ChangeLog - OpenGrok cross reference for /optee_os/lib/libmbedtls/mbedtls/ChangeLog

60    * Fix a timing side channel in the implementation of PKCS#7 padding
553    * When negotiating TLS version on server side, do not fall back to the
654    * Fix a timing side channel in private key RSA operations. This side channel
704      the capabilities of the PSA side for either key.
740    * Add support for server-side TLS version negotiation. If both TLS 1.2 and
1068    * Fix a potential heap buffer overread in TLS 1.3 client-side when
1071      Arm, so that these systems are no longer vulnerable to timing side-channel
1077      timing side-channel attacks. There is now an intrinsics-based AES-NI
1088      calculation on the client side. It prevents a server with more accurate
1480    * Add support for client-side TLS version negotiation. If both TLS 1.2 and
1506      and hmac_demo.c, which use PSA and the md/cipher interfaces side
1507      by side in order to illustrate how the operation is performed in PSA.
1520    * Fix a potential heap buffer overread in TLS 1.2 server-side when
1832      containing various functions meant to resist timing side channel attacks.
2146    * Fix a potential side channel vulnerability in ECDSA ephemeral key generation.
2217      the affected side to wrongly reject valid messages. Fixes #4118.
2380    * Guard against strong local side channel attack against base64 tables by
2640    * Fix side channel in RSA private key operations and static (finite-field)
2729    * Fix a side channel vulnerability in modular exponentiation that could
2734    * Fix side channel in mbedtls_ecp_check_pub_priv() and
2811      `MBEDTLS_CTR_DRBG_C` or `MBEDTLS_HMAC_DRBG_C` for some side-channel
2812      coutermeasures. If side channels are not a concern, this dependency can
2837    * Fix side channel in ECC code that allowed an adversary with access to
2884    * To avoid a side channel vulnerability when parsing an RSA private key,
2941    * Fix side channel vulnerability in ECDSA. Our bignum implementation is not
2942      constant time/constant trace, so side channel attacks can retrieve the
2946    * Fix side channel vulnerability in ECDSA key generation. Obtaining precise
3028      side of the key exchange had a similar bug.
3037      countermeasure and leaked information about the private key through side
3453      implemented client-side, for ECDHE-ECDSA ciphersuites in TLS 1.2,
3518    * Close a test gap in (D)TLS between the client side and the server side:
3519      test the handling of large packets and small packets on the client side
3520      in the same way as on the server side.
3791    * Fix a client-side bug in the validation of the server's ciphersuite choice
3988      code execution. The issue could be triggered remotely from either side in
4022      (server-side). Could result in application crash, but only if an ALPN
4191      triggered remotely from either side. (With authmode set to 'required'
4264      The issue could only happen client-side with renegotiation enabled.
4316      against side-channel attacks like the cache attack described in
4676    * Fix possible client-side NULL pointer dereference (read) when the client
4755    * New server-side implementation of session tickets that rotate keys to
4895    * Default DHM parameters server-side upgraded from 1024 to 2048 bits.
5094    * It is now possible to disable negotiation of truncated HMAC server-side
5163    * Add server-side enforcement of sent renegotiation requests
5441    * Server-side initiated renegotiations send HelloRequest
5864    * Added ServerName extension parsing (SNI) at server side
6366     * Added support on the client side for the TLS "hostname" extension
6470     * Added server-side SSLv3 and TLSv1.0 support