Assemble Changelog
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
diff --git a/ChangeLog b/ChangeLog
index 021012a..962379c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,99 @@
mbed TLS ChangeLog (Sorted per branch, date)
+= mbed TLS x.x.x branch released xxxx-xx-xx
+
+Default behavior changes
+ * mbedtls_cipher_set_iv will now fail with ChaCha20 and ChaCha20+Poly1305
+ for IV lengths other than 12. The library was silently overwriting this
+ length with 12, but did not inform the caller about it. Fixes #4301.
+
+Features
+ * When MBEDTLS_PSA_CRYPTO_CONFIG is enabled, you may list the PSA crypto
+ feature requirements in the file named by the new macro
+ MBEDTLS_PSA_CRYPTO_CONFIG_FILE instead of the default psa/crypto_config.h.
+ Furthermore you may name an additional file to include after the main
+ file with the macro MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE.
+
+Security
+ * Zeroize dynamically-allocated buffers used by the PSA Crypto key storage
+ module before freeing them. These buffers contain secret key material, and
+ could thus potentially leak the key through freed heap.
+ * Fix a potential heap buffer overread in TLS 1.2 server-side when
+ MBEDTLS_USE_PSA_CRYPTO is enabled, an opaque key (created with
+ mbedtls_pk_setup_opaque()) is provisioned, and a static ECDH ciphersuite
+ is selected. This may result in an application crash or potentially an
+ information leak.
+ * Fix a buffer overread in DTLS ClientHello parsing in servers with
+ MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled. An unauthenticated client
+ or a man-in-the-middle could cause a DTLS server to read up to 255 bytes
+ after the end of the SSL input buffer. The buffer overread only happens
+ when MBEDTLS_SSL_IN_CONTENT_LEN is less than a threshold that depends on
+ the exact configuration: 258 bytes if using mbedtls_ssl_cookie_check(),
+ and possibly up to 571 bytes with a custom cookie check function.
+ Reported by the Cybeats PSI Team.
+
+Bugfix
+ * Fix a memory leak if mbedtls_ssl_config_defaults() is called twice.
+ * Fix several bugs (warnings, compiler and linker errors, test failures)
+ in reduced configurations when MBEDTLS_USE_PSA_CRYPTO is enabled.
+ * Fix a bug in (D)TLS curve negotiation: when MBEDTLS_USE_PSA_CRYPTO was
+ enabled and an ECDHE-ECDSA or ECDHE-RSA key exchange was used, the
+ client would fail to check that the curve selected by the server for
+ ECDHE was indeed one that was offered. As a result, the client would
+ accept any curve that it supported, even if that curve was not allowed
+ according to its configuration. Fixes #5291.
+ * Fix unit tests that used 0 as the file UID. This failed on some
+ implementations of PSA ITS. Fixes #3838.
+ * Fix API violation in mbedtls_md_process() test by adding a call to
+ mbedtls_md_starts(). Fixes #2227.
+ * Fix compile errors when MBEDTLS_HAVE_TIME is not defined. Add tests
+ to catch bad uses of time.h.
+ * Fix the library search path when building a shared library with CMake
+ on Windows.
+ * Fix bug in the alert sending function mbedtls_ssl_send_alert_message()
+ potentially leading to corrupted alert messages being sent in case
+ the function needs to be re-called after initially returning
+ MBEDTLS_SSL_WANT_WRITE. Fixes #1916.
+ * In configurations with MBEDTLS_SSL_DTLS_CONNECTION_ID enabled but none of
+ MBEDTLS_SSL_HW_RECORD_ACCEL, MBEDTLS_SSL_EXPORT_KEYS or MBEDTLS_DEBUG_C,
+ DTLS handshakes using CID would crash due to a null pointer dereference.
+ Fix this. Fixes #3998.
