mirror of
https://github.com/yuzu-emu/mbedtls
synced 2024-11-24 21:48:30 +00:00
Justify moving zeroize() to utils in ChangeLog
This commit is contained in:
parent
806f403a02
commit
1962405be1
1 changed files with 9 additions and 5 deletions
14
ChangeLog
14
ChangeLog
|
@ -26,6 +26,15 @@ API Changes
|
||||||
if more data is pending to be processed in the internal message buffers.
|
if more data is pending to be processed in the internal message buffers.
|
||||||
This function is necessary to determine when it is safe to idle on the
|
This function is necessary to determine when it is safe to idle on the
|
||||||
underlying transport in case event-driven IO is used.
|
underlying transport in case event-driven IO is used.
|
||||||
|
* Extend the platform module with a util component that contains
|
||||||
|
functionality shared by multiple Mbed TLS modules. At this stage
|
||||||
|
platform_util.h (and its associated platform_util.c) only contain
|
||||||
|
mbedtls_platform_zeroize(), which is a critical function from a security
|
||||||
|
point of view. mbedtls_platform_zeroize() needs to be regularly tested
|
||||||
|
against compilers to ensure that calls to it are not removed from the
|
||||||
|
output binary as part of redundant code elimination optimizations.
|
||||||
|
Therefore, mbedtls_platform_zeroize() is moved to the platform module to
|
||||||
|
facilitate testing and maintenance.
|
||||||
|
|
||||||
Bugfix
|
Bugfix
|
||||||
* Fix spurious uninitialized variable warning in cmac.c. Fix independently
|
* Fix spurious uninitialized variable warning in cmac.c. Fix independently
|
||||||
|
@ -286,11 +295,6 @@ New deprecations
|
||||||
from hex strings. Superseded by mbedtls_ssl_conf_dh_param_bin()
|
from hex strings. Superseded by mbedtls_ssl_conf_dh_param_bin()
|
||||||
accepting DHM parameters in binary form, matching the new constants.
|
accepting DHM parameters in binary form, matching the new constants.
|
||||||
|
|
||||||
API Changes
|
|
||||||
* Create a new header utils.h that contains functionality shared by multiple
|
|
||||||
mbed TLS modules. At this stage utils.h (and its associated utils.c) only
|
|
||||||
contain mbedtls_zeroize().
|
|
||||||
|
|
||||||
Bugfix
|
Bugfix
|
||||||
* Fix ssl_parse_record_header() to silently discard invalid DTLS records
|
* Fix ssl_parse_record_header() to silently discard invalid DTLS records
|
||||||
as recommended in RFC 6347 Section 4.1.2.7.
|
as recommended in RFC 6347 Section 4.1.2.7.
|
||||||
|
|
Loading…
Reference in a new issue