From 2c1daef183cf0ad868ae4780be46a0f371443d87 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 21 Mar 2024 15:46:39 +0000 Subject: [PATCH] Assemble Changelog Signed-off-by: Minos Galanakis --- ChangeLog | 260 ++++++++++++++++++ ChangeLog.d/7764.txt | 3 - ChangeLog.d/7765.txt | 3 - ChangeLog.d/8030.txt | 7 - ChangeLog.d/8340.txt | 4 - ChangeLog.d/8372.txt | 3 - ChangeLog.d/8461.txt | 4 - ChangeLog.d/8482.txt | 6 - ChangeLog.d/8647.txt | 10 - ChangeLog.d/8709.txt | 4 - ChangeLog.d/8726.txt | 2 - ChangeLog.d/8799.txt | 3 - ChangeLog.d/8824.txt | 8 - ChangeLog.d/8825.txt | 6 - ChangeLog.d/8848.txt | 6 - ChangeLog.d/8938.txt | 3 - ChangeLog.d/add-aes-cbc-to-pkcs5-pbes2.txt | 3 - ChangeLog.d/add-block-cipher-no-decrypt.txt | 6 - ChangeLog.d/add-psa-example-program-hash.txt | 2 - ...dd-record-size-limit-extension-support.txt | 5 - ChangeLog.d/add_get_ecp_group_id.txt | 3 - ChangeLog.d/add_ssl_session_accessors.txt | 6 - ChangeLog.d/add_threading_changelog.txt | 7 - ChangeLog.d/armv8-aesce.txt | 3 - ChangeLog.d/benchmark-ecdh.txt | 3 - ChangeLog.d/binder-overread.txt | 4 - ChangeLog.d/ctr-perf.txt | 3 - ChangeLog.d/domain_parameters.txt | 9 - ChangeLog.d/driver-only-cipher.txt | 11 - ChangeLog.d/drop-msvc-2015-and-armcc-5.txt | 5 - ChangeLog.d/early-data.txt | 5 - ChangeLog.d/ecp-keypair-utilities.txt | 5 - ChangeLog.d/ecp_write_key.txt | 8 - ChangeLog.d/enable-tls13-by-default.txt | 2 - ChangeLog.d/fix-alpn-negotiating-bug.txt | 3 - .../fix-cmake-3rdparty-custom-config.txt | 3 - ChangeLog.d/fix-cpp-compilation-error.txt | 3 - ...csr-parsing-with-critical-fields-fails.txt | 6 - ChangeLog.d/fix-issue-x509-cert_req.txt | 3 - ChangeLog.d/fix-issue-x509-cert_write.txt | 3 - .../fix-linux-builds-in-conda-forge.txt | 2 - ChangeLog.d/fix-mingw32-build.txt | 4 - ChangeLog.d/fix-new-rn-on-hrr.txt | 3 - .../fix-null-dereference-verify-ext.txt | 3 - .../fix-ssl-session-serialization-config.txt | 4 - ChangeLog.d/fix-tls-SuiteB.txt | 3 - .../fix-tls13-server-min-version-check.txt | 3 - .../fix_kdf_incorrect_initial_capacity.txt | 3 - ChangeLog.d/gcm-large-tables.txt | 4 - ChangeLog.d/gen-key-segfault.txt | 3 - ChangeLog.d/get_ticket_creation_time.txt | 3 - ChangeLog.d/gnutls_anti_replay_fail.txt | 5 - ChangeLog.d/iar-gcc-perf.txt | 2 - ChangeLog.d/linux-aarch64-hwcap.txt | 4 - ChangeLog.d/mbedtls_pk_import_into_psa.txt | 4 - ChangeLog.d/move-mbedtls-ecc-psa-helpers.txt | 3 - ChangeLog.d/no-cipher.txt | 9 - ChangeLog.d/non-psa-pk-implementation.txt | 3 - ChangeLog.d/pkg-config-files-addition.txt | 4 - ChangeLog.d/pkwrite-pem-use-heap.txt | 4 - ChangeLog.d/psa-shared-memory-protection.txt | 17 -- ChangeLog.d/psa_generate_key_ext.txt | 3 - ChangeLog.d/rename-conf-early-data-API.txt | 4 - ChangeLog.d/rsa-bitlen.txt | 7 - ChangeLog.d/sha256-armce-arm.txt | 7 - ChangeLog.d/tls-max-version-reset.txt | 7 - ChangeLog.d/tls13-only-server.txt | 11 - ChangeLog.d/use_exp_mod_core.txt | 6 - ChangeLog.d/x509-add-ca_istrue.txt | 5 - 69 files changed, 260 insertions(+), 323 deletions(-) delete mode 100644 ChangeLog.d/7764.txt delete mode 100644 ChangeLog.d/7765.txt delete mode 100644 ChangeLog.d/8030.txt delete mode 100644 ChangeLog.d/8340.txt delete mode 100644 ChangeLog.d/8372.txt delete mode 100644 ChangeLog.d/8461.txt delete mode 100644 ChangeLog.d/8482.txt delete mode 100644 ChangeLog.d/8647.txt delete mode 100644 ChangeLog.d/8709.txt delete mode 100644 ChangeLog.d/8726.txt delete mode 100644 ChangeLog.d/8799.txt delete mode 100644 ChangeLog.d/8824.txt delete mode 100644 ChangeLog.d/8825.txt delete mode 100644 ChangeLog.d/8848.txt delete mode 100644 ChangeLog.d/8938.txt delete mode 100644 ChangeLog.d/add-aes-cbc-to-pkcs5-pbes2.txt delete mode 100644 ChangeLog.d/add-block-cipher-no-decrypt.txt delete mode 100644 ChangeLog.d/add-psa-example-program-hash.txt delete mode 100644 ChangeLog.d/add-record-size-limit-extension-support.txt delete mode 100644 ChangeLog.d/add_get_ecp_group_id.txt delete mode 100644 ChangeLog.d/add_ssl_session_accessors.txt delete mode 100644 ChangeLog.d/add_threading_changelog.txt delete mode 100644 ChangeLog.d/armv8-aesce.txt delete mode 100644 ChangeLog.d/benchmark-ecdh.txt delete mode 100644 ChangeLog.d/binder-overread.txt delete mode 100644 ChangeLog.d/ctr-perf.txt delete mode 100644 ChangeLog.d/domain_parameters.txt delete mode 100644 ChangeLog.d/driver-only-cipher.txt delete mode 100644 ChangeLog.d/drop-msvc-2015-and-armcc-5.txt delete mode 100644 ChangeLog.d/early-data.txt delete mode 100644 ChangeLog.d/ecp-keypair-utilities.txt delete mode 100644 ChangeLog.d/ecp_write_key.txt delete mode 100644 ChangeLog.d/enable-tls13-by-default.txt delete mode 100644 ChangeLog.d/fix-alpn-negotiating-bug.txt delete mode 100644 ChangeLog.d/fix-cmake-3rdparty-custom-config.txt delete mode 100644 ChangeLog.d/fix-cpp-compilation-error.txt delete mode 100644 ChangeLog.d/fix-csr-parsing-with-critical-fields-fails.txt delete mode 100644 ChangeLog.d/fix-issue-x509-cert_req.txt delete mode 100644 ChangeLog.d/fix-issue-x509-cert_write.txt delete mode 100644 ChangeLog.d/fix-linux-builds-in-conda-forge.txt delete mode 100644 ChangeLog.d/fix-mingw32-build.txt delete mode 100644 ChangeLog.d/fix-new-rn-on-hrr.txt delete mode 100644 ChangeLog.d/fix-null-dereference-verify-ext.txt delete mode 100644 ChangeLog.d/fix-ssl-session-serialization-config.txt delete mode 100644 ChangeLog.d/fix-tls-SuiteB.txt delete mode 100644 ChangeLog.d/fix-tls13-server-min-version-check.txt delete mode 100644 ChangeLog.d/fix_kdf_incorrect_initial_capacity.txt delete mode 100644 ChangeLog.d/gcm-large-tables.txt delete mode 100644 ChangeLog.d/gen-key-segfault.txt delete mode 100644 ChangeLog.d/get_ticket_creation_time.txt delete mode 100644 ChangeLog.d/gnutls_anti_replay_fail.txt delete mode 100644 ChangeLog.d/iar-gcc-perf.txt delete mode 100644 ChangeLog.d/linux-aarch64-hwcap.txt delete mode 100644 ChangeLog.d/mbedtls_pk_import_into_psa.txt delete mode 100644 ChangeLog.d/move-mbedtls-ecc-psa-helpers.txt delete mode 100644 ChangeLog.d/no-cipher.txt delete mode 100644 ChangeLog.d/non-psa-pk-implementation.txt delete mode 100644 ChangeLog.d/pkg-config-files-addition.txt delete mode 100644 ChangeLog.d/pkwrite-pem-use-heap.txt delete mode 100644 ChangeLog.d/psa-shared-memory-protection.txt delete mode 100644 ChangeLog.d/psa_generate_key_ext.txt delete mode 100644 ChangeLog.d/rename-conf-early-data-API.txt delete mode 100644 ChangeLog.d/rsa-bitlen.txt delete mode 100644 ChangeLog.d/sha256-armce-arm.txt delete mode 100644 ChangeLog.d/tls-max-version-reset.txt delete mode 100644 ChangeLog.d/tls13-only-server.txt delete mode 100644 ChangeLog.d/use_exp_mod_core.txt delete mode 100644 ChangeLog.d/x509-add-ca_istrue.txt diff --git a/ChangeLog b/ChangeLog index 28f2654b41..3237b76323 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,265 @@ Mbed TLS ChangeLog (Sorted per branch, date) += Mbed TLS x.x.x branch released xxxx-xx-xx + +API changes + * Remove `tls13_` in mbedtls_ssl_tls13_conf_early_data() and + mbedtls_ssl_tls13_conf_max_early_data_size() API names. Early data + feature may not be TLS 1.3 specific in the future. Fixes #6909. + +Default behavior changes + * psa_import_key() now only accepts RSA keys in the PSA standard formats. + The undocumented ability to import other formats (PKCS#8, SubjectPublicKey, + PEM) accepted by the pkparse module has been removed. Applications that + need these formats can call mbedtls_pk_parse_{public,}key() followed by + mbedtls_pk_import_into_psa(). + +Requirement changes + * Drop support for Visual Studio 2013 and 2015, and Arm Compiler 5. + +New deprecations + * Rename the MBEDTLS_SHA256_USE_A64_CRYPTO_xxx config options to + MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_xxx. The old names may still + be used, but are deprecated. + * In the PSA API, domain parameters are no longer used for anything. + They are deprecated and will be removed in a future version of the + library. + * mbedtls_ecp_write_key() is deprecated in favor of + mbedtls_ecp_write_key_ext(). + +Removals + * In the PSA API, the experimental way to encode the public exponent of + an RSA key as a domain parameter is no longer supported. Use + psa_generate_key_ext() instead. + * Temporary function mbedtls_pk_wrap_as_opaque() is removed. To mimic the + same behavior mbedtls_pk_get_psa_attributes() and + mbedtls_pk_import_into_psa() can be used to import a PK key into PSA, + while mbedtls_pk_setup_opaque() can be used to wrap a PSA key into a opaque + PK context. + +Features + * Added an example program showing how to hash with the PSA API. + * Support Armv8-A Crypto Extension acceleration for SHA-256 + when compiling for Thumb (T32) or 32-bit Arm (A32). + * AES-NI is now supported in Windows builds with clang and clang-cl. + Resolves #8372. + * Add new mbedtls_x509_csr_parse_der_with_ext_cb() routine which allows + parsing unsupported certificate extensions via user provided callback. + * Enable the new option MBEDTLS_BLOCK_CIPHER_NO_DECRYPT to omit + the decryption direction of block ciphers (AES, ARIA, Camellia). + This affects both the low-level modules and the high-level APIs + (the cipher and PSA interfaces). This option is incompatible with modes + that use the decryption direction (ECB in PSA, CBC, XTS, KW) and with DES. + * Support use of Armv8-A Cryptographic Extensions for hardware acclerated + AES when compiling for Thumb (T32) or 32-bit Arm (A32). + * If a cipher or AEAD mechanism has a PSA driver, you can now build the + library without the corresponding built-in implementation. Generally + speaking that requires both the key type and algorithm to be accelerated + or they'll both be built in. However, for CCM and GCM the built-in + implementation is able to take advantage of a driver that only + accelerates the key type (that is, the block cipher primitive). See + docs/driver-only-builds.md for full details and current limitations. + * The CTR_DRBG module will now use AES from a PSA driver if MBEDTLS_AES_C is + disabled. This requires PSA_WANT_ALG_ECB_NO_PADDING in addition to + MBEDTLS_PSA_CRYPTO_C and PSA_WANT_KEY_TYPE_AES. + * Fewer modules depend on MBEDTLS_CIPHER_C, making it possible to save code + size by disabling it in more circumstances. In particular, the CCM and + GCM modules no longer depend on MBEDTLS_CIPHER_C. Also, + MBEDTLS_PSA_CRYPTO can now be enabled without MBEDTLS_CIPHER_C if all + unauthenticated (non-AEAD) ciphers are disabled, or if they're all + fully provided by drivers. See docs/driver-only-builds.md for full + details and current limitations; in particular, NIST_KW and PKCS5/PKCS12 + decryption still unconditionally depend on MBEDTLS_CIPHER_C. + * Add support for record size limit extension as defined by RFC 8449 + and configured with MBEDTLS_SSL_RECORD_SIZE_LIMIT. + Application data sent and received will be fragmented according to + Record size limits negotiated during handshake. + * Improve performance of AES-GCM, AES-CTR and CTR-DRBG when + hardware accelerated AES is not present (around 13-23% on 64-bit Arm). + * Add functions mbedtls_ecc_group_to_psa() and mbedtls_ecc_group_from_psa() + to convert between Mbed TLS and PSA curve identifiers. + * Add utility functions to manipulate mbedtls_ecp_keypair objects, filling + gaps made by making its fields private: mbedtls_ecp_set_public_key(), + mbedtls_ecp_write_public_key(), mbedtls_ecp_keypair_calc_public(), + mbedtls_ecp_keypair_get_group_id(). Fixes #5017, #5441, #8367, #8652. + * Add functions mbedtls_md_psa_alg_from_type() and + mbedtls_md_type_from_psa_alg() to convert between mbedtls_md_type_t and + psa_algorithm_t. + * Add partial platform support for z/OS. + * Improve performance for gcc (versions older than 9.3.0) and IAR. + * Add functions mbedtls_ecdsa_raw_to_der() and mbedtls_ecdsa_der_to_raw() to + convert ECDSA signatures between raw and DER (ASN.1) formats. + * Add support for using AES-CBC 128, 192, and 256 bit schemes + with PKCS#5 PBES2. Keys encrypted this way can now be parsed by PK parse. + * The new function mbedtls_rsa_get_bitlen() returns the length of the modulus + in bits, i.e. the key size for an RSA key. + * Add pc files for pkg-config, e.g.: + pkg-config --cflags --libs (mbedtls|mbedcrypto|mbedx509) + * Add getter (mbedtls_ssl_session_get_ticket_creation_time()) to access + `mbedtls_ssl_session.ticket_creation_time`. + * The new functions mbedtls_pk_get_psa_attributes() and + mbedtls_pk_import_into_psa() provide a uniform way to create a PSA + key from a PK key. + * The benchmark program now reports times for both ephemeral and static + ECDH in all ECDH configurations. + * Add support for 8-bit GCM tables for Shoup's algorithm to speedup GCM + operations when hardware accelerated AES is not present. Improves + performance by around 30% on 64-bit Intel; 125% on Armv7-M. + * The new function psa_generate_key_ext() allows generating an RSA + key pair with a custom public exponent. + * The new function mbedtls_ecp_write_key_ext() is similar to + mbedtls_ecp_write_key(), but can be used without separately calculating + the output length. + * Add new accessor to expose the private group id member of + `mbedtls_ecdh_context` structure. + * Add new accessor to expose the `MBEDTLS_PRIVATE(ca_istrue)` member of + `mbedtls_x509_crt` structure. This requires setting + the MBEDTLS_X509_EXT_BASIC_CONSTRAINTS bit in the certificate's + ext_types field. + * mbedtls_psa_get_random() is always available as soon as + MBEDTLS_PSA_CRYPTO_CLIENT is enabled at build time and psa_crypto_init() is + called at runtime. This together with MBEDTLS_PSA_RANDOM_STATE can be + used as random number generator function (f_rng) and context (p_rng) in + legacy functions. + * The new functions mbedtls_pk_copy_from_psa() and + mbedtls_pk_copy_public_from_psa() provide ways to set up a PK context + with the same content as a PSA key. + * Add new accessors to expose the private session-id, + session-id length, and ciphersuite-id members of + `mbedtls_ssl_session` structure. + Add new accessor to expose the ciphersuite-id of + `mbedtls_ssl_ciphersuite_t` structure.Design ref: #8529 + * Mbed TLS now supports the writing and reading of TLS 1.3 early data (see + docs/tls13-early-data.md). The support enablement is controlled at build + time by the MBEDTLS_SSL_EARLY_DATA configuration option and at runtime by + the mbedtls_ssl_conf_early_data() API (by default disabled in both cases). + * Add protection for multithreaded access to the PSA keystore and protection + for multithreaded access to the the PSA global state, including + concurrently calling psa_crypto_init() when MBEDTLS_THREADING_C and + MBEDTLS_THREADING_PTHREAD are defined. See + docs/architecture/psa-thread-safety/psa-thread-safety.md for more details. + Resolves issues #3263 and #7945. + +Security + * Fix a stack buffer overread (less than 256 bytes) when parsing a TLS 1.3 + ClientHello in a TLS 1.3 server supporting some PSK key exchange mode. A + malicious client could cause information disclosure or a denial of service. + * Passing buffers that are stored in untrusted memory as arguments + to PSA functions is now secure by default. + The PSA core now protects against modification of inputs or exposure + of intermediate outputs during operations. This is currently implemented + by copying buffers. + This feature increases code size and memory usage. If buffers passed to + PSA functions are owned exclusively by the PSA core for the duration of + the function call (i.e. no buffer parameters are in shared memory), + copying may be disabled by setting MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS. + Note that setting this option will cause input-output buffer overlap to + be only partially supported (#3266). + Fixes CVE-2024-28960 + * Restore the maximum TLS version to be negotiated to the configured one + when an SSL context is reset with the mbedtls_ssl_session_reset() API. + An attacker was able to prevent an Mbed TLS server from establishing any + TLS 1.3 connection potentially resulting in a Denial of Service or forced + version downgrade from TLS 1.3 to TLS 1.2. Fixes #8654 reported by hey3e. + Fixes CVE-2024-28755. + * When negotiating TLS version on server side, do not fall back to the + TLS 1.2 implementation of the protocol if it is disabled. + - If the TLS 1.2 implementation was disabled at build time, a TLS 1.2 + client could put the TLS 1.3-only server in an infinite loop processing + a TLS 1.2 ClientHello, resulting in a denial of service. Reported by + Matthias Mucha and Thomas Blattmann, SICK AG. + - If the TLS 1.2 implementation was disabled at runtime, a TLS 1.2 client + was able to successfully establish a TLS 1.2 connection with the server. + Reported by alluettiv on GitHub. + Fixes CVE-2024-28836. + +Bugfix + * Fix the build with CMake when Everest or P256-m is enabled through + a user configuration file or the compiler command line. Fixes #8165. + * Fix compilation error in C++ programs when MBEDTLS_ASN1_PARSE_C is + disabled. + * Fix possible NULL dereference issue in X509 cert_req program if an entry + in the san parameter is not separated by a colon. + * Fix possible NULL dereference issue in X509 cert_write program if an entry + in the san parameter is not separated by a colon. + * Fix an inconsistency between implementations and usages of `__cpuid`, + which mainly causes failures when building Windows target using + mingw or clang. Fixes #8334 & #8332. + * Fix build failure in conda-forge. Fixes #8422. + * Fix parsing of CSRs with critical extensions. + * Switch to milliseconds as the unit for ticket creation and reception time + instead of seconds. That avoids rounding errors when computing the age of + tickets compared to peer using a millisecond clock (observed with GnuTLS). + Fixes #6623. + * Fix TLS server accepting TLS 1.2 handshake while TLS 1.2 + is disabled at runtime. Fixes #8593. + * Remove accidental introduction of RSA signature algorithms + in TLS Suite B Profile. Fixes #8221. + * Fix unsupported PSA asymmetric encryption and decryption + (psa_asymmetric_[en|de]crypt) with opaque keys. + Resolves #8461. + * On Linux on ARMv8, fix a build error with SHA-256 and SHA-512 + acceleration detection when the libc headers do not define the + corresponding constant. Reported by valord577. + * Correct initial capacities for key derivation algorithms:TLS12_PRF, + TLS12_PSK_TO_MS, PBKDF2-HMAC, PBKDF2-CMAC + * Fix mbedtls_pk_get_bitlen() for RSA keys whose size is not a + multiple of 8. Fixes #868. + * Avoid segmentation fault caused by releasing not initialized + entropy resource in gen_key example. Fixes #8809. + * mbedtls_pem_read_buffer() now performs a check on the padding data of + decrypted keys and it rejects invalid ones. + * Fix mbedtls_pk_sign(), mbedtls_pk_verify(), mbedtls_pk_decrypt() and + mbedtls_pk_encrypt() on non-opaque RSA keys to honor the padding mode in + the RSA context. Before, if MBEDTLS_USE_PSA_CRYPTO was enabled and the + RSA context was configured for PKCS#1 v2.1 (PSS/OAEP), the sign/verify + functions performed a PKCS#1 v1.5 signature instead and the + encrypt/decrypt functions returned an error. Fixes #8824. + * Fix missing bitflags in SSL session serialization headers. Their absence + allowed SSL sessions saved in one configuration to be loaded in a + different, incompatible configuration. + * In TLS 1.3 clients, fix an interoperability problem due to the client + generating a new random after a HelloRetryRequest. Fixes #8669. + * Fix the restoration of the ALPN when loading serialized connection with + * the mbedtls_ssl_context_load() API. + * Fix NULL pointer dereference in mbedtls_pk_verify_ext() when called using + an opaque RSA context and specifying MBEDTLS_PK_RSASSA_PSS as key type. + * Fix RSA opaque keys always using PKCS1 v1.5 algorithms instead of the + primary algorithm of the wrapped PSA key. + * Fully support arbitrary overlap between inputs and outputs of PSA + functions. Note that overlap is still only partially supported when + MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS is set (#3266). + +Changes + * Use heap memory to allocate DER encoded public/private key. + This reduces stack usage significantly for writing a public/private + key to a PEM string. + * PSA_WANT_ALG_CCM and PSA_WANT_ALG_CCM_STAR_NO_TAG are no more synonyms and + they are now treated separately. This means that they should be + individually enabled in order to enable respective support; also the + corresponding MBEDTLS_PSA_ACCEL symbol should be defined in case + acceleration is required. + * Moved declaration of functions mbedtls_ecc_group_to_psa and + mbedtls_ecc_group_of_psa from psa/crypto_extra.h to mbedtls/psa_util.h + * mbedtls_pk_sign_ext() is now always available, not just when + PSA (MBEDTLS_PSA_CRYPTO_C) is enabled. + * Extended PSA Crypto configurations options for FFDH by making it possible + to select only some of the parameters / groups, with the macros + PSA_WANT_DH_RFC7919_XXXX. You now need to defined the corresponding macro + for each size you want to support. Also, if you have an FFDH accelerator, + you'll need to define the appropriate MBEDTLS_PSA_ACCEL macros to signal + support for these domain parameters. + * RSA support in PSA no longer auto-enables the pkparse and pkwrite modules, + saving code size when those are not otherwise enabled. + * mbedtls_mpi_exp_mod and code that uses it, notably RSA and DHM operations, + have changed their speed/memory compromise as part of a proactive security + improvement. The new default value of MBEDTLS_MPI_WINDOW_SIZE roughly + preserves the current speed, at the expense of increasing memory + consumption. + * Rename directory containing Visual Studio files from visualc/VS2013 to + visualc/VS2017. + * The TLS 1.3 protocol is now enabled in the default configuration. + = Mbed TLS 3.5.2 branch released 2024-01-26 Security diff --git a/ChangeLog.d/7764.txt b/ChangeLog.d/7764.txt deleted file mode 100644 index 4cd20798a2..0000000000 --- a/ChangeLog.d/7764.txt +++ /dev/null @@ -1,3 +0,0 @@ -Features - * Add functions mbedtls_ecc_group_to_psa() and mbedtls_ecc_group_from_psa() - to convert between Mbed TLS and PSA curve identifiers. diff --git a/ChangeLog.d/7765.txt b/ChangeLog.d/7765.txt deleted file mode 100644 index 3dd6b5d305..0000000000 --- a/ChangeLog.d/7765.txt +++ /dev/null @@ -1,3 +0,0 @@ -Features - * Add functions mbedtls_ecdsa_raw_to_der() and mbedtls_ecdsa_der_to_raw() to - convert ECDSA signatures between raw and DER (ASN.1) formats. diff --git a/ChangeLog.d/8030.txt b/ChangeLog.d/8030.txt deleted file mode 100644 index d99c9e7e4d..0000000000 --- a/ChangeLog.d/8030.txt +++ /dev/null @@ -1,7 +0,0 @@ -Changes - * Extended PSA Crypto configurations options for FFDH by making it possible - to select only some of the parameters / groups, with the macros - PSA_WANT_DH_RFC7919_XXXX. You now need to defined the corresponding macro - for each size you want to support. Also, if you have an FFDH accelerator, - you'll need to define the appropriate MBEDTLS_PSA_ACCEL macros to signal - support for these domain parameters. diff --git a/ChangeLog.d/8340.txt b/ChangeLog.d/8340.txt deleted file mode 100644 index 5664bf170c..0000000000 --- a/ChangeLog.d/8340.txt +++ /dev/null @@ -1,4 +0,0 @@ -Features - * Add functions mbedtls_md_psa_alg_from_type() and - mbedtls_md_type_from_psa_alg() to convert between mbedtls_md_type_t and - psa_algorithm_t. diff --git a/ChangeLog.d/8372.txt b/ChangeLog.d/8372.txt deleted file mode 100644 index 4a72edfb1a..0000000000 --- a/ChangeLog.d/8372.txt +++ /dev/null @@ -1,3 +0,0 @@ -Features - * AES-NI is now supported in Windows builds with clang and clang-cl. - Resolves #8372. diff --git a/ChangeLog.d/8461.txt b/ChangeLog.d/8461.txt deleted file mode 100644 index d6a65f0702..0000000000 --- a/ChangeLog.d/8461.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Fix unsupported PSA asymmetric encryption and decryption - (psa_asymmetric_[en|de]crypt) with opaque keys. - Resolves #8461. diff --git a/ChangeLog.d/8482.txt b/ChangeLog.d/8482.txt deleted file mode 100644 index a39223299f..0000000000 --- a/ChangeLog.d/8482.txt +++ /dev/null @@ -1,6 +0,0 @@ -Changes - * PSA_WANT_ALG_CCM and PSA_WANT_ALG_CCM_STAR_NO_TAG are no more synonyms and - they are now treated separately. This means that they should be - individually enabled in order to enable respective support; also the - corresponding MBEDTLS_PSA_ACCEL symbol should be defined in case - acceleration is required. diff --git a/ChangeLog.d/8647.txt b/ChangeLog.d/8647.txt deleted file mode 100644 index 98326dc017..0000000000 --- a/ChangeLog.d/8647.txt +++ /dev/null @@ -1,10 +0,0 @@ -Default behavior changes - * psa_import_key() now only accepts RSA keys in the PSA standard formats. - The undocumented ability to import other formats (PKCS#8, SubjectPublicKey, - PEM) accepted by the pkparse module has been removed. Applications that - need these formats can call mbedtls_pk_parse_{public,}key() followed by - mbedtls_pk_import_into_psa(). - -Changes - * RSA support in PSA no longer auto-enables the pkparse and pkwrite modules, - saving code size when those are not otherwise enabled. diff --git a/ChangeLog.d/8709.txt b/ChangeLog.d/8709.txt deleted file mode 100644 index e0bea44120..0000000000 --- a/ChangeLog.d/8709.txt +++ /dev/null @@ -1,4 +0,0 @@ -Features - * The new functions mbedtls_pk_copy_from_psa() and - mbedtls_pk_copy_public_from_psa() provide ways to set up a PK context - with the same content as a PSA key. diff --git a/ChangeLog.d/8726.txt b/ChangeLog.d/8726.txt deleted file mode 100644 index c1e5a40158..0000000000 --- a/ChangeLog.d/8726.txt +++ /dev/null @@ -1,2 +0,0 @@ -Features - * Add partial platform support for z/OS. diff --git a/ChangeLog.d/8799.txt b/ChangeLog.d/8799.txt deleted file mode 100644 index 50e7c118c8..0000000000 --- a/ChangeLog.d/8799.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * mbedtls_pem_read_buffer() now performs a check on the padding data of - decrypted keys and it rejects invalid ones. diff --git a/ChangeLog.d/8824.txt b/ChangeLog.d/8824.txt deleted file mode 100644 index 6d6bcb70f0..0000000000 --- a/ChangeLog.d/8824.txt +++ /dev/null @@ -1,8 +0,0 @@ -Bugfix - * Fix mbedtls_pk_sign(), mbedtls_pk_verify(), mbedtls_pk_decrypt() and - mbedtls_pk_encrypt() on non-opaque RSA keys to honor the padding mode in - the RSA context. Before, if MBEDTLS_USE_PSA_CRYPTO was enabled and the - RSA context was configured for PKCS#1 v2.1 (PSS/OAEP), the sign/verify - functions performed a PKCS#1 v1.5 signature instead and the - encrypt/decrypt functions returned an error. Fixes #8824. - diff --git a/ChangeLog.d/8825.txt b/ChangeLog.d/8825.txt deleted file mode 100644 index 914bd08fdd..0000000000 --- a/ChangeLog.d/8825.txt +++ /dev/null @@ -1,6 +0,0 @@ -Features - * mbedtls_psa_get_random() is always available as soon as - MBEDTLS_PSA_CRYPTO_CLIENT is enabled at build time and psa_crypto_init() is - called at runtime. This together with MBEDTLS_PSA_RANDOM_STATE can be - used as random number generator function (f_rng) and context (p_rng) in - legacy functions. diff --git a/ChangeLog.d/8848.txt b/ChangeLog.d/8848.txt deleted file mode 100644 index 71bb7e3a68..0000000000 --- a/ChangeLog.d/8848.txt +++ /dev/null @@ -1,6 +0,0 @@ -Removals - * Temporary function mbedtls_pk_wrap_as_opaque() is removed. To mimic the - same behavior mbedtls_pk_get_psa_attributes() and - mbedtls_pk_import_into_psa() can be used to import a PK key into PSA, - while mbedtls_pk_setup_opaque() can be used to wrap a PSA key into a opaque - PK context. diff --git a/ChangeLog.d/8938.txt b/ChangeLog.d/8938.txt deleted file mode 100644 index 68a1c084be..0000000000 --- a/ChangeLog.d/8938.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix RSA opaque keys always using PKCS1 v1.5 algorithms instead of the - primary algorithm of the wrapped PSA key. diff --git a/ChangeLog.d/add-aes-cbc-to-pkcs5-pbes2.txt b/ChangeLog.d/add-aes-cbc-to-pkcs5-pbes2.txt deleted file mode 100644 index 7f0fbc7e96..0000000000 --- a/ChangeLog.d/add-aes-cbc-to-pkcs5-pbes2.txt +++ /dev/null @@ -1,3 +0,0 @@ -Features - * Add support for using AES-CBC 128, 192, and 256 bit schemes - with PKCS#5 PBES2. Keys encrypted this way can now be parsed by PK parse. diff --git a/ChangeLog.d/add-block-cipher-no-decrypt.txt b/ChangeLog.d/add-block-cipher-no-decrypt.txt deleted file mode 100644 index d05bf86ba3..0000000000 --- a/ChangeLog.d/add-block-cipher-no-decrypt.txt +++ /dev/null @@ -1,6 +0,0 @@ -Features - * Enable the new option MBEDTLS_BLOCK_CIPHER_NO_DECRYPT to omit - the decryption direction of block ciphers (AES, ARIA, Camellia). - This affects both the low-level modules and the high-level APIs - (the cipher and PSA interfaces). This option is incompatible with modes - that use the decryption direction (ECB in PSA, CBC, XTS, KW) and with DES. diff --git a/ChangeLog.d/add-psa-example-program-hash.txt b/ChangeLog.d/add-psa-example-program-hash.txt deleted file mode 100644 index ba4da20d33..0000000000 --- a/ChangeLog.d/add-psa-example-program-hash.txt +++ /dev/null @@ -1,2 +0,0 @@ -Features - * Added an example program showing how to hash with the PSA API. diff --git a/ChangeLog.d/add-record-size-limit-extension-support.txt b/ChangeLog.d/add-record-size-limit-extension-support.txt deleted file mode 100644 index 3562b85044..0000000000 --- a/ChangeLog.d/add-record-size-limit-extension-support.txt +++ /dev/null @@ -1,5 +0,0 @@ -Features - * Add support for record size limit extension as defined by RFC 8449 - and configured with MBEDTLS_SSL_RECORD_SIZE_LIMIT. - Application data sent and received will be fragmented according to - Record size limits negotiated during handshake. diff --git a/ChangeLog.d/add_get_ecp_group_id.txt b/ChangeLog.d/add_get_ecp_group_id.txt deleted file mode 100644 index 3328062a7e..0000000000 --- a/ChangeLog.d/add_get_ecp_group_id.txt +++ /dev/null @@ -1,3 +0,0 @@ -Features - * Add new accessor to expose the private group id member of - `mbedtls_ecdh_context` structure. diff --git a/ChangeLog.d/add_ssl_session_accessors.txt b/ChangeLog.d/add_ssl_session_accessors.txt deleted file mode 100644 index 516a3bf448..0000000000 --- a/ChangeLog.d/add_ssl_session_accessors.txt +++ /dev/null @@ -1,6 +0,0 @@ -Features - * Add new accessors to expose the private session-id, - session-id length, and ciphersuite-id members of - `mbedtls_ssl_session` structure. - Add new accessor to expose the ciphersuite-id of - `mbedtls_ssl_ciphersuite_t` structure.Design ref: #8529 diff --git a/ChangeLog.d/add_threading_changelog.txt b/ChangeLog.d/add_threading_changelog.txt deleted file mode 100644 index e9f6cc7ed7..0000000000 --- a/ChangeLog.d/add_threading_changelog.txt +++ /dev/null @@ -1,7 +0,0 @@ -Features - * Add protection for multithreaded access to the PSA keystore and protection - for multithreaded access to the the PSA global state, including - concurrently calling psa_crypto_init() when MBEDTLS_THREADING_C and - MBEDTLS_THREADING_PTHREAD are defined. See - docs/architecture/psa-thread-safety/psa-thread-safety.md for more details. - Resolves issues #3263 and #7945. diff --git a/ChangeLog.d/armv8-aesce.txt b/ChangeLog.d/armv8-aesce.txt deleted file mode 100644 index ec5889c1ba..0000000000 --- a/ChangeLog.d/armv8-aesce.txt +++ /dev/null @@ -1,3 +0,0 @@ -Features - * Support use of Armv8-A Cryptographic Extensions for hardware acclerated - AES when compiling for Thumb (T32) or 32-bit Arm (A32). diff --git a/ChangeLog.d/benchmark-ecdh.txt b/ChangeLog.d/benchmark-ecdh.txt deleted file mode 100644 index ef243b8035..0000000000 --- a/ChangeLog.d/benchmark-ecdh.txt +++ /dev/null @@ -1,3 +0,0 @@ -Features - * The benchmark program now reports times for both ephemeral and static - ECDH in all ECDH configurations. diff --git a/ChangeLog.d/binder-overread.txt b/ChangeLog.d/binder-overread.txt deleted file mode 100644 index c0ed4b7179..0000000000 --- a/ChangeLog.d/binder-overread.txt +++ /dev/null @@ -1,4 +0,0 @@ -Security - * Fix a stack buffer overread (less than 256 bytes) when parsing a TLS 1.3 - ClientHello in a TLS 1.3 server supporting some PSK key exchange mode. A - malicious client could cause information disclosure or a denial of service. diff --git a/ChangeLog.d/ctr-perf.txt b/ChangeLog.d/ctr-perf.txt deleted file mode 100644 index bc04080bfa..0000000000 --- a/ChangeLog.d/ctr-perf.txt +++ /dev/null @@ -1,3 +0,0 @@ -Features - * Improve performance of AES-GCM, AES-CTR and CTR-DRBG when - hardware accelerated AES is not present (around 13-23% on 64-bit Arm). diff --git a/ChangeLog.d/domain_parameters.txt b/ChangeLog.d/domain_parameters.txt deleted file mode 100644 index d860cc448d..0000000000 --- a/ChangeLog.d/domain_parameters.txt +++ /dev/null @@ -1,9 +0,0 @@ -New deprecations - * In the PSA API, domain parameters are no longer used for anything. - They are deprecated and will be removed in a future version of the - library. - -Removals - * In the PSA API, the experimental way to encode the public exponent of - an RSA key as a domain parameter is no longer supported. Use - psa_generate_key_ext() instead. diff --git a/ChangeLog.d/driver-only-cipher.txt b/ChangeLog.d/driver-only-cipher.txt deleted file mode 100644 index 331b2f997c..0000000000 --- a/ChangeLog.d/driver-only-cipher.txt +++ /dev/null @@ -1,11 +0,0 @@ -Features - * If a cipher or AEAD mechanism has a PSA driver, you can now build the - library without the corresponding built-in implementation. Generally - speaking that requires both the key type and algorithm to be accelerated - or they'll both be built in. However, for CCM and GCM the built-in - implementation is able to take advantage of a driver that only - accelerates the key type (that is, the block cipher primitive). See - docs/driver-only-builds.md for full details and current limitations. - * The CTR_DRBG module will now use AES from a PSA driver if MBEDTLS_AES_C is - disabled. This requires PSA_WANT_ALG_ECB_NO_PADDING in addition to - MBEDTLS_PSA_CRYPTO_C and PSA_WANT_KEY_TYPE_AES. diff --git a/ChangeLog.d/drop-msvc-2015-and-armcc-5.txt b/ChangeLog.d/drop-msvc-2015-and-armcc-5.txt deleted file mode 100644 index 435cc98492..0000000000 --- a/ChangeLog.d/drop-msvc-2015-and-armcc-5.txt +++ /dev/null @@ -1,5 +0,0 @@ -Requirement changes - * Drop support for Visual Studio 2013 and 2015, and Arm Compiler 5. -Changes - * Rename directory containing Visual Studio files from visualc/VS2013 to - visualc/VS2017. diff --git a/ChangeLog.d/early-data.txt b/ChangeLog.d/early-data.txt deleted file mode 100644 index 3c3826c954..0000000000 --- a/ChangeLog.d/early-data.txt +++ /dev/null @@ -1,5 +0,0 @@ -Features - * Mbed TLS now supports the writing and reading of TLS 1.3 early data (see - docs/tls13-early-data.md). The support enablement is controlled at build - time by the MBEDTLS_SSL_EARLY_DATA configuration option and at runtime by - the mbedtls_ssl_conf_early_data() API (by default disabled in both cases). diff --git a/ChangeLog.d/ecp-keypair-utilities.txt b/ChangeLog.d/ecp-keypair-utilities.txt deleted file mode 100644 index 6f9714aaa5..0000000000 --- a/ChangeLog.d/ecp-keypair-utilities.txt +++ /dev/null @@ -1,5 +0,0 @@ -Features - * Add utility functions to manipulate mbedtls_ecp_keypair objects, filling - gaps made by making its fields private: mbedtls_ecp_set_public_key(), - mbedtls_ecp_write_public_key(), mbedtls_ecp_keypair_calc_public(), - mbedtls_ecp_keypair_get_group_id(). Fixes #5017, #5441, #8367, #8652. diff --git a/ChangeLog.d/ecp_write_key.txt b/ChangeLog.d/ecp_write_key.txt deleted file mode 100644 index 73354c8633..0000000000 --- a/ChangeLog.d/ecp_write_key.txt +++ /dev/null @@ -1,8 +0,0 @@ -Features - * The new function mbedtls_ecp_write_key_ext() is similar to - mbedtls_ecp_write_key(), but can be used without separately calculating - the output length. - -New deprecations - * mbedtls_ecp_write_key() is deprecated in favor of - mbedtls_ecp_write_key_ext(). diff --git a/ChangeLog.d/enable-tls13-by-default.txt b/ChangeLog.d/enable-tls13-by-default.txt deleted file mode 100644 index 636078c7c1..0000000000 --- a/ChangeLog.d/enable-tls13-by-default.txt +++ /dev/null @@ -1,2 +0,0 @@ -Changes - * The TLS 1.3 protocol is now enabled in the default configuration. diff --git a/ChangeLog.d/fix-alpn-negotiating-bug.txt b/ChangeLog.d/fix-alpn-negotiating-bug.txt deleted file mode 100644 index 3bceb37f38..0000000000 --- a/ChangeLog.d/fix-alpn-negotiating-bug.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix the restoration of the ALPN when loading serialized connection with - * the mbedtls_ssl_context_load() API. diff --git a/ChangeLog.d/fix-cmake-3rdparty-custom-config.txt b/ChangeLog.d/fix-cmake-3rdparty-custom-config.txt deleted file mode 100644 index ec543aafcb..0000000000 --- a/ChangeLog.d/fix-cmake-3rdparty-custom-config.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix the build with CMake when Everest or P256-m is enabled through - a user configuration file or the compiler command line. Fixes #8165. diff --git a/ChangeLog.d/fix-cpp-compilation-error.txt b/ChangeLog.d/fix-cpp-compilation-error.txt deleted file mode 100644 index 32d86dceda..0000000000 --- a/ChangeLog.d/fix-cpp-compilation-error.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix compilation error in C++ programs when MBEDTLS_ASN1_PARSE_C is - disabled. diff --git a/ChangeLog.d/fix-csr-parsing-with-critical-fields-fails.txt b/ChangeLog.d/fix-csr-parsing-with-critical-fields-fails.txt deleted file mode 100644 index 5b155121f8..0000000000 --- a/ChangeLog.d/fix-csr-parsing-with-critical-fields-fails.txt +++ /dev/null @@ -1,6 +0,0 @@ -Features - * Add new mbedtls_x509_csr_parse_der_with_ext_cb() routine which allows - parsing unsupported certificate extensions via user provided callback. - -Bugfix - * Fix parsing of CSRs with critical extensions. diff --git a/ChangeLog.d/fix-issue-x509-cert_req.txt b/ChangeLog.d/fix-issue-x509-cert_req.txt deleted file mode 100644 index 3a5171b834..0000000000 --- a/ChangeLog.d/fix-issue-x509-cert_req.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix possible NULL dereference issue in X509 cert_req program if an entry - in the san parameter is not separated by a colon. diff --git a/ChangeLog.d/fix-issue-x509-cert_write.txt b/ChangeLog.d/fix-issue-x509-cert_write.txt deleted file mode 100644 index 43d67c21d0..0000000000 --- a/ChangeLog.d/fix-issue-x509-cert_write.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix possible NULL dereference issue in X509 cert_write program if an entry - in the san parameter is not separated by a colon. diff --git a/ChangeLog.d/fix-linux-builds-in-conda-forge.txt b/ChangeLog.d/fix-linux-builds-in-conda-forge.txt deleted file mode 100644 index 5cfee855aa..0000000000 --- a/ChangeLog.d/fix-linux-builds-in-conda-forge.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bugfix - * Fix build failure in conda-forge. Fixes #8422. diff --git a/ChangeLog.d/fix-mingw32-build.txt b/ChangeLog.d/fix-mingw32-build.txt deleted file mode 100644 index feef0a2c51..0000000000 --- a/ChangeLog.d/fix-mingw32-build.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Fix an inconsistency between implementations and usages of `__cpuid`, - which mainly causes failures when building Windows target using - mingw or clang. Fixes #8334 & #8332. diff --git a/ChangeLog.d/fix-new-rn-on-hrr.txt b/ChangeLog.d/fix-new-rn-on-hrr.txt deleted file mode 100644 index 1b4f5e6a8c..0000000000 --- a/ChangeLog.d/fix-new-rn-on-hrr.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * In TLS 1.3 clients, fix an interoperability problem due to the client - generating a new random after a HelloRetryRequest. Fixes #8669. diff --git a/ChangeLog.d/fix-null-dereference-verify-ext.txt b/ChangeLog.d/fix-null-dereference-verify-ext.txt deleted file mode 100644 index 4654178726..0000000000 --- a/ChangeLog.d/fix-null-dereference-verify-ext.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix NULL pointer dereference in mbedtls_pk_verify_ext() when called using - an opaque RSA context and specifying MBEDTLS_PK_RSASSA_PSS as key type. diff --git a/ChangeLog.d/fix-ssl-session-serialization-config.txt b/ChangeLog.d/fix-ssl-session-serialization-config.txt deleted file mode 100644 index ca1cc81f5e..0000000000 --- a/ChangeLog.d/fix-ssl-session-serialization-config.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Fix missing bitflags in SSL session serialization headers. Their absence - allowed SSL sessions saved in one configuration to be loaded in a - different, incompatible configuration. diff --git a/ChangeLog.d/fix-tls-SuiteB.txt b/ChangeLog.d/fix-tls-SuiteB.txt deleted file mode 100644 index 0be753ac5e..0000000000 --- a/ChangeLog.d/fix-tls-SuiteB.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Remove accidental introduction of RSA signature algorithms - in TLS Suite B Profile. Fixes #8221. diff --git a/ChangeLog.d/fix-tls13-server-min-version-check.txt b/ChangeLog.d/fix-tls13-server-min-version-check.txt deleted file mode 100644 index 258ec6d38c..0000000000 --- a/ChangeLog.d/fix-tls13-server-min-version-check.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix TLS server accepting TLS 1.2 handshake while TLS 1.2 - is disabled at runtime. Fixes #8593. diff --git a/ChangeLog.d/fix_kdf_incorrect_initial_capacity.txt b/ChangeLog.d/fix_kdf_incorrect_initial_capacity.txt deleted file mode 100644 index 10e2795bba..0000000000 --- a/ChangeLog.d/fix_kdf_incorrect_initial_capacity.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Correct initial capacities for key derivation algorithms:TLS12_PRF, - TLS12_PSK_TO_MS, PBKDF2-HMAC, PBKDF2-CMAC diff --git a/ChangeLog.d/gcm-large-tables.txt b/ChangeLog.d/gcm-large-tables.txt deleted file mode 100644 index f9bba5b4e7..0000000000 --- a/ChangeLog.d/gcm-large-tables.txt +++ /dev/null @@ -1,4 +0,0 @@ -Features - * Add support for 8-bit GCM tables for Shoup's algorithm to speedup GCM - operations when hardware accelerated AES is not present. Improves - performance by around 30% on 64-bit Intel; 125% on Armv7-M. diff --git a/ChangeLog.d/gen-key-segfault.txt b/ChangeLog.d/gen-key-segfault.txt deleted file mode 100644 index fefc702726..0000000000 --- a/ChangeLog.d/gen-key-segfault.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Avoid segmentation fault caused by releasing not initialized - entropy resource in gen_key example. Fixes #8809. diff --git a/ChangeLog.d/get_ticket_creation_time.txt b/ChangeLog.d/get_ticket_creation_time.txt deleted file mode 100644 index 7b5166c8e6..0000000000 --- a/ChangeLog.d/get_ticket_creation_time.txt +++ /dev/null @@ -1,3 +0,0 @@ -Features - * Add getter (mbedtls_ssl_session_get_ticket_creation_time()) to access - `mbedtls_ssl_session.ticket_creation_time`. diff --git a/ChangeLog.d/gnutls_anti_replay_fail.txt b/ChangeLog.d/gnutls_anti_replay_fail.txt deleted file mode 100644 index cb35284e1c..0000000000 --- a/ChangeLog.d/gnutls_anti_replay_fail.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * Switch to milliseconds as the unit for ticket creation and reception time - instead of seconds. That avoids rounding errors when computing the age of - tickets compared to peer using a millisecond clock (observed with GnuTLS). - Fixes #6623. diff --git a/ChangeLog.d/iar-gcc-perf.txt b/ChangeLog.d/iar-gcc-perf.txt deleted file mode 100644 index fb0fbb10d1..0000000000 --- a/ChangeLog.d/iar-gcc-perf.txt +++ /dev/null @@ -1,2 +0,0 @@ -Features - * Improve performance for gcc (versions older than 9.3.0) and IAR. diff --git a/ChangeLog.d/linux-aarch64-hwcap.txt b/ChangeLog.d/linux-aarch64-hwcap.txt deleted file mode 100644 index 23af87824d..0000000000 --- a/ChangeLog.d/linux-aarch64-hwcap.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * On Linux on ARMv8, fix a build error with SHA-256 and SHA-512 - acceleration detection when the libc headers do not define the - corresponding constant. Reported by valord577. diff --git a/ChangeLog.d/mbedtls_pk_import_into_psa.txt b/ChangeLog.d/mbedtls_pk_import_into_psa.txt deleted file mode 100644 index c294f4490d..0000000000 --- a/ChangeLog.d/mbedtls_pk_import_into_psa.txt +++ /dev/null @@ -1,4 +0,0 @@ -Features - * The new functions mbedtls_pk_get_psa_attributes() and - mbedtls_pk_import_into_psa() provide a uniform way to create a PSA - key from a PK key. diff --git a/ChangeLog.d/move-mbedtls-ecc-psa-helpers.txt b/ChangeLog.d/move-mbedtls-ecc-psa-helpers.txt deleted file mode 100644 index 85d970c7f4..0000000000 --- a/ChangeLog.d/move-mbedtls-ecc-psa-helpers.txt +++ /dev/null @@ -1,3 +0,0 @@ -Changes - * Moved declaration of functions mbedtls_ecc_group_to_psa and - mbedtls_ecc_group_of_psa from psa/crypto_extra.h to mbedtls/psa_util.h diff --git a/ChangeLog.d/no-cipher.txt b/ChangeLog.d/no-cipher.txt deleted file mode 100644 index 87f2f6d3ae..0000000000 --- a/ChangeLog.d/no-cipher.txt +++ /dev/null @@ -1,9 +0,0 @@ -Features - * Fewer modules depend on MBEDTLS_CIPHER_C, making it possible to save code - size by disabling it in more circumstances. In particular, the CCM and - GCM modules no longer depend on MBEDTLS_CIPHER_C. Also, - MBEDTLS_PSA_CRYPTO can now be enabled without MBEDTLS_CIPHER_C if all - unauthenticated (non-AEAD) ciphers are disabled, or if they're all - fully provided by drivers. See docs/driver-only-builds.md for full - details and current limitations; in particular, NIST_KW and PKCS5/PKCS12 - decryption still unconditionally depend on MBEDTLS_CIPHER_C. diff --git a/ChangeLog.d/non-psa-pk-implementation.txt b/ChangeLog.d/non-psa-pk-implementation.txt deleted file mode 100644 index 535bbf55e6..0000000000 --- a/ChangeLog.d/non-psa-pk-implementation.txt +++ /dev/null @@ -1,3 +0,0 @@ -Changes - * mbedtls_pk_sign_ext() is now always available, not just when - PSA (MBEDTLS_PSA_CRYPTO_C) is enabled. diff --git a/ChangeLog.d/pkg-config-files-addition.txt b/ChangeLog.d/pkg-config-files-addition.txt deleted file mode 100644 index e459470679..0000000000 --- a/ChangeLog.d/pkg-config-files-addition.txt +++ /dev/null @@ -1,4 +0,0 @@ -Features - * Add pc files for pkg-config, e.g.: - pkg-config --cflags --libs (mbedtls|mbedcrypto|mbedx509) - diff --git a/ChangeLog.d/pkwrite-pem-use-heap.txt b/ChangeLog.d/pkwrite-pem-use-heap.txt deleted file mode 100644 index 11db7b6b06..0000000000 --- a/ChangeLog.d/pkwrite-pem-use-heap.txt +++ /dev/null @@ -1,4 +0,0 @@ -Changes - * Use heap memory to allocate DER encoded public/private key. - This reduces stack usage significantly for writing a public/private - key to a PEM string. diff --git a/ChangeLog.d/psa-shared-memory-protection.txt b/ChangeLog.d/psa-shared-memory-protection.txt deleted file mode 100644 index 09779b7d27..0000000000 --- a/ChangeLog.d/psa-shared-memory-protection.txt +++ /dev/null @@ -1,17 +0,0 @@ -Security - * Passing buffers that are stored in untrusted memory as arguments - to PSA functions is now secure by default. - The PSA core now protects against modification of inputs or exposure - of intermediate outputs during operations. This is currently implemented - by copying buffers. - This feature increases code size and memory usage. If buffers passed to - PSA functions are owned exclusively by the PSA core for the duration of - the function call (i.e. no buffer parameters are in shared memory), - copying may be disabled by setting MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS. - Note that setting this option will cause input-output buffer overlap to - be only partially supported (#3266). - Fixes CVE-2024-28960 -Bugfix - * Fully support arbitrary overlap between inputs and outputs of PSA - functions. Note that overlap is still only partially supported when - MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS is set (#3266). diff --git a/ChangeLog.d/psa_generate_key_ext.txt b/ChangeLog.d/psa_generate_key_ext.txt deleted file mode 100644 index 8340f01a3f..0000000000 --- a/ChangeLog.d/psa_generate_key_ext.txt +++ /dev/null @@ -1,3 +0,0 @@ -Features - * The new function psa_generate_key_ext() allows generating an RSA - key pair with a custom public exponent. diff --git a/ChangeLog.d/rename-conf-early-data-API.txt b/ChangeLog.d/rename-conf-early-data-API.txt deleted file mode 100644 index d43681199a..0000000000 --- a/ChangeLog.d/rename-conf-early-data-API.txt +++ /dev/null @@ -1,4 +0,0 @@ -API changes - * Remove `tls13_` in mbedtls_ssl_tls13_conf_early_data() and - mbedtls_ssl_tls13_conf_max_early_data_size() API names. Early data - feature may not be TLS 1.3 specific in the future. Fixes #6909. diff --git a/ChangeLog.d/rsa-bitlen.txt b/ChangeLog.d/rsa-bitlen.txt deleted file mode 100644 index bcd185fa30..0000000000 --- a/ChangeLog.d/rsa-bitlen.txt +++ /dev/null @@ -1,7 +0,0 @@ -Bugfix - * Fix mbedtls_pk_get_bitlen() for RSA keys whose size is not a - multiple of 8. Fixes #868. - -Features - * The new function mbedtls_rsa_get_bitlen() returns the length of the modulus - in bits, i.e. the key size for an RSA key. diff --git a/ChangeLog.d/sha256-armce-arm.txt b/ChangeLog.d/sha256-armce-arm.txt deleted file mode 100644 index 5b18eb3fc6..0000000000 --- a/ChangeLog.d/sha256-armce-arm.txt +++ /dev/null @@ -1,7 +0,0 @@ -Features - * Support Armv8-A Crypto Extension acceleration for SHA-256 - when compiling for Thumb (T32) or 32-bit Arm (A32). -New deprecations - * Rename the MBEDTLS_SHA256_USE_A64_CRYPTO_xxx config options to - MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_xxx. The old names may still - be used, but are deprecated. diff --git a/ChangeLog.d/tls-max-version-reset.txt b/ChangeLog.d/tls-max-version-reset.txt deleted file mode 100644 index b7c81eb65b..0000000000 --- a/ChangeLog.d/tls-max-version-reset.txt +++ /dev/null @@ -1,7 +0,0 @@ -Security - * Restore the maximum TLS version to be negotiated to the configured one - when an SSL context is reset with the mbedtls_ssl_session_reset() API. - An attacker was able to prevent an Mbed TLS server from establishing any - TLS 1.3 connection potentially resulting in a Denial of Service or forced - version downgrade from TLS 1.3 to TLS 1.2. Fixes #8654 reported by hey3e. - Fixes CVE-2024-28755. diff --git a/ChangeLog.d/tls13-only-server.txt b/ChangeLog.d/tls13-only-server.txt deleted file mode 100644 index 736896e89a..0000000000 --- a/ChangeLog.d/tls13-only-server.txt +++ /dev/null @@ -1,11 +0,0 @@ -Security - * When negotiating TLS version on server side, do not fall back to the - TLS 1.2 implementation of the protocol if it is disabled. - - If the TLS 1.2 implementation was disabled at build time, a TLS 1.2 - client could put the TLS 1.3-only server in an infinite loop processing - a TLS 1.2 ClientHello, resulting in a denial of service. Reported by - Matthias Mucha and Thomas Blattmann, SICK AG. - - If the TLS 1.2 implementation was disabled at runtime, a TLS 1.2 client - was able to successfully establish a TLS 1.2 connection with the server. - Reported by alluettiv on GitHub. - Fixes CVE-2024-28836. diff --git a/ChangeLog.d/use_exp_mod_core.txt b/ChangeLog.d/use_exp_mod_core.txt deleted file mode 100644 index 8f7193a310..0000000000 --- a/ChangeLog.d/use_exp_mod_core.txt +++ /dev/null @@ -1,6 +0,0 @@ -Changes - * mbedtls_mpi_exp_mod and code that uses it, notably RSA and DHM operations, - have changed their speed/memory compromise as part of a proactive security - improvement. The new default value of MBEDTLS_MPI_WINDOW_SIZE roughly - preserves the current speed, at the expense of increasing memory - consumption. diff --git a/ChangeLog.d/x509-add-ca_istrue.txt b/ChangeLog.d/x509-add-ca_istrue.txt deleted file mode 100644 index c950dbc08b..0000000000 --- a/ChangeLog.d/x509-add-ca_istrue.txt +++ /dev/null @@ -1,5 +0,0 @@ -Features - * Add new accessor to expose the `MBEDTLS_PRIVATE(ca_istrue)` member of - `mbedtls_x509_crt` structure. This requires setting - the MBEDTLS_X509_EXT_BASIC_CONSTRAINTS bit in the certificate's - ext_types field.