TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 4197f0e28e15c42e907f873eea292fac31bfa7e6^! / . / ChangeLog
commit4197f0e28e15c42e907f873eea292fac31bfa7e6[log] [tgz]
authorJaeden Amero <jaeden.amero@arm.com>Fri Sep 06 14:40:10 2019 +0100
committerJaeden Amero <jaeden.amero@arm.com>Fri Sep 06 14:51:29 2019 +0100
tree4408ae06a19c7dea0cac4c97e435a68d741b162a
parent7ecae6f158f813a70b32f70b4b65922bb0d6824f [diff] [blame]
ChangeLog: Update for 2.19.0

Remove some duplicate entries, align the ChangeLog with what's present
in 2.16 and 2.7, and update the release date.

diff --git a/ChangeLog b/ChangeLog
index 5611eea..f16c97e 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -1,8 +1,11 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
-= mbed TLS 2.19.0 branch released xxxx-xx-xx
+= mbed TLS 2.19.0 branch released 2019-09-06
 
 Security
+   * Fix a missing error detection in ECJPAKE. This could have caused a
+     predictable shared secret if a hardware accelerator failed and the other
+     side of the key exchange had a similar bug.
    * When writing a private EC key, use a constant size for the private
      value, as specified in RFC 5915. Previously, the value was written
      as an ASN.1 INTEGER, which caused the size of the key to leak
@@ -45,10 +48,9 @@
      just curves for which both are supported. Call mbedtls_ecdsa_can_do() or
      mbedtls_ecdh_can_do() on each result to check whether each algorithm is
      supported.
-   * The following function in the ECDSA module has been deprecated and replaced
-     as shown below. The new function can take an RNG function as an argument
-     which is necessary for adequate blinding.
-     mbedtls_ecdsa_sign_det() -> mbedtls_ecdsa_sign_det_ext()
+   * The new function mbedtls_ecdsa_sign_det_ext() is similar to
+     mbedtls_ecdsa_sign_det() but allows passing an external RNG for the
+     purpose of blinding.
 
 New deprecations
    * Deprecate mbedtls_ecdsa_sign_det() in favor of a functions that can take an
@@ -103,22 +105,10 @@
    * Add a Dockerfile and helper scripts (all-in-docker.sh, basic-in-docker.sh,
      docker-env.sh) to simplify running test suites on a Linux host. Contributed
      by Peter Kolbus (Garmin).
-   * Enable building of Mbed TLS as a CMake subproject. Suggested and fixed by
-     Ashley Duncan in #2609.
    * Add `reproducible` option to `ssl_client2` and `ssl_server2` to enable
      test runs without variability. Contributed by Philippe Antoine (Catena
      cyber) in #2681.
    * Extended .gitignore to ignore Visual Studio artifacts. Fixed by ConfusedSushi.
-   * Enable building of Mbed TLS as a CMake subproject. Suggested and fixed by
-     Ashley Duncan in #2609.
-   * Add `reproducible` option to `ssl_client2` and `ssl_server2` to enable
-     test runs without variability. Contributed by Philippe Antoine (Catena
-     cyber) in #2681.
-   * Enable building of Mbed TLS as a CMake subproject. Suggested and fixed by
-     Ashley Duncan in #2609.
-   * Add `reproducible` option to `ssl_client2` and `ssl_server2` to enable
-     test runs without variability. Contributed by Philippe Antoine (Catena
-     cyber) in #2681.
    * Adds fuzz targets, especially for continuous fuzzing with OSS-Fuzz.
      Contributed by Philippe Antoine (Catena cyber).