Add changelog entries for the crypto changes in 2.20.0
Describe changes between mbedcrypto-2.0.0 (version in Mbed TLS 2.19.0) and mbedcrypto-3.0.0 (version in Mbed TLS 2.20.0).
This commit is contained in:
parent
dbcb44202c
commit
6a4c340c36
1 changed files with 60 additions and 0 deletions
60
ChangeLog
60
ChangeLog
|
@ -2,6 +2,38 @@ mbed TLS ChangeLog (Sorted per branch, date)
|
||||||
|
|
||||||
= mbed TLS 2.20.0 branch released 2020-01-15
|
= mbed TLS 2.20.0 branch released 2020-01-15
|
||||||
|
|
||||||
|
Default behavior changes
|
||||||
|
* The initial seeding of a CTR\_DRBG instance makes a second call to the
|
||||||
|
entropy function to obtain entropy for a nonce if the entropy size is less
|
||||||
|
than 3/2 times the key size. In case you want to disable the extra call to
|
||||||
|
grab entropy, you can call `mbedtls_ctr_drbg_set_nonce_len()` to force the
|
||||||
|
nonce length to 0.
|
||||||
|
|
||||||
|
Security
|
||||||
|
* Enforce that `mbedtls_entropy_func()` gathers a total of
|
||||||
|
`MBEDTLS_ENTROPY_BLOCK_SIZE` bytes or more from strong sources. In the
|
||||||
|
default configuration, on a platform with a single entropy source, the
|
||||||
|
entropy module formerly only grabbed 32 bytes, which is good enough for
|
||||||
|
security if the source is genuinely strong, but less than the expected 64
|
||||||
|
bytes (size of the entropy accumulator).
|
||||||
|
|
||||||
|
Features
|
||||||
|
* Key derivation inputs in the PSA API can now either come from a key object
|
||||||
|
or from a buffer regardless of the step type.
|
||||||
|
* The CTR_DRBG module can grab a nonce from the entropy source during the
|
||||||
|
initial seeding. The default nonce length is chosen based on the key size
|
||||||
|
to achieve the security strength defined by NIST SP 800-90A. You can
|
||||||
|
change it with `mbedtls_ctr_drbg_set_nonce_len()`.
|
||||||
|
* Add ENUMERATED tag support to the ASN.1 module. Contributed by
|
||||||
|
msopiha-linaro in #307.
|
||||||
|
|
||||||
|
API changes
|
||||||
|
* In the PSA API, forbid zero-length keys. To pass a zero-length input to a
|
||||||
|
key derivation function, use a buffer instead (this is now always
|
||||||
|
possible).
|
||||||
|
* Rename `psa_asymmetric_sign()` to `psa_sign_hash()` and
|
||||||
|
`psa_asymmetric_verify()` to `psa_verify_hash()`.
|
||||||
|
|
||||||
Bugfix
|
Bugfix
|
||||||
* Fix an incorrect size in a debugging message. Reported and fix
|
* Fix an incorrect size in a debugging message. Reported and fix
|
||||||
submitted by irwir. Fixes #2717.
|
submitted by irwir. Fixes #2717.
|
||||||
|
@ -9,6 +41,34 @@ Bugfix
|
||||||
Reported and fix submitted by irwir. Fixes #2800.
|
Reported and fix submitted by irwir. Fixes #2800.
|
||||||
* Remove a useless assignment. Reported and fix submitted by irwir.
|
* Remove a useless assignment. Reported and fix submitted by irwir.
|
||||||
Fixes #2801.
|
Fixes #2801.
|
||||||
|
* Fix a buffer overflow in the PSA HMAC code when using a long key with an
|
||||||
|
unsupported algorithm. Fixes #254.
|
||||||
|
* Fix `mbedtls_asn1_get_int` to support any number of leading zeros. Credit
|
||||||
|
to OSS-Fuzz for finding a bug in an intermediate version of the fix.
|
||||||
|
* Fix `mbedtls_asn1_get_bitstring_null` to correctly parse bitstrings of at
|
||||||
|
most 2 bytes.
|
||||||
|
* `mbedtls_ctr_drbg_set_entropy_len()` and
|
||||||
|
`mbedtls_hmac_drbg_set_entropy_len()` now work if you call them before
|
||||||
|
`mbedtls_ctr_drbg_seed()` or `mbedtls_hmac_drbg_seed()`.
|
||||||
|
* Fix some false-positive uninitialized variable warnings. Fix contributed
|
||||||
|
by apple-ihack-geek in ARMmbed/mbedtls#2663.
|
||||||
|
|
||||||
|
Changes
|
||||||
|
* Remove the technical possibility to define custom `mbedtls_md_info`
|
||||||
|
structures, which was exposed only in an internal header.
|
||||||
|
* `psa_close_key(0)` and `psa_destroy_key(0)` now succeed (doing nothing, as
|
||||||
|
before).
|
||||||
|
* Variables containing error codes are now initialized to an error code
|
||||||
|
rather than success, so that coding mistakes or memory corruption tends to
|
||||||
|
cause functions to return this error code rather than a success. There are
|
||||||
|
no known instances where this changes the behavior of the library: this is
|
||||||
|
merely a robustness improvement. #323
|
||||||
|
* Remove a useless call to `mbedtls_ecp_group_free()`. Contributed by
|
||||||
|
Alexander Krizhanovsky in #210.
|
||||||
|
* Speed up PBKDF2 by caching the digest calculation. Contributed by Jack
|
||||||
|
Lloyd and Fortanix Inc in #277.
|
||||||
|
* Small performance improvement of `mbedtls_mpi_div_mpi()`. Contributed by
|
||||||
|
Alexander Krizhanovsky in #308.
|
||||||
|
|
||||||
= mbed TLS 2.19.1 branch released 2019-09-16
|
= mbed TLS 2.19.1 branch released 2019-09-16
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue