From 831cf48abf75e59cd8cbc9a5d5579bac54377553 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 15 Dec 2021 09:02:38 +0100 Subject: [PATCH] Assemble change log Signed-off-by: Ronald Cron --- ChangeLog | 179 ++++++++++++++++++ ChangeLog.d/add_psa_m_aead.txt | 3 - ChangeLog.d/add_psa_m_aead_ccm.txt | 3 - .../additional_cipher_info_getters.txt | 3 - ChangeLog.d/aria.txt | 3 - ChangeLog.d/base64-ranges.txt | 4 - ChangeLog.d/bugfix-for-gcm-long-iv-size.txt | 3 - ChangeLog.d/build-without-sha.txt | 3 - ChangeLog.d/ccm_star_no_tag.txt | 10 - .../chacha20-poly1305-invalid-nonce.txt | 3 - ChangeLog.d/check-return.txt | 19 -- ChangeLog.d/chunked_ccm.txt | 8 - ChangeLog.d/constant_time_module.txt | 10 - ChangeLog.d/do-not-use-obsolete-header.txt | 5 - ChangeLog.d/fix-aead-nonce.txt | 5 - ChangeLog.d/fix-cipher-iv.txt | 5 - ChangeLog.d/fix-cipher-output-size-macros.txt | 4 - .../fix-mbedtls_cipher_crypt-aes-ecb.txt | 2 - .../fix-needed-shared-libraries-linux.txt | 3 - ChangeLog.d/fix-pkcs12-null-password.txt | 5 - ChangeLog.d/fix-psa_gen_key-status.txt | 2 - ChangeLog.d/fix-session-copy-bug.txt | 6 - ChangeLog.d/fix-sign_verify-message-usage.txt | 5 - ChangeLog.d/fix_compilation_ssl_tests.txt | 3 - ChangeLog.d/generated-files-cmake.txt | 4 - ChangeLog.d/issue4630.txt | 2 - ChangeLog.d/issue5065.txt | 3 - ChangeLog.d/mac-zeroize.txt | 6 - ChangeLog.d/makefile-python-windows.txt | 4 - ChangeLog.d/mbedtls_ssl_conf_groups.txt | 7 - ChangeLog.d/muladdc-memory.txt | 5 - ChangeLog.d/no-strerror.txt | 3 - ChangeLog.d/psa_alg_rsa_pss.txt | 5 - ChangeLog.d/psa_cipher_update_ecp.txt | 2 - ChangeLog.d/psa_crypto_api_macros.txt | 11 -- ChangeLog.d/psa_curve448_key_support.txt | 3 - ChangeLog.d/psa_gcm_buffer_limitation.txt | 16 -- ChangeLog.d/public_fields.txt | 5 - ChangeLog.d/remove-greentea-support.txt | 3 - ChangeLog.d/remove-ssl-export-keys.txt | 5 - ChangeLog.d/session_export_private.txt | 5 - ChangeLog.d/tls13-mvp.txt | 7 - ChangeLog.d/tls_ext_cid-config.txt | 3 - .../twos_complement_representation.txt | 3 - 44 files changed, 179 insertions(+), 219 deletions(-) delete mode 100644 ChangeLog.d/add_psa_m_aead.txt delete mode 100644 ChangeLog.d/add_psa_m_aead_ccm.txt delete mode 100644 ChangeLog.d/additional_cipher_info_getters.txt delete mode 100644 ChangeLog.d/aria.txt delete mode 100644 ChangeLog.d/base64-ranges.txt delete mode 100644 ChangeLog.d/bugfix-for-gcm-long-iv-size.txt delete mode 100644 ChangeLog.d/build-without-sha.txt delete mode 100644 ChangeLog.d/ccm_star_no_tag.txt delete mode 100644 ChangeLog.d/chacha20-poly1305-invalid-nonce.txt delete mode 100644 ChangeLog.d/check-return.txt delete mode 100644 ChangeLog.d/chunked_ccm.txt delete mode 100644 ChangeLog.d/constant_time_module.txt delete mode 100644 ChangeLog.d/do-not-use-obsolete-header.txt delete mode 100644 ChangeLog.d/fix-aead-nonce.txt delete mode 100644 ChangeLog.d/fix-cipher-iv.txt delete mode 100644 ChangeLog.d/fix-cipher-output-size-macros.txt delete mode 100644 ChangeLog.d/fix-mbedtls_cipher_crypt-aes-ecb.txt delete mode 100644 ChangeLog.d/fix-needed-shared-libraries-linux.txt delete mode 100644 ChangeLog.d/fix-pkcs12-null-password.txt delete mode 100644 ChangeLog.d/fix-psa_gen_key-status.txt delete mode 100644 ChangeLog.d/fix-session-copy-bug.txt delete mode 100644 ChangeLog.d/fix-sign_verify-message-usage.txt delete mode 100644 ChangeLog.d/fix_compilation_ssl_tests.txt delete mode 100644 ChangeLog.d/generated-files-cmake.txt delete mode 100644 ChangeLog.d/issue4630.txt delete mode 100644 ChangeLog.d/issue5065.txt delete mode 100644 ChangeLog.d/mac-zeroize.txt delete mode 100644 ChangeLog.d/makefile-python-windows.txt delete mode 100644 ChangeLog.d/mbedtls_ssl_conf_groups.txt delete mode 100644 ChangeLog.d/muladdc-memory.txt delete mode 100644 ChangeLog.d/no-strerror.txt delete mode 100644 ChangeLog.d/psa_alg_rsa_pss.txt delete mode 100644 ChangeLog.d/psa_cipher_update_ecp.txt delete mode 100644 ChangeLog.d/psa_crypto_api_macros.txt delete mode 100644 ChangeLog.d/psa_curve448_key_support.txt delete mode 100644 ChangeLog.d/psa_gcm_buffer_limitation.txt delete mode 100644 ChangeLog.d/public_fields.txt delete mode 100644 ChangeLog.d/remove-greentea-support.txt delete mode 100644 ChangeLog.d/remove-ssl-export-keys.txt delete mode 100644 ChangeLog.d/session_export_private.txt delete mode 100644 ChangeLog.d/tls13-mvp.txt delete mode 100644 ChangeLog.d/tls_ext_cid-config.txt delete mode 100644 ChangeLog.d/twos_complement_representation.txt diff --git a/ChangeLog b/ChangeLog index ebf8a36ad..3d61dd55a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,184 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +API changes + * New error code for GCM: MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL. + Alternative GCM implementations are expected to verify + the length of the provided output buffers and to return the + MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL in case the buffer length is too small. + * You can configure groups for a TLS key exchange with the new function + mbedtls_ssl_conf_groups(). It extends mbedtls_ssl_conf_curves(). + * Declare a number of structure fields as public: the fields of + mbedtls_ecp_curve_info, the fields describing the result of ASN.1 and + X.509 parsing, and finally the field fd of mbedtls_net_context on + POSIX/Unix-like platforms. + +Requirement changes + * Sign-magnitude and one's complement representations for signed integers are + not supported. Two's complement is the only supported representation. + +New deprecations + * Deprecate mbedtls_ssl_conf_curves() in favor of the more generic + mbedtls_ssl_conf_groups(). + +Removals + * Remove the partial support for running unit tests via Greentea on Mbed OS, + which had been unmaintained since 2018. + +Features + * Enable support for Curve448 via the PSA API. Contributed by + Archana Madhavan in #4626. Fixes #3399 and #4249. + * The identifier of the CID TLS extension can be configured by defining + MBEDTLS_TLS_EXT_CID at compile time. + * Implement the PSA multipart AEAD interface, currently supporting + ChaChaPoly and GCM. + * Warn if errors from certain functions are ignored. This is currently + supported on GCC-like compilers and on MSVC and can be configured through + the macro MBEDTLS_CHECK_RETURN. The warnings are always enabled + (where supported) for critical functions where ignoring the return + value is almost always a bug. Enable the new configuration option + MBEDTLS_CHECK_RETURN_WARNING to get warnings for other functions. This + is currently implemented in the AES, DES and md modules, and will be + extended to other modules in the future. + * Add missing PSA macros declared by PSA Crypto API 1.0.0: + PSA_ALG_IS_SIGN_HASH, PSA_ALG_NONE, PSA_HASH_BLOCK_LENGTH, PSA_KEY_ID_NULL. + * Add support for CCM*-no-tag cipher to the PSA. + Currently only 13-byte long IV's are supported. + For decryption a minimum of 16-byte long input is expected. + These restrictions may be subject to change. + * Add new API mbedtls_ct_memcmp for constant time buffer comparison. + * Add functions to get the IV and block size from cipher_info structs. + * Add functions to check if a cipher supports variable IV or key size. + * Add the internal implementation of and support for CCM to the PSA multipart + AEAD interface. + * Mbed TLS provides a minimum viable implementation of the TLS 1.3 + protocol. See docs/architecture/tls13-support.md for the definition of + the TLS 1.3 Minimum Viable Product (MVP). The MBEDTLS_SSL_PROTO_TLS1_3 + configuration option controls the enablement of the support. The APIs + mbedtls_ssl_conf_min_version() and mbedtls_ssl_conf_max_version() allow + to select the 1.3 version of the protocol to establish a TLS connection. + * Add PSA API definition for ARIA. + +Security + * Zeroize several intermediate variables used to calculate the expected + value when verifying a MAC or AEAD tag. This hardens the library in + case the value leaks through a memory disclosure vulnerability. For + example, a memory disclosure vulnerability could have allowed a + man-in-the-middle to inject fake ciphertext into a DTLS connection. + * In psa_aead_generate_nonce(), do not read back from the output buffer. + This fixes a potential policy bypass or decryption oracle vulnerability + if the output buffer is in memory that is shared with an untrusted + application. + * In psa_cipher_generate_iv() and psa_cipher_encrypt(), do not read back + from the output buffer. This fixes a potential policy bypass or decryption + oracle vulnerability if the output buffer is in memory that is shared with + an untrusted application. + * Fix a double-free that happened after mbedtls_ssl_set_session() or + mbedtls_ssl_get_session() failed with MBEDTLS_ERR_SSL_ALLOC_FAILED + (out of memory). After that, calling mbedtls_ssl_session_free() + and mbedtls_ssl_free() would cause an internal session buffer to + be free()'d twice. + +Bugfix + * Stop using reserved identifiers as local variables. Fixes #4630. + * The GNU makefiles invoke python3 in preference to python except on Windows. + The check was accidentally not performed when cross-compiling for Windows + on Linux. Fix this. Fixes #4774. + * Prevent divide by zero if either of PSA_CIPHER_ENCRYPT_OUTPUT_SIZE() or + PSA_CIPHER_UPDATE_OUTPUT_SIZE() were called using an asymmetric key type. + * Fix a parameter set but unused in psa_crypto_cipher.c. Fixes #4935. + * Don't use the obsolete header path sys/fcntl.h in unit tests. + These header files cause compilation errors in musl. + Fixes #4969. + * Fix missing constraints on x86_64 and aarch64 assembly code + for bignum multiplication that broke some bignum operations with + (at least) Clang 12. + Fixes #4116, #4786, #4917, #4962. + * Fix mbedtls_cipher_crypt: AES-ECB when MBEDTLS_USE_PSA_CRYPTO is enabled. + * Failures of alternative implementations of AES or DES single-block + functions enabled with MBEDTLS_AES_ENCRYPT_ALT, MBEDTLS_AES_DECRYPT_ALT, + MBEDTLS_DES_CRYPT_ECB_ALT or MBEDTLS_DES3_CRYPT_ECB_ALT were ignored. + This does not concern the implementation provided with Mbed TLS, + where this function cannot fail, or full-module replacements with + MBEDTLS_AES_ALT or MBEDTLS_DES_ALT. Reported by Armelle Duboc in #1092. + * Some failures of HMAC operations were ignored. These failures could only + happen with an alternative implementation of the underlying hash module. + * Fix the error returned by psa_generate_key() for a public key. Fixes #4551. + * Fix compile-time or run-time errors in PSA + AEAD functions when ChachaPoly is disabled. Fixes #5065. + * Remove PSA'a AEAD finish/verify output buffer limitation for GCM. + The requirement of minimum 15 bytes for output buffer in + psa_aead_finish() and psa_aead_verify() does not apply to the built-in + implementation of GCM. + * Move GCM's update output buffer length verification from PSA AEAD to + the built-in implementation of the GCM. + The requirement for output buffer size to be equal or greater then + input buffer size is valid only for the built-in implementation of GCM. + Alternative GCM implementations can process whole blocks only. + * Fix the build of sample programs when neither MBEDTLS_ERROR_C nor + MBEDTLS_ERROR_STRERROR_DUMMY is enabled. + * Fix PSA_ALG_RSA_PSS verification accepting an arbitrary salt length. + This algorithm now accepts only the same salt length for verification + that it produces when signing, as documented. Use the new algorithm + PSA_ALG_RSA_PSS_ANY_SALT to accept any salt length. Fixes #4946. + * The existing predicate macro name PSA_ALG_IS_HASH_AND_SIGN is now reserved + for algorithm values that fully encode the hashing step, as per the PSA + Crypto API specification. This excludes PSA_ALG_RSA_PKCS1V15_SIGN_RAW and + PSA_ALG_ECDSA_ANY. The new predicate macro PSA_ALG_IS_SIGN_HASH covers + all algorithms that can be used with psa_{sign,verify}_hash(), including + these two. + * Fix issue in Makefile on Linux with SHARED=1, that caused shared libraries + not to list other shared libraries they need. + * Fix a bug in mbedtls_gcm_starts() when bits of iv are longer than 2^32. + Fixes #4884. + * Fix an uninitialized variable warning in test_suite_ssl.function with GCC + version 11. + * Fix the build when no SHA2 module is included. Fixes #4930. + * Fix the build when only the bignum module is included. Fixes #4929. + * Fix a potential invalid pointer dereference and infinite loop bugs in + pkcs12 functions when the password is empty. Fix the documentation to + better describe the inputs to these functions and their possible values. + Fixes #5136. + * The key usage flags PSA_KEY_USAGE_SIGN_MESSAGE now allows the MAC + operations psa_mac_compute() and psa_mac_sign_setup(). + * The key usage flags PSA_KEY_USAGE_VERIFY_MESSAGE now allows the MAC + operations psa_mac_verify() and psa_mac_verify_setup(). + +Changes + * Explicitly mark the fields mbedtls_ssl_session.exported and + mbedtls_ssl_config.respect_cli_pref as private. This was an + oversight during the run-up to the release