Assemble Changelog

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>

ChangeLog

@@ -1,5 +1,99 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
+= mbed TLS x.x.x branch released xxxx-xx-xx
+
+Default behavior changes
+   * mbedtls_cipher_set_iv will now fail with ChaCha20 and ChaCha20+Poly1305
+     for IV lengths other than 12. The library was silently overwriting this
+     length with 12, but did not inform the caller about it. Fixes #4301.
+
+Features
+   * When MBEDTLS_PSA_CRYPTO_CONFIG is enabled, you may list the PSA crypto
+     feature requirements in the file named by the new macro
+     MBEDTLS_PSA_CRYPTO_CONFIG_FILE instead of the default psa/crypto_config.h.
+     Furthermore you may name an additional file to include after the main
+     file with the macro MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE.
+
+Security
+   * Zeroize dynamically-allocated buffers used by the PSA Crypto key storage
+     module before freeing them. These buffers contain secret key material, and
+     could thus potentially leak the key through freed heap.
+   * Fix a potential heap buffer overread in TLS 1.2 server-side when
+     MBEDTLS_USE_PSA_CRYPTO is enabled, an opaque key (created with
+     mbedtls_pk_setup_opaque()) is provisioned, and a static ECDH ciphersuite
+     is selected. This may result in an application crash or potentially an
+     information leak.
+   * Fix a buffer overread in DTLS ClientHello parsing in servers with
+     MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled. An unauthenticated client
+     or a man-in-the-middle could cause a DTLS server to read up to 255 bytes
+     after the end of the SSL input buffer. The buffer overread only happens
+     when MBEDTLS_SSL_IN_CONTENT_LEN is less than a threshold that depends on
+     the exact configuration: 258 bytes if using mbedtls_ssl_cookie_check(),
+     and possibly up to 571 bytes with a custom cookie check function.
+     Reported by the Cybeats PSI Team.
+
+Bugfix
+   * Fix a memory leak if mbedtls_ssl_config_defaults() is called twice.
+   * Fix several bugs (warnings, compiler and linker errors, test failures)
+     in reduced configurations when MBEDTLS_USE_PSA_CRYPTO is enabled.
+   * Fix a bug in (D)TLS curve negotiation: when MBEDTLS_USE_PSA_CRYPTO was
+     enabled and an ECDHE-ECDSA or ECDHE-RSA key exchange was used, the
+     client would fail to check that the curve selected by the server for
+     ECDHE was indeed one that was offered. As a result, the client would
+     accept any curve that it supported, even if that curve was not allowed
+     according to its configuration. Fixes #5291.
+   * Fix unit tests that used 0 as the file UID. This failed on some
+     implementations of PSA ITS. Fixes #3838.
+   * Fix API violation in mbedtls_md_process() test by adding a call to
+     mbedtls_md_starts(). Fixes #2227.
+   * Fix compile errors when MBEDTLS_HAVE_TIME is not defined. Add tests
+     to catch bad uses of time.h.
+   * Fix the library search path when building a shared library with CMake
+     on Windows.
+   * Fix bug in the alert sending function mbedtls_ssl_send_alert_message()
+     potentially leading to corrupted alert messages being sent in case
+     the function needs to be re-called after initially returning
+     MBEDTLS_SSL_WANT_WRITE. Fixes #1916.
+   * In configurations with MBEDTLS_SSL_DTLS_CONNECTION_ID enabled but none of
+     MBEDTLS_SSL_HW_RECORD_ACCEL, MBEDTLS_SSL_EXPORT_KEYS or MBEDTLS_DEBUG_C,
+     DTLS handshakes using CID would crash due to a null pointer dereference.
+     Fix this. Fixes #3998.
+   * Fix incorrect documentation of mbedtls_x509_crt_profile. The previous
+     documentation stated that the `allowed_pks` field applies to signatures
+     only, but in fact it does apply to the public key type of the end entity
+     certificate, too. Fixes #1992.
+   * Fix PSA cipher multipart operations using ARC4. Previously, an IV was
+     required but discarded. Now, an IV is rejected, as it should be.
+   * Fix undefined behavior in mbedtls_asn1_find_named_data(), where val is
+     not NULL and val_len is zero.
+   * psa_raw_key_agreement() now returns PSA_ERROR_BUFFER_TOO_SMALL when
+     applicable. Fixes #5735.
+   * Fix a bug in the x25519 example program where the removal of
+     MBEDTLS_ECDH_LEGACY_CONTEXT caused the program not to run. Fixes #4901 and
+     #3191.
+   * Encode X.509 dates before 1/1/2000 as UTCTime rather than
+     GeneralizedTime. Fixes #5465.
+    * Fix order value of curve x448.
+   * Fix string representation of DNs when outputting values containing commas
+     and other special characters, conforming to RFC 1779. Fixes #769.
+   * Silence a warning from GCC 12 in the selftest program. Fixes #5974.
+   * Fix mbedtls_asn1_write_mpi() writing an incorrect encoding of 0.
+   * Fix resource leaks in mbedtls_pk_parse_public_key() in low
+     memory conditions.
+   * Fix server connection identifier setting for outgoing encrypted records
+     on DTLS 1.2 session resumption. After DTLS 1.2 session resumption with
+     connection identifier, the Mbed TLS client now properly sends the server
+     connection identifier in encrypted record headers. Fix #5872.
+   * Fix a null pointer dereference when performing some operations on zero
+     represented with 0 limbs (specifically mbedtls_mpi_mod_int() dividing
+     by 2, and mbedtls_mpi_write_string() in base 2).
+   * Fix record sizes larger than 16384 being sometimes accepted despite being
+     non-compliant. This could not lead to a buffer overflow. In particular,
+     application data size was already checked correctly.
+
+Changes
+   * Assume source files are in UTF-8 when using MSVC with CMake.
+
 = mbed TLS 2.28.0 branch released 2021-12-17
 
