From 10301d43224933ee8ca658f71007ef60747bf0e2 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Thu, 9 Jun 2022 18:32:22 +0200
Subject: [PATCH 01/11] Changelog: Consolidate and clarify Armv8 SHA2
acceleration support
Consolidate the entries for SHA512 and SHA256 since they are being released
together.
List the algorithms generically as SHA-2 since this also applies to SHA224
and SHA384.
Clearly state that the instructions are only supported when building for
Aarch64 (64-bit ARMv8+) and not for Aarch32 (32-bit ARMv8+).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
ChangeLog.d/mbedtls_sha256_a64_crypto_acceleration.txt | 2 --
ChangeLog.d/mbedtls_sha2_a64_crypto_acceleration.txt | 3 +++
ChangeLog.d/mbedtls_sha512_a64_crypto_acceleration.txt | 2 --
3 files changed, 3 insertions(+), 4 deletions(-)
delete mode 100644 ChangeLog.d/mbedtls_sha256_a64_crypto_acceleration.txt
create mode 100644 ChangeLog.d/mbedtls_sha2_a64_crypto_acceleration.txt
delete mode 100644 ChangeLog.d/mbedtls_sha512_a64_crypto_acceleration.txt
diff --git a/ChangeLog.d/mbedtls_sha256_a64_crypto_acceleration.txt b/ChangeLog.d/mbedtls_sha256_a64_crypto_acceleration.txt
deleted file mode 100644
index 865b3372ce..0000000000
--- a/ChangeLog.d/mbedtls_sha256_a64_crypto_acceleration.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Features
- * A64 SHA-2 crypto extension support for SHA-256
diff --git a/ChangeLog.d/mbedtls_sha2_a64_crypto_acceleration.txt b/ChangeLog.d/mbedtls_sha2_a64_crypto_acceleration.txt
new file mode 100644
index 0000000000..a6e7f6d92c
--- /dev/null
+++ b/ChangeLog.d/mbedtls_sha2_a64_crypto_acceleration.txt
@@ -0,0 +1,3 @@
+Features
+ * Add support for the ARMv8 SHA-2 acceleration instructions when building
+ for Aarch64.
diff --git a/ChangeLog.d/mbedtls_sha512_a64_crypto_acceleration.txt b/ChangeLog.d/mbedtls_sha512_a64_crypto_acceleration.txt
deleted file mode 100644
index 01be0b3456..0000000000
--- a/ChangeLog.d/mbedtls_sha512_a64_crypto_acceleration.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Features
- * A64 crypto extension support for SHA-512
From 3ea721e234677784145fd0eab9174e2d8d8860b4 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Thu, 9 Jun 2022 18:36:47 +0200
Subject: [PATCH 02/11] Changelog: Remove redundant entry about USE_PSA_CRYPTO
in reduced configs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The entry for “Fix several bugs…” already covers this. This is borderline an
internal detail anyway.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
ChangeLog.d/psa_crypto_reduced_configs.txt | 5 -----
1 file changed, 5 deletions(-)
delete mode 100644 ChangeLog.d/psa_crypto_reduced_configs.txt
diff --git a/ChangeLog.d/psa_crypto_reduced_configs.txt b/ChangeLog.d/psa_crypto_reduced_configs.txt
deleted file mode 100644
index 5bc9bc10be..0000000000
--- a/ChangeLog.d/psa_crypto_reduced_configs.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Changes
- * Automatically enable MBEDTLS_PK_WRITE_C if MBEDTLS_PK_C and
- MBEDTLS_USE_PSA_CRYPTO are enabled. This is due to ecdsa_verify_wrap
- requirements, but will also probably be needed by RSA soon, hence the
- broader PK_C requirement.
From d99083f7a4925c9ae1f0290039578a5bc586c43e Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Thu, 9 Jun 2022 18:38:35 +0200
Subject: [PATCH 03/11] Changelog: remove bugfix entry that's actually a
robustness improvement
If the key agreement or the public key export in
ssl_write_client_key_exchange() fails, the handshake enters a failed state.
