diff --git a/ChangeLog b/ChangeLog index 71ba44deb..6b1bb2141 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,274 @@ -mbed TLS ChangeLog (Sorted per branch, date) +Mbed TLS ChangeLog (Sorted per branch, date) + += Mbed TLS 3.2.0 branch released 2022-07-11 + +Default behavior changes + * mbedtls_cipher_set_iv will now fail with ChaCha20 and ChaCha20+Poly1305 + for IV lengths other than 12. The library was silently overwriting this + length with 12, but did not inform the caller about it. Fixes #4301. + +Requirement changes + * The library will no longer compile out of the box on a platform without + setbuf(). If your platform does not have setbuf(), you can configure an + alternative function by enabling MBEDTLS_PLATFORM_SETBUF_ALT or + MBEDTLS_PLATFORM_SETBUF_MACRO. + +New deprecations + * Deprecate mbedtls_ssl_conf_max_version() and + mbedtls_ssl_conf_min_version() in favor of + mbedtls_ssl_conf_max_tls_version() and + mbedtls_ssl_conf_min_tls_version(). + * Deprecate mbedtls_cipher_setup_psa(). Use psa_aead_xxx() or + psa_cipher_xxx() directly instead. + * Secure element drivers enabled by MBEDTLS_PSA_CRYPTO_SE_C are deprecated. + This was intended as an experimental feature, but had not been explicitly + documented as such. Use opaque drivers with the interface enabled by + MBEDTLS_PSA_CRYPTO_DRIVERS instead. + * Deprecate mbedtls_ssl_conf_sig_hashes() in favor of the more generic + mbedtls_ssl_conf_sig_algs(). Signature algorithms for the TLS 1.2 and + TLS 1.3 handshake should now be configured with + mbedtls_ssl_conf_sig_algs(). + +Features + * Add accessor to obtain ciphersuite id from ssl context. + * Add accessors to get members from ciphersuite info. + * Add mbedtls_ssl_ticket_rotate() for external ticket rotation. + * Add accessor to get the raw buffer pointer from a PEM context. + * The structures mbedtls_ssl_config and mbedtls_ssl_context now store + a piece of user data which is reserved for the application. The user + data can be either a pointer or an integer. + * Add an accessor function to get the configuration associated with + an SSL context. + * Add a function to access the protocol version from an SSL context in a + form that's easy to compare. Fixes #5407. + * Add function mbedtls_md_info_from_ctx() to recall the message digest + information that was used to set up a message digest context. + * Add ALPN support in TLS 1.3 clients. + * Add server certificate selection callback near end of Client Hello. + Register callback with mbedtls_ssl_conf_cert_cb(). + * Provide mechanism to reset handshake cert list by calling + mbedtls_ssl_set_hs_own_cert() with NULL value for own_cert param. + * Add accessor mbedtls_ssl_get_hs_sni() to retrieve SNI from within + cert callback (mbedtls_ssl_conf_cert_cb()) during handshake. + * The X.509 module now uses PSA hash acceleration if present. + * Add support for psa crypto key derivation for elliptic curve + keys. Fixes #3260. + * Add function mbedtls_timing_get_final_delay() to access the private + final delay field in an mbedtls_timing_delay_context, as requested in + #5183. + * Add mbedtls_pk_sign_ext() which allows generating RSA-PSS signatures when + PSA Crypto is enabled. + * Add function mbedtls_ecp_export() to export ECP key pair parameters. + Fixes #4838. + * Add function mbedtls_ssl_is_handshake_over() to enable querying if the SSL + Handshake has completed or not, and thus whether to continue calling + mbedtls_ssl_handshake_step(), requested in #4383. + * Add the function mbedtls_ssl_get_own_cid() to access our own connection id + within mbedtls_ssl_context, as requested in #5184. + * Introduce mbedtls_ssl_hs_cb_t typedef for use with + mbedtls_ssl_conf_cert_cb() and perhaps future callbacks + during TLS handshake. + * Add functions mbedtls_ssl_conf_max_tls_version() and + mbedtls_ssl_conf_min_tls_version() that use a single value to specify + the protocol version. + * Extend the existing PSA_ALG_TLS12_PSK_TO_MS() algorithm to support + mixed-PSK. Add an optional input PSA_KEY_DERIVATION_INPUT_OTHER_SECRET + holding the other secret. + * When MBEDTLS_PSA_CRYPTO_CONFIG is enabled, you may list the PSA crypto + feature requirements in the file named by the new macro + MBEDTLS_PSA_CRYPTO_CONFIG_FILE instead of the default psa/crypto_config.h. + Furthermore you may name an additional file to include after the main + file with the macro MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE. + * Add the function mbedtls_x509_crt_has_ext_type() to access the ext types + field within mbedtls_x509_crt context, as requested in #5585. + * Add HKDF-Expand and HKDF-Extract as separate algorithms in the PSA API. + * Add support for the ARMv8 SHA-2 acceleration instructions when building + for Aarch64. + * Add support for authentication of TLS 1.3 clients by TLS 1.3 servers. + * Add support for server HelloRetryRequest message. The TLS 1.3 client is + now capable of negotiating another shared secret if the one sent in its + first ClientHello was not suitable to the server. + * Add support for client-side TLS version negotiation. If both TLS 1.2 and + TLS 1.3 protocols are enabled in the build of Mbed TLS, the TLS client now + negotiates TLS 1.3 or TLS 1.2 with TLS servers. + * Enable building of Mbed TLS with TLS 1.3 protocol support but without TLS + 1.2 protocol support. + * Mbed TLS provides an implementation of a TLS 1.3 server (ephemeral key + establishment only). See docs/architecture/tls13-support.md for a + description of the support. The MBEDTLS_SSL_PROTO_TLS1_3 and + MBEDTLS_SSL_SRV_C configuration options control this. + * Add accessors to configure DN hints for certificate request: + mbedtls_ssl_conf_dn_hints() and mbedtls_ssl_set_hs_dn_hints() + * The configuration option MBEDTLS_USE_PSA_CRYPTO, which previously + affected only a limited subset of crypto operations in TLS, X.509 and PK, + now causes most of them to be done using PSA Crypto; see + docs/use-psa-crypto.md for the list of exceptions. + * The function mbedtls_pk_setup_opaque() now supports RSA key pairs as well. + Opaque keys can now be used everywhere a private key is expected in the + TLS and X.509 modules. + * Opaque pre-shared keys for TLS, provisioned with + mbedtls_ssl_conf_psk_opaque() or mbedtls_ssl_set_hs_psk_opaque(), which + previously only worked for "pure" PSK key exchange, now can also be used + for the "mixed" PSK key exchanges as well: ECDHE-PSK, DHE-PSK, RSA-PSK. + * cmake now detects