From e2a73c13cfe55fc4aa761d03f04fef2e994daa4a Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 17 Oct 2017 10:22:47 +0100 Subject: [PATCH] Enhancement of ChangeLog entry --- ChangeLog | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/ChangeLog b/ChangeLog index c65e5c5cc..7433dd7c6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,9 +13,15 @@ API Changes independent setup and export of RSA contexts. Most notably, mbedtls_rsa_import and mbedtls_rsa_complete are introduced for setting up RSA contexts from partial key material and having them completed to the - needs of the implementation automatically. This allows to setup RSA + needs of the implementation automatically. This allows to setup private RSA contexts from keys consisting of N,D,E only, even if P,Q are needed for the purpose or CRT and/or blinding. + * The configuration option MBEDTLS_RSA_ALT can be used to define alternative + implementations of the RSA interface declared in rsa.h. + +New deprecations + * Direct manipulation of structure fields of RSA contexts is deprecated. + Users are advised to use the extended RSA API instead. = mbed TLS x.x.x branch released xxxx-xx-xx @@ -321,7 +327,7 @@ Security * Fix potential integer overflow to buffer overflow in mbedtls_rsa_rsaes_pkcs1_v15_encrypt and mbedtls_rsa_rsaes_oaep_encrypt (not triggerable remotely in (D)TLS). - * Fix a potential integer underflow to buffer overread in + * Fix a potential integer underflow to buffer overread in mbedtls_rsa_rsaes_oaep_decrypt. It is not triggerable remotely in SSL/TLS. @@ -341,7 +347,7 @@ Bugfix * Fix an issue that caused valid certificates to be rejected whenever an expired or not yet valid certificate was parsed before a valid certificate in the trusted certificate list. - * Fix bug in mbedtls_x509_crt_parse that caused trailing extra data in the + * Fix bug in mbedtls_x509_crt_parse that caused trailing extra data in the buffer after DER certificates to be included in the raw representation. * Fix issue that caused a hang when generating RSA keys of odd bitlength * Fix bug in mbedtls_rsa_rsaes_pkcs1_v15_encrypt that made null pointer @@ -1597,7 +1603,7 @@ Security Changes * Allow enabling of dummy error_strerror() to support some use-cases * Debug messages about padding errors during SSL message decryption are - disabled by default and can be enabled with POLARSSL_SSL_DEBUG_ALL + disabled by default and can be enabled with POLARSSL_SSL_DEBUG_ALL * Sending of security-relevant alert messages that do not break interoperability can be switched on/off with the flag POLARSSL_SSL_ALL_ALERT_MESSAGES @@ -1626,7 +1632,7 @@ Bugfix Changes * Added p_hw_data to ssl_context for context specific hardware acceleration data - * During verify trust-CA is only checked for expiration and CRL presence + * During verify trust-CA is only checked for expiration and CRL presence Bugfixes * Fixed client authentication compatibility @@ -1924,9 +1930,9 @@ Features with random data (Fixed ticket #10) Changes - * Debug print of MPI now removes leading zero octets and + * Debug print of MPI now removes leading zero octets and displays actual bit size of the value. - * x509parse_key() (and as a consequence x509parse_keyfile()) + * x509parse_key() (and as a consequence x509parse_keyfile()) does not zeroize memory in advance anymore. Use rsa_init() before parsing a key or keyfile! @@ -1948,7 +1954,7 @@ Features printing of X509 CRLs from file Changes - * Parsing of PEM files moved to separate module (Fixes + * Parsing of PEM files moved to separate module (Fixes ticket #13). Also possible to remove PEM support for systems only using DER encoding @@ -2091,7 +2097,7 @@ Bug fixes * Fixed HMAC-MD2 by modifying md2_starts(), so that the required HMAC ipad and opad variables are not cleared. (found by code coverage tests) - * Prevented use of long long in bignum if + * Prevented use of long long in bignum if POLARSSL_HAVE_LONGLONG not defined (found by Giles Bathgate). * Fixed incorrect handling of negative strings in @@ -2132,7 +2138,7 @@ Bug fixes * Made definition of net_htons() endian-clean for big endian systems (Found by Gernot). * Undefining POLARSSL_HAVE_ASM now also handles prevents asm in - padlock and timing code. + padlock and timing code. * Fixed an off-by-one buffer allocation in ssl_set_hostname() responsible for crashes and unwanted behaviour. * Added support for Certificate Revocation List (CRL) parsing. @@ -2306,4 +2312,3 @@ XySSL ChangeLog who maintains the Debian package :-) = Version 0.1 released on 2006-11-01 -