Remove markdown artifacts
This commit is contained in:
Gilles Peskine
parent
6a4c340c36
commit
8c7d2c25a4
1 changed files with 16 additions and 16 deletions
32
ChangeLog
32
ChangeLog
|
|
@ -3,15 +3,15 @@ mbed TLS ChangeLog (Sorted per branch, date)
|
||||||
= mbed TLS 2.20.0 branch released 2020-01-15
|
= mbed TLS 2.20.0 branch released 2020-01-15
|
||||||
|
|
||||||
Default behavior changes
|
Default behavior changes
|
||||||
* The initial seeding of a CTR\_DRBG instance makes a second call to the
|
* The initial seeding of a CTR_DRBG instance makes a second call to the
|
||||||
entropy function to obtain entropy for a nonce if the entropy size is less
|
entropy function to obtain entropy for a nonce if the entropy size is less
|
||||||
than 3/2 times the key size. In case you want to disable the extra call to
|
than 3/2 times the key size. In case you want to disable the extra call to
|
||||||
grab entropy, you can call `mbedtls_ctr_drbg_set_nonce_len()` to force the
|
grab entropy, you can call mbedtls_ctr_drbg_set_nonce_len() to force the
|
||||||
nonce length to 0.
|
nonce length to 0.
|
||||||
|
|
||||||
Security
|
Security
|
||||||
* Enforce that `mbedtls_entropy_func()` gathers a total of
|
* Enforce that mbedtls_entropy_func() gathers a total of
|
||||||
`MBEDTLS_ENTROPY_BLOCK_SIZE` bytes or more from strong sources. In the
|
MBEDTLS_ENTROPY_BLOCK_SIZE bytes or more from strong sources. In the
|
||||||
default configuration, on a platform with a single entropy source, the
|
default configuration, on a platform with a single entropy source, the
|
||||||
entropy module formerly only grabbed 32 bytes, which is good enough for
|
entropy module formerly only grabbed 32 bytes, which is good enough for
|
||||||
security if the source is genuinely strong, but less than the expected 64
|
security if the source is genuinely strong, but less than the expected 64
|
||||||
|
|
@ -23,7 +23,7 @@ Features
|
||||||
* The CTR_DRBG module can grab a nonce from the entropy source during the
|
* The CTR_DRBG module can grab a nonce from the entropy source during the
|
||||||
initial seeding. The default nonce length is chosen based on the key size
|
initial seeding. The default nonce length is chosen based on the key size
|
||||||
to achieve the security strength defined by NIST SP 800-90A. You can
|
to achieve the security strength defined by NIST SP 800-90A. You can
|
||||||
change it with `mbedtls_ctr_drbg_set_nonce_len()`.
|
change it with mbedtls_ctr_drbg_set_nonce_len().
|
||||||
* Add ENUMERATED tag support to the ASN.1 module. Contributed by
|
* Add ENUMERATED tag support to the ASN.1 module. Contributed by
|
||||||
msopiha-linaro in #307.
|
msopiha-linaro in #307.
|
||||||
|
|
||||||
|
|
@ -31,8 +31,8 @@ API changes
|
||||||
* In the PSA API, forbid zero-length keys. To pass a zero-length input to a
|
* In the PSA API, forbid zero-length keys. To pass a zero-length input to a
|
||||||
key derivation function, use a buffer instead (this is now always
|
key derivation function, use a buffer instead (this is now always
|
||||||
possible).
|
possible).
|
||||||
* Rename `psa_asymmetric_sign()` to `psa_sign_hash()` and
|
* Rename psa_asymmetric_sign() to psa_sign_hash() and
|
||||||
`psa_asymmetric_verify()` to `psa_verify_hash()`.
|
psa_asymmetric_verify() to psa_verify_hash().
|
||||||
|
|
||||||
Bugfix
|
Bugfix
|
||||||
* Fix an incorrect size in a debugging message. Reported and fix
|
* Fix an incorrect size in a debugging message. Reported and fix
|
||||||
|
|
@ -43,31 +43,31 @@ Bugfix
|
||||||
Fixes #2801.
