diff options
author | Dave Rodgman <dave.rodgman@arm.com> | 2022-12-08 14:59:54 +0000 |
---|---|---|
committer | Dave Rodgman <dave.rodgman@arm.com> | 2022-12-08 14:59:54 +0000 |
commit | 69591e9207b39ea29ff9994c0dfa70e476aa5704 (patch) | |
tree | ab1378bdc2c4e10cfb3a3b430f500bc3445b9fa8 | |
parent | 48223bc19e52a058e4b9c1579a042238cd49d3a8 (diff) | |
download | mbedtls-69591e9207b39ea29ff9994c0dfa70e476aa5704.tar.gz |
Assemble changelog
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
46 files changed, 206 insertions, 240 deletions
@@ -1,5 +1,211 @@ Mbed TLS ChangeLog (Sorted per branch, date) += Mbed TLS 3.3.0 branch released 2022-12-14 + +API changes + * Add an ad-hoc key derivation function handling EC J-PAKE to PMS + calculation that can be used to derive the session secret in TLS 1.2, + as described in draft-cragie-tls-ecjpake-01. This can be achieved by + using PSA_ALG_TLS12_ECJPAKE_TO_PMS as the key derivation algorithm. + +Default behavior changes + * Previously the macro MBEDTLS_SSL_DTLS_CONNECTION_ID implemented version 05 + of the IETF draft, and was marked experimental and disabled by default. + It is now no longer experimental, and implements the final version from + RFC 9146, which is not interoperable with the draft-05 version. + If you need to communicate with peers that use earlier versions of + Mbed TLS, then you need to define MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT + to 1, but then you won't be able to communicate with peers that use the + standard (non-draft) version. + If you need to interoperate with both classes of peers with the + same build of Mbed TLS, please let us know about your situation on the + mailing list or GitHub. + +Requirement changes + * When building with PSA drivers using generate_driver_wrappers.py, or + when building the library from the development branch rather than + from a release, the Python module jsonschema is now necessary, in + addition to jinja2. The official list of required Python modules is + maintained in scripts/basic.requirements.txt and may change again + in the future. + +New deprecations + * Deprecate mbedtls_asn1_free_named_data(). + Use mbedtls_asn1_free_named_data_list() + or mbedtls_asn1_free_named_data_list_shallow(). + +Features + * Support rsa_pss_rsae_* signature algorithms in TLS 1.2. + * make: enable building unversioned shared library, with e.g.: + "SHARED=1 SOEXT_TLS=so SOEXT_X509=so SOEXT_CRYPTO=so make lib" + resulting in library names like "libmbedtls.so" rather than + "libmbedcrypto.so.11". + * Expose the EC J-PAKE functionality through the Draft PSA PAKE Crypto API. + Only the ECC primitive with secp256r1 curve and SHA-256 hash algorithm + are supported in this implementation. + * Some modules can now use PSA drivers for hashes, including with no + built-in implementation present, but only in some configurations. + - RSA OAEP and PSS (PKCS#1 v2.1), PKCS5, PKCS12 and EC J-PAKE now use + hashes from PSA when (and only when) MBEDTLS_MD_C is disabled. + - PEM parsing of encrypted files now uses MD-5 from PSA when (and only + when) MBEDTLS_MD5_C is disabled. + See the documentation of the corresponding macros in mbedtls_config.h for + details. + Note that some modules are not able to use hashes from PSA yet, including + the entropy module. As a consequence, for now the only way to build with + all hashes only provided by drivers (no built-in hash) is to use + MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG. + * When MBEDTLS_USE_PSA_CRYPTO is enabled, X.509, TLS 1.2 and TLS 1.3 now + properly negotiate/accept hashes based on their availability in PSA. + As a consequence, they now work in configurations where the built-in + implementations of (some) hashes are excluded and those hashes are only + provided by PSA drivers. (See previous entry for limitation on RSA-PSS + though: that module only use hashes from PSA when MBEDTLS_MD_C is off). + * Add support for opaque keys as the private keys associated to certificates + for authentication in TLS 1.3. + * Add the LMS post-quantum-safe stateful-hash asymmetric signature scheme. + Signature verification is production-ready, but generation is for testing + purposes only. This currently only supports one parameter set + (LMS_SHA256_M32_H10), meaning that each private key can be used to sign + 1024 messages. As such, it is not intended for use in TLS, but instead + for verification of assets transmitted over an insecure