diff --git a/ChangeLog b/ChangeLog index b691a0f2a0..dc2ffb22f8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,185 @@ Mbed TLS ChangeLog (Sorted per branch, date) += Mbed TLS x.x.x branch released xxxx-xx-xx + +API changes + * The experimental functions psa_generate_key_ext() and + psa_key_derivation_output_key_ext() are no longer declared when compiling + in C++. This resolves a build failure under C++ compilers that do not + support flexible array members (a C99 feature not adopted by C++). + Fixes #9020. + +Default behavior changes + * In a PSA-client-only build (i.e. MBEDTLS_PSA_CRYPTO_CLIENT && + !MBEDTLS_PSA_CRYPTO_C), do not automatically enable local crypto when the + corresponding PSA mechanism is enabled, since the server provides the + crypto. Fixes #9126. + +New deprecations + * The experimental functions psa_generate_key_ext() and + psa_key_derivation_output_key_ext() are deprecated in favor of + psa_generate_key_custom() and psa_key_derivation_output_key_custom(). + They have almost exactly the same interface, but the variable-length + data is passed in a separate parameter instead of a flexible array + member. + * The following cryptographic mechanisms are planned to be removed + in Mbed TLS 4.0: + - DES (including 3DES). + - PKCS#1v1.5 encryption/decryption (RSAES-PKCS1-v1_5). + (OAEP, PSS, and PKCS#1v1.5 signature are staying.) + - Finite-field Diffie-Hellman with custom groups. + (RFC 7919 groups remain supported.) + - Elliptic curves of size 225 bits or less. + * The following cipher suites are planned to be removed from (D)TLS 1.2 + in Mbed TLS 4.0: + - TLS_RSA_* (including TLS_RSA_PSK_*), i.e. cipher suites using + RSA decryption. + (RSA signatures, i.e. TLS_ECDHE_RSA_*, are staying.) + - TLS_ECDH_*, i.e. cipher suites using static ECDH. + (Ephemeral ECDH, i.e. TLS_ECDHE_*, is staying.) + - TLS_DHE_*, i.e. cipher suites using finite-field Diffie-Hellman. + (Ephemeral ECDH, i.e. TLS_ECDHE_*, is staying.) + - TLS_*CBC*, i.e. all cipher suites using CBC. + * The following low-level application interfaces are planned to be removed + from the public API in Mbed TLS 4.0: + - Hashes: hkdf.h, md5.h, ripemd160.h, sha1.h, sha3.h, sha256.h, sha512.h; + - Random generation: ctr_drbg.h, hmac_drbg.h, entropy.h; + - Ciphers and modes: aes.h, aria.h, camellia.h, chacha20.h, chachapoly.h, + cipher.h, cmac.h, gcm.h, poly1305.h; + - Private key encryption mechanisms: pkcs5.h, pkcs12.h. + - Asymmetric cryptography: bignum.h, dhm.h, ecdh.h, ecdsa.h, ecjpake.h, + ecp.h, rsa.h. + The cryptographic mechanisms remain present, but they will only be + accessible via the PSA API (psa_xxx functions introduced gradually + starting with Mbed TLS 2.17) and, where relevant, `pk.h`. + For guidance on migrating application code to the PSA API, please consult + the PSA transition guide (docs/psa-transition.md). + * The following integration interfaces are planned to be removed + in Mbed TLS 4.0: + - MBEDTLS_xxx_ALT replacement of cryptographic modules and functions. + Use PSA transparent drivers instead. + - MBEDTLS_PK_RSA_ALT and MBEDTLS_PSA_CRYPTO_SE_C. + Use PSA opaque drivers instead. + +Features + * When the new compilation option MBEDTLS_PSA_KEY_STORE_DYNAMIC is enabled, + the number of volatile PSA keys is virtually unlimited, at the expense + of increased code size. This option is off by default, but enabled in + the default mbedtls_config.h. Fixes #9216. + +Security + * Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does + not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when + MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRBG_C are disabled. + * Fix a stack buffer overflow in mbedtls_ecdsa_der_to_raw() and + mbedtls_ecdsa_raw_to_der() when the bits parameter is larger than the + largest supported curve. In some configurations with PSA disabled, + all values of bits are affected. This never happens in