if it is being built as a sub-project, and in that case + disables the target export/installation and package configuration. + * Make USE_PSA_CRYPTO compatible with KEY_ID_ENCODES_OWNER. Fixes #5259. + * Add example programs cipher_aead_demo.c, md_hmac_demo.c, aead_demo.c + and hmac_demo.c, which use PSA and the md/cipher interfaces side + by side in order to illustrate how the operation is performed in PSA. + Addresses #5208. + +Security + * Zeroize dynamically-allocated buffers used by the PSA Crypto key storage + module before freeing them. These buffers contain secret key material, and + could thus potentially leak the key through freed heap. + * Fix potential memory leak inside mbedtls_ssl_cache_set() with + an invalid session id length. + * Add the platform function mbedtls_setbuf() to allow buffering to be + disabled on stdio files, to stop secrets loaded from said files being + potentially left in memory after file operations. Reported by + Glenn Strauss. + * Fix a potential heap buffer overread in TLS 1.2 server-side when + MBEDTLS_USE_PSA_CRYPTO is enabled, an opaque key (created with + mbedtls_pk_setup_opaque()) is provisioned, and a static ECDH ciphersuite + is selected. This may result in an application crash or potentially an + information leak. + * Fix a buffer overread in DTLS ClientHello parsing in servers with + MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled. An unauthenticated client + or a man-in-the-middle could cause a DTLS server to read up to 255 bytes + after the end of the SSL input buffer. The buffer overread only happens + when MBEDTLS_SSL_IN_CONTENT_LEN is less than a threshold that depends on + the exact configuration: 258 bytes if using mbedtls_ssl_cookie_check(), + and possibly up to 571 bytes with a custom cookie check function. + Reported by the Cybeats PSI Team. + * Fix a buffer overread in TLS 1.3 Certificate parsing. An unauthenticated + client or server could cause an MbedTLS server or client to overread up + to 64 kBytes of data and potentially overread the input buffer by that + amount minus the size of the input buffer. As overread data undergoes + various checks, the likelihood of reaching the boundary of the input + buffer is rather small but increases as its size + MBEDTLS_SSL_IN_CONTENT_LEN decreases. + * Fix check of certificate key usage in TLS 1.3. The usage of the public key + provided by a client or server certificate for authentication was not + checked properly when validating the certificate. This could cause a + client or server to be able to authenticate itself through a certificate + to an Mbed TLS TLS 1.3 server or client while it does not own a proper + certificate to do so. + +Bugfix + * Declare or use PSA_WANT_ALG_CCM_STAR_NO_TAG following the general + pattern for PSA_WANT_xxx symbols. Previously you had to specify + PSA_WANT_ALG_CCM for PSA_ALG_CCM_STAR_NO_TAG. + * Fix a memory leak if mbedtls_ssl_config_defaults() is called twice. + * Fixed swap of client and server random bytes when exporting them alongside + TLS 1.3 handshake and application traffic secret. + * Fix several bugs (warnings, compiler and linker errors, test failures) + in reduced configurations when MBEDTLS_USE_PSA_CRYPTO is enabled. + * Fix a bug in (D)TLS curve negotiation: when MBEDTLS_USE_PSA_CRYPTO was + enabled and an ECDHE-ECDSA or ECDHE-RSA key exchange was used, the + client would fail to check that the curve selected by the server for + ECDHE was indeed one that was offered. As a result, the client would + accept any curve that it supported, even if that curve was not allowed + according to its configuration. Fixes #5291. + * The TLS 1.3 implementation is now compatible with the + MBEDTLS_USE_PSA_CRYPTO configuration option. + * Fix unit tests that used 0 as the file UID. This failed on some + implementations of PSA ITS. Fixes #3838. + * Fix mbedtls_ssl_get_version() not reporting TLSv1.3. Fixes #5406. + * Fix API violation in mbedtls_md_process() test by adding a call to + mbedtls_md_starts(). Fixes #2227. + * Fix compile errors when MBEDTLS_HAVE_TIME is not defined. Add tests + to catch bad uses of time.h. + * Fix a race condition in out-of-source builds with CMake when generated data + files are already present. Fixes #5374. + * Fix the library search path when building a shared library with CMake + on Windows. + * Fix bug in the alert sending function mbedtls_ssl_send_alert_message() + potentially leading to corrupted alert messages being sent in case + the function needs to be re-called after initially returning + MBEDTLS_SSL_WANT_WRITE. Fixes #1916. + * In configurations with MBEDTLS_SSL_DTLS_CONNECTION_ID enabled but not + MBEDTLS_DEBUG_C, DTLS handshakes using CID would crash due to a null + pointer dereference. Fix this. Fixes #3998. + The fix was released, but not announced, in Mbed TLS 3.1.0. + * Fix incorrect documentation of mbedtls_x509_crt_profile. The previous + documentation stated that the `allowed_pks` field applies to signatures + only, but in fact it does apply to the public key type of the end entity + certificate, too. Fixes #1992. + * Fix undefined behavior in mbedtls_asn1_find_named_data(), where val is + not NULL and val_len is zero. + * Fix compilation error with mingw32. Fixed by Cameron Cawley in #4211. + * Fix compilation error when using C++ Builder on Windows. Reported by + Miroslav Mastny in #4015. + * psa_raw_key_agreement() now returns PSA_ERROR_BUFFER_TOO_SMALL when + applicable. Fixes #5735. + * Fix a bug in the x25519 example program where the removal of + MBEDTLS_ECDH_LEGACY_CONTEXT caused the program not to run. Fixes #4901 and + #3191. + * Fix a TLS 1.3 handshake failure when the peer Finished message has not + been received yet when we first try to fetch it. + * Encode X.509 dates before 1/1/2000 as UTCTime rather than + GeneralizedTime. Fixes #5465. + * Add mbedtls_x509_dn_get_next function to return the next relative DN in + an X509 name, to allow walking the name list. Fixes #5431. + * Fix order value of curve x448. + * Fix string representation of DNs when outputting values containing commas + and other special characters, conforming to RFC 1779. Fixes #769. + * Silence a warning from GCC 12 in the selftest program. Fixes #5974. + * Fix check_config.h to check that we have MBEDTLS_SSL_KEEP_PEER_CERTIFICATE + when MBEDTLS_SSL_PROTO_TLS1_3 is specified, and make this and other + dependencies explicit in the documentation. Fixes #5610. + * Fix