channel, + particularly firmware images. + * Add the LM-OTS post-quantum-safe one-time signature scheme, which is + required for LMS. This can be used independently, but each key can only + be used to sign one message so is impractical for most circumstances. + * Mbed TLS now supports TLS 1.3 key establishment via pre-shared keys. + The pre-shared keys can be provisioned externally or via the ticket + mechanism (session resumption). + The ticket mechanism is supported when the configuration option + MBEDTLS_SSL_SESSION_TICKETS is enabled. + New options MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_xxx_ENABLED + control the support for the three possible TLS 1.3 key exchange modes. + * cert_write: support for setting extended key usage attributes. A + corresponding new public API call has been added in the library, + mbedtls_x509write_crt_set_ext_key_usage(). + * cert_write: support for writing certificate files in either PEM + or DER format. + * The PSA driver wrapper generator generate_driver_wrappers.py now + supports a subset of the driver description language, including + the following entry points: import_key, export_key, export_public_key, + get_builtin_key, copy_key. + * The new functions mbedtls_asn1_free_named_data_list() and + mbedtls_asn1_free_named_data_list_shallow() simplify the management + of memory in named data lists in X.509 structures. + * The TLS 1.2 EC J-PAKE key exchange can now use the PSA Crypto API. + Additional PSA key slots will be allocated in the process of such key + exchange for builds that enable MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED and + MBEDTLS_USE_PSA_CRYPTO. + * Add support for DTLS Connection ID as defined by RFC 9146, controlled by + MBEDTLS_SSL_DTLS_CONNECTION_ID (enabled by default) and configured with + mbedtls_ssl_set_cid(). + * Add a driver dispatch layer for raw key agreement, enabling alternative + implementations of raw key agreement through the key_agreement driver + entry point. This entry point is specified in the proposed PSA driver + interface, but had not yet been implemented. + +Security + * Fix potential heap buffer overread and overwrite in DTLS if + MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and + MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX. + * An adversary with access to precise enough information about memory + accesses (typically, an untrusted operating system attacking a secure + enclave) could recover an RSA private key after observing the victim + performing a single private-key operation if the window size used for the + exponentiation was 3 or smaller. Found and reported by Zili KOU, + Wenjian HE, Sharad Sinha, and Wei ZHANG. See "Cache Side-channel Attacks + and Defenses of the Sliding Window Algorithm in TEEs" - Design, Automation + and Test in Europe 2023. + +Bugfix + * Refactor mbedtls_aes_context to support shallow-copying. Fixes #2147. + * Fix an issue with in-tree CMake builds in releases with GEN_FILES + turned off: if a shipped file was missing from the working directory, + it could be turned into a symbolic link to itself. + * Fix a long-standing build failure when building x86 PIC code with old + gcc (4.x). The code will be slower, but will compile. We do however + recommend upgrading to a more recent compiler instead. Fixes #1910. + * Fix support for little-endian Microblaze when MBEDTLS_HAVE_ASM is defined. + Contributed by Kazuyuki Kimura to fix #2020. + * Use double quotes to include private header file psa_crypto_cipher.h. + Fixes 'file not found with <angled> include' error + when building with Xcode. + * Fix handling of broken symlinks when loading certificates using + mbedtls_x509_crt_parse_path(). Instead of returning an error as soon as a + broken link is encountered, skip the broken link and continue parsing + other certificate files. Contributed by Eduardo Silva in #2602. + * Fix an interoperability failure between an Mbed TLS client with both + TLS 1.2 and TLS 1.3 support, and a TLS 1.2 server that supports + rsa_pss_rsae_* signature algorithms. This failed because Mbed TLS + advertised support for PSS in both TLS 1.2 and 1.3, but only + actually supported PSS in TLS 1.3. + * Fix a compilation error when using CMake with an IAR toolchain. + Fixes #5964. + * Fix a build error due to a missing prototype warning when + MBEDTLS_DEPRECATED_REMOVED is enabled. + * Fix mbedtls_ctr_drbg_free() on an initialized but unseeded context. When + MBEDTLS_AES_ALT is enabled, it could call mbedtls_aes_free() on an + uninitialized context. + * Fix a build issue on Windows using CMake where the source and build + directories could not be on different drives. Fixes #5751. + * Fix bugs and missing dependencies when building and testing + configurations with only one encryption type enabled in TLS 1.2. + * Provide the missing definition of mbedtls_setbuf() in some configurations + with MBEDTLS_PLATFORM_C disabled. Fixes #6118, #6196. + * Fix compilation errors when trying to build with + PSA drivers for AEAD (GCM, CCM, Chacha20-Poly1305). + * Fix memory leak in ssl_parse_certificate_request() caused by + mbedtls_x509_get_name() not freeing allocated objects in case of error. + Change mbedtls_x509_get_name() to clean up allocated objects on error. + * Fix build failure with MBEDTLS_RSA_C and MBEDTLS_PSA_CRYPTO_C but not + MBEDTLS_USE_PSA_CRYPTO or MBEDTLS_PK_WRITE_C. Fixes #6408. + * Fix build failure with MBEDTLS_RSA_C and MBEDTLS_PSA_CRYPTO_C but not + MBEDTLS_PK_PARSE_C. Fixes #6409. + * Fix ECDSA verification, where it was not always validating the + public key. This bug meant that it was possible to verify a + signature with an invalid public key, in some cases. Reported by + Guido Vranken using Cryptofuzz in #4420. + * Fix a possible null pointer dereference if a memory allocation fails + in TLS PRF code. Reported by Michael Madsen in #6516. + * Fix TLS 1.3 session resumption. Fixes #6488. + * Add a configuration check to exclude optional client authentication + in TLS 1.3 (where it is forbidden). + * Fix a bug in which mbedtls_x509_crt_info() would produce non-printable + bytes when parsing certificates containing a binary RFC 4108 + HardwareModuleName as a Subject Alternative Name extension. Hardware + serial numbers are now rendered in hex format. Fixes #6262. + * Fix bug in error reporting in dh_genprime.c where upon failure, + the error code returned by mbedtls_mpi_write_file() is overwritten + and therefore not printed. + * In the bignum module, operations of the form (-A) - (+A) or (-A) - (-A) + with A > 0 created an unintended representation of the value 0 which was + not processed correctly by some bignum operations. Fix this. This had no + consequence on cryptography code, but might affect applications that call + bignum directly and use negative numbers. + * Fix a bug whereby the list of signature algorithms sent as part of + the TLS 1.2 server certificate request would get corrupted, meaning the + first algorithm would not get sent and an entry consisting of two random + bytes would be sent instead. Found by Serban Bejan and Dudek Sebastian. + * Fix undefined behavior (typically harmless in practice) of + mbedtls_mpi_add_mpi(), mbedtls_mpi_add_abs() and mbedtls_mpi_add_int() + when both operands are 0 and the left operand is represented with 0 limbs. + * Fix undefined behavior (typically harmless in practice) when some bignum + functions receive the most negative value of mbedtls_mpi_sint. Credit + to OSS-Fuzz. Fixes #6597. + * Fix undefined behavior (typically harmless in practice) in PSA ECB + encryption and decryption. + * Move some SSL-specific code out of libmbedcrypto where it had been placed + accidentally. + * Fix a build error when compiling the bignum module for some Arm platforms. + Fixes #6089, #6124, #6217. + +Changes + * Add the ability to query PSA_WANT_xxx macros to query_compile_time_config. + * Calling AEAD tag-specific functions for non-AEAD algorithms (which + should not be done - they are documented for use only by AES-GCM and + ChaCha20+Poly1305) now returns MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE + instead of success (0). + = Mbed TLS 3.2.1 branch released 2022-07-12 Bugfix diff --git a/ChangeLog.d/LMS.txt b/ChangeLog.d/LMS.txt deleted file mode 100644 index 785bfcf84..000000000 --- a/ChangeLog.d/LMS.txt +++ /dev/null @@ -1,11 +0,0 @@ -Features - * Add the LMS post-quantum-safe stateful-hash asymmetric signature scheme. - Signature verification is production-ready, but generation is for testing - purposes only. This currently only supports one parameter set - (LMS_SHA256_M32_H10), meaning that each private key can be used to sign - 1024 messages. As such, it is not intended for use in TLS, but instead - for verification of assets transmitted over an insecure channel, - particularly firmware images. - * Add the LM-OTS post-quantum-safe one-time