ChangeLog - OpenGrok cross reference for /optee_os/lib/libmbedtls/mbedtls/ChangeLog

132    * MD module can now perform PSA dispatching also when
400      PEM) accepted by the pkparse module has been removed. Applications that
449    * The CTR_DRBG module will now use AES from a PSA driver if MBEDTLS_AES_C is
709      maximum size of a block cipher supported by the CMAC module).
721      entropy module was not covered which meant an external RNG had to be
735      if not required by another module) and still get support for ECC keys and
800    * Support for "opaque" (PSA-held) ECC keys in the PK module has been
891    * Fix a compilation failure in the constant_time module when
937    * Functions in the ssl_cache module now return a negative MBEDTLS_ERR_xxx
959    * When using CBC with the cipher module, the requirement to call
1115      possible to verify RSA PSS signatures with the pk module, which was
1201      from a release, the Python module jsonschema is now necessary, in
1229      the entropy module. As a consequence, for now the only way to build with
1237      though: that module only use hashes from PSA when MBEDTLS_MD_C is off).
1358    * In the bignum module, operations of the form (-A) - (+A) or (-A) - (-A)
1377    * Fix a build error when compiling the bignum module for some Arm platforms.
1442    * The X.509 module now uses PSA hash acceleration if present.
1512      module before freeing them. These buffers contain secret key material, and
1762      where this function cannot fail, or full-module replacements with
1765      happen with an alternative implementation of the underlying hash module.
1796    * Fix the build when no SHA2 module is included. Fixes #4930.
1797    * Fix the build when only the bignum module is included. Fixes #4929.
1831    * The mbedcrypto library includes a new source code module constant_time.c,
1833      This module does not have a separate configuration option, and functions
1834      from this module will be included in the build as required. Currently
1835      most of the interface of this module is private and may change at any
1844    * Remove HAVEGE module.
1855    * Remove certs module from the API.
1897    * The interface of the GCM module has changed to remove restrictions on
1930    * For multi-part AEAD operations with the cipher module, calling
2066    * The RSA module no longer supports private-key operations with the public
2180    * Fix some cases in the bignum module where the library constructed an
2219      timing module on Mbed OS. Fixes #4633.
2361      length, or when the entropy module uses SHA-256 and CTR_DRBG uses AES-256.
2415    * On recent enough versions of FreeBSD and DragonFlyBSD, the entropy module
2709    * New functions in the error module return constant strings for
2762      mbedtls_gcc_group_to_psa(). This allows the pk.c module to link separately
2810    * The ECP module, enabled by `MBEDTLS_ECP_C`, now depends on
2824      SSL module for hardware acceleration of individual records.
2904    * Fix an unchecked call to mbedtls_md() in the x509write module.
2930      entropy module formerly only grabbed 32 bytes, which is good enough for
2958    * The CTR_DRBG module can grab a nonce from the entropy source during the
2962    * Add ENUMERATED tag support to the ASN.1 module. Contributed by
3098    * Fix misuse of signed arithmetic in the HAVEGE module. #2598
3113    * Improve code clarity in x509_crt module, removing false-positive
3116    * Fix bug in endianness conversion in bignum module. This lead to
3163      X.509 certificate extension, specifically type hardware module name,
3276      in X.509 module. Fixes #2212.
3337      the more generic per-module error codes MBEDTLS_ERR_xxx_BAD_INPUT_DATA.
3474    * All module specific errors following the form
3478    * All module specific generic hardware acceleration errors following the
3543    * Extend the platform module with an abstraction mbedtls_platform_gmtime_r()
3557    * Fix an issue in the X.509 module which could lead to a buffer overread
3591    * Replace printf with mbedtls_printf in the ARIA module. Found by
3617    * Add warnings to the documentation of the HKDF module to reduce the risk
3723    * Add additional block mode, OFB (Output Feedback), to the AES module and
3724      cipher abstraction module.
3756    * Extend the platform module with a util component that contains
3763      Therefore, mbedtls_platform_zeroize() is moved to the platform module to
3778    * Fix an issue in the X.509 module which could lead to a buffer overread
3885    * In the SSL module, when f_send, f_recv or f_recv_timeout report
3894      of the corresponding module is activated by defining the corresponding
3956    * Fix memory allocation corner cases in memory_buffer_alloc.c module. Found
4041      The following functions from the ECDSA module can be replaced
4047      The following functions from the ECDH module can be replaced
4052    * Add mechanism to provide alternative implementation of the DHM module.
4152    * Fix the entropy.c module to not call mbedtls_sha256_starts() or
4154    * Fix the entropy.c module to ensure that mbedtls_sha256_init() or
4172      undeclared dependency of the RSA module on the ASN.1 module.
4176      everywhere except some locations in the ssl_tls.c module.
4322    * Add hardware acceleration support for the Elliptic Curve Point module.
4324      replacing the core functions and adding and alternative, module level
4331    * The following functions in the AES module have been deprecated and replaced
4341    * Fixed issue in the Threading module that prevented mutexes from
4343    * Add checks in the PK module for the RSA functions on 64-bit systems.
4352      using RSA through the PK module in 64-bit systems. The issue was caused by
4754      ability to override the whole module.
4759    * Expanded configurability of security parameters in the SSL module with
4819    * In the NET module, all "int" and "int *" arguments for file descriptors
4838      layer and the memory_buffer_alloc module changed accordingly.
4857    * Removed test DHM parameters from the test certs module.
4858    * Removed the PBKDF2 module (use PKCS5).
4919      instead, see mbedtls_ssl_set_timer_cb(), with the Timing module providing
5154    * Add CCM module and cipher mode to Cipher Layer
5225      checked and filled in the relevant module headers
5226    * Debug module only outputs full lines instead of parts
5246    * Some parts of ssl_tls.c were compiled even when the module was disabled.
5302    * HMAC-DRBG as a separate module
5306    * Ability to force the entropy module to use SHA-256 as its basis
5311    * Entropy module now supports seed writing and reading
5372    * net module handles timeouts on blocking sockets better (found by Tilman
5387    * Support for IPv6 in the NET module
5396    * More constant-time checks in the RSA module
5399    * Memory usage optimizations in ECP module
5467    * Elliptic Curve Cryptography module added
5468    * Elliptic Curve Diffie Hellman module added
5497    * Introduced separate SSL Ciphersuites module that is based on
5499    * Internals for SSL module adapted to have separate IV pointer that is
5501    * Moved all OID functionality to a separate module. RSA function
5503    * Split up the GCM module into a starts/update/finish cycle
5520    * Support for AIX header locations in net.c module
5617    * Entropy module now supports seed writing and reading
5713    * Centralized module option values in config.h to allow user-defined
5724    * PKCS#5 module added. Moved PBKDF2 functionality inside and deprecated
5725      old PBKDF2 module
5774    * The SSL session cache module (ssl_cache) now also retains peer_cert
6024      So now there is a module that is controlled with POLARSSL_ASN1_PARSE_C.
6139    * Parsing of PEM files moved to separate module (Fixes