+ * Fix incorrect documentation of mbedtls_x509_crt_profile. The previous
+ documentation stated that the `allowed_pks` field applies to signatures
+ only, but in fact it does apply to the public key type of the end entity
+ certificate, too. Fixes #1992.
+ * Fix PSA cipher multipart operations using ARC4. Previously, an IV was
+ required but discarded. Now, an IV is rejected, as it should be.
+ * Fix undefined behavior in mbedtls_asn1_find_named_data(), where val is
+ not NULL and val_len is zero.
+ * psa_raw_key_agreement() now returns PSA_ERROR_BUFFER_TOO_SMALL when
+ applicable. Fixes #5735.
+ * Fix a bug in the x25519 example program where the removal of
+ MBEDTLS_ECDH_LEGACY_CONTEXT caused the program not to run. Fixes #4901 and
+ #3191.
+ * Encode X.509 dates before 1/1/2000 as UTCTime rather than
+ GeneralizedTime. Fixes #5465.
+ * Fix order value of curve x448.
+ * Fix string representation of DNs when outputting values containing commas
+ and other special characters, conforming to RFC 1779. Fixes #769.
+ * Silence a warning from GCC 12 in the selftest program. Fixes #5974.
+ * Fix mbedtls_asn1_write_mpi() writing an incorrect encoding of 0.
+ * Fix resource leaks in mbedtls_pk_parse_public_key() in low
+ memory conditions.
+ * Fix server connection identifier setting for outgoing encrypted records
+ on DTLS 1.2 session resumption. After DTLS 1.2 session resumption with
+ connection identifier, the Mbed TLS client now properly sends the server
+ connection identifier in encrypted record headers. Fix #5872.
+ * Fix a null pointer dereference when performing some operations on zero
+ represented with 0 limbs (specifically mbedtls_mpi_mod_int() dividing
+ by 2, and mbedtls_mpi_write_string() in base 2).
+ * Fix record sizes larger than 16384 being sometimes accepted despite being
+ non-compliant. This could not lead to a buffer overflow. In particular,
+ application data size was already checked correctly.
+
+Changes
+ * Assume source files are in UTF-8 when using MSVC with CMake.
+
= mbed TLS 2.28.0 branch released 2021-12-17
API changes
diff --git a/ChangeLog.d/PSA-test-suites-NOT-using-UID-0.txt b/ChangeLog.d/PSA-test-suites-NOT-using-UID-0.txt
deleted file mode 100644
index 9acbb0a..0000000
--- a/ChangeLog.d/PSA-test-suites-NOT-using-UID-0.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix unit tests that used 0 as the file UID. This failed on some
- implementations of PSA ITS. Fixes #3838.
diff --git a/ChangeLog.d/add-mbedtls_md_starts-to-mbedtls_md_process-test.txt b/ChangeLog.d/add-mbedtls_md_starts-to-mbedtls_md_process-test.txt
deleted file mode 100644
index 57c7561..0000000
--- a/ChangeLog.d/add-mbedtls_md_starts-to-mbedtls_md_process-test.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix API violation in mbedtls_md_process() test by adding a call to
- mbedtls_md_starts(). Fixes #2227.
diff --git a/ChangeLog.d/alert_reentrant.txt b/ChangeLog.d/alert_reentrant.txt
deleted file mode 100644
index 691d64c..0000000
--- a/ChangeLog.d/alert_reentrant.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Bugfix
- * Fix bug in the alert sending function mbedtls_ssl_send_alert_message()
- potentially leading to corrupted alert messages being sent in case
- the function needs to be re-called after initially returning
- MBEDTLS_SSL_WANT_WRITE. Fixes #1916.
diff --git a/ChangeLog.d/asn1write-0-fix.txt b/ChangeLog.d/asn1write-0-fix.txt
deleted file mode 100644
index 2e01244..0000000
--- a/ChangeLog.d/asn1write-0-fix.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Bugfix
- * Fix mbedtls_asn1_write_mpi() writing an incorrect encoding of 0.