of Mbed TLS 3.0. + The fields were never intended to be public. + * Implement multi-part CCM API. + The multi-part functions: mbedtls_ccm_starts(), mbedtls_ccm_set_lengths(), + mbedtls_ccm_update_ad(), mbedtls_ccm_update(), mbedtls_ccm_finish() + were introduced in mbedTLS 3.0 release, however their implementation was + postponed until now. + Implemented functions support chunked data input for both CCM and CCM* + algorithms. + * Remove MBEDTLS_SSL_EXPORT_KEYS, making it always on and increasing the + code size by about 80B on an M0 build. This option only gated an ability + to set a callback, but was deemed unnecessary as it was yet another define + to remember when writing tests, or test configurations. Fixes #4653. + * Improve the performance of base64 constant-flow code. The result is still + slower than the original non-constant-flow implementation, but much faster + than the previous constant-flow implementation. Fixes #4814. + * Ignore plaintext/ciphertext lengths for CCM*-no-tag operations. + For CCM* encryption/decryption without authentication, input + length will be ignored. + * Indicate in the error returned if the nonce length used with + ChaCha20-Poly1305 is invalid, and not just unsupported. + * The mbedcrypto library includes a new source code module constant_time.c, + containing various functions meant to resist timing side channel attacks. + This module does not have a separate configuration option, and functions + from this module will be included in the build as required. Currently + most of the interface of this module is private and may change at any + time. + * The generated configuration-independent files are now automatically + generated by the CMake build system on Unix-like systems. This is not + yet supported when cross-compiling. + = Mbed TLS 3.0.0 branch released 2021-07-07 API changes diff --git a/ChangeLog.d/add_psa_m_aead.txt b/ChangeLog.d/add_psa_m_aead.txt deleted file mode 100644 index fa4e7ac61..000000000 --- a/ChangeLog.d/add_psa_m_aead.txt +++ /dev/null @@ -1,3 +0,0 @@ -Features - * Implement the PSA multipart AEAD interface, currently supporting - ChaChaPoly and GCM. diff --git a/ChangeLog.d/add_psa_m_aead_ccm.txt b/ChangeLog.d/add_psa_m_aead_ccm.txt deleted file mode 100644 index d7588ee46..000000000 --- a/ChangeLog.d/add_psa_m_aead_ccm.txt +++ /dev/null @@ -1,3 +0,0 @@ -Features - * Add the internal implementation of and support for CCM to the PSA multipart - AEAD interface. diff --git a/ChangeLog.d/additional_cipher_info_getters.txt b/ChangeLog.d/additional_cipher_info_getters.txt deleted file mode 100644 index 5cb1ad6bb..000000000 --- a/ChangeLog.d/additional_cipher_info_getters.txt +++ /dev/null @@ -1,3 +0,0 @@ -Features - * Add functions to get the IV and block size from cipher_info structs. - * Add functions to check if a cipher supports variable IV or key size. diff --git a/ChangeLog.d/aria.txt b/ChangeLog.d/aria.txt deleted file mode 100644 index 280a7c9be..000000000 --- a/ChangeLog.d/aria.txt +++ /dev/null @@ -1,3 +0,0 @@ -Features - * Add PSA API definition for ARIA. - diff --git a/ChangeLog.d/base64-ranges.txt b/ChangeLog.d/base64-ranges.txt deleted file mode 100644 index e3f3862bf..000000000 --- a/ChangeLog.d/base64-ranges.txt +++ /dev/null @@ -1,4 +0,0 @@ -Changes - * Improve the performance of base64 constant-flow code. The result is still - slower than the original non-constant-flow implementation, but much faster - than the previous constant-flow implementation. Fixes #4814. diff --git a/ChangeLog.d/bugfix-for-gcm-long-iv-size.txt b/ChangeLog.d/bugfix-for-gcm-long-iv-size.txt deleted file mode 100644 index 4287ea747..000000000 --- a/ChangeLog.d/bugfix-for-gcm-long-iv-size.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix a bug in mbedtls_gcm_starts() when bits of iv are longer than 2^32. - Fixes #4884. diff --git a/ChangeLog.d/build-without-sha.txt b/ChangeLog.d/build-without-sha.txt deleted file mode 100644 index 78ba27694..000000000 --- a/ChangeLog.d/build-without-sha.