mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-27 08:44:24 +01:00
Tidied up style and phrasing of ChangeLog
This commit is contained in:
parent
60371454bd
commit
fd8d7991a0
23
ChangeLog
23
ChangeLog
@ -3,24 +3,25 @@ mbed TLS ChangeLog (Sorted per branch, date)
|
|||||||
= mbed TLS 1.3.x branch 2016-xx-xx
|
= mbed TLS 1.3.x branch 2016-xx-xx
|
||||||
|
|
||||||
Security
|
Security
|
||||||
* Remove MBEDTLS_SSL_AEAD_RANDOM_IV option, because it was not compliant
|
* Removed the MBEDTLS_SSL_AEAD_RANDOM_IV option, because it was not compliant
|
||||||
with RFC5116 and could lead to session key recovery in very long TLS
|
with RFC-5116 and could lead to session key recovery in very long TLS
|
||||||
sessions. (H. Bock, A. Zauner, S. Devlin, J. Somorovsky, P. Jovanovic -
|
sessions. "Nonce-Disrespecting Adversaries Practical Forgery Attacks on GCM in
|
||||||
"Nonce-Disrespecting Adversaries Practical Forgery Attacks on GCM in TLS")
|
TLS" - H. Bock, A. Zauner, S. Devlin, J. Somorovsky, P. Jovanovic.
|
||||||
* Fix potential stack corruption in mbedtls_x509write_crt_der() and
|
https://eprint.iacr.org/2016/475.pdf
|
||||||
|
* Fixed potential stack corruption in mbedtls_x509write_crt_der() and
|
||||||
mbedtls_x509write_csr_der() when the signature is copied to the buffer
|
mbedtls_x509write_csr_der() when the signature is copied to the buffer
|
||||||
without checking whether there is enough space in the destination. The
|
without checking whether there is enough space in the destination. The
|
||||||
issue cannot be triggered remotely. (found by Jethro Beekman)
|
issue cannot be triggered remotely. Found by Jethro Beekman.
|
||||||
|
|
||||||
Bugfix
|
Bugfix
|
||||||
* Fix an issue that caused valid certificates being rejected whenever an
|
* Fix an issue that caused valid certificates being rejected whenever an
|
||||||
expired or not yet valid version of the trusted certificate was before the
|
expired or not yet valid version of the trusted certificate was before the
|
||||||
valid version in the trusted certificate list.
|
valid version in the trusted certificate list.
|
||||||
* Fix incorrect handling of block lengths in crypt_and_hash sample program,
|
* Fix incorrect handling of block lengths in crypt_and_hash.c sample program,
|
||||||
when GCM is used. #441
|
when GCM is used. Found by udf2457. #441
|
||||||
* Fix for key exchanges based on ECDH-RSA or ECDH-ECDSA which weren't
|
* Fix for key exchanges based on ECDH-RSA or ECDH-ECDSA which weren't
|
||||||
enabled unless others were also present. Found by David Fernandez. #428
|
enabled unless others were also present. Found by David Fernandez. #428
|
||||||
* Fixed cert_app sample program for debug output and for use when no root
|
* Fixed cert_app.c sample program for debug output and for use when no root
|
||||||
certificates are provided.
|
certificates are provided.
|
||||||
* Fix conditional statement that would cause a 1 byte overread in
|
* Fix conditional statement that would cause a 1 byte overread in
|
||||||
mbedtls_asn1_get_int(). Found and fixed by Guido Vranken. #599
|
mbedtls_asn1_get_int(). Found and fixed by Guido Vranken. #599
|
||||||
@ -36,9 +37,9 @@ Bugfix
|
|||||||
rsa_rsassa_pss_verify_ext(). Fixed by Brian J. Murray. #502
|
rsa_rsassa_pss_verify_ext(). Fixed by Brian J. Murray. #502
|
||||||
|
|
||||||
Changes
|
Changes
|
||||||
* Add compile time option for relaxed X509 time verification to enable
|
* Add compile time option for relaxed X.509 time verification to enable
|
||||||
accepting certificates with non-standard time format (that is without
|
accepting certificates with non-standard time format (that is without
|
||||||
seconds or with a time zone). Patch provided by OpenVPN.
|
seconds or with a time zone). Patch provided by James Yonan of OpenVPN.
|
||||||
|
|
||||||
= mbed TLS 1.3.17 branch 2016-06-28
|
= mbed TLS 1.3.17 branch 2016-06-28
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user