signature scheme, which is - required for LMS. This can be used independently, but each key can only - be used to sign one message so is impractical for most circumstances. diff --git a/ChangeLog.d/add-rsa-pss-rsae-support-for-tls12.txt b/ChangeLog.d/add-rsa-pss-rsae-support-for-tls12.txt deleted file mode 100644 index 0d409688e..000000000 --- a/ChangeLog.d/add-rsa-pss-rsae-support-for-tls12.txt +++ /dev/null @@ -1,8 +0,0 @@ -Features - * Support rsa_pss_rsae_* signature algorithms in TLS 1.2. -Bugfix - * Fix an interoperability failure between an Mbed TLS client with both - TLS 1.2 and TLS 1.3 support, and a TLS 1.2 server that supports - rsa_pss_rsae_* signature algorithms. This failed because Mbed TLS - advertised support for PSS in both TLS 1.2 and 1.3, but only - actually supported PSS in TLS 1.3. diff --git a/ChangeLog.d/bn_mul-fix-x86-pic-compilation-for-gcc-4.txt b/ChangeLog.d/bn_mul-fix-x86-pic-compilation-for-gcc-4.txt deleted file mode 100644 index 1d59c2277..000000000 --- a/ChangeLog.d/bn_mul-fix-x86-pic-compilation-for-gcc-4.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Fix a long-standing build failure when building x86 PIC code with old - gcc (4.x). The code will be slower, but will compile. We do however - recommend upgrading to a more recent compiler instead. Fixes #1910. diff --git a/ChangeLog.d/cert_write-set-extended-key-usages.txt b/ChangeLog.d/cert_write-set-extended-key-usages.txt deleted file mode 100644 index 18b7b040d..000000000 --- a/ChangeLog.d/cert_write-set-extended-key-usages.txt +++ /dev/null @@ -1,6 +0,0 @@ -Features - * cert_write: support for setting extended key usage attributes. A - corresponding new public API call has been added in the library, - mbedtls_x509write_crt_set_ext_key_usage(). - * cert_write: support for writing certificate files in either PEM - or DER format. diff --git a/ChangeLog.d/driver-only-hashes.txt b/ChangeLog.d/driver-only-hashes.txt deleted file mode 100644 index 6ccd199ba..000000000 --- a/ChangeLog.d/driver-only-hashes.txt +++ /dev/null @@ -1,19 +0,0 @@ -Features - * Some modules can now use PSA drivers for hashes, including with no - built-in implementation present, but only in some configurations. - - RSA OAEP and PSS (PKCS#1 v2.1), PKCS5, PKCS12 and EC J-PAKE now use - hashes from PSA when (and only when) MBEDTLS_MD_C is disabled. - - PEM parsing of encrypted files now uses MD-5 from PSA when (and only - when) MBEDTLS_MD5_C is disabled. - See the documentation of the corresponding macros in mbedtls_config.h for - details. - Note that some modules are not able to use hashes from PSA yet, including - the entropy module. As a consequence, for now the only way to build with - all hashes only provided by drivers (no built-in hash) is to use - MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG. - * When MBEDTLS_USE_PSA_CRYPTO is enabled, X.509, TLS 1.2 and TLS 1.3 now - properly negotiate/accept hashes based on their availability in PSA. - As a consequence, they now work in configurations where the built-in - implementations of (some) hashes are excluded and those hashes are only - provided by PSA drivers. (See previous entry for limitation on RSA-PSS - though: that module only use hashes from PSA when MBEDTLS_MD_C is off). diff --git a/ChangeLog.d/dtls-connection-id.txt b/ChangeLog.d/dtls-connection-id.txt deleted file mode 100644 index 840f837d8..000000000 --- a/ChangeLog.d/dtls-connection-id.txt +++ /dev/null @@ -1,17 +0,0 @@ -Features - * Add support for DTLS Connection ID as defined by RFC 9146, controlled by - MBEDTLS_SSL_DTLS_CONNECTION_ID (enabled by default) and configured with - mbedtls_ssl_set_cid(). - -Default behavior changes - * Previously the macro MBEDTLS_SSL_DTLS_CONNECTION_ID implemented version 05 - of the IETF draft, and was marked experimental and disabled by default. - It is now no longer experimental, and implements the final version from - RFC 9146, which is not interoperable with the draft-05 version. - If you need to communicate with peers that use earlier versions of - Mbed TLS, then you need to define MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT - to 1, but then you won't be able to communicate with peers that use the - standard (non-draft) version. - If you need to interoperate with both classes of peers with the - same build of Mbed TLS, please let us know about your situation on the - mailing list or GitHub. diff --git a/ChangeLog.d/ecdsa-verify-fixes.txt b/ChangeLog.d/ecdsa-verify-fixes.txt deleted file mode 100644 index b41b0461a..000000000 --- a/ChangeLog.d/ecdsa-verify-fixes.