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix the build when no SHA2 module is included. Fixes #4930. - * Fix the build when only the bignum module is included. Fixes #4929. diff --git a/ChangeLog.d/ccm_star_no_tag.txt b/ChangeLog.d/ccm_star_no_tag.txt deleted file mode 100644 index dbd25d1ee..000000000 --- a/ChangeLog.d/ccm_star_no_tag.txt +++ /dev/null @@ -1,10 +0,0 @@ -Changes - * Ignore plaintext/ciphertext lengths for CCM*-no-tag operations. - For CCM* encryption/decryption without authentication, input - length will be ignored. - -Features - * Add support for CCM*-no-tag cipher to the PSA. - Currently only 13-byte long IV's are supported. - For decryption a minimum of 16-byte long input is expected. - These restrictions may be subject to change. diff --git a/ChangeLog.d/chacha20-poly1305-invalid-nonce.txt b/ChangeLog.d/chacha20-poly1305-invalid-nonce.txt deleted file mode 100644 index ca3f9acee..000000000 --- a/ChangeLog.d/chacha20-poly1305-invalid-nonce.txt +++ /dev/null @@ -1,3 +0,0 @@ -Changes - * Indicate in the error returned if the nonce length used with - ChaCha20-Poly1305 is invalid, and not just unsupported. diff --git a/ChangeLog.d/check-return.txt b/ChangeLog.d/check-return.txt deleted file mode 100644 index 7d905da73..000000000 --- a/ChangeLog.d/check-return.txt +++ /dev/null @@ -1,19 +0,0 @@ -Bugfix - * Failures of alternative implementations of AES or DES single-block - functions enabled with MBEDTLS_AES_ENCRYPT_ALT, MBEDTLS_AES_DECRYPT_ALT, - MBEDTLS_DES_CRYPT_ECB_ALT or MBEDTLS_DES3_CRYPT_ECB_ALT were ignored. - This does not concern the implementation provided with Mbed TLS, - where this function cannot fail, or full-module replacements with - MBEDTLS_AES_ALT or MBEDTLS_DES_ALT. Reported by Armelle Duboc in #1092. - * Some failures of HMAC operations were ignored. These failures could only - happen with an alternative implementation of the underlying hash module. - -Features - * Warn if errors from certain functions are ignored. This is currently - supported on GCC-like compilers and on MSVC and can be configured through - the macro MBEDTLS_CHECK_RETURN. The warnings are always enabled - (where supported) for critical functions where ignoring the return - value is almost always a bug. Enable the new configuration option - MBEDTLS_CHECK_RETURN_WARNING to get warnings for other functions. This - is currently implemented in the AES, DES and md modules, and will be - extended to other modules in the future. diff --git a/ChangeLog.d/chunked_ccm.txt b/ChangeLog.d/chunked_ccm.txt deleted file mode 100644 index 67faecca5..000000000 --- a/ChangeLog.d/chunked_ccm.txt +++ /dev/null @@ -1,8 +0,0 @@ -Changes - * Implement multi-part CCM API. - The multi-part functions: mbedtls_ccm_starts(), mbedtls_ccm_set_lengths(), - mbedtls_ccm_update_ad(), mbedtls_ccm_update(), mbedtls_ccm_finish() - were introduced in mbedTLS 3.0 release, however their implementation was - postponed until now. - Implemented functions support chunked data input for both CCM and CCM* - algorithms. diff --git a/ChangeLog.d/constant_time_module.txt b/ChangeLog.d/constant_time_module.txt deleted file mode 100644 index ebb0b7fb9..000000000 --- a/ChangeLog.d/constant_time_module.txt +++ /dev/null @@ -1,10 +0,0 @@ -Changes - * The mbedcrypto library includes a new source code module constant_time.c, - containing various functions meant to resist timing side channel attacks. - This module does not have a separate configuration option, and functions - from this module will be included in the build as required. Currently - most of the interface of this module is private and may change at any - time. - -Features - * Add new API mbedtls_ct_memcmp for constant time buffer comparison. diff --git a/ChangeLog.d/do-not-use-obsolete-header.txt b/ChangeLog.d/do-not-use-obsolete-header.txt deleted file mode 100644 index 9a57ef16b..000000000 --- a/ChangeLog.d/do-not-use-obsolete-header.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * Don't use the obsolete header path sys/fcntl.h in unit tests. - These header files cause compilation errors in musl. - Fixes #4969. - diff --git a/ChangeLog.d/fix-aead-nonce.txt b/ChangeLog.d/fix-aead-nonce.txt deleted file mode 100644 index 767cc1d4a..000000000 --- a/ChangeLog.d/fix-aead-nonce.txt +++ /dev/null @@ -1,5 +0,0 @@ -Security - * In psa_aead_generate_nonce(), do not read back from the output buffer. - This fixes a potential policy bypass or decryption oracle vulnerability - if the output buffer is in memory that is shared with an untrusted - application. diff --git a/ChangeLog.d/fix-cipher-iv.txt b/ChangeLog.d/fix-cipher-iv.txt deleted file mode 100644 index e7af6414a..000000000 --- a/ChangeLog.d/fix-cipher-iv.txt +++ /dev/null @@ -1,5 +0,0 @@ -Security - * In psa_cipher_generate_iv() and psa_cipher_encrypt(), do not read back - from the output buffer. This fixes a potential policy bypass or decryption - oracle vulnerability if the output buffer is in memory that is shared with - an untrusted application. diff --git a/ChangeLog.d/fix-cipher-output-size-macros.txt b/ChangeLog.d/fix-cipher-output-size-macros.txt deleted file mode 100644 index 4a4b971c8..000000000 --- a/ChangeLog.d/fix-cipher-output-size-macros.