From 8d83b05ee004f243caefbe27c93ed3757646ced3 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 20 Sep 2023 18:42:05 +0100 Subject: [PATCH] Add changelog entry for switching pkparse to new pbe functions Signed-off-by: Waleed Elmelegy --- ChangeLog.d/Switch-pkparse-to-new-pbe-funsctions.txt | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 ChangeLog.d/Switch-pkparse-to-new-pbe-funsctions.txt diff --git a/ChangeLog.d/Switch-pkparse-to-new-pbe-funsctions.txt b/ChangeLog.d/Switch-pkparse-to-new-pbe-funsctions.txt new file mode 100644 index 000000000..6ceab6eaf --- /dev/null +++ b/ChangeLog.d/Switch-pkparse-to-new-pbe-funsctions.txt @@ -0,0 +1,11 @@ +New deprecations + * mbedtls_pkcs5_pbes2() and mbedtls_pkcs12_pbe() functions are now + deprecated in favor of mbedtls_pkcs5_pbes2_ext() and + mbedtls_pkcs12_pbe_ext() as they offer more security by checking + for overflow of the output buffer and reporting the actual length + of the output. + +Bugfix + * Pass real length of key to pk_parse_key_pkcs8_unencrypted_der() + after decrypting the key to avoid trailing padding data which are not + part of the original key before encrypting.