ChangeLog - OpenGrok cross reference for /optee_os/lib/libmbedtls/mbedtls/ChangeLog

7      client and server to extract additional shared symmetric keys from an SSL
56      keys, which could be used by an attacker capable of feeding encrypted
57      PEM keys to a user. This could cause a crash or information disclosure.
87      keys with a different LMS or LM-OTS types on some platforms. Specifically,
128      uses static storage for keys, enabling malloc-less use of key slots.
143      if they use certificate authentication (i.e. not pre-shared keys).
193    * Improve performance of PSA key generation with ECC keys: it no longer
278      the number of volatile PSA keys is virtually unlimited, at the expense
332    * Fix interference between PSA volatile keys and built-in keys
336      to persistent keys. Resolves #9253.
345    * Fix unintended performance regression when using short RSA public keys.
398    * psa_import_key() now only accepts RSA keys in the PSA standard formats.
587      (psa_asymmetric_[en|de]crypt) with opaque keys.
594    * Fix mbedtls_pk_get_bitlen() for RSA keys whose size is not a
599      decrypted keys and it rejects invalid ones.
601      mbedtls_pk_encrypt() on non-opaque RSA keys to honor the padding mode in
615    * Fix RSA opaque keys always using PKCS1 v1.5 algorithms instead of the
735      if not required by another module) and still get support for ECC keys and
746      public and private keys in RFC 8410 format using the existing PK APIs.
766    * Add support to restrict AES to 128-bit keys in order to save code size.
781      - DERIVE is only available for ECC keys, not for RSA or DH ones.
800    * Support for "opaque" (PSA-held) ECC keys in the PK module has been
803      mbedtls_pk_verify() with opaque ECC keys (provided the PSA attributes
905      one of the key exchange modes using ephemeral keys to a server that
940    * mbedtls_pk_parse_key() now rejects trailing garbage in encrypted keys.
1142      384 bits long. That is the length of pre-shared keys created under a
1238    * Add support for opaque keys as the private keys associated to certificates
1250    * Mbed TLS now supports TLS 1.3 key establishment via pre-shared keys.
1251      The pre-shared keys can be provisioned externally or via the ticket
1444      keys. Fixes #3260.
1496      Opaque keys can now be used everywhere a private key is expected in the
1498    * Opaque pre-shared keys for TLS, provisioned with
1856      Transfer keys and certificates embedded in the library to the test
1858      users from using unsafe keys in production.
1916      a key-value store with keys being session IDs and values
1972      Raw keys and IVs are no longer passed to the callback.
2116    * Added support for built-in driver keys through the PSA opaque crypto
2144      private keys and of blinding values for DHM and elliptic curves (ECP)
2245    * The PSA API no longer allows the creation or destruction of keys with a
2247      can now only be used as intended, for keys that cannot be modified through
2340      tweaking the setting for the maximum amount of keys simultaneously in RAM.
2341      MBEDTLS_PSA_KEY_SLOT_COUNT sets the maximum number of volatile keys that
2374      value the function might fail to write a private RSA keys of the largest
2401      both the old SE interface and the new PSA driver interface, external keys were
2405      include this extension in all CA certificates that contain public keys
2464    * In the PSA API, it is no longer necessary to open persistent keys:
2468      version 1.0.0. Opening persistent keys is still supported for backward
2546    * psa_set_key_id() now also sets the lifetime to persistent for keys located
2575      attribute. No automatic upgrade path is provided. Previously stored keys
2597    * Stop storing persistent information about externally stored keys created
2602    * The new function mbedtls_ecp_write_key() exports private ECC keys back to
2658    * Fix the endianness of Curve25519 keys imported/exported through the PSA
2660      Montgomery keys in little-endian as defined by RFC7748. Contributed by
2704      instead of the keys' lifetime. If the library is upgraded on an existing
2705      device, keys created with the old lifetime value will not be readable or
2874      library which allows TLS authentication to use keys stored in a
2912      RSA keys that would later be rejected by functions expecting private
2913      keys. Found by Catena cyber using oss-fuzz (issue 20467).
2915      accept some RSA keys with invalid values by silently fixing those values.
2943      blinded value, factor it (as it is smaller than RSA keys and not guaranteed
2966    * In the PSA API, forbid zero-length keys. To pass a zero-length input to a
3257      passed keys that belonged to different group, the first key's data was
3464    * Add support for 128-bit keys in CTR_DRBG. Note that using keys shorter
3490    * Fix a bug in the update function for SSL ticket keys which previously
3491      invalidated keys of a lifetime of less than a 1s. Fixes #1968.
3829    * Fix parsing of PKCS#8 encoded Elliptic Curve keys. Previously Mbed TLS was
3830      unable to parse keys which had only the optional parameters field of the
3928      algorithms family when encrypting private keys using PKCS#5 v2.0.
3932    * Add support for public keys encoded in PKCS#1 format. #1122
4011    * Set PEM buffer to zero before freeing it, to avoid decoded private keys
4060      contexts from keys consisting of N,D,E only, even if P,Q are needed for the
4104    * Fix some invalid RSA-PSS signatures with keys of size 8N+1 that were
4106    * Fix out-of-memory problem when parsing 4096-bit PKCS8-encrypted RSA keys.
4534    * Fix issue that caused a hang when generating RSA keys of odd bitlength
4589      on untrusted input or write keys of untrusted origin. Found by Guido
4613      minimum key size for end-entity certificates with RSA keys. Found by
4675      https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/
4755    * New server-side implementation of session tickets that rotate keys to
4984    * Fix bug in pk_parse_key() that caused some valid private EC keys to be
5046    * Add function pk_check_pair() to test if public and private keys match.
5142      RSA keys.
5158    * Blowfish in the cipher layer now supports variable length keys.
5294    * pk_get_size() and pk_get_len() were off by a factor 8 for RSA-alt keys.
5310    * Support for reading EC keys that use SpecifiedECDomain in some cases.
5479    * Parsing Elliptic Curve keys
6133    * Parsing PEM private keys encrypted with DES and AES
6169    * Detection for DES weak keys and parity bits added
6210    * rsa_check_private() now supports PKCS1v2 keys as well
6391     * Modified the HMAC functions to handle keys larger
6488       valid RSA keys to be dismissed (thanks to oldwolf)