internal library + calls, but can affect applications that call these functions directly. + * With TLS 1.3, when a server enables optional authentication of the + client, if the client-provided certificate does not have appropriate values + in keyUsage or extKeyUsage extensions, then the return value of + mbedtls_ssl_get_verify_result() would incorrectly have the + MBEDTLS_X509_BADCERT_KEY_USAGE and MBEDTLS_X509_BADCERT_EXT_KEY_USAGE bits + clear. As a result, an attacker that had a certificate valid for uses other + than TLS client authentication could be able to use it for TLS client + authentication anyway. Only TLS 1.3 servers were affected, and only with + optional authentication (required would abort the handshake with a fatal + alert). + +Bugfix + * Fix TLS 1.3 client build and runtime when support for session tickets is + disabled (MBEDTLS_SSL_SESSION_TICKETS configuration option). Fixes #6395. + * Fix compilation error when memcpy() is a function-like macros. Fixes #8994. + * MBEDTLS_ASN1_PARSE_C and MBEDTLS_ASN1_WRITE_C are now automatically enabled + as soon as MBEDTLS_RSA_C is enabled. Fixes #9041. + * Fix undefined behaviour (incrementing a NULL pointer by zero length) when + passing in zero length additional data to multipart AEAD. + * Fix rare concurrent access bug where attempting to operate on a + non-existent key while concurrently creating a new key could potentially + corrupt the key store. + * Fix error handling when creating a key in a dynamic secure element + (feature enabled by MBEDTLS_PSA_CRYPTO_SE_C). In a low memory condition, + the creation could return PSA_SUCCESS but using or destroying the key + would not work. Fixes #8537. + * Fix issue of redefinition warning messages for _GNU_SOURCE in + entropy_poll.c and sha_256.c. There was a build warning during + building for linux platform. + Resolves #9026 + * Fix a compilation warning in pk.c when PSA is enabled and RSA is disabled. + * Fix the build when MBEDTLS_PSA_CRYPTO_CONFIG is enabled and the built-in + CMAC is enabled, but no built-in unauthenticated cipher is enabled. + Fixes #9209. + * Fix redefinition warnings when SECP192R1 and/or SECP192K1 are disabled. + Fixes #9029. + * Fix psa_cipher_decrypt() with CCM* rejecting messages less than 3 bytes + long. Credit to Cryptofuzz. Fixes #9314. + * Fix interference between PSA volatile keys and built-in keys + when MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS is enabled and + MBEDTLS_PSA_KEY_SLOT_COUNT is more than 4096. + * Document and enforce the limitation of mbedtls_psa_register_se_key() + to persistent keys. Resolves #9253. + * Fix Clang compilation error when MBEDTLS_USE_PSA_CRYPTO is enabled + but MBEDTLS_DHM_C is disabled. Reported by Michael Schuster in #9188. + * Fix server mode only build when MBEDTLS_SSL_SRV_C is enabled but + MBEDTLS_SSL_CLI_C is disabled. Reported by M-Bab on GitHub in #9186. + * When MBEDTLS_PSA_CRYPTO_C was disabled and MBEDTLS_ECDSA_C enabled, + some code was defining 0-size arrays, resulting in compilation errors. + Fixed by disabling the offending code in configurations without PSA + Crypto, where it never worked. Fixes #9311. + * Fix unintended performance regression when using short RSA public keys. + Fixes #9232. + * Fixes an issue where some TLS 1.2 clients could not connect to an + Mbed TLS 3.6.0 server, due to incorrect handling of + legacy_compression_methods in the ClientHello. + Fixes #8995, #9243. + * Fix TLS connections failing when the handshake selects TLS 1.3 + in an application that does not call psa_crypto_init(). + Fixes #9072. + * Fix TLS connection failure in applications using an Mbed TLS client in + the default configuration connecting to a TLS 1.3 server sending tickets. + See the documentation of + mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets() for more + information. + Fixes #8749. + * Fix a memory leak that