Improve Changelog
diff --git a/ChangeLog b/ChangeLog
index a042c4e..84a05d0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -17,39 +17,45 @@
potential Bleichenbacher/BERserk-style attack.
Bugfix
- * Remove invalid use of size zero arrays in ECJPAKE test suite.
+ * Remove size zero arrays from ECJPAKE test suite. Size zero arrays are not
+ valid C and they prevented the test from compiling in Visual Studio 2015
+ and with GCC using the -Wpedantic compilation option.
* Fix insufficient support for signature-hash-algorithm extension,
resulting in compatibility problems with Chrome. Found by hfloyrd. #823
- * If sending a fatal alert fails, make sure not to hide the error
+ * Fix behaviour that hid the original cause of fatal alerts in some cases
+ when sending the alert failed. The fix makes sure not to hide the error
that triggered the alert.
- * In SSLv3, if refusing a renegotiation attempt, don't process any further
- data.
+ * Fix SSLv3 renegotiation behaviour and stop processing data received from
+ peer after sending a fatal alert to refuse a renegotiation attempt.
+ Previous behaviour was to keep processing data even after the alert has
+ been sent.
* Accept empty trusted CA chain in authentication mode
MBEDTLS_SSL_VERIFY_OPTIONAL.
- Fixes #864. Found by jethrogb.
- * Fix implementation of mbedtls_ssl_parse_certificate
- to not annihilate fatal errors in authentication mode
- MBEDTLS_SSL_VERIFY_OPTIONAL and to reflect bad EC curves
- within verification result.
- * Fix modular inversion function on invalid modulus 1.
- Found by blaufish. Fixes #641.
- * Fix incorrect sign computation in modular exponentiation
- when dealing with negative MPI. Found by Guido Vranken.
- * Fix potential stack underflow in mpi_read_file.
- Found by Guido Vranken.
+ Found by jethrogb. #864
+ * Fix implementation of mbedtls_ssl_parse_certificate() to not annihilate
+ fatal errors in authentication mode MBEDTLS_SSL_VERIFY_OPTIONAL and to
+ reflect bad EC curves within verification result.
+ * Fix bug that caused the modular inversion function to accept the invalid
+ modulus 1 and therefore to hang. Found by blaufish. #641.
+ * Fix incorrect sign computation in modular exponentiation when the base is
+ a negative MPI. Previously the result was always negative. Found by Guido
+ Vranken.
+ * Fix a numerical underflow leading to stack overflow in mpi_read_file()
+ that was triggered uppon reading an empty line. Found by Guido Vranken.
Changes
- * Send fatal alerts in many more cases instead of dropping the connection.
+ * Send fatal alerts in more cases. The previous behaviour was to skip
+ sending the fatal alert and just drop the connection.
* Clarify ECDSA documentation and improve the sample code to avoid
- misunderstandings and potentially dangerous use of the API. Pointed out
+ misunderstanding and potentially dangerous use of the API. Pointed out
by Jean-Philippe Aumasson.
= mbed TLS 2.5.0 branch released 2017-05-17
Security
* Wipe stack buffers in RSA private key operations
- (rsa_rsaes_pkcs1_v15_decrypt(), rsa_rsaes_oaep_decrypt).
- Found by Laurent Simon.
+ (rsa_rsaes_pkcs1_v15_decrypt(), rsa_rsaes_oaep_decrypt). Found by Laurent
+ Simon.
* Add exponent blinding to RSA private operations as a countermeasure
against side-channel attacks like the cache attack described in
https://arxiv.org/abs/1702.08719v2.
@@ -57,8 +63,10 @@
Clémentine Maurice and Stefan Mangard.
Features
- * Exposed parts of the Elliptic Curve Point internal interface, to provide
- interface for external hardware acceleration code.
+ * Add hardware acceleration support for the Elliptic Curve Point module.
+ This involved exposing parts of the internal interface to enable
+ replacing the core functions and adding and alternative, module level
+ replacement support for enabling the extension of the interface.
* Add a new configuration option to 'mbedtls_ssl_config' to enable
suppressing the CA list in Certificate Request messages. The default
behaviour has not changed, namely every configured CAs name is included.
@@ -74,7 +82,12 @@
Bugfix
* Remove macros from compat-1.3.h that correspond to deleted items from most
recent versions of the library. Found by Kyle Keen.
- * Fixed issue in mutexes to failing to initialise. #667
+ * Fixed issue in the Threading module that prevented mutexes from
+ initialising. Found by sznaider. #667 #843
+ * Add checks in the PK module for the RSA functions on 64-bit systems.
+ The PK and RSA modules use different types for passing hash length and
+ without these checks the type cast could lead to data loss. Found by Guido
+ Vranken.
= mbed TLS 2.4.2 branch released 2017-03-08