lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-11-03 20:33:16 +03:00
Code Activity

Changelog entry for mbedtls_setbuf()

Browse Source 
* Security: we're improving a countermeasure.
* Requirement change: the library will no longer compile on a platform
  without setbuf().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine
2022-06-30 17:07:47 +02:00
parent 6d576c9646
commit cf4d9f98c7
1 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
ChangeLog.d/add_mbedtls_setbuf.txt Normal file
View File

@@ -0,0 +1,10 @@
Security
* Add the platform function mbedtls_setbuf() to allow buffering to be
disabled on stdio files, to stop secrets loaded from said files being
potentially left in memory after file operations. Reported by
Glenn Strauss.
Requirement changes
* The library will no longer compile out of the box on a platform without
setbuf() if MBEDTLS_FS_IO is enabled. If your platform does not have
setbuf(), you can configure an alternative function by enabling
MBEDTLS_PLATFORM_SETBUF_ALT or MBEDTLS_PLATFORM_SETBUF_MACRO.