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * Fix ECDSA verification, where it was not always validating the - public key. This bug meant that it was possible to verify a - signature with an invalid public key, in some cases. Reported by - Guido Vranken using Cryptofuzz in #4420. diff --git a/ChangeLog.d/ecjpake-in-tls.txt b/ChangeLog.d/ecjpake-in-tls.txt deleted file mode 100644 index b84caab86..000000000 --- a/ChangeLog.d/ecjpake-in-tls.txt +++ /dev/null @@ -1,5 +0,0 @@ -Features - * The TLS 1.2 EC J-PAKE key exchange can now use the PSA Crypto API. - Additional PSA key slots will be allocated in the process of such key - exchange for builds that enable MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED and - MBEDTLS_USE_PSA_CRYPTO. diff --git a/ChangeLog.d/ecjpake_to_pms.txt b/ChangeLog.d/ecjpake_to_pms.txt deleted file mode 100644 index 4dd2075de..000000000 --- a/ChangeLog.d/ecjpake_to_pms.txt +++ /dev/null @@ -1,5 +0,0 @@ -API changes - * Add an ad-hoc key derivation function handling ECJPAKE to PMS - calculation that can be used to derive the session secret in TLS 1.2, - as described in draft-cragie-tls-ecjpake-01. This can be achieved by - using PSA_ALG_TLS12_ECJPAKE_TO_PMS as the key derivation algorithm. diff --git a/ChangeLog.d/extend-query_compile_time_config-to-psa_want.txt b/ChangeLog.d/extend-query_compile_time_config-to-psa_want.txt deleted file mode 100644 index 99b2ec4ee..000000000 --- a/ChangeLog.d/extend-query_compile_time_config-to-psa_want.txt +++ /dev/null @@ -1,2 +0,0 @@ -Changes - * Add the ability to query PSA_WANT_xxx macros to query_compile_time_config. diff --git a/ChangeLog.d/fix-aes-shallow-copying.txt b/ChangeLog.d/fix-aes-shallow-copying.txt deleted file mode 100644 index 0c119d628..000000000 --- a/ChangeLog.d/fix-aes-shallow-copying.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bugfix - * Refactor mbedtls_aes_context to support shallow-copying. Fixes #2147. diff --git a/ChangeLog.d/fix-ctr-drbg-may-free-invalid-aes-context.txt b/ChangeLog.d/fix-ctr-drbg-may-free-invalid-aes-context.txt deleted file mode 100644 index fe62c28ed..000000000 --- a/ChangeLog.d/fix-ctr-drbg-may-free-invalid-aes-context.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Fix mbedtls_ctr_drbg_free() on an initialized but unseeded context. When - MBEDTLS_AES_ALT is enabled, it could call mbedtls_aes_free() on an - uninitialized context. diff --git a/ChangeLog.d/fix-in-cid-buffer-size.txt b/ChangeLog.d/fix-in-cid-buffer-size.txt deleted file mode 100644 index 8a6c85023..000000000 --- a/ChangeLog.d/fix-in-cid-buffer-size.txt +++ /dev/null @@ -1,4 +0,0 @@ -Security - * Fix potential heap buffer overread and overwrite in DTLS if - MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and - MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX. diff --git a/ChangeLog.d/fix-possible-false-success-in-mbedtls_cipher_check_tag.txt b/ChangeLog.d/fix-possible-false-success-in-mbedtls_cipher_check_tag.txt deleted file mode 100644 index 1f9e0aa35..000000000 --- a/ChangeLog.d/fix-possible-false-success-in-mbedtls_cipher_check_tag.txt +++ /dev/null @@ -1,5 +0,0 @@ -Changes - * Calling AEAD tag-specific functions for non-AEAD algorithms (which - should not be done - they are documented for use only by AES-GCM and - ChaCha20+Poly1305) now returns MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE - instead of success (0). diff --git a/ChangeLog.d/fix-tls12server-sent-sigalgs.txt b/ChangeLog.d/fix-tls12server-sent-sigalgs.txt deleted file mode 100644 index b74c6ec20..000000000 --- a/ChangeLog.d/fix-tls12server-sent-sigalgs.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * Fix a bug whereby the list of signature algorithms sent as part of - the TLS 1.2 server certificate request would get corrupted, meaning the - first algorithm would not get sent and an entry consisting of two random - bytes would be sent instead. Found by Serban Bejan and Dudek Sebastian. diff --git a/ChangeLog.d/fix_aead_psa_driver_build.txt b/ChangeLog.d/fix_aead_psa_driver_build.txt deleted file mode 100644 index a6d11d38d..000000000 --- a/ChangeLog.d/fix_aead_psa_driver_build.