mirror of
https://github.com/yuzu-emu/mbedtls
synced 2024-11-24 18:48:32 +00:00
Include changes from the 1.2 branch
This commit is contained in:
parent
ac90673345
commit
7b12492c77
1 changed files with 61 additions and 0 deletions
61
ChangeLog
61
ChangeLog
|
@ -584,6 +584,67 @@ Security
|
||||||
* RSA blinding on CRT operations to counter timing attacks
|
* RSA blinding on CRT operations to counter timing attacks
|
||||||
(found by Cyril Arnaud and Pierre-Alain Fouque)
|
(found by Cyril Arnaud and Pierre-Alain Fouque)
|
||||||
|
|
||||||
|
|
||||||
|
= Version 1.2.14 released 2015-05-??
|
||||||
|
|
||||||
|
Security
|
||||||
|
* Fix potential invalid memory read in the server, that allows a client to
|
||||||
|
crash it remotely (found by Caj Larsson).
|
||||||
|
* Fix potential invalid memory read in certificate parsing, that allows a
|
||||||
|
client to crash the server remotely if client authentication is enabled
|
||||||
|
(found using Codenomicon Defensics).
|
||||||
|
* Add countermeasure against "Lucky 13 strikes back" cache-based attack,
|
||||||
|
https://dl.acm.org/citation.cfm?id=2714625
|
||||||
|
|
||||||
|
Bugfix
|
||||||
|
* Fix bug in Via Padlock support (found by Nikos Mavrogiannopoulos).
|
||||||
|
* Fix hardclock() (only used in the benchmarking program) with some
|
||||||
|
versions of mingw64 (found by kxjhlele).
|
||||||
|
* Fix warnings from mingw64 in timing.c (found by kxjklele).
|
||||||
|
* Fix potential unintended sign extension in asn1_get_len() on 64-bit
|
||||||
|
platforms (found with Coverity Scan).
|
||||||
|
|
||||||
|
= Version 1.2.13 released 2015-02-16
|
||||||
|
Note: Although PolarSSL has been renamed to mbed TLS, no changes reflecting
|
||||||
|
this will be made in the 1.2 branch at this point.
|
||||||
|
|
||||||
|
Security
|
||||||
|
* Fix remotely-triggerable uninitialised pointer dereference caused by
|
||||||
|
crafted X.509 certificate (TLS server is not affected if it doesn't ask
|
||||||
|
for a client certificate) (found using Codenomicon Defensics).
|
||||||
|
* Fix remotely-triggerable memory leak caused by crafted X.509 certificates
|
||||||
|
(TLS server is not affected if it doesn't ask for a client certificate)
|
||||||
|
(found using Codenomicon Defensics).
|
||||||
|
* Fix potential stack overflow while parsing crafted X.509 certificates
|
||||||
|
(TLS server is not affected if it doesn't ask for a client certificate)
|
||||||
|
found using Codenomicon Defensics).
|
||||||
|
* Fix buffer overread of size 1 when parsing crafted X.509 certificates
|
||||||
|
(TLS server is not affected if it doesn't ask for a client certificate).
|
||||||
|
|
||||||
|
Bugfix
|
||||||
|
* Fix potential undefined behaviour in Camellia.
|
||||||
|
* Fix memory leaks in PKCS#5 and PKCS#12.
|
||||||
|
* Stack buffer overflow if ctr_drbg_update() is called with too large
|
||||||
|
add_len (found by Jean-Philippe Aumasson) (not triggerable remotely).
|
||||||
|
* Fix bug in MPI/bignum on s390/s390x (reported by Dan Horák) (introduced
|
||||||
|
in 1.2.12).
|
||||||
|
* Fix unchecked return code in x509_crt_parse_path() on Windows (found by
|
||||||
|
Peter Vaskovic).
|
||||||
|
* Fix assembly selection for MIPS64 (thanks to James Cowgill).
|
||||||
|
* ssl_get_verify_result() now works even if the handshake was aborted due
|
||||||
|
to a failed verification (found by Fredrik Axelsson).
|
||||||
|
* Skip writing and parsing signature_algorithm extension if none of the
|
||||||
|
key exchanges enabled needs certificates. This fixes a possible interop
|
||||||
|
issue with some servers when a zero-length extension was sent. (Reported
|
||||||
|
by Peter Dettman.)
|
||||||
|
* On a 0-length input, base64_encode() did not correctly set output length
|
||||||
|
(found by Hendrik van den Boogaard).
|
||||||
|
|
||||||
|
Changes
|
||||||
|
* Blind RSA private operations even when POLARSSL_RSA_NO_CRT is defined.
|
||||||
|
* Forbid repeated extensions in X.509 certificates.
|
||||||
|
* Add compile-time option POLARSSL_X509_MAX_INTERMEDIATE_CA to limit the
|
||||||
|
length of an X.509 verification chain (default = 8).
|
||||||
= Version 1.2.12 released 2014-10-24
|
= Version 1.2.12 released 2014-10-24
|
||||||
|
|
||||||
Security
|
Security
|
||||||
|
|
Loading…
Reference in a new issue