ChangeLog - OpenGrok cross reference for /optee_os/lib/libmbedtls/mbedtls/ChangeLog

145      The library will now prevent the handshake and return
153    * Fix a vulnerability in the TLS 1.2 handshake. If memory allocation failed
156      the security guarantees of the TLS handshake.
175    * Support re-assembly of fragmented handshake messages in TLS (both
176      1.2 and 1.3). The lack of support was causing handshake failures with
221    * A TLS handshake may now call psa_crypto_init() if TLS 1.3 is enabled.
301      optional authentication (required would abort the handshake with a fatal
351    * Fix TLS connections failing when the handshake selects TLS 1.3
463      Record size limits negotiated during handshake.
582    * Fix TLS server accepting TLS 1.2 handshake while TLS 1.2
824      be completely zeroized during TLS 1.2 handshake, in both server and client
854    * Fix a remotely exploitable heap buffer overflow in TLS handshake parsing.
903    * In TLS 1.3, fix handshake failure when a client in its ClientHello
904      proposes an handshake based on PSK only key exchange mode or at least
1418      TLS 1.3 handshake should now be configured with
1438    * Provide mechanism to reset handshake cert list by calling
1441      cert callback (mbedtls_ssl_conf_cert_cb()) during handshake.
1459      during TLS handshake.
1553      TLS 1.3 handshake and application traffic secret.
1597    * Fix a TLS 1.3 handshake failure when the peer Finished message has not
1611    * Fix a TLS 1.3 handshake failure when the first attempt to send the client
2301    * during the TLS handshake.
2804      dropped. As a consequence, the TLS handshake now fails when the output
3159    * Extend the MBEDTLS_SSL_EXPORT_KEYS to export the handshake randbytes,
3182    * Extend the MBEDTLS_SSL_EXPORT_KEYS to export the handshake randbytes,
3501    * Zeroize memory used for buffering or reassembling handshake messages
3563    * Add support for fragmentation of outgoing DTLS handshake messages. This
3568      handshake when flights do not get through (RFC 6347, section 4.1.1.1,
3572    * Add support for buffering out-of-order handshake messages in DTLS.
3595    * Fix a bug that caused SSL/TLS clients to incorrectly abort the handshake
3616    * Add support for buffering of out-of-order handshake messages.
3944      In the context of SSL, this resulted in handshake failure. Reported by
4127    * Fix handling of handshake messages in mbedtls_ssl_read() in case
4133    * Add size-checks for record and handshake message content, securing
4159    * Fix status handshake status message in programs/ssl/dtls_client.c. Found
4192      (the default), the handshake was correctly aborted).
4215    * With authmode set to optional, the TLS handshake is now aborted if the
4560    * Disable MD5 handshake signatures in TLS 1.2 by default to prevent the
4677      tries to continue the handshake after it failed (a misuse of the API).
4695      handshake with the same context. (See RFC 6347 section 4.2.8.)
4982      ssl_write() is called before the handshake is finished (introduced in
5075    * ssl_get_verify_result() now works even if the handshake was aborted due
5327      "triple handshake" attack when authentication mode is 'optional' (the
5574    * ssl_get_verify_result() now works even if the handshake was aborted due
5632      "triple handshake" attack when authentication mode is optional (the
5801    * Added ssl_handshake_step() to allow single stepping the handshake process
6100      after the handshake.
6393     * Fixed ssl_read_record() to properly update the handshake