TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls.git / b5851193eb650f279c313e0d521c3314413eb42c^! / . / ChangeLog
commitb5851193eb650f279c313e0d521c3314413eb42c[log] [tgz]
authorRon Eldor <ron.eldor@arm.com>Thu Jul 20 00:30:44 2017 +0200
committerSimon Butcher <simon.butcher@arm.com>Fri Jul 28 12:21:38 2017 +0100
tree957986c81917b1aa370b94df4c7646bc611ee335
parenteeb13500735a4a286782aa4d70c52548ea34929f [diff] [blame]
Backport 2.1: check if iv is zero in gcm.

1) found by roberto in mbedtls forum
2) if iv_len is zero, return an error
3) add tests for invalid parameters

diff --git a/ChangeLog b/ChangeLog
index 536800f..796cc51 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -2,6 +2,22 @@
 
 = mbed TLS 2.1.9 branch released xxxx-xx-xx
 
+Security
+   * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional,
+     mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's
+     X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA
+     (default: 8) intermediates, even when it was not trusted. Could be
+     triggered remotely on both sides. (With auth_mode set to required
+     (default), the handshake was correctly aborted.)
+
+API Changes
+   * Certificate verification functions now set flags to -1 in case the full
+     chain was not verified due to an internal error (including in the verify
+     callback) or chain length limitations.
+   * With authmode set to optional, handshake is now aborted if the
+     verification of the peer's certificate failed due to an overlong chain or
+     a fatal error in the vrfy callback.
+
 Bugfix
    * Add a check if iv_len is zero, and return an error if it is zero. reported
      by roberto. #716
@@ -24,22 +40,8 @@
      encoded X509 CSRs. The overflow would enable maliciously constructed CSRs
      to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin,
      KNOX Security, Samsung Research America
-
-Security
-   * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional,
-     mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's
-     X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA
-     (default: 8) intermediates, even when it was not trusted. Could be
-     triggered remotely on both sides. (With auth_mode set to required
-     (default), the handshake was correctly aborted.)
-
-API Changes
-   * Certificate verification functions now set flags to -1 in case the full
-     chain was not verified due to an internal error (including in the verify
-     callback) or chain length limitations.
-   * With authmode set to optional, handshake is now aborted if the
-     verification of the peer's certificate failed due to an overlong chain or
-     a fatal error in the vrfy callback.
+   * Add a check if iv_len is zero, and return an error if it is zero. reported
+     by roberto. #716
 
 = mbed TLS 2.1.8 branch released 2017-06-21