AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

ChangeLog: Update for 2.19.0

Browse Source 
Remove some duplicate entries, align the ChangeLog with what's present
in 2.16 and 2.7, and update the release date.
This commit is contained in:
Jaeden Amero 2019-09-06 14:40:10 +01:00
parent 7ecae6f158
commit 4197f0e28e
1 changed files with 7 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
ChangeLog
View File

@ -1,8 +1,11 @@
mbed TLS ChangeLog (Sorted per branch, date) mbed TLS ChangeLog (Sorted per branch, date)
= mbed TLS 2.19.0 branch released xxxx-xx-xx = mbed TLS 2.19.0 branch released 2019-09-06
Security Security
* Fix a missing error detection in ECJPAKE. This could have caused a
predictable shared secret if a hardware accelerator failed and the other
side of the key exchange had a similar bug.
* When writing a private EC key, use a constant size for the private * When writing a private EC key, use a constant size for the private
value, as specified in RFC 5915. Previously, the value was written value, as specified in RFC 5915. Previously, the value was written
as an ASN.1 INTEGER, which caused the size of the key to leak as an ASN.1 INTEGER, which caused the size of the key to leak
@ -45,10 +48,9 @@ API Changes
just curves for which both are supported. Call mbedtls_ecdsa_can_do() or just curves for which both are supported. Call mbedtls_ecdsa_can_do() or
mbedtls_ecdh_can_do() on each result to check whether each algorithm is mbedtls_ecdh_can_do() on each result to check whether each algorithm is
supported. supported.
* The following function in the ECDSA module has been deprecated and replaced * The new function mbedtls_ecdsa_sign_det_ext() is similar to
as shown below. The new function can take an RNG function as an argument mbedtls_ecdsa_sign_det() but allows passing an external RNG for the
which is necessary for adequate blinding. purpose of blinding.
mbedtls_ecdsa_sign_det() -> mbedtls_ecdsa_sign_det_ext()
New deprecations New deprecations
* Deprecate mbedtls_ecdsa_sign_det() in favor of a functions that can take an * Deprecate mbedtls_ecdsa_sign_det() in favor of a functions that can take an
@ -103,22 +105,10 @@ Changes
* Add a Dockerfile and helper scripts (all-in-docker.sh, basic-in-docker.sh, * Add a Dockerfile and helper scripts (all-in-docker.sh, basic-in-docker.sh,
docker-env.sh) to simplify running test suites on a Linux host. Contributed docker-env.sh) to simplify running test suites on a Linux host. Contributed
by Peter Kolbus (Garmin). by Peter Kolbus (Garmin).
* Enable building of Mbed TLS as a CMake subproject. Suggested and fixed by
Ashley Duncan in #2609.
* Add `reproducible` option to `ssl_client2` and `ssl_server2` to enable * Add `reproducible` option to `ssl_client2` and `ssl_server2` to enable
test runs without variability. Contributed by Philippe Antoine (Catena test runs without variability. Contributed by Philippe Antoine (Catena
cyber) in #2681. cyber) in #2681.
* Extended .gitignore to ignore Visual Studio artifacts. Fixed by ConfusedSushi. * Extended .gitignore to ignore Visual Studio artifacts. Fixed by ConfusedSushi.
* Enable building of Mbed TLS as a CMake subproject. Suggested and fixed by
Ashley Duncan in #2609.
* Add `reproducible` option to `ssl_client2` and `ssl_server2` to enable
test runs without variability. Contributed by Philippe Antoine (Catena
cyber) in #2681.
* Enable building of Mbed TLS as a CMake subproject. Suggested and fixed by
Ashley Duncan in #2609.
* Add `reproducible` option to `ssl_client2` and `ssl_server2` to enable
test runs without variability. Contributed by Philippe Antoine (Catena
cyber) in #2681.
* Adds fuzz targets, especially for continuous fuzzing with OSS-Fuzz. * Adds fuzz targets, especially for continuous fuzzing with OSS-Fuzz.
Contributed by Philippe Antoine (Catena cyber). Contributed by Philippe Antoine (Catena cyber).