ChangeLog - OpenGrok cross reference for /optee_os/lib/libmbedtls/mbedtls/ChangeLog

50      client and server to extract additional shared symmetric keys from an SSL
99      keys, which could be used by an attacker capable of feeding encrypted
100      PEM keys to a user. This could cause a crash or information disclosure.
130      keys with a different LMS or LM-OTS types on some platforms. Specifically,
171      uses static storage for keys, enabling malloc-less use of key slots.
186      if they use certificate authentication (i.e. not pre-shared keys).
236    * Improve performance of PSA key generation with ECC keys: it no longer
321      the number of volatile PSA keys is virtually unlimited, at the expense
375    * Fix interference between PSA volatile keys and built-in keys
379      to persistent keys. Resolves #9253.
388    * Fix unintended performance regression when using short RSA public keys.
441    * psa_import_key() now only accepts RSA keys in the PSA standard formats.
630      (psa_asymmetric_[en|de]crypt) with opaque keys.
637    * Fix mbedtls_pk_get_bitlen() for RSA keys whose size is not a
642      decrypted keys and it rejects invalid ones.
644      mbedtls_pk_encrypt() on non-opaque RSA keys to honor the padding mode in
658    * Fix RSA opaque keys always using PKCS1 v1.5 algorithms instead of the
778      if not required by another module) and still get support for ECC keys and
789      public and private keys in RFC 8410 format using the existing PK APIs.
809    * Add support to restrict AES to 128-bit keys in order to save code size.
824      - DERIVE is only available for ECC keys, not for RSA or DH ones.
843    * Support for "opaque" (PSA-held) ECC keys in the PK module has been
846      mbedtls_pk_verify() with opaque ECC keys (provided the PSA attributes
948      one of the key exchange modes using ephemeral keys to a server that
983    * mbedtls_pk_parse_key() now rejects trailing garbage in encrypted keys.
1185      384 bits long. That is the length of pre-shared keys created under a
1281    * Add support for opaque keys as the private keys associated to certificates
1293    * Mbed TLS now supports TLS 1.3 key establishment via pre-shared keys.
1294      The pre-shared keys can be provisioned externally or via the ticket
1487      keys. Fixes #3260.
1539      Opaque keys can now be used everywhere a private key is expected in the
1541    * Opaque pre-shared keys for TLS, provisioned with
1899      Transfer keys and certificates embedded in the library to the test
1901      users from using unsafe keys in production.
1959      a key-value store with keys being session IDs and values
2015      Raw keys and IVs are no longer passed to the callback.
2159    * Added support for built-in driver keys through the PSA opaque crypto
2187      private keys and of blinding values for DHM and elliptic curves (ECP)
2288    * The PSA API no longer allows the creation or destruction of keys with a
2290      can now only be used as intended, for keys that cannot be modified through
2383      tweaking the setting for the maximum amount of keys simultaneously in RAM.
2384      MBEDTLS_PSA_KEY_SLOT_COUNT sets the maximum number of volatile keys that
2417      value the function might fail to write a private RSA keys of the largest
2444      both the old SE interface and the new PSA driver interface, external keys were
2448      include this extension in all CA certificates that contain public keys
2507    * In the PSA API, it is no longer necessary to open persistent keys:
2511      version 1.0.0. Opening persistent keys is still supported for backward
2589    * psa_set_key_id() now also sets the lifetime to persistent for keys located
2618      attribute. No automatic upgrade path is provided. Previously stored keys
2640    * Stop storing persistent information about externally stored keys created
2645    * The new function mbedtls_ecp_write_key() exports private ECC keys back to
2701    * Fix the endianness of Curve25519 keys imported/exported through the PSA
2703      Montgomery keys in little-endian as defined by RFC7748. Contributed by
2747      instead of the keys' lifetime. If the library is upgraded on an existing
2748      device, keys created with the old lifetime value will not be readable or
2917      library which allows TLS authentication to use keys stored in a
2955      RSA keys that would later be rejected by functions expecting private
2956      keys. Found by Catena cyber using oss-fuzz (issue 20467).
2958      accept some RSA keys with invalid values by silently fixing those values.
2986      blinded value, factor it (as it is smaller than RSA keys and not guaranteed
3009    * In the PSA API, forbid zero-length keys. To pass a zero-length input to a
3300      passed keys that belonged to different group, the first key's data was
3507    * Add support for 128-bit keys in CTR_DRBG. Note that using keys shorter
3533    * Fix a bug in the update function for SSL ticket keys which previously
3534      invalidated keys of a lifetime of less than a 1s. Fixes #1968.
3872    * Fix parsing of PKCS#8 encoded Elliptic Curve keys. Previously Mbed TLS was
3873      unable to parse keys which had only the optional parameters field of the
3971      algorithms family when encrypting private keys using PKCS#5 v2.0.
3975    * Add support for public keys encoded in PKCS#1 format. #1122
4054    * Set PEM buffer to zero before freeing it, to avoid decoded private keys
4103      contexts from keys consisting of N,D,E only, even if P,Q are needed for the
4147    * Fix some invalid RSA-PSS signatures with keys of size 8N+1 that were
4149    * Fix out-of-memory problem when parsing 4096-bit PKCS8-encrypted RSA keys.
4577    * Fix issue that caused a hang when generating RSA keys of odd bitlength
4632      on untrusted input or write keys of untrusted origin. Found by Guido
4656      minimum key size for end-entity certificates with RSA keys. Found by
4718      https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/
4798    * New server-side implementation of session tickets that rotate keys to
5027    * Fix bug in pk_parse_key() that caused some valid private EC keys to be
5089    * Add function pk_check_pair() to test if public and private keys match.
5185      RSA keys.
5201    * Blowfish in the cipher layer now supports variable length keys.
5337    * pk_get_size() and pk_get_len() were off by a factor 8 for RSA-alt keys.
5353    * Support for reading EC keys that use SpecifiedECDomain in some cases.
5522    * Parsing Elliptic Curve keys
6176    * Parsing PEM private keys encrypted with DES and AES
6212    * Detection for DES weak keys and parity bits added
6253    * rsa_check_private() now supports PKCS1v2 keys as well
6434     * Modified the HMAC functions to handle keys larger
6531       valid RSA keys to be dismissed (thanks to oldwolf)