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Prevent divide by zero if either of PSA_CIPHER_ENCRYPT_OUTPUT_SIZE() or - PSA_CIPHER_UPDATE_OUTPUT_SIZE() were called using an asymmetric key type. - diff --git a/ChangeLog.d/fix-mbedtls_cipher_crypt-aes-ecb.txt b/ChangeLog.d/fix-mbedtls_cipher_crypt-aes-ecb.txt deleted file mode 100644 index 6dc47244f..000000000 --- a/ChangeLog.d/fix-mbedtls_cipher_crypt-aes-ecb.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bugfix - * Fix mbedtls_cipher_crypt: AES-ECB when MBEDTLS_USE_PSA_CRYPTO is enabled. diff --git a/ChangeLog.d/fix-needed-shared-libraries-linux.txt b/ChangeLog.d/fix-needed-shared-libraries-linux.txt deleted file mode 100644 index 74ad3bc75..000000000 --- a/ChangeLog.d/fix-needed-shared-libraries-linux.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix issue in Makefile on Linux with SHARED=1, that caused shared libraries - not to list other shared libraries they need. diff --git a/ChangeLog.d/fix-pkcs12-null-password.txt b/ChangeLog.d/fix-pkcs12-null-password.txt deleted file mode 100644 index fae819553..000000000 --- a/ChangeLog.d/fix-pkcs12-null-password.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * Fix a potential invalid pointer dereference and infinite loop bugs in - pkcs12 functions when the password is empty. Fix the documentation to - better describe the inputs to these functions and their possible values. - Fixes #5136. diff --git a/ChangeLog.d/fix-psa_gen_key-status.txt b/ChangeLog.d/fix-psa_gen_key-status.txt deleted file mode 100644 index 78609882f..000000000 --- a/ChangeLog.d/fix-psa_gen_key-status.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bugfix - * Fix the error returned by psa_generate_key() for a public key. Fixes #4551. diff --git a/ChangeLog.d/fix-session-copy-bug.txt b/ChangeLog.d/fix-session-copy-bug.txt deleted file mode 100644 index 6286fa8f9..000000000 --- a/ChangeLog.d/fix-session-copy-bug.txt +++ /dev/null @@ -1,6 +0,0 @@ -Security - * Fix a double-free that happened after mbedtls_ssl_set_session() or - mbedtls_ssl_get_session() failed with MBEDTLS_ERR_SSL_ALLOC_FAILED - (out of memory). After that, calling mbedtls_ssl_session_free() - and mbedtls_ssl_free() would cause an internal session buffer to - be free()'d twice. diff --git a/ChangeLog.d/fix-sign_verify-message-usage.txt b/ChangeLog.d/fix-sign_verify-message-usage.txt deleted file mode 100644 index dd326ee5c..000000000 --- a/ChangeLog.d/fix-sign_verify-message-usage.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * The key usage flags PSA_KEY_USAGE_SIGN_MESSAGE now allows the MAC - operations psa_mac_compute() and psa_mac_sign_setup(). - * The key usage flags PSA_KEY_USAGE_VERIFY_MESSAGE now allows the MAC - operations psa_mac_verify() and psa_mac_verify_setup(). diff --git a/ChangeLog.d/fix_compilation_ssl_tests.txt b/ChangeLog.d/fix_compilation_ssl_tests.txt deleted file mode 100644 index 202e5c439..000000000 --- a/ChangeLog.d/fix_compilation_ssl_tests.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix an uninitialized variable warning in test_suite_ssl.function with GCC - version 11. diff --git a/ChangeLog.d/generated-files-cmake.txt b/ChangeLog.d/generated-files-cmake.txt deleted file mode 100644 index 16841a56d..000000000 --- a/ChangeLog.d/generated-files-cmake.txt +++ /dev/null @@ -1,4 +0,0 @@ -Changes - * The generated configuration-independent files are now automatically - generated by the CMake build system on Unix-like systems. This is not - yet supported when cross-compiling. diff --git a/ChangeLog.d/issue4630.txt b/ChangeLog.d/issue4630.txt deleted file mode 100644 index 0bc4b99e5..000000000 --- a/ChangeLog.d/issue4630.