mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-26 04:35:44 +01:00
Add ChangeLog entries
This commit is contained in:
parent
2f18490900
commit
12fff1520d
15
ChangeLog
15
ChangeLog
@ -8,6 +8,11 @@ Security
|
||||
as an ASN.1 INTEGER, which caused the size of the key to leak
|
||||
about 1 bit of information on average and could cause the value to be
|
||||
1 byte too large for the output buffer.
|
||||
* The deterministic ECDSA calculation reused the scheme's HMAC-DRBG to
|
||||
implement blinding. Because of this for the same key and message the same
|
||||
blinding value was generated. This reduced the effectiveness of the
|
||||
countermeasure and leaked information about the private key through side
|
||||
channels. Reported by Jack Lloyd.
|
||||
|
||||
Features
|
||||
* Add new API functions mbedtls_ssl_session_save() and
|
||||
@ -40,6 +45,16 @@ API Changes
|
||||
just curves for which both are supported. Call mbedtls_ecdsa_can_do() or
|
||||
mbedtls_ecdh_can_do() on each result to check whether each algorithm is
|
||||
supported.
|
||||
* The following function in the ECDSA module has been deprecated and replaced
|
||||
as shown below. The new function can take an RNG function as an argument
|
||||
which is necessary for adequate blinding.
|
||||
mbedtls_ecdsa_sign_det() -> mbedtls_ecdsa_sign_det_ext()
|
||||
|
||||
New deprecations
|
||||
* Deprecate mbedtls_ecdsa_sign_det() in favor of a functions that can take an
|
||||
RNG function as an input.
|
||||
* Calling mbedtls_ecdsa_write_signature() with NULL as the f_rng argument
|
||||
is now deprecated.
|
||||
|
||||
Bugfix
|
||||
* Fix missing bounds checks in X.509 parsing functions that could
|
||||
|
Loading…
Reference in New Issue
Block a user