Assemble ChangeLog
Executed scripts/assemble_changelog.py.
Signed-off-by: Janos Follath <janos.follath@arm.com>
diff --git a/ChangeLog b/ChangeLog
index 2e15686..540fa53 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,64 @@
mbed TLS ChangeLog (Sorted per branch, date)
+= mbed TLS x.x.x branch released xxxx-xx-xx
+
+Features
+ * Support building on e2k (Elbrus) architecture: correctly enable
+ -Wformat-signedness, and fix the code that causes signed-one-bit-field
+ and sign-compare warnings. Contributed by makise-homura (Igor Molchanov)
+ <akemi_homura@kurisa.ch>.
+
+Security
+ * When checking X.509 CRLs, a certificate was only considered as revoked if
+ its revocationDate was in the past according to the local clock if
+ available. In particular, on builds without MBEDTLS_HAVE_TIME_DATE,
+ certificates were never considered as revoked. On builds with
+ MBEDTLS_HAVE_TIME_DATE, an attacker able to control the local clock (for
+ example, an untrusted OS attacking a secure enclave) could prevent
+ revocation of certificates via CRLs. Fixed by no longer checking the
+ revocationDate field, in accordance with RFC 5280. Reported by
+ yuemonangong in #3340. Reported independently and fixed by
+ Raoul Strackx and Jethro Beekman in #3433.
+ * In (D)TLS record decryption, when using a CBC ciphersuites without the
+ Encrypt-then-Mac extension, use constant code flow memory access patterns
+ to extract and check the MAC. This is an improvement to the existing
+ countermeasure against Lucky 13 attacks. The previous countermeasure was
+ effective against network-based attackers, but less so against local
+ attackers. The new countermeasure defends against local attackers, even
+ if they have access to fine-grained measurements. In particular, this
+ fixes a local Lucky 13 cache attack found and reported by Tuba Yavuz,
+ Farhaan Fowze, Ken (Yihan) Bai, Grant Hernandez, and Kevin Butler
+ (University of Florida) and Dave Tian (Purdue University).
+ * Fix side channel in RSA private key operations and static (finite-field)
+ Diffie-Hellman. An adversary with precise enough timing and memory access
+ information (typically an untrusted operating system attacking a secure
+ enclave) could bypass an existing counter-measure (base blinding) and
+ potentially fully recover the private key.
+ * Fix a 1-byte buffer overread in mbedtls_x509_crl_parse_der().
+ Credit to OSS-Fuzz for detecting the problem and to Philippe Antoine
+ for pinpointing the problematic code.
+ * Zeroising of plaintext buffers in mbedtls_ssl_read() to erase unused
+ application data from memory. Reported in #689 by
+ Johan Uppman Bruce of Sectra.
+
+Bugfix
+ * Use arc4random_buf on NetBSD instead of rand implementation with cyclical
+ lower bits. Fix contributed in #3540.
+ * Fix building library/net_sockets.c on NetBSD. NetBSD conditionals were
+ added for the backport to avoid the risk of breaking a platform. Original
+ fix contributed by Nia Alarie in #3422. Adopted for long-term support
+ branch 2.7 in #3570.
+ * Fix bug in redirection of unit test outputs on platforms where stdout is
+ defined as a macro. First reported in #2311 and fix contributed in #3528.
+ Adopted for LTS branch 2.7 in #3600.
+
+Changes
+ * Update copyright notices to use Linux Foundation guidance. As a result,
+ the copyright of contributors other than Arm is now acknowledged, and the
+ years of publishing are no longer tracked in the source files. This also
+ eliminates the need for the lines declaring the files to be part of
+ MbedTLS. Fixes #3457.
+
= mbed TLS 2.7.16 branch released 2020-07-01
Security
diff --git a/ChangeLog.d/copyright.txt b/ChangeLog.d/copyright.txt
deleted file mode 100644
index aefc6bc..0000000
--- a/ChangeLog.d/copyright.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-Changes
- * Update copyright notices to use Linux Foundation guidance. As a result,
- the copyright of contributors other than Arm is now acknowledged, and the
- years of publishing are no longer tracked in the source files. This also
- eliminates the need for the lines declaring the files to be part of
- MbedTLS. Fixes #3457.
diff --git a/ChangeLog.d/crl-revocationDate.txt b/ChangeLog.d/crl-revocationDate.txt
deleted file mode 100644
index a8ad532..0000000
--- a/ChangeLog.d/crl-revocationDate.txt
+++ /dev/null
@@ -1,11 +0,0 @@
-Security
- * When checking X.509 CRLs, a certificate was only considered as revoked if
- its revocationDate was in the past according to the local clock if
- available. In particular, on builds without MBEDTLS_HAVE_TIME_DATE,
- certificates were never considered as revoked. On builds with
- MBEDTLS_HAVE_TIME_DATE, an attacker able to control the local clock (for
- example, an untrusted OS attacking a secure enclave) could prevent
- revocation of certificates via CRLs. Fixed by no longer checking the
- revocationDate field, in accordance with RFC 5280. Reported by
- yuemonangong in #3340. Reported independently and fixed by
- Raoul Strackx and Jethro Beekman in #3433.