The only valid thing you can do in a failed handshake is to abort it, which
calls mbedtls_ssl_handshake_free(), which destroys ecdh_psa_privey. While
it's good hygiene to destroy the key in the function that creates it, it
would have been cleaned up a little later in the normal course of things
anyway, so there wasn't an actual bug.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
ChangeLog.d/raw-agreement-destroy-missing.txt | 3 ---
1 file changed, 3 deletions(-)
delete mode 100644 ChangeLog.d/raw-agreement-destroy-missing.txt
diff --git a/ChangeLog.d/raw-agreement-destroy-missing.txt b/ChangeLog.d/raw-agreement-destroy-missing.txt
deleted file mode 100644
index 7342b8cfa6..0000000000
--- a/ChangeLog.d/raw-agreement-destroy-missing.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Add missing key slot destruction calls when a raw key agreement or
- a public key export fails in ssl_write_client_key_exchange.
From fed024dd52434f32b6513ccc1baf82692fb0d08c Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Thu, 9 Jun 2022 18:44:51 +0200
Subject: [PATCH 04/11] Changelog: mention bug id in bugfix entry
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
ChangeLog.d/use-psa-ecdhe-curve.txt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ChangeLog.d/use-psa-ecdhe-curve.txt b/ChangeLog.d/use-psa-ecdhe-curve.txt
index cc432bdaee..658f88f84d 100644
--- a/ChangeLog.d/use-psa-ecdhe-curve.txt
+++ b/ChangeLog.d/use-psa-ecdhe-curve.txt
@@ -4,4 +4,4 @@ Bugfix
client would fail to check that the curve selected by the server for
ECDHE was indeed one that was offered. As a result, the client would
accept any curve that it supported, even if that curve was not allowed
- according to its configuration.
+ according to its configuration. Fixes #5291.
From 8df3623bee0b1bdf34c2195c1b90c07cfb761633 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Thu, 9 Jun 2022 18:48:21 +0200
Subject: [PATCH 05/11] Changelog: clarify some cmake-related entries as being
about cmake
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
ChangeLog.d/cmake_add_subdirectory_support.txt | 6 +++---
ChangeLog.d/cmake_fix_dll_install.txt | 4 ++--
.../fix-windows-cmake-build-with-shared-libraries.txt | 4 ++--
3 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/ChangeLog.d/cmake_add_subdirectory_support.txt b/ChangeLog.d/cmake_add_subdirectory_support.txt
index afcc4b6c4c..f14f3f8669 100644
--- a/ChangeLog.d/cmake_add_subdirectory_support.txt
+++ b/ChangeLog.d/cmake_add_subdirectory_support.txt
@@ -1,4 +1,4 @@
Changes
- * Add aliases for libraries so that the normal MbedTLS::* targets
- work when MbedTLS is built as a subdirectory. Allows use of
- CMake's FetchContent, as requested in #5688.
+ * In CMake builds, add aliases for libraries so that the normal MbedTLS::*
+ targets work when MbedTLS is built as a subdirectory. This allows the
+ use of FetchContent, as requested in #5688.
diff --git a/ChangeLog.d/cmake_fix_dll_install.txt b/ChangeLog.d/cmake_fix_dll_install.txt
index df51c650bb..7f407c4ccf 100644
--- a/ChangeLog.d/cmake_fix_dll_install.txt
+++ b/ChangeLog.d/cmake_fix_dll_install.txt
@@ -1,3 +1,3 @@
Changes
- * cmake: Fix runtime library install location in mingw
- This install DLLs in bin directory instead of lib.
+ * Fix runtime library install location when building with CMake and MinGW.
+ DLLs are now installed in the bin directory instead of lib.
diff --git a/ChangeLog.d/fix-windows-cmake-build-with-shared-libraries.txt b/ChangeLog.d/fix-windows-cmake-build-with-shared-libraries.txt
index 6878645238..a6540a1aac 100644
--- a/ChangeLog.d/fix-windows-cmake-build-with-shared-libraries.txt
+++ b/ChangeLog.d/fix-windows-cmake-build-with-shared-libraries.txt
@@ -1,3 +1,3 @@
Bugfix
- * Fix compilation on Windows when building shared library, by setting
- library search path to CMAKE_CURRENT_BINARY_DIR.
+ * Fix the library search path when building a shared library with CMake
+ on Windows.
