mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-03-14 07:20:52 +00:00
Merge pull request #1279 from gilles-peskine-arm/memory_allocation_cleanup_psa_crypto_rsa-changelog-3.6
Backport 3.6: Changelog entry for the RSA memory leak (+ extra changelog fixes)
This commit is contained in:
commit
d8d5353218
@ -1,9 +1,9 @@
|
||||
Security
|
||||
* With TLS 1.3, when a server enables optional authentication of the
|
||||
client, if the client-provided certificate does not have appropriate values
|
||||
in if keyUsage or extKeyUsage extensions, then the return value of
|
||||
in keyUsage or extKeyUsage extensions, then the return value of
|
||||
mbedtls_ssl_get_verify_result() would incorrectly have the
|
||||
MBEDTLS_X509_BADCERT_KEY_USAGE and MBEDTLS_X509_BADCERT_KEY_USAGE bits
|
||||
MBEDTLS_X509_BADCERT_KEY_USAGE and MBEDTLS_X509_BADCERT_EXT_KEY_USAGE bits
|
||||
clear. As a result, an attacker that had a certificate valid for uses other
|
||||
than TLS client authentication could be able to use it for TLS client
|
||||
authentication anyway. Only TLS 1.3 servers were affected, and only with
|
||||
|
@ -0,0 +1,3 @@
|
||||
Bugfix
|
||||
* Fix a memory leak that could occur when failing to process an RSA
|
||||
key through some PSA functions due to low memory conditions.
|
Loading…
x
Reference in New Issue
Block a user