ChangeLog - OpenGrok cross reference for /mbedtls-development/ChangeLog

Lines Matching refs:from
15    * Remove helpers for the transition from Mbed TLS 1.3 to Mbed TLS 2.0: the
17    * Remove certs module from the API.
20      users from using unsafe keys in production.
50      returned from the public SSL API.
71      This separates config option enabling the SHA384 algorithm from option
74      This separates config option enabling the SHA224 algorithm from option
80    * Remove the mode parameter from RSA operation functions. Signature and
190    * Removed deprecated functions from hashing modules. Fixes #4280.
203      primes based on RFC 5114 and RFC 3526 from library code and tests:
394    * Disallow inputs of length different from the corresponding hash when
411      in all the right places. Include it from crypto_platform.h, which is
417    * Correct (change from 12 to 13 bytes) the value of the macro describing the
429      differences from the default configuration, but had accidentally diverged.
446      zero digits when operating from values constructed with an mpi_read
450      build_info.h is intended to be included from C code directly, while
452      change the build configuration, and should generally only be included from
466      is also applied when loading a key from storage.
519      nonce from entropy. Applications were affected if they called
525      entropy from the nonce.
563      not loaded from storage. This was fixed by #3996.
577      now uses the getrandom syscall instead of reading from /dev/urandom.
666      functions to erase sensitive data from memory. Reported by
667      Johan Malmgren and Johan Uppman Bruce from Sectra.
670    * Fix an invalid (but nonzero) return code from mbedtls_pk_parse_subpubkey()
729      for MBEDTLS_CIPHER_MODE_XTS were excluded from the build and made it fail.
810      application data from memory. Reported in #689 by
924      from psa_crypto.c. Fixes #3300.
930    * Remove unused macros from MSVC projects. Reported in #3297 and fix
1046      read all the CRT parameters from the DER structure rather than
1089      MBEDTLS_ENTROPY_BLOCK_SIZE bytes or more from strong sources. In the
1117    * Key derivation inputs in the PSA API can now either come from a key object
1118      or from a buffer regardless of the step type.
1119    * The CTR_DRBG module can grab a nonce from the entropy source during the
1178      from modifying the client/server hello.
1211    * New implementation of X25519 (ECDH using Curve25519) from Project Everest
1216      Christoph Wintersteiger from Microsoft Research.
1255      PlatformToolset from the project configuration. Fixes #1430 reported by
1295    * Remove the crypto part of the library from Mbed TLS. The crypto
1382    * Return from various debugging routines immediately if the
1384    * Remove dead code from bignum.c in the default configuration.
1401      from the default list (enabled by default). See
1411      always return NULL, and removes the peer_cert field from the
1417      belongs to a different group from the first. Before, if an application
1420      an error or a meaningless output from mbedtls_ecdh_get_params. In the
1434    * Remove the mbedtls namespacing from the header file, to fix a "file not found"
1490      the return type from void to int to allow returning error codes when
1521    * Fix an unsafe bounds check when restoring an SSL session from a ticket.
1543       the PSA Crypto API from Mbed Crypto when additionally used with the
1548       from the cipher abstraction layer. Fixes #2198.
1776      CCM test vectors from RAM.
1818    * Add new crypto primitives from RFC 7539: stream cipher Chacha20, one-time
1821    * Add support for CHACHA20-POLY1305 ciphersuites from RFC 7905.
1848      Philippe Antoine from Catena cyber. #1663.
1920      mbedtls_platform_zeroize(), which is a critical function from a security
1922      against compilers to ensure that calls to it are not removed from the
1999      where data needs to be fetched from the underlying transport in order
2052    * Improve security of RSA key generation by including criteria from
2149      code execution. The issue could be triggered remotely from either side in
2185    * Change default choice of DHE parameters from untrustworthy RFC 5114
2202      The following functions from the ECDSA module can be replaced
2208      The following functions from the ECDH module can be replaced
2219      up RSA contexts from partial key material and having them completed to the
2221      contexts from keys consisting of N,D,E only, even if P,Q are needed for the
2227      The new functions change the return type from void to int to allow
2244    * Deprecate untrustworthy DHE parameters from RFC 5114. Superseded by
2245      parameters from RFC 3526 or the newly added parameters from RFC 7919.
2250      from hex strings. Superseded by mbedtls_ssl_conf_dh_param_bin()