From 26a51cfe54b1a10400f8130a907069690920403c Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Thu, 9 Jun 2022 18:49:07 +0200
Subject: [PATCH 06/11] Changelog: list deprecations in the dedicated section
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
ChangeLog.d/mbedtls_tlsver_enum.txt | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/ChangeLog.d/mbedtls_tlsver_enum.txt b/ChangeLog.d/mbedtls_tlsver_enum.txt
index 16435c61ee..529083e259 100644
--- a/ChangeLog.d/mbedtls_tlsver_enum.txt
+++ b/ChangeLog.d/mbedtls_tlsver_enum.txt
@@ -1,6 +1,10 @@
+New deprecations
+ * Deprecate mbedtls_ssl_conf_max_version() and
+ mbedtls_ssl_conf_min_version() in favor of
+ mbedtls_ssl_conf_max_tls_version() and
+ mbedtls_ssl_conf_min_tls_version().
+
Features
- * Unify internal/external TLS protocol version enums
- * Deprecate mbedtls_ssl_conf_max_version()
- Replaced with mbedtls_ssl_conf_max_tls_version()
- * Deprecate mbedtls_ssl_conf_min_version()
- Replaced with mbedtls_ssl_conf_min_tls_version()
+ * The new functions mbedtls_ssl_conf_max_tls_version() and
+ mbedtls_ssl_conf_min_tls_version() use a single value to specify
+ the protocol version.
From c23a6d4feb3a9567243f55464c8f1977a33b79c7 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Thu, 9 Jun 2022 18:50:06 +0200
Subject: [PATCH 07/11] Changelog: make some long entries about TLS 1.3 more to
the point
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
ChangeLog.d/mbedtls_ssl_tls13_client.txt | 4 +---
ChangeLog.d/tls13-fix-finished-fetch.txt | 6 ++----
2 files changed, 3 insertions(+), 7 deletions(-)
diff --git a/ChangeLog.d/mbedtls_ssl_tls13_client.txt b/ChangeLog.d/mbedtls_ssl_tls13_client.txt
index 855945b11a..57a26e10c3 100644
--- a/ChangeLog.d/mbedtls_ssl_tls13_client.txt
+++ b/ChangeLog.d/mbedtls_ssl_tls13_client.txt
@@ -1,4 +1,2 @@
Features
- * Add ALPN support in tls13 client. Client is able to write ALPN extension
- in client hello, and able to parse the response from server encrypted
- extension.
+ * Add ALPN support in TLS 1.3 clients.
diff --git a/ChangeLog.d/tls13-fix-finished-fetch.txt b/ChangeLog.d/tls13-fix-finished-fetch.txt
index 28c30f9092..9a8acb30d9 100644
--- a/ChangeLog.d/tls13-fix-finished-fetch.txt
+++ b/ChangeLog.d/tls13-fix-finished-fetch.txt
@@ -1,5 +1,3 @@
Bugfix
- * Fix handshake failure when the peer Finished message has not been received
- yet when we first try to fetch it. The fetching is moved before the
- preprocessing computations to avoid doing them multiple times, which was
- causing the handshake to fail.
+ * Fix a TLS 1.3 handshake failure when the peer Finished message has not
+ been received yet when we first try to fetch it.
From e1efbf7f36dc3ee9a3b243fa9fabc72a39aefe97 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Thu, 9 Jun 2022 18:50:50 +0200
Subject: [PATCH 08/11] Changelog: when adding a new function, state its name
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
ChangeLog.d/md_info_from_ctx.txt | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/ChangeLog.d/md_info_from_ctx.txt b/ChangeLog.d/md_info_from_ctx.txt
index f8ec1a0d5f..8cee593a9d 100644
--- a/ChangeLog.d/md_info_from_ctx.txt
+++ b/ChangeLog.d/md_info_from_ctx.txt
@@ -1,3 +1,3 @@
Features
- * Add a function to extract message digest information from a message
- digest context.
+ * The new function mbedtls_md_info_from_ctx() recalls the message digest
+ information that was used to set up a message digest context.
