SwitchEmu/mbedtls
1
0
Fork 0
mirror of https://git.suyu.dev/suyu/mbedtls.git synced 2026-03-22 05:12:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'development' into development-restricted

Browse Source
This commit is contained in:
Jaeden Amero
2018-01-09 13:16:37 +00:00
parent 07d1078cdc 0bc9e30435
commit f342cb791b
30 changed files with 3245 additions and 583 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
ChangeLog
View File

@@ -49,10 +49,35 @@ Features
MBEDTLS_CMAC_ALT). Submitted by Steve Cooreman, Silicon Labs.
* Add support for alternative implementations of GCM, selected by the
configuration flag MBEDTLS_GCM_ALT.
* Add support for alternative implementations for ECDSA, controlled by new
configuration flags MBEDTLS_ECDSA_SIGN_ALT, MBEDTLS_ECDSA_VERIFY_ALT and
MBEDTLS_ECDSDA_GENKEY_AT in config.h.
The following functions from the ECDSA module can be replaced
with alternative implementation:
mbedtls_ecdsa_sign(), mbedtls_ecdsa_verify() and mbedtls_ecdsa_genkey().
* Add support for alternative implementation for ECDH, controlled by new
configuration flags MBEDTLS_ECDH_COMPUTE_SHARED_ALT and
MBEDTLS_ECDH_GEN_PUBLIC_ALT in config.h.
The following functions from the ECDH module can be replaced
with an alternative implementation:
mbedtls_ecdh_gen_public() and mbedtls_ecdh_compute_shared().
New deprecations
* Deprecate usage of RSA primitives with non-matching key-type
(e.g., signing with a public key).
* Direct manipulation of structure fields of RSA contexts is deprecated.
Users are advised to use the extended RSA API instead.
API Changes
* Extend RSA interface by multiple functions allowing structure-
independent setup and export of RSA contexts. Most notably,
mbedtls_rsa_import and mbedtls_rsa_complete are introduced for setting
up RSA contexts from partial key material and having them completed to the
needs of the implementation automatically. This allows to setup private RSA
contexts from keys consisting of N,D,E only, even if P,Q are needed for the
purpose or CRT and/or blinding.
* The configuration option MBEDTLS_RSA_ALT can be used to define alternative
implementations of the RSA interface declared in rsa.h.
Bugfix
* Fix ssl_parse_record_header() to silently discard invalid DTLS records
@@ -108,6 +133,10 @@ Changes
* Extend cert_write example program by options to set the CRT version
and the message digest. Further, allow enabling/disabling of authority
identifier, subject identifier and basic constraints extensions.
* Only check for necessary RSA structure fields in `mbedtls_rsa_private`. In
particular, don't require P,Q if neither CRT nor blinding are
used. Reported and fix proposed independently by satur9nine and sliai
on GitHub.
* Only run AES-192 self-test if AES-192 is available. Fixes #963.
= mbed TLS 2.6.0 branch released 2017-08-10