diff --git a/ChangeLog.d/e2k-support.txt b/ChangeLog.d/e2k-support.txt
deleted file mode 100644
index 023b188..0000000
--- a/ChangeLog.d/e2k-support.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Features
- * Support building on e2k (Elbrus) architecture: correctly enable
- -Wformat-signedness, and fix the code that causes signed-one-bit-field
- and sign-compare warnings. Contributed by makise-homura (Igor Molchanov)
- <akemi_homura@kurisa.ch>.
diff --git a/ChangeLog.d/fix-build-netbsd.txt b/ChangeLog.d/fix-build-netbsd.txt
deleted file mode 100644
index ac76834..0000000
--- a/ChangeLog.d/fix-build-netbsd.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Bugfix
- * Fix building library/net_sockets.c on NetBSD. NetBSD conditionals were
- added for the backport to avoid the risk of breaking a platform. Original
- fix contributed by Nia Alarie in #3422. Adopted for long-term support
- branch 2.7 in #3570.
diff --git a/ChangeLog.d/local-lucky13.txt b/ChangeLog.d/local-lucky13.txt
deleted file mode 100644
index adf493a..0000000
--- a/ChangeLog.d/local-lucky13.txt
+++ /dev/null
@@ -1,11 +0,0 @@
-Security
- * In (D)TLS record decryption, when using a CBC ciphersuites without the
- Encrypt-then-Mac extension, use constant code flow memory access patterns
- to extract and check the MAC. This is an improvement to the existing
- countermeasure against Lucky 13 attacks. The previous countermeasure was
- effective against network-based attackers, but less so against local
- attackers. The new countermeasure defends against local attackers, even
- if they have access to fine-grained measurements. In particular, this
- fixes a local Lucky 13 cache attack found and reported by Tuba Yavuz,
- Farhaan Fowze, Ken (Yihan) Bai, Grant Hernandez, and Kevin Butler
- (University of Florida) and Dave Tian (Purdue University).
diff --git a/ChangeLog.d/netbsd-rand-arc4random_buf.txt b/ChangeLog.d/netbsd-rand-arc4random_buf.txt
deleted file mode 100644
index 8539d1f..0000000
--- a/ChangeLog.d/netbsd-rand-arc4random_buf.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Use arc4random_buf on NetBSD instead of rand implementation with cyclical
- lower bits. Fix contributed in #3540.
diff --git a/ChangeLog.d/protect-base-blinding.txt b/ChangeLog.d/protect-base-blinding.txt
deleted file mode 100644
index ca0600c..0000000
--- a/ChangeLog.d/protect-base-blinding.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-Security
- * Fix side channel in RSA private key operations and static (finite-field)
- Diffie-Hellman. An adversary with precise enough timing and memory access
- information (typically an untrusted operating system attacking a secure
- enclave) could bypass an existing counter-measure (base blinding) and
- potentially fully recover the private key.
diff --git a/ChangeLog.d/stdout-macro.txt b/ChangeLog.d/stdout-macro.txt
deleted file mode 100644
index 1c0f985..0000000
--- a/ChangeLog.d/stdout-macro.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * Fix bug in redirection of unit test outputs on platforms where stdout is
- defined as a macro. First reported in #2311 and fix contributed in #3528.
- Adopted for LTS branch 2.7 in #3600.
diff --git a/ChangeLog.d/x509parse_crl-empty_entry.txt b/ChangeLog.d/x509parse_crl-empty_entry.txt
deleted file mode 100644
index 483abb1..0000000
--- a/ChangeLog.d/x509parse_crl-empty_entry.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Security
- * Fix a 1-byte buffer overread in mbedtls_x509_crl_parse_der().
- Credit to OSS-Fuzz for detecting the problem and to Philippe Antoine
- for pinpointing the problematic code.
diff --git a/ChangeLog.d/zeroising_of_plaintext_buffer.txt b/ChangeLog.d/zeroising_of_plaintext_buffer.txt
deleted file mode 100644
index f618beb..0000000
--- a/ChangeLog.d/zeroising_of_plaintext_buffer.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Security
- * Zeroising of plaintext buffers in mbedtls_ssl_read() to erase unused
- application data from memory. Reported in #689 by
- Johan Uppman Bruce of Sectra.