diff --git a/ChangeLog.d/bignum-0-mod-2.txt b/ChangeLog.d/bignum-0-mod-2.txt
deleted file mode 100644
index 4a1ab16..0000000
--- a/ChangeLog.d/bignum-0-mod-2.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * Fix a null pointer dereference when performing some operations on zero
- represented with 0 limbs (specifically mbedtls_mpi_mod_int() dividing
- by 2, and mbedtls_mpi_write_string() in base 2).
diff --git a/ChangeLog.d/buf-overread-use-psa-static-ecdh.txt b/ChangeLog.d/buf-overread-use-psa-static-ecdh.txt
deleted file mode 100644
index 84b9f79..0000000
--- a/ChangeLog.d/buf-overread-use-psa-static-ecdh.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-Security
- * Fix a potential heap buffer overread in TLS 1.2 server-side when
- MBEDTLS_USE_PSA_CRYPTO is enabled, an opaque key (created with
- mbedtls_pk_setup_opaque()) is provisioned, and a static ECDH ciphersuite
- is selected. This may result in an application crash or potentially an
- information leak.
diff --git a/ChangeLog.d/bug_x448.txt b/ChangeLog.d/bug_x448.txt
deleted file mode 100644
index cebefc4..0000000
--- a/ChangeLog.d/bug_x448.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Bugfix
- * Fix order value of curve x448.
diff --git a/ChangeLog.d/chacha20_invalid_iv_len_fix.txt b/ChangeLog.d/chacha20_invalid_iv_len_fix.txt
deleted file mode 100644
index af35e2a..0000000
--- a/ChangeLog.d/chacha20_invalid_iv_len_fix.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Default behavior changes
- * mbedtls_cipher_set_iv will now fail with ChaCha20 and ChaCha20+Poly1305
- for IV lengths other than 12. The library was silently overwriting this
- length with 12, but did not inform the caller about it. Fixes #4301.
diff --git a/ChangeLog.d/cmake_msvc_utf8.txt b/ChangeLog.d/cmake_msvc_utf8.txt
deleted file mode 100644
index 552eec7..0000000
--- a/ChangeLog.d/cmake_msvc_utf8.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Changes
- * Assume source files are in UTF-8 when using MSVC with CMake.
diff --git a/ChangeLog.d/cookie_parsing_bug.txt b/ChangeLog.d/cookie_parsing_bug.txt
deleted file mode 100644
index 1c25f39..0000000
--- a/ChangeLog.d/cookie_parsing_bug.txt
+++ /dev/null
@@ -1,9 +0,0 @@
-Security
- * Fix a buffer overread in DTLS ClientHello parsing in servers with
- MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled. An unauthenticated client
- or a man-in-the-middle could cause a DTLS server to read up to 255 bytes
- after the end of the SSL input buffer. The buffer overread only happens
- when MBEDTLS_SSL_IN_CONTENT_LEN is less than a threshold that depends on
- the exact configuration: 258 bytes if using mbedtls_ssl_cookie_check(),
- and possibly up to 571 bytes with a custom cookie check function.
- Reported by the Cybeats PSI Team.
diff --git a/ChangeLog.d/doc-x509-profile-pk.txt b/ChangeLog.d/doc-x509-profile-pk.txt
deleted file mode 100644
index 35625fe..0000000
--- a/ChangeLog.d/doc-x509-profile-pk.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Bugfix
- * Fix incorrect documentation of mbedtls_x509_crt_profile. The previous
- documentation stated that the `allowed_pks` field applies to signatures
- only, but in fact it does apply to the public key type of the end entity
- certificate, too. Fixes #1992.
diff --git a/ChangeLog.d/dtls-cid-null.txt b/ChangeLog.d/dtls-cid-null.txt
deleted file mode 100644
index f6f4c54..0000000
--- a/ChangeLog.d/dtls-cid-null.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Bugfix
- * In configurations with MBEDTLS_SSL_DTLS_CONNECTION_ID enabled but none of
- MBEDTLS_SSL_HW_RECORD_ACCEL, MBEDTLS_SSL_EXPORT_KEYS or MBEDTLS_DEBUG_C,
- DTLS handshakes using CID would crash due to a null pointer dereference.
- Fix this. Fixes #3998.
diff --git a/ChangeLog.d/fix-csr_subject_commas.txt b/ChangeLog.d/fix-csr_subject_commas.txt
deleted file mode 100644
index e01c9a8..0000000
--- a/ChangeLog.d/fix-csr_subject_commas.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix string representation of DNs when outputting values containing commas
- and other special characters, conforming to RFC 1779. Fixes #769.
diff --git a/ChangeLog.d/fix-time-format-pre-2000.txt b/ChangeLog.d/fix-time-format-pre-2000.txt
deleted file mode 100644
index 414201e..0000000
--- a/ChangeLog.d/fix-time-format-pre-2000.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Encode X.509 dates before 1/1/2000 as UTCTime rather than
- GeneralizedTime. Fixes #5465.
diff --git a/ChangeLog.d/fix-undefined-memcpy-mbedtls_asn1_named_data.txt b/ChangeLog.d/fix-undefined-memcpy-mbedtls_asn1_named_data.txt
deleted file mode 100644
index b30f7fa..0000000
--- a/ChangeLog.d/fix-undefined-memcpy-mbedtls_asn1_named_data.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix undefined behavior in mbedtls_asn1_find_named_data(), where val is
- not NULL and val_len is zero.
diff --git a/ChangeLog.d/fix-windows-cmake-build-with-shared-libraries.txt b/ChangeLog.d/fix-windows-cmake-build-with-shared-libraries.txt
deleted file mode 100644
index a6540a1..0000000
--- a/ChangeLog.d/fix-windows-cmake-build-with-shared-libraries.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix the library search path when building a shared library with CMake
- on Windows.
diff --git a/ChangeLog.d/fix-x25519-program.txt b/ChangeLog.d/fix-x25519-program.txt
deleted file mode 100644
index bf5d6ac..0000000
--- a/ChangeLog.d/fix-x25519-program.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * Fix a bug in the x25519 example program where the removal of
- MBEDTLS_ECDH_LEGACY_CONTEXT caused the program not to run. Fixes #4901 and
- #3191.
diff --git a/ChangeLog.d/fix_some_resource_leaks.txt b/ChangeLog.d/fix_some_resource_leaks.txt
deleted file mode 100644
index f8db3f2..0000000
--- a/ChangeLog.d/fix_some_resource_leaks.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * Fix resource leaks in mbedtls_pk_parse_public_key() in low
- memory conditions.
-
diff --git a/ChangeLog.d/fix_tls_record_size_check.txt b/ChangeLog.d/fix_tls_record_size_check.txt
deleted file mode 100644
index 13d452d..0000000
--- a/ChangeLog.d/fix_tls_record_size_check.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * Fix record sizes larger than 16384 being sometimes accepted despite being
- non-compliant. This could not lead to a buffer overflow. In particular,
- application data size was already checked correctly.
diff --git a/ChangeLog.d/mbedtls_ssl_config_defaults-memleak.txt b/ChangeLog.d/mbedtls_ssl_config_defaults-memleak.txt
deleted file mode 100644
index 043b273..0000000
--- a/ChangeLog.d/mbedtls_ssl_config_defaults-memleak.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Bugfix
- * Fix a memory leak if mbedtls_ssl_config_defaults() is called twice.
diff --git a/ChangeLog.d/psa-rc4.txt b/ChangeLog.d/psa-rc4.txt
deleted file mode 100644
index c255413..0000000
--- a/ChangeLog.d/psa-rc4.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix PSA cipher multipart operations using ARC4. Previously, an IV was
- required but discarded. Now, an IV is rejected, as it should be.