could occur when failing to process an RSA + key through some PSA functions due to low memory conditions. + * Fixed a regression introduced in 3.6.0 where the CA callback set with + mbedtls_ssl_conf_ca_cb() would stop working when connections were + upgraded to TLS 1.3. Fixed by adding support for the CA callback with TLS + 1.3. + * Fixed a regression introduced in 3.6.0 where clients that relied on + optional/none authentication mode, by calling mbedtls_ssl_conf_authmode() + with MBEDTLS_SSL_VERIFY_OPTIONAL or MBEDTLS_SSL_VERIFY_NONE, would stop + working when connections were upgraded to TLS 1.3. Fixed by adding + support for optional/none with TLS 1.3 as well. Note that the TLS 1.3 + standard makes server authentication mandatory; users are advised not to + use authmode none, and to carefully check the results when using optional + mode. + * Fixed a regression introduced in 3.6.0 where context-specific certificate + verify callbacks, set with mbedtls_ssl_set_verify() as opposed to + mbedtls_ssl_conf_verify(), would stop working when connections were + upgraded to TLS 1.3. Fixed by adding support for context-specific verify + callback in TLS 1.3. + +Changes + * Warn if mbedtls/check_config.h is included manually, as this can + lead to spurious errors. Error if a *adjust*.h header is included + manually, as this can lead to silently inconsistent configurations, + potentially resulting in buffer overflows. + When migrating from Mbed TLS 2.x, if you had a custom config.h that + included check_config.h, remove this inclusion from the Mbed TLS 3.x + configuration file (renamed to mbedtls_config.h). This change was made + in Mbed TLS 3.0, but was not announced in a changelog entry at the time. + * A TLS handshake may now call psa_crypto_init() if TLS 1.3 is enabled. + This can happen even if TLS 1.3 is offered but eventually not selected + in the protocol version negotiation. + * By default, the handling of TLS 1.3 tickets by the Mbed TLS client is now + disabled at runtime. Applications that were using TLS 1.3 tickets + signalled by MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET return values now + need to enable the handling of TLS 1.3 tickets through the new + mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets() API. + = Mbed TLS 3.6.0 branch released 2024-03-28 API changes diff --git a/ChangeLog.d/9126.txt b/ChangeLog.d/9126.txt deleted file mode 100644 index 22939df86f..0000000000 --- a/ChangeLog.d/9126.txt +++ /dev/null @@ -1,5 +0,0 @@ -Default behavior changes - * In a PSA-client-only build (i.e. MBEDTLS_PSA_CRYPTO_CLIENT && - !MBEDTLS_PSA_CRYPTO_C), do not automatically enable local crypto when the - corresponding PSA mechanism is enabled, since the server provides the - crypto. Fixes #9126. diff --git a/ChangeLog.d/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt b/ChangeLog.d/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt deleted file mode 100644 index 079cd741dc..0000000000 --- a/ChangeLog.d/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt +++ /dev/null @@ -1,4 +0,0 @@ -Security - * Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does - not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when - MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRBG_C are disabled. diff --git a/ChangeLog.d/announce-4.0-removals.txt b/ChangeLog.d/announce-4.0-removals.txt deleted file mode 100644 index bf941e22a2..0000000000 --- a/ChangeLog.d/announce-4.0-removals.txt +++ /dev/null @@ -1,39 +0,0 @@ -New deprecations - * The following cryptographic mechanisms are planned to be removed - in Mbed TLS 4.0: - - DES (including 3DES). - - PKCS#1v1.5 encryption/decryption (RSAES-PKCS1-v1_5). - (OAEP, PSS, and PKCS#1v1.5 signature are staying.) - - Finite-field Diffie-Hellman with custom groups. - (RFC 7919 groups remain supported.) - - Elliptic curves of size 225 bits or less. - * The following