Merge pull request #6689 from gilles-peskine-arm/changelog-20221129-pre-3.3

Changelog improvements for 3.3

ChangeLog.d/LMS.txt

@@ -3,9 +3,9 @@ Features
       Signature verification is production-ready, but generation is for testing
       purposes only. This currently only supports one parameter set
       (LMS_SHA256_M32_H10), meaning that each private key can be used to sign
-      1024 messages. As such, it is not intended for use in TLS, but instead for
-      verification of assets transmitted over an insecure channel, particularly
-      firmware images.
+      1024 messages. As such, it is not intended for use in TLS, but instead
+      for verification of assets transmitted over an insecure channel,
+      particularly firmware images.
     * Add the LM-OTS post-quantum-safe one-time signature scheme, which is
-      required for LMS. This can be used independently, but each key can only be
-      used to sign one message so is impractical for most circumstances.
+      required for LMS. This can be used independently, but each key can only
+      be used to sign one message so is impractical for most circumstances.

ChangeLog.d/add-rsa-pss-rsae-support-for-tls12.txt

@@ -1,8 +1,8 @@
 Features
-   * When GnuTLS/Openssl server is configured in TLS 1.2 mode with a certificate
-     declaring an RSA public key and Mbed TLS is configured in hybrid mode, if
-     `rsa_pss_rsae_*` algorithms are before `rsa_pkcs1_*` ones in this list then
-     the GnuTLS/Openssl server chooses an `rsa_pss_rsae_*` signature algorithm
-     for its signature in the key exchange message. As Mbed TLS 1.2 does not
-     support them, the handshake fails. Add `rsa_pss_rsae_*` support for TLS 1.2
-     to resolve the compitablity issue.
+   * Support rsa_pss_rsae_* signature algorithms in TLS 1.2.
+Bugfix
+   * Fix an interoperability failure between an Mbed TLS client with both
+     TLS 1.2 and TLS 1.3 support, and a TLS 1.2 server that supports
+     rsa_pss_rsae_* signature algorithms. This failed because Mbed TLS
+     advertised support for PSS in both TLS 1.2 and 1.3, but only
+     actually supported PSS in TLS 1.3.

ChangeLog.d/dtls-connection-id.txt

@@ -3,14 +3,15 @@ Features
      MBEDTLS_SSL_DTLS_CONNECTION_ID (enabled by default) and configured with
      mbedtls_ssl_set_cid().
 
-Changes
+Default behavior changes
    * Previously the macro MBEDTLS_SSL_DTLS_CONNECTION_ID implemented version 05
-     of the draft, and was marked experimental and disabled by default. It is
-     now no longer experimental, and implements the final version from RFC 9146,
-     which is not interoperable with the draft-05 version. If you need to
-     communicate with peers that use earlier versions of Mbed TLS, you
-     need to define MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT to 1, but then you
-     won't be able to communicate with peers that use the standard (non-draft)
-     version. If you need to interoperate with both classes of peers with the
+     of the IETF draft, and was marked experimental and disabled by default.
+     It is now no longer experimental, and implements the final version from
+     RFC 9146, which is not interoperable with the draft-05 version.
+     If you need to communicate with peers that use earlier versions of
+     Mbed TLS, then you need to define MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT
+     to 1, but then you won't be able to communicate with peers that use the
+     standard (non-draft) version.
+     If you need to interoperate with both classes of peers with the
      same build of Mbed TLS, please let us know about your situation on the
      mailing list or GitHub.

ChangeLog.d/extend-query_compile_time_config-to-psa_want.txt

@@ -1,2 +1,2 @@
 Changes
-   * Add the ability to query PSA_WANT_xxx macros to query_compile_time_config
+   * Add the ability to query PSA_WANT_xxx macros to query_compile_time_config.

ChangeLog.d/fix-tls12server-sent-sigalgs.txt

@@ -1,5 +1,5 @@
 Bugfix
-    * Fix a bug whereby the the list of signature algorithms sent as part of the
-      TLS 1.2 server certificate request would get corrupted, meaning the first
-      algorithm would not get sent and an entry consisting of two random bytes
-      would be sent instead. Found by Serban Bejan and Dudek Sebastian.
+    * Fix a bug whereby the list of signature algorithms sent as part of
+      the TLS 1.2 server certificate request would get corrupted, meaning the
+      first algorithm would not get sent and an entry consisting of two random
+      bytes would be sent instead. Found by Serban Bejan and Dudek Sebastian.

ChangeLog.d/fix_build_error_for_mbedtls_deprecated_removed.txt

@@ -1,3 +1,3 @@
 Bugfix
-    * Fix build error due to missing prototype
-      warning when MBEDTLS_DEPRECATED_REMOVED is enabled
+    * Fix a build error due to a missing prototype warning when
+      MBEDTLS_DEPRECATED_REMOVED is enabled.

ChangeLog.d/fix_build_tls1_2_with_single_encryption_type.txt

@@ -1,4 +1,3 @@
 Bugfix
-    * Fix bugs and missing dependencies when
-      building and testing configurations with
-      only one encryption type enabled in TLS 1.2.
+    * Fix bugs and missing dependencies when building and testing
+      configurations with only one encryption type enabled in TLS 1.2.