From 76c1c6b9c12d43ace57d9e19e8e292f37f872cfc Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Thu, 9 Jun 2022 18:51:18 +0200
Subject: [PATCH 09/11] Changelog: minor copyediting
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
ChangeLog.d/add_final_delay_accessor | 2 +-
ChangeLog.d/add_handshake_completion_accessor | 2 +-
ChangeLog.d/add_own_cid_accessors | 2 +-
ChangeLog.d/deprecate_mbedtls_cipher_setup_psa.txt | 4 ++--
ChangeLog.d/fix-parllel-cmake-build-fail.txt | 2 +-
ChangeLog.d/fix-x25519-program.txt | 2 +-
ChangeLog.d/mbedtls_ecp_export.txt | 4 ++--
ChangeLog.d/mbedtls_ssl_comfig_defaults-memleak.txt | 2 +-
ChangeLog.d/psa_aead_singleshot_error.txt | 4 ++--
ChangeLog.d/psk_to_ms_mixed_psk.txt | 2 +-
10 files changed, 13 insertions(+), 13 deletions(-)
diff --git a/ChangeLog.d/add_final_delay_accessor b/ChangeLog.d/add_final_delay_accessor
index 8d341df131..5e7844d5ee 100644
--- a/ChangeLog.d/add_final_delay_accessor
+++ b/ChangeLog.d/add_final_delay_accessor
@@ -1,4 +1,4 @@
Features
* Add the function mbedtls_timing_get_final_delay() to access the private
final delay field in an mbedtls_timing_delay_context, as requested in
- #5183
+ #5183.
diff --git a/ChangeLog.d/add_handshake_completion_accessor b/ChangeLog.d/add_handshake_completion_accessor
index e2b28cf63c..c06a539b3e 100644
--- a/ChangeLog.d/add_handshake_completion_accessor
+++ b/ChangeLog.d/add_handshake_completion_accessor
@@ -1,4 +1,4 @@
Features
* Add function mbedtls_ssl_is_handshake_over() to enable querying if the SSL
Handshake has completed or not, and thus whether to continue calling
- mbedtls_ssl_handshake_step(), requested in #4383
+ mbedtls_ssl_handshake_step(), requested in #4383.
diff --git a/ChangeLog.d/add_own_cid_accessors b/ChangeLog.d/add_own_cid_accessors
index fb02868eee..553299c785 100644
--- a/ChangeLog.d/add_own_cid_accessors
+++ b/ChangeLog.d/add_own_cid_accessors
@@ -1,4 +1,4 @@
Features
* Add the function mbedtls_ssl_get_own_cid() to access our own connection id
- within mbedtls_ssl_context, as requested in #5184
+ within mbedtls_ssl_context, as requested in #5184.
diff --git a/ChangeLog.d/deprecate_mbedtls_cipher_setup_psa.txt b/ChangeLog.d/deprecate_mbedtls_cipher_setup_psa.txt
index 782b7510c2..b145243c26 100644
--- a/ChangeLog.d/deprecate_mbedtls_cipher_setup_psa.txt
+++ b/ChangeLog.d/deprecate_mbedtls_cipher_setup_psa.txt
@@ -1,3 +1,3 @@
New deprecations
- * Deprecate mbedtls_cipher_setup_psa() function.
- Use psa_aead_xxx() / psa_cipher_xxx() directly instead.
+ * Deprecate mbedtls_cipher_setup_psa(). Use psa_aead_xxx() or
+ psa_cipher_xxx() directly instead.
diff --git a/ChangeLog.d/fix-parllel-cmake-build-fail.txt b/ChangeLog.d/fix-parllel-cmake-build-fail.txt
index 4746c7b086..112fa85180 100644
--- a/ChangeLog.d/fix-parllel-cmake-build-fail.txt
+++ b/ChangeLog.d/fix-parllel-cmake-build-fail.txt
@@ -1,3 +1,3 @@
Bugfix
* Fix a race condition in out-of-source builds with CMake when generated data
- files are already present. Fixes #5374
+ files are already present. Fixes #5374.
diff --git a/ChangeLog.d/fix-x25519-program.txt b/ChangeLog.d/fix-x25519-program.txt
index af60465b54..bf5d6ac39a 100644
--- a/ChangeLog.d/fix-x25519-program.txt
+++ b/ChangeLog.d/fix-x25519-program.txt
@@ -1,4 +1,4 @@
Bugfix
- * Fix a bug in x25519 example program where the removal of
+ * Fix a bug in the x25519 example program where the removal of
MBEDTLS_ECDH_LEGACY_CONTEXT caused the program not to run. Fixes #4901 and
#3191.
diff --git a/ChangeLog.d/mbedtls_ecp_export.txt b/ChangeLog.d/mbedtls_ecp_export.txt
index 4b5d7d4a00..fb3e05554c 100644
--- a/ChangeLog.d/mbedtls_ecp_export.txt
+++ b/ChangeLog.d/mbedtls_ecp_export.txt
@@ -1,3 +1,3 @@
Features
- * Add mbedtls_ecp_export() function to export ECP
- keypair parameters. Fixes #4838.
