Add changelog entries for the crypto changes in 2.20.0

Describe changes between mbedcrypto-2.0.0 (version in Mbed TLS 2.19.0)
and mbedcrypto-3.0.0 (version in Mbed TLS 2.20.0).
This commit is contained in:
Gilles Peskine 2020-01-22 18:28:24 +01:00
parent dbcb44202c
commit 6a4c340c36

View File

@ -2,6 +2,38 @@ mbed TLS ChangeLog (Sorted per branch, date)
= mbed TLS 2.20.0 branch released 2020-01-15 = mbed TLS 2.20.0 branch released 2020-01-15
Default behavior changes
* The initial seeding of a CTR\_DRBG instance makes a second call to the
entropy function to obtain entropy for a nonce if the entropy size is less
than 3/2 times the key size. In case you want to disable the extra call to
grab entropy, you can call `mbedtls_ctr_drbg_set_nonce_len()` to force the
nonce length to 0.
Security
* Enforce that `mbedtls_entropy_func()` gathers a total of
`MBEDTLS_ENTROPY_BLOCK_SIZE` bytes or more from strong sources. In the
default configuration, on a platform with a single entropy source, the
entropy module formerly only grabbed 32 bytes, which is good enough for
security if the source is genuinely strong, but less than the expected 64
bytes (size of the entropy accumulator).
Features
* Key derivation inputs in the PSA API can now either come from a key object
or from a buffer regardless of the step type.
* The CTR_DRBG module can grab a nonce from the entropy source during the
initial seeding. The default nonce length is chosen based on the key size
to achieve the security strength defined by NIST SP 800-90A. You can
change it with `mbedtls_ctr_drbg_set_nonce_len()`.
* Add ENUMERATED tag support to the ASN.1 module. Contributed by
msopiha-linaro in #307.
API changes
* In the PSA API, forbid zero-length keys. To pass a zero-length input to a
key derivation function, use a buffer instead (this is now always
possible).
* Rename `psa_asymmetric_sign()` to `psa_sign_hash()` and
`psa_asymmetric_verify()` to `psa_verify_hash()`.
Bugfix Bugfix
* Fix an incorrect size in a debugging message. Reported and fix * Fix an incorrect size in a debugging message. Reported and fix
submitted by irwir. Fixes #2717. submitted by irwir. Fixes #2717.
@ -9,6 +41,34 @@ Bugfix
Reported and fix submitted by irwir. Fixes #2800. Reported and fix submitted by irwir. Fixes #2800.
* Remove a useless assignment. Reported and fix submitted by irwir. * Remove a useless assignment. Reported and fix submitted by irwir.
Fixes #2801. Fixes #2801.
* Fix a buffer overflow in the PSA HMAC code when using a long key with an
unsupported algorithm. Fixes #254.
* Fix `mbedtls_asn1_get_int` to support any number of leading zeros. Credit
to OSS-Fuzz for finding a bug in an intermediate version of the fix.
* Fix `mbedtls_asn1_get_bitstring_null` to correctly parse bitstrings of at
most 2 bytes.
* `mbedtls_ctr_drbg_set_entropy_len()` and
`mbedtls_hmac_drbg_set_entropy_len()` now work if you call them before
`mbedtls_ctr_drbg_seed()` or `mbedtls_hmac_drbg_seed()`.
* Fix some false-positive uninitialized variable warnings. Fix contributed
by apple-ihack-geek in ARMmbed/mbedtls#2663.
Changes
* Remove the technical possibility to define custom `mbedtls_md_info`
structures, which was exposed only in an internal header.
* `psa_close_key(0)` and `psa_destroy_key(0)` now succeed (doing nothing, as
before).
* Variables containing error codes are now initialized to an error code
rather than success, so that coding mistakes or memory corruption tends to
cause functions to return this error code rather than a success. There are
no known instances where this changes the behavior of the library: this is
merely a robustness improvement. #323
* Remove a useless call to `mbedtls_ecp_group_free()`. Contributed by
Alexander Krizhanovsky in #210.
* Speed up PBKDF2 by caching the digest calculation. Contributed by Jack
Lloyd and Fortanix Inc in #277.
* Small performance improvement of `mbedtls_mpi_div_mpi()`. Contributed by
Alexander Krizhanovsky in #308.
= mbed TLS 2.19.1 branch released 2019-09-16 = mbed TLS 2.19.1 branch released 2019-09-16