Update ChangeLog for crypto changes since Mbed Crypto 3.0.1

Add ChangeLog entries for changes brought by the submodule update in 81d3100250.
2020-02-11 19:05:03 +01:00 · 2020-02-11 19:05:03 +01:00 · f142d4ccab
commit f142d4ccab
parent a0c164a2d4
1 changed files with 21 additions and 0 deletions
--- a/21
+++ b/21
@ -10,6 +10,27 @@ New deprecations
     library which allows TLS authentication to use keys stored in a
     PKCS#11 token such as a smartcard.

+Security
+   * Fix potential memory overread when performing an ECDSA signature
+     operation. The overread only happens with cryptographically low
+     probability (of the order of 2^-n where n is the bitsize of the curve)
+     unless the RNG is broken, and could result in information disclosure or
+     denial of service (application crash or extra resource consumption).
+     Found by Auke Zeilstra and Peter Schwabe, using static analysis.
+
+Features
+   * The new build option MBEDTLS_SHA512_NO_SHA384 allows building SHA-512
+     support without SHA-384.
+
+API changes
+   * Change the encoding of key types and curves in the PSA API. The new
+     values are aligned with the upcoming release of the PSA Crypto API
+     specification version 1.0.0. The main change which may break some
+     existing code is that elliptic curve key types no longer encode the
+     exact curve: a psa_ecc_curve_t or psa_key_type_t value only encodes
+     a curve family and the key size determines the exact curve (for example,
+     PSA_ECC_CURVE_SECP_R1 with 256 bits is P256R1). ARMmbed/mbed-crypto#330
+
 Bugfix
   * Fix an unchecked call to mbedtls_md() in the x509write module.
   * Fix build failure with MBEDTLS_ZLIB_SUPPORT enabled. Reported by