cipher suites are planned to be removed from (D)TLS 1.2 - in Mbed TLS 4.0: - - TLS_RSA_* (including TLS_RSA_PSK_*), i.e. cipher suites using - RSA decryption. - (RSA signatures, i.e. TLS_ECDHE_RSA_*, are staying.) - - TLS_ECDH_*, i.e. cipher suites using static ECDH. - (Ephemeral ECDH, i.e. TLS_ECDHE_*, is staying.) - - TLS_DHE_*, i.e. cipher suites using finite-field Diffie-Hellman. - (Ephemeral ECDH, i.e. TLS_ECDHE_*, is staying.) - - TLS_*CBC*, i.e. all cipher suites using CBC. - * The following low-level application interfaces are planned to be removed - from the public API in Mbed TLS 4.0: - - Hashes: hkdf.h, md5.h, ripemd160.h, sha1.h, sha3.h, sha256.h, sha512.h; - - Random generation: ctr_drbg.h, hmac_drbg.h, entropy.h; - - Ciphers and modes: aes.h, aria.h, camellia.h, chacha20.h, chachapoly.h, - cipher.h, cmac.h, gcm.h, poly1305.h; - - Private key encryption mechanisms: pkcs5.h, pkcs12.h. - - Asymmetric cryptography: bignum.h, dhm.h, ecdh.h, ecdsa.h, ecjpake.h, - ecp.h, rsa.h. - The cryptographic mechanisms remain present, but they will only be - accessible via the PSA API (psa_xxx functions introduced gradually - starting with Mbed TLS 2.17) and, where relevant, `pk.h`. - For guidance on migrating application code to the PSA API, please consult - the PSA transition guide (docs/psa-transition.md). - * The following integration interfaces are planned to be removed - in Mbed TLS 4.0: - - MBEDTLS_xxx_ALT replacement of cryptographic modules and functions. - Use PSA transparent drivers instead. - - MBEDTLS_PK_RSA_ALT and MBEDTLS_PSA_CRYPTO_SE_C. - Use PSA opaque drivers instead. diff --git a/ChangeLog.d/asn1-missing-guard-in-rsa.txt b/ChangeLog.d/asn1-missing-guard-in-rsa.txt deleted file mode 100644 index bb5b470881..0000000000 --- a/ChangeLog.d/asn1-missing-guard-in-rsa.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * MBEDTLS_ASN1_PARSE_C and MBEDTLS_ASN1_WRITE_C are now automatically enabled - as soon as MBEDTLS_RSA_C is enabled. Fixes #9041. diff --git a/ChangeLog.d/check-config.txt b/ChangeLog.d/check-config.txt deleted file mode 100644 index 8570a11757..0000000000 --- a/ChangeLog.d/check-config.txt +++ /dev/null @@ -1,9 +0,0 @@ -Changes - * Warn if mbedtls/check_config.h is included manually, as this can - lead to spurious errors. Error if a *adjust*.h header is included - manually, as this can lead to silently inconsistent configurations, - potentially resulting in buffer overflows. - When migrating from Mbed TLS 2.x, if you had a custom config.h that - included check_config.h, remove this inclusion from the Mbed TLS 3.x - configuration file (renamed to mbedtls_config.h). This change was made - in Mbed TLS 3.0, but was not announced in a changelog entry at the time. diff --git a/ChangeLog.d/disable-new-session-tickets.txt b/ChangeLog.d/disable-new-session-tickets.txt deleted file mode 100644 index bb13b4b2b4..0000000000 --- a/ChangeLog.d/disable-new-session-tickets.txt +++ /dev/null @@ -1,14 +0,0 @@ -Bugfix - * Fix TLS connection failure in applications using an Mbed TLS client in - the default configuration connecting to a TLS 1.3 server sending tickets. - See the documentation of - mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets() for more - information. - Fixes #8749. - -Changes - * By default, the handling of TLS 1.3 tickets by the Mbed TLS client is now - disabled at runtime. Applications that were using TLS 1.3 tickets - signalled by MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET return values now - need to enable the handling of TLS 1.3 tickets through the new - mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets() API. diff --git a/ChangeLog.d/dynamic-keystore.txt b/ChangeLog.d/dynamic-keystore.txt deleted file mode 100644 index c6aac3c991..0000000000 --- a/ChangeLog.d/dynamic-keystore.txt +++ /dev/null @@ -1,10 +0,0 @@ -Features - * When the new compilation option