Justify moving zeroize() to utils in ChangeLog

This commit is contained in:
Andres Amaya Garcia 2018-03-08 20:06:03 +00:00
parent 806f403a02
commit 1962405be1

View file

@ -26,6 +26,15 @@ API Changes
if more data is pending to be processed in the internal message buffers. if more data is pending to be processed in the internal message buffers.
This function is necessary to determine when it is safe to idle on the This function is necessary to determine when it is safe to idle on the
underlying transport in case event-driven IO is used. underlying transport in case event-driven IO is used.
* Extend the platform module with a util component that contains
functionality shared by multiple Mbed TLS modules. At this stage
platform_util.h (and its associated platform_util.c) only contain
mbedtls_platform_zeroize(), which is a critical function from a security
point of view. mbedtls_platform_zeroize() needs to be regularly tested
against compilers to ensure that calls to it are not removed from the
output binary as part of redundant code elimination optimizations.
Therefore, mbedtls_platform_zeroize() is moved to the platform module to
facilitate testing and maintenance.
Bugfix Bugfix
* Fix spurious uninitialized variable warning in cmac.c. Fix independently * Fix spurious uninitialized variable warning in cmac.c. Fix independently
@ -286,11 +295,6 @@ New deprecations
from hex strings. Superseded by mbedtls_ssl_conf_dh_param_bin() from hex strings. Superseded by mbedtls_ssl_conf_dh_param_bin()
accepting DHM parameters in binary form, matching the new constants. accepting DHM parameters in binary form, matching the new constants.
API Changes
* Create a new header utils.h that contains functionality shared by multiple
mbed TLS modules. At this stage utils.h (and its associated utils.c) only
contain mbedtls_zeroize().
Bugfix Bugfix
* Fix ssl_parse_record_header() to silently discard invalid DTLS records * Fix ssl_parse_record_header() to silently discard invalid DTLS records
as recommended in RFC 6347 Section 4.1.2.7. as recommended in RFC 6347 Section 4.1.2.7.