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix compilation errors when trying to build with - PSA drivers for AEAD (GCM, CCM, Chacha20-Poly1305). diff --git a/ChangeLog.d/fix_arm_compile_erorr.txt b/ChangeLog.d/fix_arm_compile_erorr.txt deleted file mode 100644 index 28c1d45e2..000000000 --- a/ChangeLog.d/fix_arm_compile_erorr.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix a build error when compiling the bignum module for some Arm platforms. - Fixes #6089, #6124, #6217. diff --git a/ChangeLog.d/fix_build_error_for_mbedtls_deprecated_removed.txt b/ChangeLog.d/fix_build_error_for_mbedtls_deprecated_removed.txt deleted file mode 100644 index f0fa00046..000000000 --- a/ChangeLog.d/fix_build_error_for_mbedtls_deprecated_removed.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix a build error due to a missing prototype warning when - MBEDTLS_DEPRECATED_REMOVED is enabled. diff --git a/ChangeLog.d/fix_build_tls1_2_with_single_encryption_type.txt b/ChangeLog.d/fix_build_tls1_2_with_single_encryption_type.txt deleted file mode 100644 index c7d269142..000000000 --- a/ChangeLog.d/fix_build_tls1_2_with_single_encryption_type.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix bugs and missing dependencies when building and testing - configurations with only one encryption type enabled in TLS 1.2. diff --git a/ChangeLog.d/fix_cmake_gen_files.txt b/ChangeLog.d/fix_cmake_gen_files.txt deleted file mode 100644 index cdec6e8a6..000000000 --- a/ChangeLog.d/fix_cmake_gen_files.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Fix an issue with in-tree CMake builds in releases with GEN_FILES - turned off: if a shipped file was missing from the working directory, - it could be turned into a symbolic link to itself. diff --git a/ChangeLog.d/fix_cmake_using_iar_toolchain.txt b/ChangeLog.d/fix_cmake_using_iar_toolchain.txt deleted file mode 100644 index 9ec6e0d6b..000000000 --- a/ChangeLog.d/fix_cmake_using_iar_toolchain.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix a compilation error when using CMake with an IAR toolchain. - Fixes #5964. diff --git a/ChangeLog.d/fix_dh_genprime_error_reporting.txt b/ChangeLog.d/fix_dh_genprime_error_reporting.txt deleted file mode 100644 index 1c98947f3..000000000 --- a/ChangeLog.d/fix_dh_genprime_error_reporting.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Fix bug in error reporting in dh_genprime.c where upon failure, - the error code returned by mbedtls_mpi_write_file() is overwritten - and therefore not printed. diff --git a/ChangeLog.d/fix_hard_link_across_drives.txt b/ChangeLog.d/fix_hard_link_across_drives.txt deleted file mode 100644 index 46d05c0cf..000000000 --- a/ChangeLog.d/fix_hard_link_across_drives.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix a build issue on Windows using CMake where the source and build - directories could not be on different drives. Fixes #5751. diff --git a/ChangeLog.d/fix_psa_crypto_cipher_h_include.txt b/ChangeLog.d/fix_psa_crypto_cipher_h_include.txt deleted file mode 100644 index bf2e65dd4..000000000 --- a/ChangeLog.d/fix_psa_crypto_cipher_h_include.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Use double quotes to include private header file psa_crypto_cipher.h. - Fixes 'file not found with <angled> include' error - when building with Xcode. diff --git a/ChangeLog.d/fix_tls13_session_resumption_fail_when_hostname_is_not_localhost.txt b/ChangeLog.d/fix_tls13_session_resumption_fail_when_hostname_is_not_localhost.txt deleted file mode 100644 index 9f5c6499d..000000000 --- a/ChangeLog.d/fix_tls13_session_resumption_fail_when_hostname_is_not_localhost.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Fix TLS 1.3 session resumption. Fixes #6488. - * Add a configuration check to exclude optional client authentication - in TLS 1.3 (where it is forbidden). diff --git a/ChangeLog.d/fix_x509_get_name_mem_leak.txt b/ChangeLog.d/fix_x509_get_name_mem_leak.txt deleted file mode 100644 index 358d1afa7..000000000 --- a/ChangeLog.d/fix_x509_get_name_mem_leak.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Fix memory leak in ssl_parse_certificate_request() caused by - mbedtls_x509_get_name() not freeing allocated objects in case of error. - Change mbedtls_x509_get_name() to clean up allocated objects on error. diff --git a/ChangeLog.d/fix_x509_info_hwmodulename.txt b/ChangeLog.d/fix_x509_info_hwmodulename.txt deleted file mode 100644 index 8b227cec3..000000000 --- a/ChangeLog.d/fix_x509_info_hwmodulename.