cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-11-04 04:32:24 -05:00
Code Issues Packages Projects Releases Wiki Activity

ChangeLog: Update for 2.19.0

Browse Source 
Remove some duplicate entries, align the ChangeLog with what's present
in 2.16 and 2.7, and update the release date.
This commit is contained in:
Jaeden Amero 2019-09-06 14:40:10 +01:00
parent 7ecae6f158
commit 4197f0e28e
1 changed files with 7 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
ChangeLog
View File

@ -1,8 +1,11 @@
mbed TLS ChangeLog (Sorted per branch, date)
= mbed TLS 2.19.0 branch released xxxx-xx-xx
= mbed TLS 2.19.0 branch released 2019-09-06
Security
* Fix a missing error detection in ECJPAKE. This could have caused a
predictable shared secret if a hardware accelerator failed and the other
side of the key exchange had a similar bug.
* When writing a private EC key, use a constant size for the private
value, as specified in RFC 5915. Previously, the value was written
as an ASN.1 INTEGER, which caused the size of the key to leak
@ -45,10 +48,9 @@ API Changes
just curves for which both are supported. Call mbedtls_ecdsa_can_do() or
mbedtls_ecdh_can_do() on each result to check whether each algorithm is
supported.
* The following function in the ECDSA module has been deprecated and replaced
as shown below. The new function can take an RNG function as an argument
which is necessary for adequate blinding.
mbedtls_ecdsa_sign_det() -> mbedtls_ecdsa_sign_det_ext()
* The new function mbedtls_ecdsa_sign_det_ext() is similar to
mbedtls_ecdsa_sign_det() but allows passing an external RNG for the
purpose of blinding.
New deprecations
* Deprecate mbedtls_ecdsa_sign_det() in favor of a functions that can take an
@ -103,22 +105,10 @@ Changes
* Add a Dockerfile and helper scripts (all-in-docker.sh, basic-in-docker.sh,
docker-env.sh) to simplify running test suites on a Linux host. Contributed
by Peter Kolbus (Garmin).
* Enable building of Mbed TLS as a CMake subproject. Suggested and fixed by
Ashley Duncan in #2609.
* Add `reproducible` option to `ssl_client2` and `ssl_server2` to enable
test runs without variability. Contributed by Philippe Antoine (Catena
cyber) in #2681.
* Extended .gitignore to ignore Visual Studio artifacts. Fixed by ConfusedSushi.
* Enable building of Mbed TLS as a CMake subproject. Suggested and fixed by
Ashley Duncan in #2609.
* Add `reproducible` option to `ssl_client2` and `ssl_server2` to enable
test runs without variability. Contributed by Philippe Antoine (Catena
cyber) in #2681.
* Enable building of Mbed TLS as a CMake subproject. Suggested and fixed by
Ashley Duncan in #2609.
* Add `reproducible` option to `ssl_client2` and `ssl_server2` to enable
test runs without variability. Contributed by Philippe Antoine (Catena
cyber) in #2681.
* Adds fuzz targets, especially for continuous fuzzing with OSS-Fuzz.
Contributed by Philippe Antoine (Catena cyber).