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bugfix - * Stop using reserved identifiers as local variables. Fixes #4630. diff --git a/ChangeLog.d/issue5065.txt b/ChangeLog.d/issue5065.txt deleted file mode 100644 index 943ee47d9..000000000 --- a/ChangeLog.d/issue5065.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix compile-time or run-time errors in PSA - AEAD functions when ChachaPoly is disabled. Fixes #5065. diff --git a/ChangeLog.d/mac-zeroize.txt b/ChangeLog.d/mac-zeroize.txt deleted file mode 100644 index a43e34f84..000000000 --- a/ChangeLog.d/mac-zeroize.txt +++ /dev/null @@ -1,6 +0,0 @@ -Security - * Zeroize several intermediate variables used to calculate the expected - value when verifying a MAC or AEAD tag. This hardens the library in - case the value leaks through a memory disclosure vulnerability. For - example, a memory disclosure vulnerability could have allowed a - man-in-the-middle to inject fake ciphertext into a DTLS connection. diff --git a/ChangeLog.d/makefile-python-windows.txt b/ChangeLog.d/makefile-python-windows.txt deleted file mode 100644 index 57ccc1a39..000000000 --- a/ChangeLog.d/makefile-python-windows.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * The GNU makefiles invoke python3 in preference to python except on Windows. - The check was accidentally not performed when cross-compiling for Windows - on Linux. Fix this. Fixes #4774. diff --git a/ChangeLog.d/mbedtls_ssl_conf_groups.txt b/ChangeLog.d/mbedtls_ssl_conf_groups.txt deleted file mode 100644 index de5cbca58..000000000 --- a/ChangeLog.d/mbedtls_ssl_conf_groups.txt +++ /dev/null @@ -1,7 +0,0 @@ -API changes - * You can configure groups for a TLS key exchange with the new function - mbedtls_ssl_conf_groups(). It extends mbedtls_ssl_conf_curves(). - -New deprecations - * Deprecate mbedtls_ssl_conf_curves() in favor of the more generic - mbedtls_ssl_conf_groups(). diff --git a/ChangeLog.d/muladdc-memory.txt b/ChangeLog.d/muladdc-memory.txt deleted file mode 100644 index 218be5a60..000000000 --- a/ChangeLog.d/muladdc-memory.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * Fix missing constraints on x86_64 and aarch64 assembly code - for bignum multiplication that broke some bignum operations with - (at least) Clang 12. - Fixes #4116, #4786, #4917, #4962. diff --git a/ChangeLog.d/no-strerror.txt b/ChangeLog.d/no-strerror.txt deleted file mode 100644 index 69743a871..000000000 --- a/ChangeLog.d/no-strerror.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix the build of sample programs when neither MBEDTLS_ERROR_C nor - MBEDTLS_ERROR_STRERROR_DUMMY is enabled. diff --git a/ChangeLog.d/psa_alg_rsa_pss.txt b/ChangeLog.d/psa_alg_rsa_pss.txt deleted file mode 100644 index 5c6048fe6..000000000 --- a/ChangeLog.d/psa_alg_rsa_pss.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * Fix PSA_ALG_RSA_PSS verification accepting an arbitrary salt length. - This algorithm now accepts only the same salt length for verification - that it produces when signing, as documented. Use the new algorithm - PSA_ALG_RSA_PSS_ANY_SALT to accept any salt length. Fixes #4946. diff --git a/ChangeLog.d/psa_cipher_update_ecp.txt b/ChangeLog.d/psa_cipher_update_ecp.txt deleted file mode 100644 index 1c3fbc6b1..000000000 --- a/ChangeLog.d/psa_cipher_update_ecp.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bugfix - * Fix a parameter set but unused in psa_crypto_cipher.c. Fixes #4935. diff --git a/ChangeLog.d/psa_crypto_api_macros.txt b/ChangeLog.d/psa_crypto_api_macros.txt deleted file mode 100644 index ff53e33c2..000000000 --- a/ChangeLog.d/psa_crypto_api_macros.txt +++ /dev/null @@ -1,11 +0,0 @@ -Features - * Add missing PSA macros declared by PSA Crypto API 1.0.0: - PSA_ALG_IS_SIGN_HASH, PSA_ALG_NONE, PSA_HASH_BLOCK_LENGTH, PSA_KEY_ID_NULL. - -Bugfix - * The existing predicate macro name PSA_ALG_IS_HASH_AND_SIGN is now reserved - for algorithm values that fully encode the hashing step, as per the PSA - Crypto API specification. This excludes PSA_ALG_RSA_PKCS1V15_SIGN_RAW and - PSA_ALG_ECDSA_ANY. The new predicate macro PSA_ALG_IS_SIGN_HASH covers - all algorithms that can be used with psa_{sign,verify}_hash(), including - these two. diff --git a/ChangeLog.d/psa_curve448_key_support.txt b/ChangeLog.d/psa_curve448_key_support.txt deleted file mode 100644 index d1870ed1d..000000000 --- a/ChangeLog.d/psa_curve448_key_support.txt +++ /dev/null @@ -1,3 +0,0 @@ -Features - * Enable support for Curve448 via