xref: /hypervisor/lib/crypto/mbedtls/ChangeLog

179    * Fix a client-side bug in the validation of the server's ciphersuite choice
364      a migration path for those depending on the library's ABI.
375      6 bytes on the peer's heap, which could potentially lead to crash or remote
488      regardless of the peer's preferences, or fail if SHA-1 was disabled.
510    * Don't print X.509 version tag for v1 CRT's, and omit extensions for
511      non-v3 CRT's.
531      freeing an RSA context and several MPI's without proper initialization
576      mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's
604      verification of the peer's certificate failed due to an overlong chain or
1061    * Add countermeasure against Lenstra's RSA-CRT attack for PKCS#1 v1.5
1127      compiler's command line.
1177      (see rename.pl and compat-1.3.h above) and their first argument's type
1270    * Removed r and s from ecdsa_context
1363      (detected by Clang's 3.6 UBSan).
1504    * Fix warnings from Clang's scan-build (contributed by Alfred Klomp).
1686      stored in RAM due to missing 'const's (found by Gergely Budai).
1732    * Bignum's MIPS-32 assembly was used on MIPS-64, causing chaos. (Found by
1782    * Relaxed some SHA2 ciphersuite's version requirements
1994    * Fix warnings from Clang's scan-build (contributed by Alfred Klomp).
2047    * Bignum's MIPS-32 assembly was used on MIPS-64, causing chaos. (Found by
2510    * Debug output of MPI's now the same independent of underlying
2534    * Support more exotic OID's when parsing certificates
2772       as the Klima-Pokorny-Rosa extension of Bleichenbacher's attack
2880     I'd also like to thank Younès Hafri for the CRUX linux port,

Last Index update Fri Aug 22 02:31:50 CST 2025