MBEDTLS_PSA_KEY_STORE_DYNAMIC is enabled, - the number of volatile PSA keys is virtually unlimited, at the expense - of increased code size. This option is off by default, but enabled in - the default mbedtls_config.h. Fixes #9216. - -Bugfix - * Fix interference between PSA volatile keys and built-in keys - when MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS is enabled and - MBEDTLS_PSA_KEY_SLOT_COUNT is more than 4096. diff --git a/ChangeLog.d/ecdsa-conversion-overflow.txt b/ChangeLog.d/ecdsa-conversion-overflow.txt deleted file mode 100644 index 83b7f2f88b..0000000000 --- a/ChangeLog.d/ecdsa-conversion-overflow.txt +++ /dev/null @@ -1,6 +0,0 @@ -Security - * Fix a stack buffer overflow in mbedtls_ecdsa_der_to_raw() and - mbedtls_ecdsa_raw_to_der() when the bits parameter is larger than the - largest supported curve. In some configurations with PSA disabled, - all values of bits are affected. This never happens in internal library - calls, but can affect applications that call these functions directly. diff --git a/ChangeLog.d/fix-clang-psa-build-without-dhm.txt b/ChangeLog.d/fix-clang-psa-build-without-dhm.txt deleted file mode 100644 index 7ae1c68a40..0000000000 --- a/ChangeLog.d/fix-clang-psa-build-without-dhm.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix Clang compilation error when MBEDTLS_USE_PSA_CRYPTO is enabled - but MBEDTLS_DHM_C is disabled. Reported by Michael Schuster in #9188. diff --git a/ChangeLog.d/fix-compilation-when-memcpy-is-function-like-macro.txt b/ChangeLog.d/fix-compilation-when-memcpy-is-function-like-macro.txt deleted file mode 100644 index 11e7d25392..0000000000 --- a/ChangeLog.d/fix-compilation-when-memcpy-is-function-like-macro.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bugfix - * Fix compilation error when memcpy() is a function-like macros. Fixes #8994. diff --git a/ChangeLog.d/fix-concurrently-loading-non-existent-keys.txt b/ChangeLog.d/fix-concurrently-loading-non-existent-keys.txt deleted file mode 100644 index 8a406a12e8..0000000000 --- a/ChangeLog.d/fix-concurrently-loading-non-existent-keys.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Fix rare concurrent access bug where attempting to operate on a - non-existent key while concurrently creating a new key could potentially - corrupt the key store. diff --git a/ChangeLog.d/fix-legacy-compression-issue.txt b/ChangeLog.d/fix-legacy-compression-issue.txt deleted file mode 100644 index b77e7a44f0..0000000000 --- a/ChangeLog.d/fix-legacy-compression-issue.txt +++ /dev/null @@ -1,6 +0,0 @@ -Bugfix - * Fixes an issue where some TLS 1.2 clients could not connect to an - Mbed TLS 3.6.0 server, due to incorrect handling of - legacy_compression_methods in the ClientHello. - Fixes #8995, #9243. - diff --git a/ChangeLog.d/fix-psa-cmac.txt b/ChangeLog.d/fix-psa-cmac.txt deleted file mode 100644 index e3c8aecc2d..0000000000 --- a/ChangeLog.d/fix-psa-cmac.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Fix the build when MBEDTLS_PSA_CRYPTO_CONFIG is enabled and the built-in - CMAC is enabled, but no built-in unauthenticated cipher is enabled. - Fixes #9209. diff --git a/ChangeLog.d/fix-redefination_warning_messages_for_GNU_SOURCE.txt b/ChangeLog.d/fix-redefination_warning_messages_for_GNU_SOURCE.txt deleted file mode 100644 index b5c26505c2..0000000000 --- a/ChangeLog.d/fix-redefination_warning_messages_for_GNU_SOURCE.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * Fix issue of redefinition warning messages for _GNU_SOURCE in - entropy_poll.c and sha_256.c. There was a build warning during - building for linux platform. - Resolves #9026 diff --git a/ChangeLog.d/fix-rsa-performance-regression.txt b/ChangeLog.d/fix-rsa-performance-regression.txt deleted file mode 100644 index 603612a314..0000000000 --- a/ChangeLog.d/fix-rsa-performance-regression.