+ * Add a function mbedtls_ecp_export() to export ECP key pair parameters.
+ Fixes #4838.
diff --git a/ChangeLog.d/mbedtls_ssl_comfig_defaults-memleak.txt b/ChangeLog.d/mbedtls_ssl_comfig_defaults-memleak.txt
index d55c01631c..043b273c7c 100644
--- a/ChangeLog.d/mbedtls_ssl_comfig_defaults-memleak.txt
+++ b/ChangeLog.d/mbedtls_ssl_comfig_defaults-memleak.txt
@@ -1,2 +1,2 @@
Bugfix
- * Fix memory leak if mbedtls_ssl_config_defaults() call is repeated
+ * Fix a memory leak if mbedtls_ssl_config_defaults() is called twice.
diff --git a/ChangeLog.d/psa_aead_singleshot_error.txt b/ChangeLog.d/psa_aead_singleshot_error.txt
index 72438749a3..ccf1d4c402 100644
--- a/ChangeLog.d/psa_aead_singleshot_error.txt
+++ b/ChangeLog.d/psa_aead_singleshot_error.txt
@@ -1,4 +1,4 @@
Changes
- * Return PSA_ERROR_INVALID_ARGUMENT if the algorithm passed to singleshot
+ * Return PSA_ERROR_INVALID_ARGUMENT if the algorithm passed to one-shot
AEAD functions is not an AEAD algorithm. This aligns them with the
- multipart functions, and the PSA Crypto API 1.1 spec.
+ multipart functions, and the PSA Crypto API 1.1 specification.
diff --git a/ChangeLog.d/psk_to_ms_mixed_psk.txt b/ChangeLog.d/psk_to_ms_mixed_psk.txt
index b1896614be..998cc11f86 100644
--- a/ChangeLog.d/psk_to_ms_mixed_psk.txt
+++ b/ChangeLog.d/psk_to_ms_mixed_psk.txt
@@ -1,4 +1,4 @@
Features
* Extend the existing PSA_ALG_TLS12_PSK_TO_MS() algorithm to support
- mixed-psk. Add an optional input PSA_KEY_DERIVATION_INPUT_OTHER_SECRET
+ mixed-PSK. Add an optional input PSA_KEY_DERIVATION_INPUT_OTHER_SECRET
holding the other secret.
From 9b3278b263b9990c80fccb111aab48938ac9d8dd Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Thu, 9 Jun 2022 19:09:38 +0200
Subject: [PATCH 10/11] Doc: the SHA256/SHA512 options also cover SHA224/SHA384
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
include/mbedtls/mbedtls_config.h | 24 ++++++++++++------------
1 file changed, 12 insertions(+), 12 deletions(-)
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index 9c8ec11a76..e3e168bd8a 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -2813,9 +2813,9 @@
/**
* \def MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
*
- * Enable acceleration of the SHA-256 cryptographic hash algorithm with the
- * Arm A64 cryptographic extensions if they are available at runtime. If not,
- * it will fall back to the C implementation.
+ * Enable acceleration of the SHA-256 and SHA-224 cryptographic hash algorithms
+ * with the ARMv8 cryptographic extensions if they are available at runtime.
+ * If not, the library will fall back to the C implementation.
*
* \note If MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT is defined when building
* for a non-Aarch64 build it will be silently ignored.
@@ -2838,9 +2838,9 @@
/**
* \def MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY
*
- * Enable acceleration of the SHA-256 cryptographic hash algorithm with the
- * Arm A64 cryptographic extensions, which must be available at runtime (or
- * an illegal instruction fault will occur).
