ChangeLog - OpenGrok cross reference for /optee_os/lib/libmbedtls/mbedtls/ChangeLog

17    * Fix a timing side channel in CBC-PKCS7 decryption that could
21    * Fix a local timing side-channel in modular inversion and GCD that was
26      used, by the non-secure side abusing timer interrupts (M-Step), and
103    * Fix a timing side channel in the implementation of PKCS#7 padding
596    * When negotiating TLS version on server side, do not fall back to the
697    * Fix a timing side channel in private key RSA operations. This side channel
747      the capabilities of the PSA side for either key.
783    * Add support for server-side TLS version negotiation. If both TLS 1.2 and
1111    * Fix a potential heap buffer overread in TLS 1.3 client-side when
1114      Arm, so that these systems are no longer vulnerable to timing side-channel
1120      timing side-channel attacks. There is now an intrinsics-based AES-NI
1131      calculation on the client side. It prevents a server with more accurate
1523    * Add support for client-side TLS version negotiation. If both TLS 1.2 and
1549      and hmac_demo.c, which use PSA and the md/cipher interfaces side
1550      by side in order to illustrate how the operation is performed in PSA.
1563    * Fix a potential heap buffer overread in TLS 1.2 server-side when
1875      containing various functions meant to resist timing side channel attacks.
2189    * Fix a potential side channel vulnerability in ECDSA ephemeral key generation.
2260      the affected side to wrongly reject valid messages. Fixes #4118.
2423    * Guard against strong local side channel attack against base64 tables by
2683    * Fix side channel in RSA private key operations and static (finite-field)
2772    * Fix a side channel vulnerability in modular exponentiation that could
2777    * Fix side channel in mbedtls_ecp_check_pub_priv() and
2854      `MBEDTLS_CTR_DRBG_C` or `MBEDTLS_HMAC_DRBG_C` for some side-channel
2855      coutermeasures. If side channels are not a concern, this dependency can
2880    * Fix side channel in ECC code that allowed an adversary with access to
2927    * To avoid a side channel vulnerability when parsing an RSA private key,
2984    * Fix side channel vulnerability in ECDSA. Our bignum implementation is not
2985      constant time/constant trace, so side channel attacks can retrieve the
2989    * Fix side channel vulnerability in ECDSA key generation. Obtaining precise
3071      side of the key exchange had a similar bug.
3080      countermeasure and leaked information about the private key through side
3496      implemented client-side, for ECDHE-ECDSA ciphersuites in TLS 1.2,
3561    * Close a test gap in (D)TLS between the client side and the server side:
3562      test the handling of large packets and small packets on the client side
3563      in the same way as on the server side.
3834    * Fix a client-side bug in the validation of the server's ciphersuite choice
4031      code execution. The issue could be triggered remotely from either side in
4065      (server-side). Could result in application crash, but only if an ALPN
4234      triggered remotely from either side. (With authmode set to 'required'
4307      The issue could only happen client-side with renegotiation enabled.
4359      against side-channel attacks like the cache attack described in
4719    * Fix possible client-side NULL pointer dereference (read) when the client
4798    * New server-side implementation of session tickets that rotate keys to
4938    * Default DHM parameters server-side upgraded from 1024 to 2048 bits.
5137    * It is now possible to disable negotiation of truncated HMAC server-side
5206    * Add server-side enforcement of sent renegotiation requests
5484    * Server-side initiated renegotiations send HelloRequest
5907    * Added ServerName extension parsing (SNI) at server side
6409     * Added support on the client side for the TLS "hostname" extension
6513     * Added server-side SSLv3 and TLSv1.0 support