mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-15 19:20:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Improve mbedtls_pkcs5_pbes2_ext changelog description

Browse Source 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
This commit is contained in:
Waleed Elmelegy 2023-08-29 14:56:15 +01:00
parent 79b6e26b1b
commit 4ac8619282
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
ChangeLog.d/add-new-pkcs5-pbe2-ext-fun.txt
View File

@ -1,6 +1,6 @@
Features
* Add new mbedtls_pkcs5_pbes2_ext function a more secure replacement to
mbedtls_pkcs5_pbes2 function because it reports the length of the output
bytes written to the output buffer and it requires a parameter containing
the output buffer size and validate if the output buffer is big enough
for output including padding.
Security
* Developers using mbedtls_pkcs5_pbes2() should review the size of the output
buffer passed to this function, and note that the output after decryption
may include CBC padding. Consider moving to the new function
mbedtls_pkcs5_pbes2_ext() which checks for overflow of the output buffer
and reports the actual length of the output.