Practical Forgery Attacks on GCM in
TLS" - H. Bock, A. Zauner, S. Devlin, J. Somorovsky, P. Jovanovic.
https://eprint.iacr.org/2016/475.pdf
* Fixed potential stack corruption in mbedtls_x509write_crt_der() and
mbedtls_x509write_csr_der() when the signature is copied to the buffer
without checking whether there is enough space in the destination. The
issue cannot be triggered remotely. (found by Jethro Beekman)
issue cannot be triggered remotely. Found by Jethro Beekman.
Bugfix
* Fix an issue that caused valid certificates being rejected whenever an
expired or not yet valid version of the trusted certificate was before the
valid version in the trusted certificate list.
* Fix incorrect handling of block lengths in crypt_and_hash sample program,
when GCM is used. #441
* Fix incorrect handling of block lengths in crypt_and_hash.c sample program,
when GCM is used. Found by udf2457. #441
* Fix for key exchanges based on ECDH-RSA or ECDH-ECDSA which weren't
enabled unless others were also present. Found by David Fernandez. #428
* Fixed cert_app sample program for debug output and for use when no root
* Fixed cert_app.c sample program for debug output and for use when no root
certificates are provided.
* Fix conditional statement that would cause a 1 byte overread in
mbedtls_asn1_get_int(). Found and fixed by Guido Vranken. #599
@ -36,9 +37,9 @@ Bugfix
rsa_rsassa_pss_verify_ext(). Fixed by Brian J. Murray. #502
Changes
* Add compile time option for relaxed X509 time verification to enable
* Add compile time option for relaxed X.509 time verification to enable
accepting certificates with non-standard time format (that is without
seconds or with a time zone). Patch provided by OpenVPN.
seconds or with a time zone). Patch provided by James Yonan of OpenVPN.
= mbed TLS 1.3.17 branch 2016-06-28