mbedtls_asn1_write_mpi() writing an incorrect encoding of 0. + * Fix a TLS 1.3 handshake failure when the first attempt to send the client + Finished message on the network cannot be satisfied. Fixes #5499. + * Fix resource leaks in mbedtls_pk_parse_public_key() in low + memory conditions. + * Fix server connection identifier setting for outgoing encrypted records + on DTLS 1.2 session resumption. After DTLS 1.2 session resumption with + connection identifier, the Mbed TLS client now properly sends the server + connection identifier in encrypted record headers. Fix #5872. + * Fix a null pointer dereference when performing some operations on zero + represented with 0 limbs (specifically mbedtls_mpi_mod_int() dividing + by 2, and mbedtls_mpi_write_string() in base 2). + * Fix record sizes larger than 16384 being sometimes accepted despite being + non-compliant. This could not lead to a buffer overflow. In particular, + application data size was already checked correctly. + * Fix MBEDTLS_SVC_KEY_ID_GET_KEY_ID() and MBEDTLS_SVC_KEY_ID_GET_OWNER_ID() + which have been broken, resulting in compilation errors, since Mbed TLS + 3.0. + * Ensure that TLS 1.2 ciphersuite/certificate and key selection takes into + account not just the type of the key (RSA vs EC) but also what it can + actually do. Resolves #5831. + * Fix CMake windows host detection, especially when cross compiling. + * Fix an error in make where the absence of a generated file caused + make to break on a clean checkout. Fixes #5340. + * Work around an MSVC ARM64 compiler bug causing incorrect behaviour + in mbedtls_mpi_exp_mod(). Reported by Tautvydas Žilys in #5467. + * Removed the prompt to exit from all windows build programs that was causing + issues in CI/CD environments. + +Changes + * The file library/psa_crypto_driver_wrappers.c is now generated + from a template. In the future, the generation will support + driver descriptions. For the time being, to customize this file, + see docs/proposed/psa-driver-wrappers-codegen-migration-guide.md + * Return PSA_ERROR_INVALID_ARGUMENT if the algorithm passed to one-shot + AEAD functions is not an AEAD algorithm. This aligns them with the + multipart functions, and the PSA Crypto API 1.1 specification. + * In mbedtls_pk_parse_key(), if no password is provided, don't allocate a + temporary variable on the heap. Suggested by Sergey Kanatov in #5304. + * Assume source files are in UTF-8 when using MSVC with CMake. + * Fix runtime library install location when building with CMake and MinGW. + DLLs are now installed in the bin directory instead of lib. + * cmake: Use GnuInstallDirs to customize install directories + Replace custom LIB_INSTALL_DIR variable with standard CMAKE_INSTALL_LIBDIR + variable. For backward compatibility, set CMAKE_INSTALL_LIBDIR if + LIB_INSTALL_DIR is set. + * Add a CMake option that enables static linking of the runtime library + in Microsoft Visual C++ compiler. Contributed by Microplankton. + * In CMake builds, add aliases for libraries so that the normal MbedTLS::* + targets work when MbedTLS is built as a subdirectory. This allows the + use of FetchContent, as requested in #5688. = mbed TLS 3.1.0 branch released 2021-12-17 diff --git a/ChangeLog.d/Driver_wrapper_codegen_1.0.txt b/ChangeLog.d/Driver_wrapper_codegen_1.0.txt deleted file mode 100644 index a4d9c5417..000000000 --- a/ChangeLog.d/Driver_wrapper_codegen_1.0.txt +++ /dev/null @@ -1,5 +0,0 @@ -Changes - * The file library/psa_crypto_driver_wrappers.c is now generated - from a template. In the future, the generation will support - driver descriptions. For the time being, to customize this file, - see docs/proposed/psa-driver-wrappers-codegen-migration-guide.md diff --git a/ChangeLog.d/MD-X.509-hashing.txt b/ChangeLog.d/MD-X.509-hashing.txt deleted file mode 100644 index 2ca989c80..000000000 --- a/ChangeLog.d/MD-X.509-hashing.txt +++ /dev/null @@ -1,2 +0,0 @@ -Features - * The X.509 module now uses PSA hash acceleration if present. diff --git a/ChangeLog.d/PSA-test-suites-NOT-using-UID-0.txt b/ChangeLog.d/PSA-test-suites-NOT-using-UID-0.txt deleted file mode 100644 index 9acbb0ad3..000000000 --- a/ChangeLog.d/PSA-test-suites-NOT-using-UID-0.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix unit tests that used 0 as the file UID. This failed on some - implementations of PSA ITS. Fixes #3838. diff --git a/ChangeLog.d/add-mbedtls_md_starts-to-mbedtls_md_process-test.txt b/ChangeLog.d/add-mbedtls_md_starts-to-mbedtls_md_process-test.txt deleted file mode 100644 index 57c7561d7..000000000 --- a/ChangeLog.d/add-mbedtls_md_starts-to-mbedtls_md_process-test.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix API violation in mbedtls_md_process() test by adding a call to - mbedtls_md_starts(). Fixes #2227. diff --git a/ChangeLog.d/add_dn_get_next.txt b/ChangeLog.d/add_dn_get_next.txt deleted file mode 100644 index 04ee954f6..000000000 --- a/ChangeLog.d/add_dn_get_next.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Add mbedtls_x509_dn_get_next function to return the next relative DN in - an X509 name, to allow walking the name list. Fixes #5431. diff --git a/ChangeLog.d/add_final_delay_accessor.txt b/ChangeLog.d/add_final_delay_accessor.txt deleted file mode 100644 index 4b8117f39..000000000 --- a/ChangeLog.d/add_final_delay_accessor.txt +++ /dev/null @@ -1,4 +0,0 @@ -Features - * Add function mbedtls_timing_get_final_delay() to access the private - final delay field in an mbedtls_timing_delay_context, as requested in - #5183. diff --git a/ChangeLog.d/add_handshake_completion_accessor.txt b/ChangeLog.d/add_handshake_completion_accessor.txt deleted file mode 100644 index c06a539b3..000000000 --- a/ChangeLog.d/add_handshake_completion_accessor.txt +++ /dev/null @@ -1,4 +0,0 @@ -Features - * Add function mbedtls_ssl_is_handshake_over() to enable querying if the SSL - Handshake has completed or not, and thus whether to continue calling - mbedtls_ssl_handshake_step(), requested in #4383. diff --git a/ChangeLog.d/add_mbedtls_setbuf.txt b/ChangeLog.d/add_mbedtls_setbuf.txt deleted file mode 100644 index d14cd18aa..000000000 --- a/ChangeLog.d/add_mbedtls_setbuf.txt +++ /dev/null @@ -1,11 +0,0 @@ -Security - * Add the platform function mbedtls_setbuf() to allow buffering to be - disabled on stdio files, to stop secrets loaded from said files being - potentially left in memory after file operations. Reported by - Glenn Strauss. -Requirement changes - * The library will no longer compile out of the box on a platform without - setbuf(). If your platform does not have setbuf(), you can configure an - alternative function by enabling MBEDTLS_PLATFORM_SETBUF_ALT or - MBEDTLS_PLATFORM_SETBUF_MACRO. - diff --git a/ChangeLog.d/add_own_cid_accessors.txt b/ChangeLog.d/add_own_cid_accessors.txt deleted file mode 100644 index 553299c78..000000000 --- a/ChangeLog.d/add_own_cid_accessors.txt +++ /dev/null @@ -1,4 +0,0 @@ -Features - * Add the function mbedtls_ssl_get_own_cid() to access our own connection id - within mbedtls_ssl_context, as requested in #5184. - diff --git a/ChangeLog.d/alert_reentrant.txt b/ChangeLog.d/alert_reentrant.txt deleted file mode 100644 index 691d64c0d..000000000 --- a/ChangeLog.d/alert_reentrant.