Add changelog entry for switching pkparse to new pbe functions Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>

commit: 8d83b05ee004f243caefbe27c93ed3757646ced3 [log] [tgz]
author: Waleed Elmelegy <waleed.elmelegy@arm.com> Wed Sep 20 18:42:05 2023 +0100
committer: Waleed Elmelegy <waleed.elmelegy@arm.com> Wed Sep 20 19:29:02 2023 +0100
tree: 178cec6c375cfbff69232028dfe0eb4ac0211bfe
parent: 1db5cdaf574b37fa7279595bd409ae61764cf3a5 [diff]
diff --git a/ChangeLog.d/Switch-pkparse-to-new-pbe-funsctions.txt b/ChangeLog.d/Switch-pkparse-to-new-pbe-funsctions.txt
new file mode 100644
index 0000000..6ceab6e
--- /dev/null
+++ b/ChangeLog.d/Switch-pkparse-to-new-pbe-funsctions.txt

@@ -0,0 +1,11 @@
+New deprecations
+   * mbedtls_pkcs5_pbes2() and mbedtls_pkcs12_pbe() functions are now
+     deprecated in favor of mbedtls_pkcs5_pbes2_ext() and
+     mbedtls_pkcs12_pbe_ext() as they offer more security by checking
+     for overflow of the output buffer and reporting the actual length
+     of the output.
+
+Bugfix
+   * Pass real length of key to pk_parse_key_pkcs8_unencrypted_der()
+     after decrypting the key to avoid trailing padding data which are not
+     part of the original key before encrypting.
commit	8d83b05ee004f243caefbe27c93ed3757646ced3	[log] [tgz]
author	Waleed Elmelegy <waleed.elmelegy@arm.com>	Wed Sep 20 18:42:05 2023 +0100
committer	Waleed Elmelegy <waleed.elmelegy@arm.com>	Wed Sep 20 19:29:02 2023 +0100
tree	178cec6c375cfbff69232028dfe0eb4ac0211bfe
parent	1db5cdaf574b37fa7279595bd409ae61764cf3a5 [diff]