TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 49fcbeab14dba5ca8d9160eed520da775b67ca38^! / . / ChangeLog
commit49fcbeab14dba5ca8d9160eed520da775b67ca38[log] [tgz]
authorJaeden Amero <jaeden.amero@arm.com>Fri Aug 30 15:50:45 2019 +0100
committerJaeden Amero <jaeden.amero@arm.com>Fri Aug 30 15:50:45 2019 +0100
tree89dc4d13db12e9cd484f2e142fa1258376200c7c
parent379964a7b65454b28f86089f630334363c086ca6 [diff] [blame]
parent9b9a790be66a5ff397cb7c6dab53051f5a1d9470 [diff] [blame]
Merge remote-tracking branch 'origin/pr/2799' into development

Manually edit ChangeLog to ensure correct placement of ChangeLog notes.

* origin/pr/2799: (42 commits)
  Handle deleting non-existant files on Windows
  Update submodule
  Use 3rdparty headers from the submodule
  Add Everest components to all.sh
  3rdparty: Add config checks for Everest
  Fix macros in benchmark.c
  Update generated files
  3rdparty: Fix inclusion order of CMakeLists.txt
  Fix trailing whitespace
  ECDH: Fix inclusion of platform.h for proper use of MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED
  ECDH: Fix use of ECDH API in full handshake benchmark
  ECDH: Removed unnecessary calls to mbedtls_ecp_group_load in ECDH benchmark
  ECDH: Fix Everest x25519 make_public
  Fix file permissions
  3rdparty: Rename THIRDPARTY_OBJECTS
  3rdparty: Update description of MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
  3rdparty: Fix Makefile coding conventions
  ECDSA: Refactor return value checks for mbedtls_ecdsa_can_do
  Add a changelog entry for Everest ECDH (X25519)
  Document that curve lists can include partially-supported curves
  ...

diff --git a/ChangeLog b/ChangeLog
index 3d6ae07..87b735a 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -12,12 +12,23 @@
      feature can be used alongside Connection ID and SSL context serialisation.
      The feature is enabled at compile-time by MBEDTLS_SSL_RECORD_CHECKING
      option.
+   * New implementation of X25519 (ECDH using Curve25519) from Project Everest
+     (https://project-everest.github.io/). It can be enabled at compile time
+     with MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED. This implementation is formally
+     verified and significantly faster, but is only supported on x86 platforms
+     (32-bit and 64-bit) using GCC, Clang or Visual Studio. Contributed by
+     Christoph Wintersteiger from Microsoft Research.
 
 API Changes
    * Add DER-encoded test CRTs to library/certs.c, allowing
      the example programs ssl_server2 and ssl_client2 to be run
      if MBEDTLS_FS_IO and MBEDTLS_PEM_PARSE_C are unset. Fixes #2254.
    * The HAVEGE state type now uses uint32_t elements instead of int.
+   * The functions mbedtls_ecp_curve_list() and mbedtls_ecp_grp_id_list() now
+     list all curves for which at least one of ECDH or ECDSA is supported, not
+     just curves for which both are supported. Call mbedtls_ecdsa_can_do() or
+     mbedtls_ecdh_can_do() on each result to check whether each algorithm is
+     supported.
 
 Bugfix
    * Fix missing bounds checks in X.509 parsing functions that could
@@ -119,6 +130,7 @@
      MBEDTLS_SSL_DTLS_CONNECTION_ID (disabled by default), and at run-time
      through the new APIs mbedtls_ssl_conf_cid() and mbedtls_ssl_set_cid().
 
+
 API Changes
    * Extend the MBEDTLS_SSL_EXPORT_KEYS to export the handshake randbytes,
      and the used tls-prf.