ChangeLog - OpenGrok cross reference for /optee_os/lib/libmbedtls/mbedtls/ChangeLog

175    * MD module can now perform PSA dispatching also when
443      PEM) accepted by the pkparse module has been removed. Applications that
492    * The CTR_DRBG module will now use AES from a PSA driver if MBEDTLS_AES_C is
752      maximum size of a block cipher supported by the CMAC module).
764      entropy module was not covered which meant an external RNG had to be
778      if not required by another module) and still get support for ECC keys and
843    * Support for "opaque" (PSA-held) ECC keys in the PK module has been
934    * Fix a compilation failure in the constant_time module when
980    * Functions in the ssl_cache module now return a negative MBEDTLS_ERR_xxx
1002    * When using CBC with the cipher module, the requirement to call
1158      possible to verify RSA PSS signatures with the pk module, which was
1244      from a release, the Python module jsonschema is now necessary, in
1272      the entropy module. As a consequence, for now the only way to build with
1280      though: that module only use hashes from PSA when MBEDTLS_MD_C is off).
1401    * In the bignum module, operations of the form (-A) - (+A) or (-A) - (-A)
1420    * Fix a build error when compiling the bignum module for some Arm platforms.
1485    * The X.509 module now uses PSA hash acceleration if present.
1555      module before freeing them. These buffers contain secret key material, and
1805      where this function cannot fail, or full-module replacements with
1808      happen with an alternative implementation of the underlying hash module.
1839    * Fix the build when no SHA2 module is included. Fixes #4930.
1840    * Fix the build when only the bignum module is included. Fixes #4929.
1874    * The mbedcrypto library includes a new source code module constant_time.c,
1876      This module does not have a separate configuration option, and functions
1877      from this module will be included in the build as required. Currently
1878      most of the interface of this module is private and may change at any
1887    * Remove HAVEGE module.
1898    * Remove certs module from the API.
1940    * The interface of the GCM module has changed to remove restrictions on
1973    * For multi-part AEAD operations with the cipher module, calling
2109    * The RSA module no longer supports private-key operations with the public
2223    * Fix some cases in the bignum module where the library constructed an
2262      timing module on Mbed OS. Fixes #4633.
2404      length, or when the entropy module uses SHA-256 and CTR_DRBG uses AES-256.
2458    * On recent enough versions of FreeBSD and DragonFlyBSD, the entropy module
2752    * New functions in the error module return constant strings for
2805      mbedtls_gcc_group_to_psa(). This allows the pk.c module to link separately
2853    * The ECP module, enabled by `MBEDTLS_ECP_C`, now depends on
2867      SSL module for hardware acceleration of individual records.
2947    * Fix an unchecked call to mbedtls_md() in the x509write module.
2973      entropy module formerly only grabbed 32 bytes, which is good enough for
3001    * The CTR_DRBG module can grab a nonce from the entropy source during the
3005    * Add ENUMERATED tag support to the ASN.1 module. Contributed by
3141    * Fix misuse of signed arithmetic in the HAVEGE module. #2598
3156    * Improve code clarity in x509_crt module, removing false-positive
3159    * Fix bug in endianness conversion in bignum module. This lead to
3206      X.509 certificate extension, specifically type hardware module name,
3319      in X.509 module. Fixes #2212.
3380      the more generic per-module error codes MBEDTLS_ERR_xxx_BAD_INPUT_DATA.
3517    * All module specific errors following the form
3521    * All module specific generic hardware acceleration errors following the
3586    * Extend the platform module with an abstraction mbedtls_platform_gmtime_r()
3600    * Fix an issue in the X.509 module which could lead to a buffer overread
3634    * Replace printf with mbedtls_printf in the ARIA module. Found by
3660    * Add warnings to the documentation of the HKDF module to reduce the risk
3766    * Add additional block mode, OFB (Output Feedback), to the AES module and
3767      cipher abstraction module.
3799    * Extend the platform module with a util component that contains
3806      Therefore, mbedtls_platform_zeroize() is moved to the platform module to
3821    * Fix an issue in the X.509 module which could lead to a buffer overread
3928    * In the SSL module, when f_send, f_recv or f_recv_timeout report
3937      of the corresponding module is activated by defining the corresponding
3999    * Fix memory allocation corner cases in memory_buffer_alloc.c module. Found
4084      The following functions from the ECDSA module can be replaced
4090      The following functions from the ECDH module can be replaced
4095    * Add mechanism to provide alternative implementation of the DHM module.
4195    * Fix the entropy.c module to not call mbedtls_sha256_starts() or
4197    * Fix the entropy.c module to ensure that mbedtls_sha256_init() or
4215      undeclared dependency of the RSA module on the ASN.1 module.
4219      everywhere except some locations in the ssl_tls.c module.
4365    * Add hardware acceleration support for the Elliptic Curve Point module.
4367      replacing the core functions and adding and alternative, module level
4374    * The following functions in the AES module have been deprecated and replaced
4384    * Fixed issue in the Threading module that prevented mutexes from
4386    * Add checks in the PK module for the RSA functions on 64-bit systems.
4395      using RSA through the PK module in 64-bit systems. The issue was caused by
4797      ability to override the whole module.
4802    * Expanded configurability of security parameters in the SSL module with
4862    * In the NET module, all "int" and "int *" arguments for file descriptors
4881      layer and the memory_buffer_alloc module changed accordingly.
4900    * Removed test DHM parameters from the test certs module.
4901    * Removed the PBKDF2 module (use PKCS5).
4962      instead, see mbedtls_ssl_set_timer_cb(), with the Timing module providing
5197    * Add CCM module and cipher mode to Cipher Layer
5268      checked and filled in the relevant module headers
5269    * Debug module only outputs full lines instead of parts
5289    * Some parts of ssl_tls.c were compiled even when the module was disabled.
5345    * HMAC-DRBG as a separate module
5349    * Ability to force the entropy module to use SHA-256 as its basis
5354    * Entropy module now supports seed writing and reading
5415    * net module handles timeouts on blocking sockets better (found by Tilman
5430    * Support for IPv6 in the NET module
5439    * More constant-time checks in the RSA module
5442    * Memory usage optimizations in ECP module
5510    * Elliptic Curve Cryptography module added
5511    * Elliptic Curve Diffie Hellman module added
5540    * Introduced separate SSL Ciphersuites module that is based on
5542    * Internals for SSL module adapted to have separate IV pointer that is
5544    * Moved all OID functionality to a separate module. RSA function
5546    * Split up the GCM module into a starts/update/finish cycle
5563    * Support for AIX header locations in net.c module
5660    * Entropy module now supports seed writing and reading
5756    * Centralized module option values in config.h to allow user-defined
5767    * PKCS#5 module added. Moved PBKDF2 functionality inside and deprecated
5768      old PBKDF2 module
5817    * The SSL session cache module (ssl_cache) now also retains peer_cert
6067      So now there is a module that is controlled with POLARSSL_ASN1_PARSE_C.
6182    * Parsing of PEM files moved to separate module (Fixes