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * Fix bug in the alert sending function mbedtls_ssl_send_alert_message() - potentially leading to corrupted alert messages being sent in case - the function needs to be re-called after initially returning - MBEDTLS_SSL_WANT_WRITE. Fixes #1916. diff --git a/ChangeLog.d/asn1write-0-fix.txt b/ChangeLog.d/asn1write-0-fix.txt deleted file mode 100644 index 2e01244f8..000000000 --- a/ChangeLog.d/asn1write-0-fix.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bugfix - * Fix mbedtls_asn1_write_mpi() writing an incorrect encoding of 0. diff --git a/ChangeLog.d/bignum-0-mod-2.txt b/ChangeLog.d/bignum-0-mod-2.txt deleted file mode 100644 index 4a1ab161d..000000000 --- a/ChangeLog.d/bignum-0-mod-2.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Fix a null pointer dereference when performing some operations on zero - represented with 0 limbs (specifically mbedtls_mpi_mod_int() dividing - by 2, and mbedtls_mpi_write_string() in base 2). diff --git a/ChangeLog.d/buf-overread-use-psa-static-ecdh.txt b/ChangeLog.d/buf-overread-use-psa-static-ecdh.txt deleted file mode 100644 index 84b9f790d..000000000 --- a/ChangeLog.d/buf-overread-use-psa-static-ecdh.txt +++ /dev/null @@ -1,6 +0,0 @@ -Security - * Fix a potential heap buffer overread in TLS 1.2 server-side when - MBEDTLS_USE_PSA_CRYPTO is enabled, an opaque key (created with - mbedtls_pk_setup_opaque()) is provisioned, and a static ECDH ciphersuite - is selected. This may result in an application crash or potentially an - information leak. diff --git a/ChangeLog.d/bug_order_x448.txt b/ChangeLog.d/bug_order_x448.txt deleted file mode 100644 index cebefc4cf..000000000 --- a/ChangeLog.d/bug_order_x448.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bugfix - * Fix order value of curve x448. diff --git a/ChangeLog.d/ccm_star_no_tag.txt b/ChangeLog.d/ccm_star_no_tag.txt deleted file mode 100644 index 21e829c2a..000000000 --- a/ChangeLog.d/ccm_star_no_tag.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Declare or use PSA_WANT_ALG_CCM_STAR_NO_TAG following the general - pattern for PSA_WANT_xxx symbols. Previously you had to specify - PSA_WANT_ALG_CCM for PSA_ALG_CCM_STAR_NO_TAG. diff --git a/ChangeLog.d/chacha20_invalid_iv_len_fix.txt b/ChangeLog.d/chacha20_invalid_iv_len_fix.txt deleted file mode 100644 index af35e2a00..000000000 --- a/ChangeLog.d/chacha20_invalid_iv_len_fix.txt +++ /dev/null @@ -1,4 +0,0 @@ -Default behavior changes - * mbedtls_cipher_set_iv will now fail with ChaCha20 and ChaCha20+Poly1305 - for IV lengths other than 12. The library was silently overwriting this - length with 12, but did not inform the caller about it. Fixes #4301. diff --git a/ChangeLog.d/cmake-subproject-fix.txt b/ChangeLog.d/cmake-subproject-fix.txt deleted file mode 100644 index dffdd1406..000000000 --- a/ChangeLog.d/cmake-subproject-fix.txt +++ /dev/null @@ -1,3 +0,0 @@ -Features - * cmake now detects if it is being built as a sub-project, and in that case - disables the target export/installation and package configuration. diff --git a/ChangeLog.d/cmake_add_subdirectory_support.txt b/ChangeLog.d/cmake_add_subdirectory_support.txt deleted file mode 100644 index f14f3f866..000000000 --- a/ChangeLog.d/cmake_add_subdirectory_support.txt +++ /dev/null @@ -1,4 +0,0 @@ -Changes - * In CMake builds, add aliases for libraries so that the normal MbedTLS::* - targets work when MbedTLS is built as a subdirectory. This allows the - use of FetchContent, as requested in #5688. diff --git a/ChangeLog.d/cmake_fix_dll_install.txt b/ChangeLog.d/cmake_fix_dll_install.txt deleted file mode 100644 index 7f407c4cc..000000000 --- a/ChangeLog.d/cmake_fix_dll_install.txt +++ /dev/null @@ -1,3 +0,0 @@ -Changes - * Fix runtime library install location when building with CMake and MinGW. - DLLs are now installed in the bin directory instead of lib. diff --git a/ChangeLog.d/cmake_msvc_utf8.txt b/ChangeLog.d/cmake_msvc_utf8.txt deleted file mode 100644 index 552eec752..000000000 --- a/ChangeLog.d/cmake_msvc_utf8.txt +++ /dev/null @@ -1,2 +0,0 @@ -Changes - * Assume source files are in UTF-8 when using MSVC with CMake. diff --git a/ChangeLog.d/cmake_use_GnuInstallDirs.txt b/ChangeLog.d/cmake_use_GnuInstallDirs.txt deleted file mode 100644 index d8487555d..000000000 --- a/ChangeLog.d/cmake_use_GnuInstallDirs.txt +++ /dev/null @@ -1,5 +0,0 @@ -Changes - * cmake: Use GnuInstallDirs to customize install directories - Replace custom LIB_INSTALL_DIR variable with standard CMAKE_INSTALL_LIBDIR - variable. For backward compatibility, set CMAKE_INSTALL_LIBDIR if - LIB_INSTALL_DIR is set. diff --git a/ChangeLog.d/cookie_parsing_bug.txt b/ChangeLog.d/cookie_parsing_bug.txt deleted file mode 100644 index 1c25f3952..000000000 --- a/ChangeLog.d/cookie_parsing_bug.txt +++ /dev/null @@ -1,9 +0,0 @@ -Security - * Fix a buffer overread in DTLS ClientHello parsing in servers with - MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled. An unauthenticated client - or a man-in-the-middle could cause a DTLS server to read up to 255 bytes - after the end of the SSL input buffer. The buffer overread only happens - when MBEDTLS_SSL_IN_CONTENT_LEN is less than a threshold that depends on - the exact configuration: 258 bytes if using mbedtls_ssl_cookie_check(), - and possibly up to 571 bytes with a custom cookie check function. - Reported by the Cybeats PSI Team. diff --git a/ChangeLog.d/deprecate_mbedtls_cipher_setup_psa.txt b/ChangeLog.d/deprecate_mbedtls_cipher_setup_psa.txt deleted file mode 100644 index b145243c2..000000000 --- a/ChangeLog.d/deprecate_mbedtls_cipher_setup_psa.txt +++ /dev/null @@ -1,3 +0,0 @@ -New deprecations - * Deprecate mbedtls_cipher_setup_psa(). Use psa_aead_xxx() or - psa_cipher_xxx() directly instead. diff --git a/ChangeLog.d/doc-x509-profile-pk.txt b/ChangeLog.d/doc-x509-profile-pk.txt deleted file mode 100644 index 35625fe12..000000000 --- a/ChangeLog.d/doc-x509-profile-pk.