the PSA API. Contributed by - Archana Madhavan in #4626. Fixes #3399 and #4249. diff --git a/ChangeLog.d/psa_gcm_buffer_limitation.txt b/ChangeLog.d/psa_gcm_buffer_limitation.txt deleted file mode 100644 index 0c07e2415..000000000 --- a/ChangeLog.d/psa_gcm_buffer_limitation.txt +++ /dev/null @@ -1,16 +0,0 @@ -Bugfix - * Remove PSA'a AEAD finish/verify output buffer limitation for GCM. - The requirement of minimum 15 bytes for output buffer in - psa_aead_finish() and psa_aead_verify() does not apply to the built-in - implementation of GCM. - * Move GCM's update output buffer length verification from PSA AEAD to - the built-in implementation of the GCM. - The requirement for output buffer size to be equal or greater then - input buffer size is valid only for the built-in implementation of GCM. - Alternative GCM implementations can process whole blocks only. - -API changes - * New error code for GCM: MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL. - Alternative GCM implementations are expected to verify - the length of the provided output buffers and to return the - MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL in case the buffer length is too small. diff --git a/ChangeLog.d/public_fields.txt b/ChangeLog.d/public_fields.txt deleted file mode 100644 index ca0706f07..000000000 --- a/ChangeLog.d/public_fields.txt +++ /dev/null @@ -1,5 +0,0 @@ -API changes - * Declare a number of structure fields as public: the fields of - mbedtls_ecp_curve_info, the fields describing the result of ASN.1 and - X.509 parsing, and finally the field fd of mbedtls_net_context on - POSIX/Unix-like platforms. diff --git a/ChangeLog.d/remove-greentea-support.txt b/ChangeLog.d/remove-greentea-support.txt deleted file mode 100644 index af4df4baa..000000000 --- a/ChangeLog.d/remove-greentea-support.txt +++ /dev/null @@ -1,3 +0,0 @@ -Removals - * Remove the partial support for running unit tests via Greentea on Mbed OS, - which had been unmaintained since 2018. diff --git a/ChangeLog.d/remove-ssl-export-keys.txt b/ChangeLog.d/remove-ssl-export-keys.txt deleted file mode 100644 index 1a4b31dca..000000000 --- a/ChangeLog.d/remove-ssl-export-keys.txt +++ /dev/null @@ -1,5 +0,0 @@ -Changes - * Remove MBEDTLS_SSL_EXPORT_KEYS, making it always on and increasing the - code size by about 80B on an M0 build. This option only gated an ability - to set a callback, but was deemed unnecessary as it was yet another define - to remember when writing tests, or test configurations. Fixes #4653. diff --git a/ChangeLog.d/session_export_private.txt b/ChangeLog.d/session_export_private.txt deleted file mode 100644 index 547582418..000000000 --- a/ChangeLog.d/session_export_private.txt +++ /dev/null @@ -1,5 +0,0 @@ -Changes - * Explicitly mark the fields mbedtls_ssl_session.exported and - mbedtls_ssl_config.respect_cli_pref as private. This was an - oversight during the run-up to the release of Mbed TLS 3.0. - The fields were never intended to be public. diff --git a/ChangeLog.d/tls13-mvp.txt b/ChangeLog.d/tls13-mvp.txt deleted file mode 100644 index 2dd48cc6a..000000000 --- a/ChangeLog.d/tls13-mvp.txt +++ /dev/null @@ -1,7 +0,0 @@ -Features - * Mbed TLS provides a minimum viable implementation of the TLS 1.3 - protocol. See docs/architecture/tls13-support.md for the definition of - the TLS 1.3 Minimum Viable Product (MVP). The MBEDTLS_SSL_PROTO_TLS1_3 - configuration option controls the enablement of the support. The APIs - mbedtls_ssl_conf_min_version() and mbedtls_ssl_conf_max_version() allow - to select the 1.3 version of the protocol to establish a TLS connection. diff --git a/ChangeLog.d/tls_ext_cid-config.txt b/ChangeLog.d/tls_ext_cid-config.txt deleted file mode 100644 index b7b1e7244..000000000 --- a/ChangeLog.d/tls_ext_cid-config.txt +++ /dev/null @@ -1,3 +0,0 @@ -Features - * The identifier of the CID TLS extension can be configured by defining - MBEDTLS_TLS_EXT_CID at compile time. diff --git a/ChangeLog.d/twos_complement_representation.txt b/ChangeLog.d/twos_complement_representation.txt deleted file mode 100644 index fa49859ab..000000000 --- a/ChangeLog.d/twos_complement_representation.txt +++ /dev/null @@ -1,3 +0,0 @@ -Requirement changes - * Sign-magnitude and one's complement representations for signed integers are - not supported. Two's complement is the only supported representation.