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix unintended performance regression when using short RSA public keys. - Fixes #9232. diff --git a/ChangeLog.d/fix-secure-element-key-creation.txt b/ChangeLog.d/fix-secure-element-key-creation.txt deleted file mode 100644 index 23a46c068d..0000000000 --- a/ChangeLog.d/fix-secure-element-key-creation.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * Fix error handling when creating a key in a dynamic secure element - (feature enabled by MBEDTLS_PSA_CRYPTO_SE_C). In a low memory condition, - the creation could return PSA_SUCCESS but using or destroying the key - would not work. Fixes #8537. diff --git a/ChangeLog.d/fix-server-mode-only-build.txt b/ChangeLog.d/fix-server-mode-only-build.txt deleted file mode 100644 index d1d8341f79..0000000000 --- a/ChangeLog.d/fix-server-mode-only-build.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix server mode only build when MBEDTLS_SSL_SRV_C is enabled but - MBEDTLS_SSL_CLI_C is disabled. Reported by M-Bab on GitHub in #9186. diff --git a/ChangeLog.d/fix-test-suite-pk-warnings.txt b/ChangeLog.d/fix-test-suite-pk-warnings.txt deleted file mode 100644 index 26042193cc..0000000000 --- a/ChangeLog.d/fix-test-suite-pk-warnings.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix redefinition warnings when SECP192R1 and/or SECP192K1 are disabled. - Fixes #9029. diff --git a/ChangeLog.d/fix_reporting_of_key_usage_issues.txt b/ChangeLog.d/fix_reporting_of_key_usage_issues.txt deleted file mode 100644 index b81fb426a7..0000000000 --- a/ChangeLog.d/fix_reporting_of_key_usage_issues.txt +++ /dev/null @@ -1,11 +0,0 @@ -Security - * With TLS 1.3, when a server enables optional authentication of the - client, if the client-provided certificate does not have appropriate values - in keyUsage or extKeyUsage extensions, then the return value of - mbedtls_ssl_get_verify_result() would incorrectly have the - MBEDTLS_X509_BADCERT_KEY_USAGE and MBEDTLS_X509_BADCERT_EXT_KEY_USAGE bits - clear. As a result, an attacker that had a certificate valid for uses other - than TLS client authentication could be able to use it for TLS client - authentication anyway. Only TLS 1.3 servers were affected, and only with - optional authentication (required would abort the handshake with a fatal - alert). diff --git a/ChangeLog.d/fix_ubsan_mp_aead_gcm.txt b/ChangeLog.d/fix_ubsan_mp_aead_gcm.txt deleted file mode 100644 index e4726a45d7..0000000000 --- a/ChangeLog.d/fix_ubsan_mp_aead_gcm.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix undefined behaviour (incrementing a NULL pointer by zero length) when - passing in zero length additional data to multipart AEAD. diff --git a/ChangeLog.d/mbedtls_psa_register_se_key.txt b/ChangeLog.d/mbedtls_psa_register_se_key.txt deleted file mode 100644 index 2fc2751ac0..0000000000 --- a/ChangeLog.d/mbedtls_psa_register_se_key.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Document and enforce the limitation of mbedtls_psa_register_se_key() - to persistent keys. Resolves #9253. diff --git a/ChangeLog.d/mbedtls_psa_rsa_load_representation-memory_leak.txt b/ChangeLog.d/mbedtls_psa_rsa_load_representation-memory_leak.txt deleted file mode 100644 index dba25af611..0000000000 --- a/ChangeLog.d/mbedtls_psa_rsa_load_representation-memory_leak.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix a memory leak that could occur when failing to process an RSA - key through some PSA functions due to low memory conditions. diff --git a/ChangeLog.d/pk-norsa-warning.txt b/ChangeLog.d/pk-norsa-warning.txt deleted file mode 100644 index d00aa8a870..0000000000 --- a/ChangeLog.d/pk-norsa-warning.