|
Fixes #2801.
|
||||||
* Fix a buffer overflow in the PSA HMAC code when using a long key with an
|
* Fix a buffer overflow in the PSA HMAC code when using a long key with an
|
||||||
unsupported algorithm. Fixes #254.
|
unsupported algorithm. Fixes #254.
|
||||||
* Fix `mbedtls_asn1_get_int` to support any number of leading zeros. Credit
|
* Fix mbedtls_asn1_get_int to support any number of leading zeros. Credit
|
||||||
to OSS-Fuzz for finding a bug in an intermediate version of the fix.
|
to OSS-Fuzz for finding a bug in an intermediate version of the fix.
|
||||||
* Fix `mbedtls_asn1_get_bitstring_null` to correctly parse bitstrings of at
|
* Fix mbedtls_asn1_get_bitstring_null to correctly parse bitstrings of at
|
||||||
most 2 bytes.
|
most 2 bytes.
|
||||||
* `mbedtls_ctr_drbg_set_entropy_len()` and
|
* mbedtls_ctr_drbg_set_entropy_len() and
|
||||||
`mbedtls_hmac_drbg_set_entropy_len()` now work if you call them before
|
mbedtls_hmac_drbg_set_entropy_len() now work if you call them before
|
||||||
`mbedtls_ctr_drbg_seed()` or `mbedtls_hmac_drbg_seed()`.
|
mbedtls_ctr_drbg_seed() or mbedtls_hmac_drbg_seed().
|
||||||
* Fix some false-positive uninitialized variable warnings. Fix contributed
|
* Fix some false-positive uninitialized variable warnings. Fix contributed
|
||||||
by apple-ihack-geek in ARMmbed/mbedtls#2663.
|
by apple-ihack-geek in ARMmbed/mbedtls#2663.
|
||||||
|
|
||||||
Changes
|
Changes
|
||||||
* Remove the technical possibility to define custom `mbedtls_md_info`
|
* Remove the technical possibility to define custom mbedtls_md_info
|
||||||
structures, which was exposed only in an internal header.
|
structures, which was exposed only in an internal header.
|
||||||
* `psa_close_key(0)` and `psa_destroy_key(0)` now succeed (doing nothing, as
|
* psa_close_key(0) and psa_destroy_key(0) now succeed (doing nothing, as
|
||||||
before).
|
before).
|
||||||
* Variables containing error codes are now initialized to an error code
|
* Variables containing error codes are now initialized to an error code
|
||||||
rather than success, so that coding mistakes or memory corruption tends to
|
rather than success, so that coding mistakes or memory corruption tends to
|
||||||
cause functions to return this error code rather than a success. There are
|
cause functions to return this error code rather than a success. There are
|
||||||
no known instances where this changes the behavior of the library: this is
|
no known instances where this changes the behavior of the library: this is
|
||||||
merely a robustness improvement. #323
|
merely a robustness improvement. #323
|
||||||
* Remove a useless call to `mbedtls_ecp_group_free()`. Contributed by
|
* Remove a useless call to mbedtls_ecp_group_free(). Contributed by
|
||||||
Alexander Krizhanovsky in #210.
|
Alexander Krizhanovsky in #210.
|
||||||
* Speed up PBKDF2 by caching the digest calculation. Contributed by Jack
|
* Speed up PBKDF2 by caching the digest calculation. Contributed by Jack
|
||||||
Lloyd and Fortanix Inc in #277.
|
Lloyd and Fortanix Inc in #277.
|
||||||
* Small performance improvement of `mbedtls_mpi_div_mpi()`. Contributed by
|
* Small performance improvement of mbedtls_mpi_div_mpi(). Contributed by
|
||||||
Alexander Krizhanovsky in #308.
|
Alexander Krizhanovsky in #308.
|
||||||
|
|
||||||
= mbed TLS 2.19.1 branch released 2019-09-16
|
= mbed TLS 2.19.1 branch released 2019-09-16
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue