From 729cf89704c1d86d9798534da2c16baf50b3936d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= <manuel.pegourie-gonnard@arm.com> Date: Mon, 8 Jan 2024 10:38:51 +0100 Subject: [PATCH] Consolidate ChangeLog entries about CIPHER_C MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> --- ChangeLog.d/8060.txt | 4 ---- ChangeLog.d/8357.txt | 8 -------- ChangeLog.d/8358.txt | 2 -- ChangeLog.d/no-cipher.txt | 9 +++++++++ 4 files changed, 9 insertions(+), 14 deletions(-) delete mode 100644 ChangeLog.d/8060.txt delete mode 100644 ChangeLog.d/8357.txt create mode 100644 ChangeLog.d/no-cipher.txt diff --git a/ChangeLog.d/8060.txt b/ChangeLog.d/8060.txt deleted file mode 100644 index a5fd93c8db..0000000000 --- a/ChangeLog.d/8060.txt +++ /dev/null @@ -1,4 +0,0 @@ -Features - * The CCM and GCM modules no longer depend on MBEDTLS_CIPHER_C. People who - use CCM and GCM but don't need the Cipher API can now disable - MBEDTLS_CIPHER_C in order to save code size. diff --git a/ChangeLog.d/8357.txt b/ChangeLog.d/8357.txt deleted file mode 100644 index 9cae396ec5..0000000000 --- a/ChangeLog.d/8357.txt +++ /dev/null @@ -1,8 +0,0 @@ -Features - * It is now possible to have AEADs support (CCM, GCM and ChaChaPoly) without - MBEDTLS_CIPHER_C. This holds both for the builtin suport (MBEDTLS_CCM_C, - MBEDTLS_GCM_C and MBEDTLS_CHACHAPOLY_C) as well as the PSA one - (PSA_WANT_ALG_CCM, PSA_WANT_ALG_GCM, PSA_WANT_ALG_CHACHA20_POLY1305). - On the PSA side this means that it is possible to enable - MBEDTLS_PSA_CRYPTO_C without MBEDTLS_CIPHER_C if none of the - non-authenticated ciphers is enabled. diff --git a/ChangeLog.d/8358.txt b/ChangeLog.d/8358.txt index 70b795a4ba..2c3e15d665 100644 --- a/ChangeLog.d/8358.txt +++ b/ChangeLog.d/8358.txt @@ -2,8 +2,6 @@ Features * If a cipher or AEAD mechanism has a PSA driver, you can now build the library without the corresponding built-in implementation. See docs/driver-only-builds.md for full details and current limitations. - * It is possible to disable MBEDTLS_CIPHER_C in some circumstances, please - see docs/driver-only-builds.md for full details and current limitations. * The CTR_DRBG module will now use AES from a PSA driver if MBEDTLS_AES_C is disabled. This requires PSA_WANT_ALG_ECB_NO_PADDING in addition to MBEDTLS_PSA_CRYPTO_C and PSA_WANT_KEY_TYPE_AES. diff --git a/ChangeLog.d/no-cipher.txt b/ChangeLog.d/no-cipher.txt new file mode 100644 index 0000000000..4deadab980 --- /dev/null +++ b/ChangeLog.d/no-cipher.txt @@ -0,0 +1,9 @@ +Features + * Fewer modules depend on MBEDTLS_CIPHER_C, making it possible to save code + size by disabling it in more circumstances. In particular, the CCM and + GCM modules no longer depends on MBEDTLS_CIPHER_C. Also, + MBEDTLS_PSA_CRYPTO can now be enabled without MBEDTLS_CIPHER_C if all + unauthenticated (non-AEAD) ciphers are disabled, or if they're all + fully provided by drivers. See docs/driver-only-builds.md for full + details and current limitations; in particular, NIST_KW and PKCS5/PKCS12 + decryption still unconditionally depend on MBEDTLS_CIPHER_C.