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bugfix - * Fix a compilation warning in pk.c when PSA is enabled and RSA is disabled. diff --git a/ChangeLog.d/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt b/ChangeLog.d/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt deleted file mode 100644 index 39e03b93ba..0000000000 --- a/ChangeLog.d/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix psa_cipher_decrypt() with CCM* rejecting messages less than 3 bytes - long. Credit to Cryptofuzz. Fixes #9314. diff --git a/ChangeLog.d/psa_generate_key_custom.txt b/ChangeLog.d/psa_generate_key_custom.txt deleted file mode 100644 index 1695be1f9f..0000000000 --- a/ChangeLog.d/psa_generate_key_custom.txt +++ /dev/null @@ -1,14 +0,0 @@ -API changes - * The experimental functions psa_generate_key_ext() and - psa_key_derivation_output_key_ext() are no longer declared when compiling - in C++. This resolves a build failure under C++ compilers that do not - support flexible array members (a C99 feature not adopted by C++). - Fixes #9020. - -New deprecations - * The experimental functions psa_generate_key_ext() and - psa_key_derivation_output_key_ext() are deprecated in favor of - psa_generate_key_custom() and psa_key_derivation_output_key_custom(). - They have almost exactly the same interface, but the variable-length - data is passed in a separate parameter instead of a flexible array - member. diff --git a/ChangeLog.d/psa_util_in_builds_without_psa.txt b/ChangeLog.d/psa_util_in_builds_without_psa.txt deleted file mode 100644 index 7c0866dd30..0000000000 --- a/ChangeLog.d/psa_util_in_builds_without_psa.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * When MBEDTLS_PSA_CRYPTO_C was disabled and MBEDTLS_ECDSA_C enabled, - some code was defining 0-size arrays, resulting in compilation errors. - Fixed by disabling the offending code in configurations without PSA - Crypto, where it never worked. Fixes #9311. diff --git a/ChangeLog.d/tls13-cert-regressions.txt b/ChangeLog.d/tls13-cert-regressions.txt deleted file mode 100644 index 8dd8a327d6..0000000000 --- a/ChangeLog.d/tls13-cert-regressions.txt +++ /dev/null @@ -1,18 +0,0 @@ -Bugfix - * Fixed a regression introduced in 3.6.0 where the CA callback set with - mbedtls_ssl_conf_ca_cb() would stop working when connections were - upgraded to TLS 1.3. Fixed by adding support for the CA callback with TLS - 1.3. - * Fixed a regression introduced in 3.6.0 where clients that relied on - optional/none authentication mode, by calling mbedtls_ssl_conf_authmode() - with MBEDTLS_SSL_VERIFY_OPTIONAL or MBEDTLS_SSL_VERIFY_NONE, would stop - working when connections were upgraded to TLS 1.3. Fixed by adding - support for optional/none with TLS 1.3 as well. Note that the TLS 1.3 - standard makes server authentication mandatory; users are advised not to - use authmode none, and to carefully check the results when using optional - mode. - * Fixed a regression introduced in 3.6.0 where context-specific certificate - verify callbacks, set with mbedtls_ssl_set_verify() as opposed to - mbedtls_ssl_conf_verify(), would stop working when connections were - upgraded to TLS 1.3. Fixed by adding support for context-specific verify - callback in TLS 1.3. diff --git a/ChangeLog.d/tls13-psa_crypto_init.txt b/ChangeLog.d/tls13-psa_crypto_init.txt deleted file mode 100644 index 311db65585..0000000000 --- a/ChangeLog.d/tls13-psa_crypto_init.txt +++ /dev/null @@ -1,9 +0,0 @@ -Bugfix - * Fix TLS connections failing when the handshake selects TLS 1.3 - in an application that does not call psa_crypto_init(). - Fixes #9072. - -Changes - * A TLS handshake may now call psa_crypto_init() if TLS 1.3 is enabled. - This can happen even if TLS 1.3 is offered but eventually not selected - in the protocol version negotiation. diff --git a/ChangeLog.d/tls13-without-tickets.txt b/ChangeLog.d/tls13-without-tickets.txt deleted file mode 100644 index 8ceef21ee5..0000000000 --- a/ChangeLog.d/tls13-without-tickets.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix TLS 1.3 client build and runtime when support for session tickets is - disabled (MBEDTLS_SSL_SESSION_TICKETS configuration option). Fixes #6395.