ChangeLog - OpenGrok cross reference for /optee_os/lib/libmbedtls/mbedtls/ChangeLog

39      were affected (use-after-free if the san string contains more than one DN).
334      MBEDTLS_PSA_KEY_SLOT_COUNT is more than 4096.
357      mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets() for more
453      size by disabling it in more circumstances. In particular, the CCM and
527      docs/architecture/psa-thread-safety/psa-thread-safety.md for more details.
625    * PSA_WANT_ALG_CCM and PSA_WANT_ALG_CCM_STAR_NO_TAG are no more synonyms and
712      mbedtls_pkcs12_pbe_ext() as they offer more security by checking
759      more information.
782      - implementations are free to enable more than what it was strictly
988      more details.
1088      calculation on the client side. It prevents a server with more accurate
1153    * Mixed-endian systems are explicitly not supported any more.
1169      affects contributors and maintainers of local patches. For more
1305      recommend upgrading to a more recent compiler instead. Fixes #1910.
1416    * Deprecate mbedtls_ssl_conf_sig_hashes() in favor of the more generic
1681    * Deprecate mbedtls_ssl_conf_curves() in favor of the more generic
1846      with a more complex CPU usually have an operating system interface that
1851      more information.
1925      `mbedtls_ssl_conf_[opaque_]psk()` more than once will fail,
1927      Support for more than one PSK may be added in 3.X.
1958      migration guide for more information. Fixes #4212.
1991      functions instead. For more information, see the migration guide entry
2016      in the development branch” in README.md for more information.
2031      provides a more flexible private key management.
2107      See issue #4341 for more details.
2118      MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS for more information.
2284      now writing an empty string where it previously wrote one or more
2367      |A| - |B| where |B| is larger than |A| and has more limbs (so the
2827      mbedtls_ssl_get_input_max_frag_len() to be more precise about which max
2928      MBEDTLS_ENTROPY_BLOCK_SIZE bytes or more from strong sources. In the
3245      See the Features section for more information.
3305    * Reduce the complexity of the timing tests. They were assuming more than the
3320      changed, but requirements on parameters have been made more explicit in
3337      the more generic per-module error codes MBEDTLS_ERR_xxx_BAD_INPUT_DATA.
3399      (University of Adelaide, Data61). The attack is described in more detail
3432    * Fix mbedtls_mpi_is_prime() to use more rounds of probabilistic testing. The
3811      a check for whether more more data is pending to be processed in the
3832    * Return the plaintext data more quickly on unpadded CBC decryption, as
3886      transmitting more than the required length, return an error. Raised by
4032    * New unit tests for timing. Improve the self-test to be more robust
4189      X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA
4303    * Send fatal alerts in more cases. The previous behaviour was to skip
4581    * Fix potential double free if mbedtls_ssl_conf_psk() is called more than
4632    * Fix potential double-free if mbedtls_ssl_set_hs_psk() is called more than
4768      Some names have been further changed to make them more consistent.
4866    * Removed test program o_p_test, the script compat.sh does more.
4929      more (at the expense of performance) MBEDTLS_SHA256_SMALLER.
4941    * Improve ECC performance by using more efficient doubling formulas
4970    * Fix memory leak when gcm_setkey() and ccm_setkey() are used more than
5011      more flexible (warning: OFLAGS is not used any more) (see the README)
5124    * ssl_close_notify() could send more than one message in some circumstances
5137    * Made buffer size in pk_write_(pub)key_pem() more dynamic, eg smaller if
5144    * X.509 certificates with more than one AttributeTypeAndValue per
5145      RelativeDistinguishedName are not accepted any more.
5193    * Very large records using more than 224 bytes of padding were incorrectly
5336    * ecp_gen_keypair() does more tries to prevent failure because of
5453    * config.h is more script-friendly
5598    * ssl_close_notify() could send more than one message in some circumstances
5609    * X.509 certificates with more than one AttributeTypeAndValue per
5610      RelativeDistinguishedName are not accepted any more.
5736    * x509parse_crtpath() is now reentrant and uses more portable stat()
5799    * More advanced SSL ciphersuite representation and moved to more dynamic
5980    * Fixed random MPI generation to not generate more size than requested.
6033    * Changed the used random function pointer to more flexible format. Renamed
6146    * Support more exotic OID's when parsing certificates
6148    * Support more exotic name representations when parsing
6195    * Expanded ssl_client2 arguments for more flexibility