mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-26 02:05:39 +01:00
Minor Changelog updates & fixes
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
This commit is contained in:
parent
0798a827c8
commit
f00d9a2340
30
ChangeLog
30
ChangeLog
@ -1,6 +1,6 @@
|
|||||||
mbed TLS ChangeLog (Sorted per branch, date)
|
mbed TLS ChangeLog (Sorted per branch, date)
|
||||||
|
|
||||||
= mbed TLS x.x.x branch released xxxx-xx-xx
|
= mbed TLS 2.28.0 branch released 2021-12-17
|
||||||
|
|
||||||
API changes
|
API changes
|
||||||
* Some fields of mbedtls_ssl_session and mbedtls_ssl_config are in a
|
* Some fields of mbedtls_ssl_session and mbedtls_ssl_config are in a
|
||||||
@ -33,7 +33,7 @@ Features
|
|||||||
extended to other modules in the future.
|
extended to other modules in the future.
|
||||||
* Add missing PSA macros declared by PSA Crypto API 1.0.0:
|
* Add missing PSA macros declared by PSA Crypto API 1.0.0:
|
||||||
PSA_ALG_IS_SIGN_HASH, PSA_ALG_NONE, PSA_HASH_BLOCK_LENGTH, PSA_KEY_ID_NULL.
|
PSA_ALG_IS_SIGN_HASH, PSA_ALG_NONE, PSA_HASH_BLOCK_LENGTH, PSA_KEY_ID_NULL.
|
||||||
* Add new API mbedtls_ct_memcmp for constant time buffer comparison.
|
* Add new API mbedtls_ct_memcmp for constant time buffer comparison.
|
||||||
* Add PSA API definition for ARIA.
|
* Add PSA API definition for ARIA.
|
||||||
|
|
||||||
Security
|
Security
|
||||||
@ -46,6 +46,11 @@ Security
|
|||||||
from the output buffer. This fixes a potential policy bypass or decryption
|
from the output buffer. This fixes a potential policy bypass or decryption
|
||||||
oracle vulnerability if the output buffer is in memory that is shared with
|
oracle vulnerability if the output buffer is in memory that is shared with
|
||||||
an untrusted application.
|
an untrusted application.
|
||||||
|
* Fix a double-free that happened after mbedtls_ssl_set_session() or
|
||||||
|
mbedtls_ssl_get_session() failed with MBEDTLS_ERR_SSL_ALLOC_FAILED
|
||||||
|
(out of memory). After that, calling mbedtls_ssl_session_free()
|
||||||
|
and mbedtls_ssl_free() would cause an internal session buffer to
|
||||||
|
be free()'d twice.
|
||||||
|
|
||||||
Bugfix
|
Bugfix
|
||||||
* Stop using reserved identifiers as local variables. Fixes #4630.
|
* Stop using reserved identifiers as local variables. Fixes #4630.
|
||||||
@ -86,8 +91,8 @@ Bugfix
|
|||||||
these two.
|
these two.
|
||||||
* Fix issue in Makefile on Linux with SHARED=1, that caused shared libraries
|
* Fix issue in Makefile on Linux with SHARED=1, that caused shared libraries
|
||||||
not to list other shared libraries they need.
|
not to list other shared libraries they need.
|
||||||
* Fix a bug in mbedtls_gcm_starts() when bits of iv are longer than 2^32.
|
* Fix a bug in mbedtls_gcm_starts() when the bit length of the iv
|
||||||
* Fix #4884.
|
exceeds 2^32. Fixes #4884.
|
||||||
* Fix an uninitialized variable warning in test_suite_ssl.function with GCC
|
* Fix an uninitialized variable warning in test_suite_ssl.function with GCC
|
||||||
version 11.
|
version 11.
|
||||||
* Fix the build when no SHA2 module is included. Fixes #4930.
|
* Fix the build when no SHA2 module is included. Fixes #4930.
|
||||||
@ -96,11 +101,6 @@ Bugfix
|
|||||||
pkcs12 functions when the password is empty. Fix the documentation to
|
pkcs12 functions when the password is empty. Fix the documentation to
|
||||||
better describe the inputs to these functions and their possible values.
|
better describe the inputs to these functions and their possible values.
|
||||||
Fixes #5136.
|
Fixes #5136.
|
||||||
* Fix a double-free that happened after mbedtls_ssl_set_session() or
|
|
||||||
mbedtls_ssl_get_session() failed with MBEDTLS_ERR_SSL_ALLOC_FAILED
|
|
||||||
(out of memory). After that, calling mbedtls_ssl_session_free()
|
|
||||||
and mbedtls_ssl_free() would cause an internal session buffer to
|
|
||||||
be free()'d twice.
|
|
||||||
* The key usage flags PSA_KEY_USAGE_SIGN_MESSAGE now allows the MAC
|
* The key usage flags PSA_KEY_USAGE_SIGN_MESSAGE now allows the MAC
|
||||||
operations psa_mac_compute() and psa_mac_sign_setup().
|
operations psa_mac_compute() and psa_mac_sign_setup().
|
||||||
* The key usage flags PSA_KEY_USAGE_VERIFY_MESSAGE now allows the MAC
|
* The key usage flags PSA_KEY_USAGE_VERIFY_MESSAGE now allows the MAC
|
||||||
@ -114,12 +114,12 @@ Changes
|
|||||||
than the previous constant-flow implementation. Fixes #4814.
|
than the previous constant-flow implementation. Fixes #4814.
|
||||||
* Indicate in the error returned if the nonce length used with
|
* Indicate in the error returned if the nonce length used with
|
||||||
ChaCha20-Poly1305 is invalid, and not just unsupported.
|
ChaCha20-Poly1305 is invalid, and not just unsupported.
|
||||||
* The mbedcrypto library includes a new source code module constant_time.c,
|
* The mbedcrypto library includes a new source code module constant_time.c,
|
||||||
containing various functions meant to resist timing side channel attacks.
|
containing various functions meant to resist timing side channel attacks.
|
||||||
This module does not have a separate configuration option, and functions
|
This module does not have a separate configuration option, and functions
|
||||||
from this module will be included in the build as required. Currently
|
from this module will be included in the build as required. Currently
|
||||||
most of the interface of this module is private and may change at any
|
most of the interface of this module is private and may change at any
|
||||||
time.
|
time.
|
||||||
|
|
||||||
= mbed TLS 2.27.0 branch released 2021-07-07
|
= mbed TLS 2.27.0 branch released 2021-07-07
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user