Changelog entry for mbedtls_setbuf()
* Security: we're improving a countermeasure. * Requirement change: the library will no longer compile on a platform without setbuf(). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine
parent
6d576c9646
commit
cf4d9f98c7
1 changed files with 10 additions and 0 deletions
10
ChangeLog.d/add_mbedtls_setbuf.txt
Normal file
10
ChangeLog.d/add_mbedtls_setbuf.txt
Normal file
|
|
@ -0,0 +1,10 @@
|
|||
Security
|
||||
* Add the platform function mbedtls_setbuf() to allow buffering to be
|
||||
disabled on stdio files, to stop secrets loaded from said files being
|
||||
potentially left in memory after file operations. Reported by
|
||||
Glenn Strauss.
|
||||
Requirement changes
|
||||
* The library will no longer compile out of the box on a platform without
|
||||
setbuf() if MBEDTLS_FS_IO is enabled. If your platform does not have
|
||||
setbuf(), you can configure an alternative function by enabling
|
||||
MBEDTLS_PLATFORM_SETBUF_ALT or MBEDTLS_PLATFORM_SETBUF_MACRO.
|
||||
Loading…
Reference in a new issue