Security
* Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does
not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when
MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRBG_C are disabled.
CVE-2024-45157
Bugfix
* Fix the build in some configurations when check_config.h is not included.
Fix gh#Mbed-TLS/mbedtls#9152.
* Fix issue of redefinition warning messages for _GNU_SOURCE in
entropy_poll.c and sha_256.c. There was a build warning during building for
linux platform. Resolves gh#Mbed-TLS/mbedtls#9026
* Fix error handling when creating a key in a dynamic secure element
(feature enabled by MBEDTLS_PSA_CRYPTO_SE_C). In a low memory condition,
the creation could return PSA_SUCCESS but using or destroying the key would
not work. Fixes gh#Mbed-TLS/mbedtls#8537.
* Fix a memory leak that could occur when failing to process an RSA
key through some PSA functions due to low memory conditions. Document and
enforce the limitation of mbedtls_psa_register_se_key()
to persistent keys. Resolves gh#Mbed-TLS/mbedtls#9253.
- Add fix_calloc-transposed-args.patch
OBS-URL: https://build.opensuse.org/package/show/security:tls/mbedtls-2?expand=0&rev=16