2272    * Fix unchecked return codes from AES, DES and 3DES functions in
2280    * Correct extraction of signature-type from PK instance in X.509 CRT and CSR
2336      mbedtls_md_info_t structure. Propagate errors from these functions
2352      triggered remotely from either side. (With authmode set to 'required'
2370      qualifier from the functions mbedtls_aes_decrypt, mbedtls_aes_encrypt,
2383    * Replace preprocessor condition from #if defined(MBEDTLS_THREADING_PTHREAD)
2412    * Removed mutexes from ECP hardware accelerator code. Now all hardware
2427      (if the application layer sent data read from mbedtls_ssl_read()
2429    * Removed SHA-1 and RIPEMD-160 from the default hash algorithms for
2438    * Remove size zero arrays from ECJPAKE test suite. Size zero arrays are not
2439      valid C and they prevented the test from compiling in Visual Studio 2015
2446    * Fix SSLv3 renegotiation behaviour and stop processing data received from
2493      by the functions shown below. The new functions change the return type from
2500    * Remove macros from compat-1.3.h that correspond to deleted items from most
2502    * Fixed issue in the Threading module that prevented mutexes from
2522    * Removed MD5 from the allowed hash algorithms for CertificateRequest and
2580    * Update to CMAC test data, taken from - NIST Special Publication 800-38B -
2623      a contribution from Tobias Tangemann. #541
2644      where the limited hash choices prevented the client from sending its
2650    * Removed self-tests from the basic-built-test.sh script, and added all
2700    * Fix issue in ssl_fork_server which was preventing it from functioning. #429
2722      SLOTH attack on TLS 1.2 server authentication (other attacks from the
2763    * Self-signed certificates were not excluded from pathlen counting,
2808      accept PEM data from an untrusted source.
2850    * When a client initiates a reconnect from the same port as a live
2877    * Fix bug in Makefile that prevented from installing without building the
2913    * Ability to override core functions from MDx, SHAx, AES and DES modules
2951      changed from ssl_context to ssl_config.
2989      mbedtls_x509write_crt_set_key_usage() changed from int to unsigned.
2990    * test_ca_list (from certs.h) is renamed to test_cas_pem and is only
3015      (use generic functions from md.h)
3018    * Removed test DHM parameters from the test certs module.
3021    * Removed compat-1.2.h (helper for migrating from 1.2 to 1.3).
3042    * x509_crt.key_usage changed from unsigned char to unsigned int.
3043    * Removed r and s from ecdsa_context
3044    * Removed mode from des_context and des3_context
3048    * RC4 is now blacklisted by default in the SSL/TLS layer, and excluded from the
3056    * Default DHM parameters server-side upgraded from 1024 to 2048 bits.
3072 API changes from the 1.4 preview branch
3151    * Fix warnings from mingw64 in timing.c (found by kxjklele).
3176    * Move from SHA-1 to SHA-256 in example programs using signatures
3178    * Remove some unneeded inclusions of header files from the standard library
3263    * Lowest common hash was selected from signature_algorithms extension in
3277    * Fix warnings from Clang's scan-build (contributed by Alfred Klomp).
3280    * Remove non-existent file from VS projects (found by Peter Vaskovic).
3323      from the default list (inactive by default).
3388    * Better support for the different Attribute Types from IETF PKIX (RFC 5280)
3480      that prevented bignum.c from compiling. (Reported by Rafael Baptista.)
3490    * Check notBefore timestamp of certificates and CRLs from the future.
3558    * Split off curves from ecp.c into ecp_curves.c
3596    * Prevent possible alignment warnings on casting from char * to 'aligned *'
3704    * Fix warnings from mingw64 in timing.c (found by kxjklele).
3767    * Fix warnings from Clang's scan-build (contributed by Alfred Klomp).
3784      that prevented bignum.c from compiling. (Reported by Rafael Baptista.)
3795    * Check notBefore timestamp of certificates and CRLs from the future.
3941    * Removed timing differences due to bad padding from
4023    * Added predefined DHM groups from RFC 5114
4043    * Moved from unsigned long to fixed width uint32_t types throughout code
4105    * Removed timing differences due to bad padding from
4184    * Separated the ASN.1 parsing code from the X.509 specific parsing code.
4259      POLARSSL_ERR_SSL_CONN_EOF on an EOF from its f_recv() function.
4297      printing of X509 CRLs from file
4325    * Added reading of DHM context from memory and file
4386      printing of X509 certificates from file or SSL
4566     * Updated ssl_read() to skip 0-length records from OpenSSL
4579       connections from being established with non-blocking I/O
In current file

In project "undefined"

On Google
