Improve mbedtls_pkcs5_pbes2_ext changelog description

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
This commit is contained in:
Waleed Elmelegy 2023-08-29 14:56:15 +01:00
parent 79b6e26b1b
commit 4ac8619282

View File

@ -1,6 +1,6 @@
Features
* Add new mbedtls_pkcs5_pbes2_ext function a more secure replacement to
mbedtls_pkcs5_pbes2 function because it reports the length of the output
bytes written to the output buffer and it requires a parameter containing
the output buffer size and validate if the output buffer is big enough
for output including padding.
Security
* Developers using mbedtls_pkcs5_pbes2() should review the size of the output
buffer passed to this function, and note that the output after decryption
may include CBC padding. Consider moving to the new function
mbedtls_pkcs5_pbes2_ext() which checks for overflow of the output buffer
and reports the actual length of the output.