mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-25 02:01:04 +00:00
ChangeLog: Update for 2.19.0
Remove some duplicate entries, align the ChangeLog with what's present in 2.16 and 2.7, and update the release date.
This commit is contained in:
parent
7ecae6f158
commit
4197f0e28e
24
ChangeLog
24
ChangeLog
|
@ -1,8 +1,11 @@
|
||||||
mbed TLS ChangeLog (Sorted per branch, date)
|
mbed TLS ChangeLog (Sorted per branch, date)
|
||||||
|
|
||||||
= mbed TLS 2.19.0 branch released xxxx-xx-xx
|
= mbed TLS 2.19.0 branch released 2019-09-06
|
||||||
|
|
||||||
Security
|
Security
|
||||||
|
* Fix a missing error detection in ECJPAKE. This could have caused a
|
||||||
|
predictable shared secret if a hardware accelerator failed and the other
|
||||||
|
side of the key exchange had a similar bug.
|
||||||
* When writing a private EC key, use a constant size for the private
|
* When writing a private EC key, use a constant size for the private
|
||||||
value, as specified in RFC 5915. Previously, the value was written
|
value, as specified in RFC 5915. Previously, the value was written
|
||||||
as an ASN.1 INTEGER, which caused the size of the key to leak
|
as an ASN.1 INTEGER, which caused the size of the key to leak
|
||||||
|
@ -45,10 +48,9 @@ API Changes
|
||||||
just curves for which both are supported. Call mbedtls_ecdsa_can_do() or
|
just curves for which both are supported. Call mbedtls_ecdsa_can_do() or
|
||||||
mbedtls_ecdh_can_do() on each result to check whether each algorithm is
|
mbedtls_ecdh_can_do() on each result to check whether each algorithm is
|
||||||
supported.
|
supported.
|
||||||
* The following function in the ECDSA module has been deprecated and replaced
|
* The new function mbedtls_ecdsa_sign_det_ext() is similar to
|
||||||
as shown below. The new function can take an RNG function as an argument
|
mbedtls_ecdsa_sign_det() but allows passing an external RNG for the
|
||||||
which is necessary for adequate blinding.
|
purpose of blinding.
|
||||||
mbedtls_ecdsa_sign_det() -> mbedtls_ecdsa_sign_det_ext()
|
|
||||||
|
|
||||||
New deprecations
|
New deprecations
|
||||||
* Deprecate mbedtls_ecdsa_sign_det() in favor of a functions that can take an
|
* Deprecate mbedtls_ecdsa_sign_det() in favor of a functions that can take an
|
||||||
|
@ -103,22 +105,10 @@ Changes
|
||||||
* Add a Dockerfile and helper scripts (all-in-docker.sh, basic-in-docker.sh,
|
* Add a Dockerfile and helper scripts (all-in-docker.sh, basic-in-docker.sh,
|
||||||
docker-env.sh) to simplify running test suites on a Linux host. Contributed
|
docker-env.sh) to simplify running test suites on a Linux host. Contributed
|
||||||
by Peter Kolbus (Garmin).
|
by Peter Kolbus (Garmin).
|
||||||
* Enable building of Mbed TLS as a CMake subproject. Suggested and fixed by
|
|
||||||
Ashley Duncan in #2609.
|
|
||||||
* Add `reproducible` option to `ssl_client2` and `ssl_server2` to enable
|
* Add `reproducible` option to `ssl_client2` and `ssl_server2` to enable
|
||||||
test runs without variability. Contributed by Philippe Antoine (Catena
|
test runs without variability. Contributed by Philippe Antoine (Catena
|
||||||
cyber) in #2681.
|
cyber) in #2681.
|
||||||
* Extended .gitignore to ignore Visual Studio artifacts. Fixed by ConfusedSushi.
|
* Extended .gitignore to ignore Visual Studio artifacts. Fixed by ConfusedSushi.
|
||||||
* Enable building of Mbed TLS as a CMake subproject. Suggested and fixed by
|
|
||||||
Ashley Duncan in #2609.
|
|
||||||
* Add `reproducible` option to `ssl_client2` and `ssl_server2` to enable
|
|
||||||
test runs without variability. Contributed by Philippe Antoine (Catena
|
|
||||||
cyber) in #2681.
|
|
||||||
* Enable building of Mbed TLS as a CMake subproject. Suggested and fixed by
|
|
||||||
Ashley Duncan in #2609.
|
|
||||||
* Add `reproducible` option to `ssl_client2` and `ssl_server2` to enable
|
|
||||||
test runs without variability. Contributed by Philippe Antoine (Catena
|
|
||||||
cyber) in #2681.
|
|
||||||
* Adds fuzz targets, especially for continuous fuzzing with OSS-Fuzz.
|
* Adds fuzz targets, especially for continuous fuzzing with OSS-Fuzz.
|
||||||
Contributed by Philippe Antoine (Catena cyber).
|
Contributed by Philippe Antoine (Catena cyber).
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue