diff options
author | Gilles Peskine <Gilles.Peskine@arm.com> | 2020-02-11 19:05:03 +0100 |
---|---|---|
committer | Gilles Peskine <Gilles.Peskine@arm.com> | 2020-02-17 11:46:12 +0100 |
commit | f142d4ccaba7dca43b0526bdbae7486ee9f994d0 (patch) | |
tree | 4224c9320d5e1b82579181eeec8f75b4fb11febf | |
parent | a0c164a2d455d850ebdc2a6c03b1a83cff829232 (diff) | |
download | mbedtls-f142d4ccaba7dca43b0526bdbae7486ee9f994d0.zip mbedtls-f142d4ccaba7dca43b0526bdbae7486ee9f994d0.tar.gz mbedtls-f142d4ccaba7dca43b0526bdbae7486ee9f994d0.tar.bz2 |
Update ChangeLog for crypto changes since Mbed Crypto 3.0.1
Add ChangeLog entries for changes brought by the submodule update in
81d31002503f0cdc735176279e913106155666c4.
-rw-r--r-- | ChangeLog | 21 |
1 files changed, 21 insertions, 0 deletions
@@ -10,6 +10,27 @@ New deprecations library which allows TLS authentication to use keys stored in a PKCS#11 token such as a smartcard. +Security + * Fix potential memory overread when performing an ECDSA signature + operation. The overread only happens with cryptographically low + probability (of the order of 2^-n where n is the bitsize of the curve) + unless the RNG is broken, and could result in information disclosure or + denial of service (application crash or extra resource consumption). + Found by Auke Zeilstra and Peter Schwabe, using static analysis. + +Features + * The new build option MBEDTLS_SHA512_NO_SHA384 allows building SHA-512 + support without SHA-384. + +API changes + * Change the encoding of key types and curves in the PSA API. The new + values are aligned with the upcoming release of the PSA Crypto API + specification version 1.0.0. The main change which may break some + existing code is that elliptic curve key types no longer encode the + exact curve: a psa_ecc_curve_t or psa_key_type_t value only encodes + a curve family and the key size determines the exact curve (for example, + PSA_ECC_CURVE_SECP_R1 with 256 bits is P256R1). ARMmbed/mbed-crypto#330 + Bugfix * Fix an unchecked call to mbedtls_md() in the x509write module. * Fix build failure with MBEDTLS_ZLIB_SUPPORT enabled. Reported by |