ChangeLog - OpenGrok cross reference for /optee_os/lib/libmbedtls/mbedtls/ChangeLog

95    * Fix mbedtls_base64_decode() on inputs that did not have the correct
161      peers that have middlebox compatibility enabled, as long as no
173      may have resulted in incorrect code with some compilers, depending on
234      They have almost exactly the same interface, but the variable-length
294      client, if the client-provided certificate does not have appropriate values
296      mbedtls_ssl_get_verify_result() would incorrectly have the
637      for each size you want to support. Also, if you have an FFDH accelerator,
643      have changed their speed/memory compromise as part of a proactive security
657      might have precise enough timing measurements to exploit this. It requires
684      accelerated and still have the built-in implementation compiled out.
703      IMPORT, EXPORT, GENERATE, DERIVE. The goal is to have a finer detail about
732      as PSA does not have an API for restartable ECDH yet.
778      or DH) were introduced in order to have finer accuracy in defining the
843      conditional instructions, which can have an observable difference in
885      built with MBEDTLS_SHAxxx_USE_A64_CRYPTO_IF_PRESENT but don't have a
997      - Certificates must be in X.509 format. A message must have either 0
1124    * Reject OIDs that have unterminated subidentifiers, or (equivalently)
1125      have the most-significant bit set in their last byte.
1401      setbuf(). If your platform does not have setbuf(), you can configure an
1607    * Fix check_config.h to check that we have MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
1626      which have been broken, resulting in compilation errors, since Mbed TLS
1726      example, a memory disclosure vulnerability could have allowed a
1833      This module does not have a separate configuration option, and functions
1846      with a more complex CPU usually have an operating system interface that
1861      have been moved out of the include/ directory and into the library/
1863      which have also been renamed to ecp_internal_alt.h and rsa_alt_helpers.h
1867      were not meant to be used in application code have been moved out of
1920      encryption use the public key. Verification functions also no longer have
1970      mbedtls_ssl_conf_export_keys_cb() have been removed and
1998    * Enable by default the functionalities which have no reason to be disabled.
2001    * Some default policies for X.509 certificate verification and TLS have
2129      constraints have been relaxed.
2314      size may have been rounded up to a whole number of bytes.
2326      PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN have been renamed, and the old names
2329      have been renamed, and the old names deprecated.
2421    * The numerical values of the PSA Crypto API macros have been updated to
2428      as they have no way to check if the output buffer is large enough.
2438    * PSA_ALG_CHACHA20 and PSA_ALG_ARC4 have been deprecated.
2472      PSA_CIPHER_IV_MAX_SIZE macros have been added as defined in version
2479      those functions as documented with NIST_KW could have a buffer overwrite
2636      if they have access to fine-grained measurements. In particular, this
2653    * Library files installed after a CMake build no longer have execute
2944      to have only large prime factors), and then, by brute force, recover the
3026    * Fix a missing error detection in ECJPAKE. This could have caused a
3117      functionally incorrect code on bigendian systems which don't have
3311    * Ciphersuites based on 3DES now have the lowest priority by default when
3320      changed, but requirements on parameters have been made more explicit in
3324      steps you have to take when enabling it.
3327    * The following functions in the random generator modules have been
3338    * Additional parameter validation checks have been added for the following
3341      Where modules have had parameter validation added, existing parameter
3342      checks may have changed. Some modules, such as Chacha20 had existing
3406      have been similarly vulnerable. Reported by Eyal Ronen, Robert Gillham,
3435      primes with high probability. This does not have an impact on the
3896      not need to copy the declarations, and ensures that they will have the
4065      SHA1, SHA256, SHA512) have been deprecated and replaced as shown below.
4331    * The following functions in the AES module have been deprecated and replaced
4498      naming collision in projects which also have files with the common name
4768      Some names have been further changed to make them more consistent.
4776    * The following _init() functions that could return errors have
4788      ssl_legacy_renegotiation()) have been renamed to mbedtls_ssl_conf_xxx()
4793    * The following functions have been introduced and must be used in callback
4844    * net_connect() and net_bind() have a new 'proto' argument to choose
4863    * Configuration options POLARSSL_HAVE_INT8 and POLARSSL_HAVE_INT16 have
5176    * All public contexts have _init() and _free() functions now for simpler
5229    * Ciphersuites based on RC4 now have the lowest priority by default
5499    * Internals for SSL module adapted to have separate IV pointer that is
5731    * Fixed const correctness issues that have no impact on the ABI
6065    * The generic cipher and message digest layer now have normal error
6092    * The error codes have been remapped and combining error codes
6162 Note: Most of these features have been donated by Fox-IT
6185      of ssl_session have been renamed to ciphersuites and
6364     * Fixed x509_get_ext() to accept some rare certificates which have
6373       selftest and benchmark to not test ciphers that have been disabled