ChangeLog - OpenGrok cross reference for /optee_os/lib/libmbedtls/mbedtls/ChangeLog

188      The library will now prevent the handshake and return
196    * Fix a vulnerability in the TLS 1.2 handshake. If memory allocation failed
199      the security guarantees of the TLS handshake.
218    * Support re-assembly of fragmented handshake messages in TLS (both
219      1.2 and 1.3). The lack of support was causing handshake failures with
264    * A TLS handshake may now call psa_crypto_init() if TLS 1.3 is enabled.
344      optional authentication (required would abort the handshake with a fatal
394    * Fix TLS connections failing when the handshake selects TLS 1.3
506      Record size limits negotiated during handshake.
625    * Fix TLS server accepting TLS 1.2 handshake while TLS 1.2
867      be completely zeroized during TLS 1.2 handshake, in both server and client
897    * Fix a remotely exploitable heap buffer overflow in TLS handshake parsing.
946    * In TLS 1.3, fix handshake failure when a client in its ClientHello
947      proposes an handshake based on PSK only key exchange mode or at least
1461      TLS 1.3 handshake should now be configured with
1481    * Provide mechanism to reset handshake cert list by calling
1484      cert callback (mbedtls_ssl_conf_cert_cb()) during handshake.
1502      during TLS handshake.
1596      TLS 1.3 handshake and application traffic secret.
1640    * Fix a TLS 1.3 handshake failure when the peer Finished message has not
1654    * Fix a TLS 1.3 handshake failure when the first attempt to send the client
2344    * during the TLS handshake.
2847      dropped. As a consequence, the TLS handshake now fails when the output
3202    * Extend the MBEDTLS_SSL_EXPORT_KEYS to export the handshake randbytes,
3225    * Extend the MBEDTLS_SSL_EXPORT_KEYS to export the handshake randbytes,
3544    * Zeroize memory used for buffering or reassembling handshake messages
3606    * Add support for fragmentation of outgoing DTLS handshake messages. This
3611      handshake when flights do not get through (RFC 6347, section 4.1.1.1,
3615    * Add support for buffering out-of-order handshake messages in DTLS.
3638    * Fix a bug that caused SSL/TLS clients to incorrectly abort the handshake
3659    * Add support for buffering of out-of-order handshake messages.
3987      In the context of SSL, this resulted in handshake failure. Reported by
4170    * Fix handling of handshake messages in mbedtls_ssl_read() in case
4176    * Add size-checks for record and handshake message content, securing
4202    * Fix status handshake status message in programs/ssl/dtls_client.c. Found
4235      (the default), the handshake was correctly aborted).
4258    * With authmode set to optional, the TLS handshake is now aborted if the
4603    * Disable MD5 handshake signatures in TLS 1.2 by default to prevent the
4720      tries to continue the handshake after it failed (a misuse of the API).
4738      handshake with the same context. (See RFC 6347 section 4.2.8.)
5025      ssl_write() is called before the handshake is finished (introduced in
5118    * ssl_get_verify_result() now works even if the handshake was aborted due
5370      "triple handshake" attack when authentication mode is 'optional' (the
5617    * ssl_get_verify_result() now works even if the handshake was aborted due
5675      "triple handshake" attack when authentication mode is optional (the
5844    * Added ssl_handshake_step() to allow single stepping the handshake process
6143      after the handshake.
6436     * Fixed ssl_read_record() to properly update the handshake