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * Fix a bug in which mbedtls_x509_crt_info() would produce non-printable - bytes when parsing certificates containing a binary RFC 4108 - HardwareModuleName as a Subject Alternative Name extension. Hardware - serial numbers are now rendered in hex format. Fixes #6262. diff --git a/ChangeLog.d/fix_zeroization.txt b/ChangeLog.d/fix_zeroization.txt deleted file mode 100644 index 8b00dcc98..000000000 --- a/ChangeLog.d/fix_zeroization.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix a possible null pointer dereference if a memory allocation fails - in TLS PRF code. Reported by Michael Madsen in #6516. diff --git a/ChangeLog.d/mbedtls_asn1_type_free.txt b/ChangeLog.d/mbedtls_asn1_type_free.txt deleted file mode 100644 index 3459bbe2d..000000000 --- a/ChangeLog.d/mbedtls_asn1_type_free.txt +++ /dev/null @@ -1,8 +0,0 @@ -Features - * The new functions mbedtls_asn1_free_named_data_list() and - mbedtls_asn1_free_named_data_list_shallow() simplify the management - of memory in named data lists in X.509 structures. -New deprecations - * Deprecate mbedtls_asn1_free_named_data(). - Use mbedtls_asn1_free_named_data_list() - or mbedtls_asn1_free_named_data_list_shallow(). diff --git a/ChangeLog.d/move-ssl-modules.txt b/ChangeLog.d/move-ssl-modules.txt deleted file mode 100644 index f00e5ad83..000000000 --- a/ChangeLog.d/move-ssl-modules.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Move some SSL-specific code out of libmbedcrypto where it had been placed - accidentally. diff --git a/ChangeLog.d/mpi-add-0-ub.txt b/ChangeLog.d/mpi-add-0-ub.txt deleted file mode 100644 index 9f131a430..000000000 --- a/ChangeLog.d/mpi-add-0-ub.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Fix undefined behavior (typically harmless in practice) of - mbedtls_mpi_add_mpi(), mbedtls_mpi_add_abs() and mbedtls_mpi_add_int() - when both operands are 0 and the left operand is represented with 0 limbs. diff --git a/ChangeLog.d/mpi-most-negative-sint.txt b/ChangeLog.d/mpi-most-negative-sint.txt deleted file mode 100644 index 5e775c482..000000000 --- a/ChangeLog.d/mpi-most-negative-sint.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Fix undefined behavior (typically harmless in practice) when some bignum - functions receive the most negative value of mbedtls_mpi_sint. Credit - to OSS-Fuzz. Fixes #6597. diff --git a/ChangeLog.d/muladdc_microblaze.txt b/ChangeLog.d/muladdc_microblaze.txt deleted file mode 100644 index 70fdff020..000000000 --- a/ChangeLog.d/muladdc_microblaze.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix support for little-endian Microblaze when MBEDTLS_HAVE_ASM is defined. - Contributed by Kazuyuki Kimura to fix #2020. diff --git a/ChangeLog.d/negative-zero-from-add.txt b/ChangeLog.d/negative-zero-from-add.txt deleted file mode 100644 index 107d858d3..000000000 --- a/ChangeLog.d/negative-zero-from-add.txt +++ /dev/null @@ -1,6 +0,0 @@ -Bugfix - * In the bignum module, operations of the form (-A) - (+A) or (-A) - (-A) - with A > 0 created an unintended representation of the value 0 which was - not processed correctly by some bignum operations. Fix this. This had no - consequence on cryptography code, but might affect applications that call - bignum directly and use negative numbers. diff --git a/ChangeLog.d/nonversioned-library-soname.txt b/ChangeLog.d/nonversioned-library-soname.txt deleted file mode 100644 index 8d83a2d6d..000000000 --- a/ChangeLog.d/nonversioned-library-soname.txt +++ /dev/null @@ -1,5 +0,0 @@ -Features - * make: enable building unversioned shared library, with e.g.: - "SHARED=1 SOEXT_TLS=so SOEXT_X509=so SOEXT_CRYPTO=so make lib" - resulting in library names like "libmbedtls.so" rather than - "libmbedcrypto.so.11". diff --git a/ChangeLog.d/platform-setbuf.txt b/ChangeLog.d/platform-setbuf.txt deleted file mode 100644 index 844f70cf2..000000000 --- a/ChangeLog.d/platform-setbuf.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Provide the missing definition of mbedtls_setbuf() in some configurations - with MBEDTLS_PLATFORM_C disabled. Fixes #6118, #6196. diff --git a/ChangeLog.d/psa-ecb-ub.txt b/ChangeLog.d/psa-ecb-ub.txt deleted file mode 100644 index 9d725ac70..000000000 --- a/ChangeLog.d/psa-ecb-ub.