ChangeLog - OpenGrok cross reference for /optee_os/lib/libmbedtls/mbedtls/ChangeLog

138    * Fix mbedtls_base64_decode() on inputs that did not have the correct
204      peers that have middlebox compatibility enabled, as long as no
216      may have resulted in incorrect code with some compilers, depending on
277      They have almost exactly the same interface, but the variable-length
337      client, if the client-provided certificate does not have appropriate values
339      mbedtls_ssl_get_verify_result() would incorrectly have the
680      for each size you want to support. Also, if you have an FFDH accelerator,
686      have changed their speed/memory compromise as part of a proactive security
700      might have precise enough timing measurements to exploit this. It requires
727      accelerated and still have the built-in implementation compiled out.
746      IMPORT, EXPORT, GENERATE, DERIVE. The goal is to have a finer detail about
775      as PSA does not have an API for restartable ECDH yet.
821      or DH) were introduced in order to have finer accuracy in defining the
886      conditional instructions, which can have an observable difference in
928      built with MBEDTLS_SHAxxx_USE_A64_CRYPTO_IF_PRESENT but don't have a
1040      - Certificates must be in X.509 format. A message must have either 0
1167    * Reject OIDs that have unterminated subidentifiers, or (equivalently)
1168      have the most-significant bit set in their last byte.
1444      setbuf(). If your platform does not have setbuf(), you can configure an
1650    * Fix check_config.h to check that we have MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
1669      which have been broken, resulting in compilation errors, since Mbed TLS
1769      example, a memory disclosure vulnerability could have allowed a
1876      This module does not have a separate configuration option, and functions
1889      with a more complex CPU usually have an operating system interface that
1904      have been moved out of the include/ directory and into the library/
1906      which have also been renamed to ecp_internal_alt.h and rsa_alt_helpers.h
1910      were not meant to be used in application code have been moved out of
1963      encryption use the public key. Verification functions also no longer have
2013      mbedtls_ssl_conf_export_keys_cb() have been removed and
2041    * Enable by default the functionalities which have no reason to be disabled.
2044    * Some default policies for X.509 certificate verification and TLS have
2172      constraints have been relaxed.
2357      size may have been rounded up to a whole number of bytes.
2369      PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN have been renamed, and the old names
2372      have been renamed, and the old names deprecated.
2464    * The numerical values of the PSA Crypto API macros have been updated to
2471      as they have no way to check if the output buffer is large enough.
2481    * PSA_ALG_CHACHA20 and PSA_ALG_ARC4 have been deprecated.
2515      PSA_CIPHER_IV_MAX_SIZE macros have been added as defined in version
2522      those functions as documented with NIST_KW could have a buffer overwrite
2679      if they have access to fine-grained measurements. In particular, this
2696    * Library files installed after a CMake build no longer have execute
2987      to have only large prime factors), and then, by brute force, recover the
3069    * Fix a missing error detection in ECJPAKE. This could have caused a
3160      functionally incorrect code on bigendian systems which don't have
3354    * Ciphersuites based on 3DES now have the lowest priority by default when
3363      changed, but requirements on parameters have been made more explicit in
3367      steps you have to take when enabling it.
3370    * The following functions in the random generator modules have been
3381    * Additional parameter validation checks have been added for the following
3384      Where modules have had parameter validation added, existing parameter
3385      checks may have changed. Some modules, such as Chacha20 had existing
3449      have been similarly vulnerable. Reported by Eyal Ronen, Robert Gillham,
3478      primes with high probability. This does not have an impact on the
3939      not need to copy the declarations, and ensures that they will have the
4108      SHA1, SHA256, SHA512) have been deprecated and replaced as shown below.
4374    * The following functions in the AES module have been deprecated and replaced
4541      naming collision in projects which also have files with the common name
4811      Some names have been further changed to make them more consistent.
4819    * The following _init() functions that could return errors have
4831      ssl_legacy_renegotiation()) have been renamed to mbedtls_ssl_conf_xxx()
4836    * The following functions have been introduced and must be used in callback
4887    * net_connect() and net_bind() have a new 'proto' argument to choose
4906    * Configuration options POLARSSL_HAVE_INT8 and POLARSSL_HAVE_INT16 have
5219    * All public contexts have _init() and _free() functions now for simpler
5272    * Ciphersuites based on RC4 now have the lowest priority by default
5542    * Internals for SSL module adapted to have separate IV pointer that is
5774    * Fixed const correctness issues that have no impact on the ABI
6108    * The generic cipher and message digest layer now have normal error
6135    * The error codes have been remapped and combining error codes
6205 Note: Most of these features have been donated by Fox-IT
6228      of ssl_session have been renamed to ciphersuites and
6407     * Fixed x509_get_ext() to accept some rare certificates which have
6416       selftest and benchmark to not test ciphers that have been disabled