diff --git a/ChangeLog.d/psa_crypto_config_file.txt b/ChangeLog.d/psa_crypto_config_file.txt
deleted file mode 100644
index d42651d..0000000
--- a/ChangeLog.d/psa_crypto_config_file.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-Features
- * When MBEDTLS_PSA_CRYPTO_CONFIG is enabled, you may list the PSA crypto
- feature requirements in the file named by the new macro
- MBEDTLS_PSA_CRYPTO_CONFIG_FILE instead of the default psa/crypto_config.h.
- Furthermore you may name an additional file to include after the main
- file with the macro MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE.
diff --git a/ChangeLog.d/psa_crypto_reduced_configs_bugs.txt b/ChangeLog.d/psa_crypto_reduced_configs_bugs.txt
deleted file mode 100644
index 0d61cb7..0000000
--- a/ChangeLog.d/psa_crypto_reduced_configs_bugs.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix several bugs (warnings, compiler and linker errors, test failures)
- in reduced configurations when MBEDTLS_USE_PSA_CRYPTO is enabled.
diff --git a/ChangeLog.d/psa_raw_key_agreement-buffer_too_small.txt b/ChangeLog.d/psa_raw_key_agreement-buffer_too_small.txt
deleted file mode 100644
index 415c849..0000000
--- a/ChangeLog.d/psa_raw_key_agreement-buffer_too_small.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * psa_raw_key_agreement() now returns PSA_ERROR_BUFFER_TOO_SMALL when
- applicable. Fixes #5735.
diff --git a/ChangeLog.d/resumption_cid.txt b/ChangeLog.d/resumption_cid.txt
deleted file mode 100644
index 5c237aa..0000000
--- a/ChangeLog.d/resumption_cid.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Bugfix
- * Fix server connection identifier setting for outgoing encrypted records
- on DTLS 1.2 session resumption. After DTLS 1.2 session resumption with
- connection identifier, the Mbed TLS client now properly sends the server
- connection identifier in encrypted record headers. Fix #5872.
diff --git a/ChangeLog.d/selftest-gcc12.txt b/ChangeLog.d/selftest-gcc12.txt
deleted file mode 100644
index aafa256..0000000
--- a/ChangeLog.d/selftest-gcc12.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Bugfix
- * Silence a warning from GCC 12 in the selftest program. Fixes #5974.
diff --git a/ChangeLog.d/timeless.txt b/ChangeLog.d/timeless.txt
deleted file mode 100644
index 84f07d6..0000000
--- a/ChangeLog.d/timeless.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix compile errors when MBEDTLS_HAVE_TIME is not defined. Add tests
- to catch bad uses of time.h.
diff --git a/ChangeLog.d/use-psa-ecdhe-curve.txt b/ChangeLog.d/use-psa-ecdhe-curve.txt
deleted file mode 100644
index 658f88f..0000000
--- a/ChangeLog.d/use-psa-ecdhe-curve.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-Bugfix
- * Fix a bug in (D)TLS curve negotiation: when MBEDTLS_USE_PSA_CRYPTO was
- enabled and an ECDHE-ECDSA or ECDHE-RSA key exchange was used, the
- client would fail to check that the curve selected by the server for
- ECDHE was indeed one that was offered. As a result, the client would
- accept any curve that it supported, even if that curve was not allowed
- according to its configuration. Fixes #5291.
diff --git a/ChangeLog.d/zeroize_key_buffers_before_free.txt b/ChangeLog.d/zeroize_key_buffers_before_free.txt
deleted file mode 100644
index ba5bae1..0000000
--- a/ChangeLog.d/zeroize_key_buffers_before_free.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Security
- * Zeroize dynamically-allocated buffers used by the PSA Crypto key storage
- module before freeing them. These buffers contain secret key material, and
- could thus potentially leak the key through freed heap.