ChangeLog - OpenGrok cross reference for /optee_os/lib/libmbedtls/mbedtls/ChangeLog

82      were affected (use-after-free if the san string contains more than one DN).
377      MBEDTLS_PSA_KEY_SLOT_COUNT is more than 4096.
400      mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets() for more
496      size by disabling it in more circumstances. In particular, the CCM and
570      docs/architecture/psa-thread-safety/psa-thread-safety.md for more details.
668    * PSA_WANT_ALG_CCM and PSA_WANT_ALG_CCM_STAR_NO_TAG are no more synonyms and
755      mbedtls_pkcs12_pbe_ext() as they offer more security by checking
802      more information.
825      - implementations are free to enable more than what it was strictly
1031      more details.
1131      calculation on the client side. It prevents a server with more accurate
1196    * Mixed-endian systems are explicitly not supported any more.
1212      affects contributors and maintainers of local patches. For more
1348      recommend upgrading to a more recent compiler instead. Fixes #1910.
1459    * Deprecate mbedtls_ssl_conf_sig_hashes() in favor of the more generic
1724    * Deprecate mbedtls_ssl_conf_curves() in favor of the more generic
1889      with a more complex CPU usually have an operating system interface that
1894      more information.
1968      `mbedtls_ssl_conf_[opaque_]psk()` more than once will fail,
1970      Support for more than one PSK may be added in 3.X.
2001      migration guide for more information. Fixes #4212.
2034      functions instead. For more information, see the migration guide entry
2059      in the development branch” in README.md for more information.
2074      provides a more flexible private key management.
2150      See issue #4341 for more details.
2161      MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS for more information.
2327      now writing an empty string where it previously wrote one or more
2410      |A| - |B| where |B| is larger than |A| and has more limbs (so the
2870      mbedtls_ssl_get_input_max_frag_len() to be more precise about which max
2971      MBEDTLS_ENTROPY_BLOCK_SIZE bytes or more from strong sources. In the
3288      See the Features section for more information.
3348    * Reduce the complexity of the timing tests. They were assuming more than the
3363      changed, but requirements on parameters have been made more explicit in
3380      the more generic per-module error codes MBEDTLS_ERR_xxx_BAD_INPUT_DATA.
3442      (University of Adelaide, Data61). The attack is described in more detail
3475    * Fix mbedtls_mpi_is_prime() to use more rounds of probabilistic testing. The
3854      a check for whether more more data is pending to be processed in the
3875    * Return the plaintext data more quickly on unpadded CBC decryption, as
3929      transmitting more than the required length, return an error. Raised by
4075    * New unit tests for timing. Improve the self-test to be more robust
4232      X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA
4346    * Send fatal alerts in more cases. The previous behaviour was to skip
4624    * Fix potential double free if mbedtls_ssl_conf_psk() is called more than
4675    * Fix potential double-free if mbedtls_ssl_set_hs_psk() is called more than
4811      Some names have been further changed to make them more consistent.
4909    * Removed test program o_p_test, the script compat.sh does more.
4972      more (at the expense of performance) MBEDTLS_SHA256_SMALLER.
4984    * Improve ECC performance by using more efficient doubling formulas
5013    * Fix memory leak when gcm_setkey() and ccm_setkey() are used more than
5054      more flexible (warning: OFLAGS is not used any more) (see the README)
5167    * ssl_close_notify() could send more than one message in some circumstances
5180    * Made buffer size in pk_write_(pub)key_pem() more dynamic, eg smaller if
5187    * X.509 certificates with more than one AttributeTypeAndValue per
5188      RelativeDistinguishedName are not accepted any more.
5236    * Very large records using more than 224 bytes of padding were incorrectly
5379    * ecp_gen_keypair() does more tries to prevent failure because of
5496    * config.h is more script-friendly
5641    * ssl_close_notify() could send more than one message in some circumstances
5652    * X.509 certificates with more than one AttributeTypeAndValue per
5653      RelativeDistinguishedName are not accepted any more.
5779    * x509parse_crtpath() is now reentrant and uses more portable stat()
5842    * More advanced SSL ciphersuite representation and moved to more dynamic
6023    * Fixed random MPI generation to not generate more size than requested.
6076    * Changed the used random function pointer to more flexible format. Renamed
6189    * Support more exotic OID's when parsing certificates
6191    * Support more exotic name representations when parsing
6238    * Expanded ssl_client2 arguments for more flexibility