xref: /optee_os-3.20.0/lib/libmbedtls/mbedtls/ChangeLog

112      with SHA-1 certificates. SHA-1 is considered a weak message digest and
375      applicable RFC: on an invalid Finished message value, an
665    * Add missing arguments of debug message in mbedtls_ssl_decrypt_buf.
954      DTLS client when parsing the Hello Verify Request message.
966    * Fix a function name in a debug message. Contributed by Ercan Ozturk in
1084    * Fix an incorrect size in a debugging message. Reported and fix
1146      implement blinding. Because of this for the same key and message the same
1441      using MBEDTLS_<MODULE>_ALT for the underlying AES or message digest
1539      incoming message buffer was placed within the first 64KiB of address
1541      to trigger a memory access up to 64KiB beyond the incoming message buffer,
1709      check in parsing the CertificateRequest message,
1808      such a message was wrongly reported as an invalid record and therefore lead
1820    * Fail when receiving a TLS alert message with an invalid length, or invalid
1897      function which led to an arbitrary overread of the message buffer. The
1898      overreads could be caused by receiving a malformed message at the point
1923      internal message buffers.
1956      function which leads to a potential one byte overread of the message
2069    * Log correct number of ciphersuites used in Client Hello message. #918
2112      is larger than the internal message buffer (16384 bytes by default), the
2175    * The following functions in the message digest modules (MD2, MD4, MD5,
2189    * Deprecate usage of message digest functions that return void
2244    * Add size-checks for record and handshake message content, securing
2256    * Fix error message in programs/pkey/gen_key.c. Found and fixed by Chris Xue.
2269    * In mbedtls_entropy_free(), properly free the message digest context.
2270    * Fix status handshake status message in programs/ssl/dtls_client.c. Found
2275      and the message digest. Further, allow enabling/disabling of authority
2284    * Update all internal usage of deprecated message digest functions to the
3235    * ssl_close_notify() could send more than one message in some circumstances
3709    * ssl_close_notify() could send more than one message in some circumstances
3889    * Removed further timing differences during SSL message decryption in
3898    * Debug messages about padding errors during SSL message decryption are
3905    * Removed timing differences during SSL message decryption in
3917    * Correctly handle CertificateRequest message in client for <= TLS 1.1
3922    * Server not always sending correct CertificateRequest message
4049    * Debug messages about padding errors during SSL message decryption are
4053    * Removed timing differences during SSL message decryption in
4176    * The generic cipher and message digest layer now have normal error
4283        + Added generic message digest and cipher wrapper
4505       message digests, which fixes IE6/IE7 client authentication

Last Index update Sun Aug 20 00:18:20 CST 2023