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * Fix incorrect documentation of mbedtls_x509_crt_profile. The previous - documentation stated that the `allowed_pks` field applies to signatures - only, but in fact it does apply to the public key type of the end entity - certificate, too. Fixes #1992. diff --git a/ChangeLog.d/dtls-cid-null.txt b/ChangeLog.d/dtls-cid-null.txt deleted file mode 100644 index b0206164f..000000000 --- a/ChangeLog.d/dtls-cid-null.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * In configurations with MBEDTLS_SSL_DTLS_CONNECTION_ID enabled but not - MBEDTLS_DEBUG_C, DTLS handshakes using CID would crash due to a null - pointer dereference. Fix this. Fixes #3998. - The fix was released, but not announced, in Mbed TLS 3.1.0. diff --git a/ChangeLog.d/fix-csr_subject_commas.txt b/ChangeLog.d/fix-csr_subject_commas.txt deleted file mode 100644 index e01c9a88c..000000000 --- a/ChangeLog.d/fix-csr_subject_commas.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix string representation of DNs when outputting values containing commas - and other special characters, conforming to RFC 1779. Fixes #769. diff --git a/ChangeLog.d/fix-parllel-cmake-build-fail.txt b/ChangeLog.d/fix-parllel-cmake-build-fail.txt deleted file mode 100644 index 112fa8518..000000000 --- a/ChangeLog.d/fix-parllel-cmake-build-fail.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix a race condition in out-of-source builds with CMake when generated data - files are already present. Fixes #5374. diff --git a/ChangeLog.d/fix-time-format-pre-2000.txt b/ChangeLog.d/fix-time-format-pre-2000.txt deleted file mode 100644 index 414201e3d..000000000 --- a/ChangeLog.d/fix-time-format-pre-2000.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Encode X.509 dates before 1/1/2000 as UTCTime rather than - GeneralizedTime. Fixes #5465. diff --git a/ChangeLog.d/fix-undefined-memcpy-mbedtls_asn1_named_data.txt b/ChangeLog.d/fix-undefined-memcpy-mbedtls_asn1_named_data.txt deleted file mode 100644 index b30f7faaa..000000000 --- a/ChangeLog.d/fix-undefined-memcpy-mbedtls_asn1_named_data.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix undefined behavior in mbedtls_asn1_find_named_data(), where val is - not NULL and val_len is zero. diff --git a/ChangeLog.d/fix-windows-cmake-build-with-shared-libraries.txt b/ChangeLog.d/fix-windows-cmake-build-with-shared-libraries.txt deleted file mode 100644 index a6540a1aa..000000000 --- a/ChangeLog.d/fix-windows-cmake-build-with-shared-libraries.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix the library search path when building a shared library with CMake - on Windows. diff --git a/ChangeLog.d/fix-x25519-program.txt b/ChangeLog.d/fix-x25519-program.txt deleted file mode 100644 index bf5d6ac39..000000000 --- a/ChangeLog.d/fix-x25519-program.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Fix a bug in the x25519 example program where the removal of - MBEDTLS_ECDH_LEGACY_CONTEXT caused the program not to run. Fixes #4901 and - #3191. diff --git a/ChangeLog.d/fix_keyid_and_ownerid_accessor_macros.txt b/ChangeLog.d/fix_keyid_and_ownerid_accessor_macros.txt deleted file mode 100644 index 5d52fd51b..000000000 --- a/ChangeLog.d/fix_keyid_and_ownerid_accessor_macros.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Fix MBEDTLS_SVC_KEY_ID_GET_KEY_ID() and MBEDTLS_SVC_KEY_ID_GET_OWNER_ID() - which have been broken, resulting in compilation errors, since Mbed TLS - 3.0. diff --git a/ChangeLog.d/fix_some_resource_leaks.txt b/ChangeLog.d/fix_some_resource_leaks.txt deleted file mode 100644 index 9761537d8..000000000 --- a/ChangeLog.d/fix_some_resource_leaks.txt +++ /dev/null @@ -1,6 +0,0 @@ -Bugfix - * Fix resource leaks in mbedtls_pk_parse_public_key() in low - memory conditions. -Security - * Fix potential memory leak inside mbedtls_ssl_cache_set() with - an invalid session id length. diff --git a/ChangeLog.d/fix_tls_12_ciphersuite_selection.txt b/ChangeLog.d/fix_tls_12_ciphersuite_selection.txt deleted file mode 100644 index ad615bcfa..000000000 --- a/ChangeLog.d/fix_tls_12_ciphersuite_selection.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * Ensure that TLS 1.2 ciphersuite/certificate and key selection takes into - account not just the type of the key (RSA vs EC) but also what it can - actually do. Resolves #5831. - diff --git a/ChangeLog.d/fix_tls_record_size_check.txt b/ChangeLog.d/fix_tls_record_size_check.txt deleted file mode 100644 index 13d452d61..000000000 --- a/ChangeLog.d/fix_tls_record_size_check.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Fix record sizes larger than 16384 being sometimes accepted despite being - non-compliant. This could not lead to a buffer overflow. In particular, - application data size was already checked correctly. diff --git a/ChangeLog.d/fix_windows_build_host_detection.txt b/ChangeLog.d/fix_windows_build_host_detection.txt deleted file mode 100644 index d593eb834..000000000 --- a/ChangeLog.d/fix_windows_build_host_detection.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix CMake windows host detection, especially when cross compiling. - diff --git a/ChangeLog.d/hkdf_extract_expand.txt b/ChangeLog.d/hkdf_extract_expand.txt deleted file mode 100644 index c394bbd2c..000000000 --- a/ChangeLog.d/hkdf_extract_expand.txt +++ /dev/null @@ -1,2 +0,0 @@ -Features - * Add HKDF-Expand and HKDF-Extract as separate algorithms in the PSA API. diff --git a/ChangeLog.d/keyidowner-psacrypto-compat.txt b/ChangeLog.d/keyidowner-psacrypto-compat.txt deleted file mode 100644 index 77ce9e3cb..000000000 --- a/ChangeLog.d/keyidowner-psacrypto-compat.txt +++ /dev/null @@ -1,2 +0,0 @@ -Features - * Make USE_PSA_CRYPTO compatible with KEY_ID_ENCODES_OWNER. Fixes #5259. diff --git a/ChangeLog.d/make-generated-file-fix.txt b/ChangeLog.d/make-generated-file-fix.txt deleted file mode 100644 index d0c143728..000000000 --- a/ChangeLog.d/make-generated-file-fix.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix an error in make where the absence of a generated file caused - make to break on a clean checkout. Fixes #5340. diff --git a/ChangeLog.d/mbedtls_ecp_export.txt b/ChangeLog.d/mbedtls_ecp_export.txt deleted file mode 100644 index 5dce5b4a8..000000000 --- a/ChangeLog.d/mbedtls_ecp_export.txt +++ /dev/null @@ -1,3 +0,0 @@ -Features - * Add function mbedtls_ecp_export() to export ECP key pair parameters. - Fixes #4838. diff --git a/ChangeLog.d/mbedtls_pem_get_der.txt b/ChangeLog.d/mbedtls_pem_get_der.txt deleted file mode 100644 index b03b058dc..000000000 --- a/ChangeLog.d/mbedtls_pem_get_der.txt +++ /dev/null @@ -1,2 +0,0 @@ -Features - * Add accessor to get the raw buffer pointer from a PEM context. diff --git a/ChangeLog.d/mbedtls_pk_sign_ext.txt b/ChangeLog.d/mbedtls_pk_sign_ext.txt deleted file mode 100644 index 8dfa2e501..000000000 --- a/ChangeLog.d/mbedtls_pk_sign_ext.txt +++ /dev/null @@ -1,3 +0,0 @@ -Features - * Add mbedtls_pk_sign_ext() which allows generating RSA-PSS signatures when - PSA Crypto is enabled. diff --git a/ChangeLog.d/mbedtls_sha2_a64_crypto_acceleration.txt b/ChangeLog.d/mbedtls_sha2_a64_crypto_acceleration.txt deleted file mode 100644 index a6e7f6d92..000000000 --- a/ChangeLog.d/mbedtls_sha2_a64_crypto_acceleration.txt +++ /dev/null @@ -1,3 +0,0 @@ -Features - * Add support for the ARMv8 SHA-2 acceleration instructions when building - for Aarch64. diff --git a/ChangeLog.d/mbedtls_ssl_cert_cb.txt b/ChangeLog.d/mbedtls_ssl_cert_cb.txt deleted file mode 100644 index fcdc23cf0..000000000 --- a/ChangeLog.d/mbedtls_ssl_cert_cb.txt +++ /dev/null @@ -1,7 +0,0 @@ -Features - * Add server certificate selection callback near end of Client Hello. - Register callback with mbedtls_ssl_conf_cert_cb(). - * Provide mechanism to reset handshake cert list by calling - mbedtls_ssl_set_hs_own_cert() with NULL value for own_cert param. - * Add accessor mbedtls_ssl_get_hs_sni() to retrieve SNI from within - cert callback (mbedtls_ssl_conf_cert_cb()) during handshake. diff --git a/ChangeLog.d/mbedtls_ssl_comfig_defaults-memleak.txt b/ChangeLog.d/mbedtls_ssl_comfig_defaults-memleak.txt deleted file mode 100644 index 043b273c7..000000000 --- a/ChangeLog.d/mbedtls_ssl_comfig_defaults-memleak.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bugfix - * Fix a memory leak if mbedtls_ssl_config_defaults() is called twice. diff --git a/ChangeLog.d/mbedtls_ssl_dn_hint.txt b/ChangeLog.d/mbedtls_ssl_dn_hint.txt deleted file mode 100644 index f569a36ca..000000000 --- a/ChangeLog.d/mbedtls_ssl_dn_hint.txt +++ /dev/null @@ -1,3 +0,0 @@ -Features - * Add accessors to configure DN hints for certificate request: - mbedtls_ssl_conf_dn_hints() and mbedtls_ssl_set_hs_dn_hints() diff --git a/ChangeLog.d/mbedtls_ssl_get_ciphersuite_id.txt b/ChangeLog.d/mbedtls_ssl_get_ciphersuite_id.txt deleted file mode 100644 index c4235b74b..000000000 --- a/ChangeLog.d/mbedtls_ssl_get_ciphersuite_id.txt +++ /dev/null @@ -1,3 +0,0 @@ -Features - * Add accessor to obtain ciphersuite id from ssl context. - * Add accessors to get members from ciphersuite info. diff --git a/ChangeLog.d/mbedtls_ssl_hs_cb_t.txt b/ChangeLog.d/mbedtls_ssl_hs_cb_t.txt deleted file mode 100644 index 28c337100..000000000 --- a/ChangeLog.d/mbedtls_ssl_hs_cb_t.txt +++ /dev/null @@ -1,4 +0,0 @@ -Features - * Introduce mbedtls_ssl_hs_cb_t typedef for use with - mbedtls_ssl_conf_cert_cb() and perhaps future callbacks - during TLS handshake. diff --git a/ChangeLog.d/mbedtls_ssl_ticket_rotate.txt b/ChangeLog.d/mbedtls_ssl_ticket_rotate.txt deleted file mode 100644 index b843bfd5d..000000000 --- a/ChangeLog.d/mbedtls_ssl_ticket_rotate.txt +++ /dev/null @@ -1,2 +0,0 @@ -Features - * Add mbedtls_ssl_ticket_rotate() for external ticket rotation. diff --git a/ChangeLog.d/mbedtls_ssl_tls13_client.txt b/ChangeLog.d/mbedtls_ssl_tls13_client.txt deleted file mode 100644 index 57a26e10c..000000000 --- a/ChangeLog.d/mbedtls_ssl_tls13_client.txt +++ /dev/null @@ -1,2 +0,0 @@ -Features - * Add ALPN support in TLS 1.3 clients. diff --git a/ChangeLog.d/mbedtls_tlsver_enum.txt b/ChangeLog.d/mbedtls_tlsver_enum.txt deleted file mode 100644 index c027ab71f..000000000 --- a/ChangeLog.d/mbedtls_tlsver_enum.txt +++ /dev/null @@ -1,10 +0,0 @@ -New deprecations - * Deprecate mbedtls_ssl_conf_max_version() and - mbedtls_ssl_conf_min_version() in favor of - mbedtls_ssl_conf_max_tls_version() and - mbedtls_ssl_conf_min_tls_version(). - -Features - * Add functions mbedtls_ssl_conf_max_tls_version() and - mbedtls_ssl_conf_min_tls_version() that use a single value to specify - the protocol version. diff --git a/ChangeLog.d/md_info_from_ctx.txt b/ChangeLog.d/md_info_from_ctx.txt deleted file mode 100644 index aa61e1a09..000000000 --- a/ChangeLog.d/md_info_from_ctx.txt +++ /dev/null @@ -1,3 +0,0 @@ -Features - * Add function mbedtls_md_info_from_ctx() to recall the message digest - information that was used to set up a message digest context. diff --git a/ChangeLog.d/mingw.txt b/ChangeLog.d/mingw.txt deleted file mode 100644 index ac4e741db..000000000 --- a/ChangeLog.d/mingw.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Fix compilation error with mingw32. Fixed by Cameron Cawley in #4211. - * Fix compilation error when using C++ Builder on Windows. Reported by - Miroslav Mastny in #4015. diff --git a/ChangeLog.d/msvc-compiler-bug.txt b/ChangeLog.d/msvc-compiler-bug.txt deleted file mode 100644 index 06062bc5d..000000000 --- a/ChangeLog.d/msvc-compiler-bug.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Work around an MSVC ARM64 compiler bug causing incorrect behaviour - in mbedtls_mpi_exp_mod(). Reported by Tautvydas Žilys in #5467. diff --git a/ChangeLog.d/new-examples.txt b/ChangeLog.d/new-examples.txt deleted file mode 100644 index 71ec8330c..000000000 --- a/ChangeLog.d/new-examples.txt +++ /dev/null @@ -1,5 +0,0 @@ -Features - * Add example programs cipher_aead_demo.c, md_hmac_demo.c, aead_demo.c - and hmac_demo.c, which use PSA and the md/cipher interfaces side - by side in order to illustrate how the operation is performed in PSA. - Addresses #5208. diff --git a/ChangeLog.d/pkparse-pkcs8-unencrypted-no-alloc.txt b/ChangeLog.d/pkparse-pkcs8-unencrypted-no-alloc.txt deleted file mode 100644 index 9d7a32ea0..000000000 --- a/ChangeLog.d/pkparse-pkcs8-unencrypted-no-alloc.txt +++ /dev/null @@ -1,3 +0,0 @@ -Changes - * In mbedtls_pk_parse_key(), if no password is provided, don't allocate a - temporary variable on the heap. Suggested by Sergey Kanatov in #5304. diff --git a/ChangeLog.d/psa_aead_singleshot_error.txt b/ChangeLog.d/psa_aead_singleshot_error.txt deleted file mode 100644 index ccf1d4c40..000000000 --- a/ChangeLog.d/psa_aead_singleshot_error.txt +++ /dev/null @@ -1,4 +0,0 @@ -Changes - * Return PSA_ERROR_INVALID_ARGUMENT if the algorithm passed to one-shot - AEAD functions is not an AEAD algorithm. This aligns them with the - multipart functions, and the PSA Crypto API 1.1 specification. diff --git a/ChangeLog.d/psa_crypto_config_file.txt b/ChangeLog.d/psa_crypto_config_file.txt deleted file mode 100644 index d42651d93..000000000 --- a/ChangeLog.d/psa_crypto_config_file.txt +++ /dev/null @@ -1,6 +0,0 @@ -Features - * When MBEDTLS_PSA_CRYPTO_CONFIG is enabled, you may list the PSA crypto - feature requirements in the file named by the new macro - MBEDTLS_PSA_CRYPTO_CONFIG_FILE instead of the default psa/crypto_config.h. - Furthermore you may name an additional file to include after the main - file with the macro MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE. diff --git a/ChangeLog.d/psa_crypto_key_derivation_for_ECC_keys.txt b/ChangeLog.d/psa_crypto_key_derivation_for_ECC_keys.txt deleted file mode 100644 index 393fa8deb..000000000 --- a/ChangeLog.d/psa_crypto_key_derivation_for_ECC_keys.txt +++ /dev/null @@ -1,3 +0,0 @@ -Features - * Add support for psa crypto key derivation for elliptic curve - keys. Fixes #3260. diff --git a/ChangeLog.d/psa_crypto_reduced_configs_bugs.txt b/ChangeLog.d/psa_crypto_reduced_configs_bugs.txt deleted file mode 100644 index 0d61cb743..000000000 --- a/ChangeLog.d/psa_crypto_reduced_configs_bugs.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix several bugs (warnings, compiler and linker errors, test failures) - in reduced configurations when MBEDTLS_USE_PSA_CRYPTO is enabled. diff --git a/ChangeLog.d/psa_crypto_se.txt b/ChangeLog.d/psa_crypto_se.txt deleted file mode 100644 index f8136b1e8..000000000 --- a/ChangeLog.d/psa_crypto_se.txt +++ /dev/null @@ -1,5 +0,0 @@ -New deprecations - * Secure element drivers enabled by MBEDTLS_PSA_CRYPTO_SE_C are deprecated. - This was intended as an experimental feature, but had not been explicitly - documented as such. Use opaque drivers with the interface enabled by - MBEDTLS_PSA_CRYPTO_DRIVERS instead. diff --git a/ChangeLog.d/psa_raw_key_agreement-buffer_too_small.txt b/ChangeLog.d/psa_raw_key_agreement-buffer_too_small.txt deleted file mode 100644 index 415c8491e..000000000 --- a/ChangeLog.d/psa_raw_key_agreement-buffer_too_small.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * psa_raw_key_agreement() now returns PSA_ERROR_BUFFER_TOO_SMALL when - applicable. Fixes #5735. diff --git a/ChangeLog.d/psk_to_ms_mixed_psk.txt b/ChangeLog.d/psk_to_ms_mixed_psk.txt deleted file mode 100644 index 998cc11f8..000000000 --- a/ChangeLog.d/psk_to_ms_mixed_psk.txt +++ /dev/null @@ -1,4 +0,0 @@ -Features - * Extend the existing PSA_ALG_TLS12_PSK_TO_MS() algorithm to support - mixed-PSK. Add an optional input PSA_KEY_DERIVATION_INPUT_OTHER_SECRET - holding the other secret. diff --git a/ChangeLog.d/remove_prompt_to_exit.txt b/ChangeLog.d/remove_prompt_to_exit.txt deleted file mode 100644 index 4cd40c3dc..000000000 --- a/ChangeLog.d/remove_prompt_to_exit.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Removed the prompt to exit from all windows build programs that was causing - issues in CI/CD environments. - diff --git a/ChangeLog.d/resumption_cid.txt b/ChangeLog.d/resumption_cid.txt deleted file mode 100644 index 5c237aa88..000000000 --- a/ChangeLog.d/resumption_cid.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * Fix server connection identifier setting for outgoing encrypted records - on DTLS 1.2 session resumption. After DTLS 1.2 session resumption with - connection identifier, the Mbed TLS client now properly sends the server - connection identifier in encrypted record headers. Fix #5872. diff --git a/ChangeLog.d/selftest-gcc12.txt b/ChangeLog.d/selftest-gcc12.txt deleted file mode 100644 index aafa2566a..000000000 --- a/ChangeLog.d/selftest-gcc12.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bugfix - * Silence a warning from GCC 12 in the selftest program. Fixes #5974. diff --git a/ChangeLog.d/ssl_context-user_data.txt b/ChangeLog.d/ssl_context-user_data.txt deleted file mode 100644 index 630d8f02c..000000000 --- a/ChangeLog.d/ssl_context-user_data.txt +++ /dev/null @@ -1,6 +0,0 @@ -Features - * The structures mbedtls_ssl_config and mbedtls_ssl_context now store - a piece of user data which is reserved for the application. The user - data can be either a pointer or an integer. - * Add an accessor function to get the configuration associated with - an SSL context. diff --git a/ChangeLog.d/ssl_context-version_number.txt b/ChangeLog.d/ssl_context-version_number.txt deleted file mode 100644 index b5951d0b9..000000000 --- a/ChangeLog.d/ssl_context-version_number.txt +++ /dev/null @@ -1,3 +0,0 @@ -Features - * Add a function to access the protocol version from an SSL context in a - form that's easy to compare. Fixes #5407. diff --git a/ChangeLog.d/ssl_get_version_1_3.txt b/ChangeLog.d/ssl_get_version_1_3.txt deleted file mode 100644 index 4436522b6..000000000 --- a/ChangeLog.d/ssl_get_version_1_3.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bugfix - * Fix mbedtls_ssl_get_version() not reporting TLSv1.3. Fixes #5406. diff --git a/ChangeLog.d/static_link_common_runtime_msvc.txt b/ChangeLog.d/static_link_common_runtime_msvc.txt deleted file mode 100644 index 6104943ad..000000000 --- a/ChangeLog.d/static_link_common_runtime_msvc.txt +++ /dev/null @@ -1,3 +0,0 @@ -Changes - * Add a CMake option that enables static linking of the runtime library - in Microsoft Visual C++ compiler. Contributed by Microplankton. diff --git a/ChangeLog.d/timeless.txt b/ChangeLog.d/timeless.txt deleted file mode 100644 index 84f07d64e..000000000 --- a/ChangeLog.d/timeless.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix compile errors when MBEDTLS_HAVE_TIME is not defined. Add tests - to catch bad uses of time.h. diff --git a/ChangeLog.d/tls13-add-missing-overread-check.txt b/ChangeLog.d/tls13-add-missing-overread-check.txt deleted file mode 100644 index 4552cd735..000000000 --- a/ChangeLog.d/tls13-add-missing-overread-check.txt +++ /dev/null @@ -1,8 +0,0 @@ -Security - * Fix a buffer overread in TLS 1.3 Certificate parsing. An unauthenticated - client or server could cause an MbedTLS server or client to overread up - to 64 kBytes of data and potentially overread the input buffer by that - amount minus the size of the input buffer. As overread data undergoes - various checks, the likelihood of reaching the boundary of the input - buffer is rather small but increases as its size - MBEDTLS_SSL_IN_CONTENT_LEN decreases. diff --git a/ChangeLog.d/tls13-fix-finished-fetch.txt b/ChangeLog.d/tls13-fix-finished-fetch.txt deleted file mode 100644 index 9a8acb30d..000000000 --- a/ChangeLog.d/tls13-fix-finished-fetch.