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix undefined behavior (typically harmless in practice) in PSA ECB - encryption and decryption. diff --git a/ChangeLog.d/psa_crypto_code_gen_1_1.txt b/ChangeLog.d/psa_crypto_code_gen_1_1.txt deleted file mode 100644 index e10a81c9a..000000000 --- a/ChangeLog.d/psa_crypto_code_gen_1_1.txt +++ /dev/null @@ -1,13 +0,0 @@ -Features - * The PSA driver wrapper generator generate_driver_wrappers.py now - supports a subset of the driver description language, including - the following entry points: import_key, export_key, export_public_key, - get_builtin_key, copy_key. - -Requirement changes - * When building with PSA drivers using generate_driver_wrappers.py, or - when building the library from the development branch rather than - from a release, the Python module jsonschema is now necessary, in - addition to jinja2. The official list of required Python modules is - maintained in scripts/basic.requirements.txt and may change again - in the future. diff --git a/ChangeLog.d/psa_crypto_pake.txt b/ChangeLog.d/psa_crypto_pake.txt deleted file mode 100644 index e0ae04638..000000000 --- a/ChangeLog.d/psa_crypto_pake.txt +++ /dev/null @@ -1,4 +0,0 @@ -Features - * Expose the EC J-PAKE functionality through the Draft PSA PAKE Crypto API. - Only the ECC primitive with secp256r1 curve and SHA-256 hash algorithm - are supported in this implementation. diff --git a/ChangeLog.d/psa_driver_wrapper_for_raw_key_agreement.txt b/ChangeLog.d/psa_driver_wrapper_for_raw_key_agreement.txt deleted file mode 100644 index b9c78a645..000000000 --- a/ChangeLog.d/psa_driver_wrapper_for_raw_key_agreement.txt +++ /dev/null @@ -1,5 +0,0 @@ -Features - * Add a driver dispatch layer for raw key agreement, enabling alternative - implementations of raw key agreement through the key_agreement driver - entry point. This entry point is specified in the proposed PSA driver - interface, but had not yet been implemented. diff --git a/ChangeLog.d/psa_rsa_needs_pk.txt b/ChangeLog.d/psa_rsa_needs_pk.txt deleted file mode 100644 index 995963d7e..000000000 --- a/ChangeLog.d/psa_rsa_needs_pk.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * Fix build failure with MBEDTLS_RSA_C and MBEDTLS_PSA_CRYPTO_C but not - MBEDTLS_USE_PSA_CRYPTO or MBEDTLS_PK_WRITE_C. Fixes #6408. - * Fix build failure with MBEDTLS_RSA_C and MBEDTLS_PSA_CRYPTO_C but not - MBEDTLS_PK_PARSE_C. Fixes #6409. diff --git a/ChangeLog.d/rsa-fix-priviliged-side-channel.txt b/ChangeLog.d/rsa-fix-priviliged-side-channel.txt deleted file mode 100644 index bafe18d30..000000000 --- a/ChangeLog.d/rsa-fix-priviliged-side-channel.txt +++ /dev/null @@ -1,10 +0,0 @@ -Security - * An adversary with access to precise enough information about memory - accesses (typically, an untrusted operating system attacking a secure - enclave) could recover an RSA private key after observing the victim - performing a single private-key operation if the window size used for the - exponentiation was 3 or smaller. Found and reported by Zili KOU, - Wenjian HE, Sharad Sinha, and Wei ZHANG. See "Cache Side-channel Attacks - and Defenses of the Sliding Window Algorithm in TEEs" - Design, Automation - and Test in Europe 2023. - diff --git a/ChangeLog.d/tls13-misc.txt b/ChangeLog.d/tls13-misc.txt deleted file mode 100644 index 673317328..000000000 --- a/ChangeLog.d/tls13-misc.txt +++ /dev/null @@ -1,8 +0,0 @@ -Features - * Mbed TLS now supports TLS 1.3 key establishment via pre-shared keys. - The pre-shared keys can be provisioned externally or via the ticket - mechanism (session resumption). - The ticket mechanism is supported when the configuration option - MBEDTLS_SSL_SESSION_TICKETS is enabled. - New options MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_xxx_ENABLED - control the support for the three possible TLS 1.3 key exchange modes. diff --git a/ChangeLog.d/tls13_sig_alg_selection.txt b/ChangeLog.d/tls13_sig_alg_selection.txt deleted file mode 100644 index 8857750b4..000000000 --- a/ChangeLog.d/tls13_sig_alg_selection.txt +++ /dev/null @@ -1,3 +0,0 @@ -Features - * Add support for opaque keys as the private keys associated to certificates - for authentication in TLS 1.3. diff --git a/ChangeLog.d/x509-broken-symlink-handling.txt b/ChangeLog.d/x509-broken-symlink-handling.txt deleted file mode 100644 index 52288dc08..000000000 --- a/ChangeLog.d/x509-broken-symlink-handling.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * Fix handling of broken symlinks when loading certificates using - mbedtls_x509_crt_parse_path(). Instead of returning an error as soon as a - broken link is encountered, skip the broken link and continue parsing - other certificate files. Contributed by Eduardo Silva in #2602. |