+ * Enable acceleration of the SHA-256 and SHA-224 cryptographic hash algorithms
+ * with the ARMv8 cryptographic extensions, which must be available at runtime
+ * or else an illegal instruction fault will occur.
*
* \note This allows builds with a smaller code size than with
* MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
@@ -2896,9 +2896,9 @@
/**
* \def MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
*
- * Enable acceleration of the SHA-512 cryptographic hash algorithm with the
- * Arm A64 cryptographic extensions if they are available at runtime. If not,
- * it will fall back to the C implementation.
+ * Enable acceleration of the SHA-512 and SHA-384 cryptographic hash algorithms
+ * with the ARMv8 cryptographic extensions if they are available at runtime.
+ * If not, the library will fall back to the C implementation.
*
* \note If MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT is defined when building
* for a non-Aarch64 build it will be silently ignored.
@@ -2923,9 +2923,9 @@
/**
* \def MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY
*
- * Enable acceleration of the SHA-512 cryptographic hash algorithm with the
- * Arm A64 cryptographic extensions, which must be available at runtime (or
- * an illegal instruction fault will occur).
+ * Enable acceleration of the SHA-512 and SHA-384 cryptographic hash algorithms
+ * with the ARMv8 cryptographic extensions, which must be available at runtime
+ * or else an illegal instruction fault will occur.
*
* \note This allows builds with a smaller code size than with
* MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
From bf918b9cfea873d7311b2ae3cbd37d1090e22298 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 27 Jun 2022 23:34:32 +0200
Subject: [PATCH 11/11] Use headlinese for added functions, per request
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
ChangeLog.d/add_final_delay_accessor | 2 +-
ChangeLog.d/mbedtls_ecp_export.txt | 2 +-
ChangeLog.d/mbedtls_tlsver_enum.txt | 4 ++--
ChangeLog.d/md_info_from_ctx.txt | 2 +-
4 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/ChangeLog.d/add_final_delay_accessor b/ChangeLog.d/add_final_delay_accessor
index 5e7844d5ee..4b8117f391 100644
--- a/ChangeLog.d/add_final_delay_accessor
+++ b/ChangeLog.d/add_final_delay_accessor
@@ -1,4 +1,4 @@
Features
- * Add the function mbedtls_timing_get_final_delay() to access the private
+ * Add function mbedtls_timing_get_final_delay() to access the private
final delay field in an mbedtls_timing_delay_context, as requested in
#5183.
diff --git a/ChangeLog.d/mbedtls_ecp_export.txt b/ChangeLog.d/mbedtls_ecp_export.txt
index fb3e05554c..5dce5b4a8b 100644
--- a/ChangeLog.d/mbedtls_ecp_export.txt
+++ b/ChangeLog.d/mbedtls_ecp_export.txt
@@ -1,3 +1,3 @@
Features
- * Add a function mbedtls_ecp_export() to export ECP key pair parameters.
+ * Add function mbedtls_ecp_export() to export ECP key pair parameters.
Fixes #4838.
diff --git a/ChangeLog.d/mbedtls_tlsver_enum.txt b/ChangeLog.d/mbedtls_tlsver_enum.txt
index 529083e259..c027ab71fb 100644
--- a/ChangeLog.d/mbedtls_tlsver_enum.txt
+++ b/ChangeLog.d/mbedtls_tlsver_enum.txt
@@ -5,6 +5,6 @@ New deprecations
mbedtls_ssl_conf_min_tls_version().
Features
- * The new functions mbedtls_ssl_conf_max_tls_version() and
- mbedtls_ssl_conf_min_tls_version() use a single value to specify
+ * Add functions mbedtls_ssl_conf_max_tls_version() and
+ mbedtls_ssl_conf_min_tls_version() that use a single value to specify
the protocol version.
diff --git a/ChangeLog.d/md_info_from_ctx.txt b/ChangeLog.d/md_info_from_ctx.txt
index 8cee593a9d..aa61e1a097 100644
--- a/ChangeLog.d/md_info_from_ctx.txt
+++ b/ChangeLog.d/md_info_from_ctx.txt
@@ -1,3 +1,3 @@
Features
- * The new function mbedtls_md_info_from_ctx() recalls the message digest
+ * Add function mbedtls_md_info_from_ctx() to recall the message digest
information that was used to set up a message digest context.