ChangeLog.d/fix_cmake_gen_files

@@ -1,3 +0,0 @@
-Bugfix
-   * Fix an issue in releases with GEN_FILES turned off whereby missing
-     generated files could be turned into symlinks to themselves.

ChangeLog.d/fix_cmake_gen_files.txt

@@ -0,0 +1,4 @@
+Bugfix
+   * Fix an issue with in-tree CMake builds in releases with GEN_FILES
+     turned off: if a shipped file was missing from the working directory,
+     it could be turned into a symbolic link to itself.

ChangeLog.d/fix_cmake_using_iar_toolchain.txt

@@ -1,3 +1,3 @@
 Bugfix
-   * Fixed an issue that cause compile error using CMake IAR toolchain.
+   * Fix a compilation error when using CMake with an IAR toolchain.
      Fixes #5964.

ChangeLog.d/fix_hard_link_across_drives

@@ -1,3 +0,0 @@
-Bugfix
-   * Fix a build issue on Windows where the source and build directory could not be on
-     different drives (#5751).

ChangeLog.d/fix_hard_link_across_drives.txt

@@ -0,0 +1,3 @@
+Bugfix
+   * Fix a build issue on Windows using CMake where the source and build
+     directories could not be on different drives. Fixes #5751.

ChangeLog.d/fix_tls13_session_resumption_fail_when_hostname_is_not_localhost.txt

@@ -1,4 +1,4 @@
 Bugfix
-    * Fix TLS 1.3 session resumption fail. Fixes #6488.
-    * Add configuration check to exclude TLS 1.3 optional authentication of
-      client.
+    * Fix TLS 1.3 session resumption. Fixes #6488.
+    * Add a configuration check to exclude optional client authentication
+      in TLS 1.3 (where it is forbidden).

ChangeLog.d/fix_zeroization.txt

@@ -1,3 +1,3 @@
 Bugfix
-   * Fix possible crash in TLS PRF code, if a failure to allocate memory occurs.
-     Reported by Michael Madsen in #6516.
+   * Fix a possible null pointer dereference if a memory allocation fails
+     in TLS PRF code. Reported by Michael Madsen in #6516.

ChangeLog.d/mbedtls_asn1_type_free.txt

@@ -1,6 +1,8 @@
 Features
-   * Shared code to free x509 structs like mbedtls_x509_named_data
+   * The new functions mbedtls_asn1_free_named_data_list() and
+     mbedtls_asn1_free_named_data_list_shallow() simplify the management
+     of memory in named data lists in X.509 structures.
 New deprecations
    * Deprecate mbedtls_asn1_free_named_data().
      Use mbedtls_asn1_free_named_data_list()
-     or mbedtls_asn1_free_named_data_list_shallow()
+     or mbedtls_asn1_free_named_data_list_shallow().

ChangeLog.d/psa_crypto_code_gen_1_1.txt

@@ -1,6 +1,13 @@
 Features
-    * Brought in PSA code geneneration JSON driver list.
-      Added auto generated templating support for key management.
-      Added Support for transparent and opaque keys (import/export/copy).
-      Included some general JSON validation for the given entry points.
-      Addresses version 1.1 of #5137.
+    * The PSA driver wrapper generator generate_driver_wrappers.py now
+      supports a subset of the driver description language, including
+      the following entry points: import_key, export_key, export_public_key,
+      get_builtin_key, copy_key.
+
+Requirement changes
+   * When building with PSA drivers using generate_driver_wrappers.py, or
+     when building the library from the development branch rather than
+     from a release, the Python module jsonschema is now necessary, in
+     addition to jinja2. The official list of required Python modules is
+     maintained in scripts/basic.requirements.txt and may change again
+     in the future.

ChangeLog.d/remove_ssl_session_compression.txt

@@ -1,5 +0,0 @@
-Removals
-   * Remove compression property from SSL session struct.
-     MBEDTLS_SSL_COMPRESS_NULL is now the only supported
-     compression option and can be used for compatibility
-     reasons. Changes requested in #4223.

ChangeLog.d/tls13-misc.txt

@@ -1,9 +1,8 @@
 Features
-   * Mbed TLS supports TLS 1.3 key establishment via pre-shared keys,
-     pre-shared keys provisioned externally or via the ticket mechanism
-     (session resumption).
-     The MBEDTLS_SSL_SESSION_TICKETS configuration option controls the support
-     for the ticket mechanism.
-     MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_xxx_ENABLED configuration options
-     have been introduced to control the support for the three possible
-     TLS 1.3 key exchange modes.
+   * Mbed TLS now supports TLS 1.3 key establishment via pre-shared keys.
+     The pre-shared keys can be provisioned externally or via the ticket
+     mechanism (session resumption).
+     The ticket mechanism is supported when the configuration option
+     MBEDTLS_SSL_SESSION_TICKETS is enabled.
+     New options MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_xxx_ENABLED
+     control the support for the three possible TLS 1.3 key exchange modes.