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix a TLS 1.3 handshake failure when the peer Finished message has not - been received yet when we first try to fetch it. diff --git a/ChangeLog.d/tls13-fix-key-usage-checks.txt b/ChangeLog.d/tls13-fix-key-usage-checks.txt deleted file mode 100644 index f19bf523e..000000000 --- a/ChangeLog.d/tls13-fix-key-usage-checks.txt +++ /dev/null @@ -1,7 +0,0 @@ -Security - * Fix check of certificate key usage in TLS 1.3. The usage of the public key - provided by a client or server certificate for authentication was not - checked properly when validating the certificate. This could cause a - client or server to be able to authenticate itself through a certificate - to an Mbed TLS TLS 1.3 server or client while it does not own a proper - certificate to do so. diff --git a/ChangeLog.d/tls13-misc-changelogs.txt b/ChangeLog.d/tls13-misc-changelogs.txt deleted file mode 100644 index a575b3345..000000000 --- a/ChangeLog.d/tls13-misc-changelogs.txt +++ /dev/null @@ -1,18 +0,0 @@ -Bugfix - * Fix a TLS 1.3 handshake failure when the first attempt to send the client - Finished message on the network cannot be satisfied. Fixes #5499. - -Features - * Add support for authentication of TLS 1.3 clients by TLS 1.3 servers. - * Add support for server HelloRetryRequest message. The TLS 1.3 client is - now capable of negotiating another shared secret if the one sent in its - first ClientHello was not suitable to the server. - * Add support for client-side TLS version negotiation. If both TLS 1.2 and - TLS 1.3 protocols are enabled in the build of Mbed TLS, the TLS client now - negotiates TLS 1.3 or TLS 1.2 with TLS servers. - * Enable building of Mbed TLS with TLS 1.3 protocol support but without TLS - 1.2 protocol support. - * Mbed TLS provides an implementation of a TLS 1.3 server (ephemeral key - establishment only). See docs/architecture/tls13-support.md for a - description of the support. The MBEDTLS_SSL_PROTO_TLS1_3 and - MBEDTLS_SSL_SRV_C configuration options control this. diff --git a/ChangeLog.d/tls13-sig-alg-deprecations.txt b/ChangeLog.d/tls13-sig-alg-deprecations.txt deleted file mode 100644 index b56fa172a..000000000 --- a/ChangeLog.d/tls13-sig-alg-deprecations.txt +++ /dev/null @@ -1,5 +0,0 @@ -New deprecations - * Deprecate mbedtls_ssl_conf_sig_hashes() in favor of the more generic - mbedtls_ssl_conf_sig_algs(). Signature algorithms for the TLS 1.2 and - TLS 1.3 handshake should now be configured with - mbedtls_ssl_conf_sig_algs(). diff --git a/ChangeLog.d/tls13_and_keep_certificates.txt b/ChangeLog.d/tls13_and_keep_certificates.txt deleted file mode 100644 index 8c2421ff6..000000000 --- a/ChangeLog.d/tls13_and_keep_certificates.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Fix check_config.h to check that we have MBEDTLS_SSL_KEEP_PEER_CERTIFICATE - when MBEDTLS_SSL_PROTO_TLS1_3 is specified, and make this and other - dependencies explicit in the documentation. Fixes #5610. diff --git a/ChangeLog.d/tls13_and_use_psa_crypto.txt b/ChangeLog.d/tls13_and_use_psa_crypto.txt deleted file mode 100644 index 619880485..000000000 --- a/ChangeLog.d/tls13_and_use_psa_crypto.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * The TLS 1.3 implementation is now compatible with the - MBEDTLS_USE_PSA_CRYPTO configuration option. diff --git a/ChangeLog.d/tls13_f_export_keys.txt b/ChangeLog.d/tls13_f_export_keys.txt deleted file mode 100644 index 31debc289..000000000 --- a/ChangeLog.d/tls13_f_export_keys.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fixed swap of client and server random bytes when exporting them alongside - TLS 1.3 handshake and application traffic secret. diff --git a/ChangeLog.d/use-psa-ecdhe-curve.txt b/ChangeLog.d/use-psa-ecdhe-curve.txt deleted file mode 100644 index 658f88f84..000000000 --- a/ChangeLog.d/use-psa-ecdhe-curve.txt +++ /dev/null @@ -1,7 +0,0 @@ -Bugfix - * Fix a bug in (D)TLS curve negotiation: when MBEDTLS_USE_PSA_CRYPTO was - enabled and an ECDHE-ECDSA or ECDHE-RSA key exchange was used, the - client would fail to check that the curve selected by the server for - ECDHE was indeed one that was offered. As a result, the client would - accept any curve that it supported, even if that curve was not allowed - according to its configuration. Fixes #5291. diff --git a/ChangeLog.d/use-psa-improvements.txt b/ChangeLog.d/use-psa-improvements.txt deleted file mode 100644 index 1bd97a47a..000000000 --- a/ChangeLog.d/use-psa-improvements.txt +++ /dev/null @@ -1,12 +0,0 @@ -Features - * The configuration option MBEDTLS_USE_PSA_CRYPTO, which previously - affected only a limited subset of crypto operations in TLS, X.509 and PK, - now causes most of them to be done using PSA Crypto; see - docs/use-psa-crypto.md for the list of exceptions. - * The function mbedtls_pk_setup_opaque() now supports RSA key pairs as well. - Opaque keys can now be used everywhere a private key is expected in the - TLS and X.509 modules. - * Opaque pre-shared keys for TLS, provisioned with - mbedtls_ssl_conf_psk_opaque() or mbedtls_ssl_set_hs_psk_opaque(), which - previously only worked for "pure" PSK key exchange, now can also be used - for the "mixed" PSK key exchanges as well: ECDHE-PSK, DHE-PSK, RSA-PSK. diff --git a/ChangeLog.d/x509_ext_types_accessor.txt b/ChangeLog.d/x509_ext_types_accessor.txt deleted file mode 100644 index 13a31521f..000000000 --- a/ChangeLog.d/x509_ext_types_accessor.txt +++ /dev/null @@ -1,3 +0,0 @@ -Features - * Add the function mbedtls_x509_crt_has_ext_type() to access the ext types - field within mbedtls_x509_crt context, as requested in #5585. diff --git a/ChangeLog.d/zeroize_key_buffers_before_free.txt b/ChangeLog.d/zeroize_key_buffers_before_free.txt deleted file mode 100644 index ba5bae191..000000000 --- a/ChangeLog.d/zeroize_key_buffers_before_free.txt +++ /dev/null @@ -1,4 +0,0 @@ -Security - * Zeroize dynamically-allocated buffers used by the PSA Crypto key storage - module before freeing them. These buffers contain secret key material, and - could thus potentially leak the key through freed heap.