 API changes

ChangeLog.d/PSA-test-suites-NOT-using-UID-0.txt

@@ -1,3 +0,0 @@
-Bugfix
-   * Fix unit tests that used 0 as the file UID. This failed on some
-     implementations of PSA ITS. Fixes #3838.

ChangeLog.d/add-mbedtls_md_starts-to-mbedtls_md_process-test.txt

@@ -1,3 +0,0 @@
-Bugfix
-   * Fix API violation in mbedtls_md_process() test by adding a call to
-     mbedtls_md_starts(). Fixes #2227.

ChangeLog.d/alert_reentrant.txt

@@ -1,5 +0,0 @@
-Bugfix
-   * Fix bug in the alert sending function mbedtls_ssl_send_alert_message()
-     potentially leading to corrupted alert messages being sent in case
-     the function needs to be re-called after initially returning
-     MBEDTLS_SSL_WANT_WRITE. Fixes #1916.

ChangeLog.d/asn1write-0-fix.txt

@@ -1,2 +0,0 @@
-Bugfix
-   * Fix mbedtls_asn1_write_mpi() writing an incorrect encoding of 0.

ChangeLog.d/bignum-0-mod-2.txt

@@ -1,4 +0,0 @@
-Bugfix
-   * Fix a null pointer dereference when performing some operations on zero
-     represented with 0 limbs (specifically mbedtls_mpi_mod_int() dividing
-     by 2, and mbedtls_mpi_write_string() in base 2).

ChangeLog.d/buf-overread-use-psa-static-ecdh.txt

@@ -1,6 +0,0 @@
-Security
-   * Fix a potential heap buffer overread in TLS 1.2 server-side when
-     MBEDTLS_USE_PSA_CRYPTO is enabled, an opaque key (created with
-     mbedtls_pk_setup_opaque()) is provisioned, and a static ECDH ciphersuite
-     is selected. This may result in an application crash or potentially an
-     information leak.

ChangeLog.d/bug_x448.txt

@@ -1,2 +0,0 @@
-Bugfix
-    * Fix order value of curve x448.

ChangeLog.d/chacha20_invalid_iv_len_fix.txt

@@ -1,4 +0,0 @@
-Default behavior changes
-   * mbedtls_cipher_set_iv will now fail with ChaCha20 and ChaCha20+Poly1305
-     for IV lengths other than 12. The library was silently overwriting this
-     length with 12, but did not inform the caller about it. Fixes #4301.

ChangeLog.d/cmake_msvc_utf8.txt

@@ -1,2 +0,0 @@
-Changes
-   * Assume source files are in UTF-8 when using MSVC with CMake.

ChangeLog.d/cookie_parsing_bug.txt

@@ -1,9 +0,0 @@
-Security
-   * Fix a buffer overread in DTLS ClientHello parsing in servers with
-     MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled. An unauthenticated client
-     or a man-in-the-middle could cause a DTLS server to read up to 255 bytes
-     after the end of the SSL input buffer. The buffer overread only happens
-     when MBEDTLS_SSL_IN_CONTENT_LEN is less than a threshold that depends on
-     the exact configuration: 258 bytes if using mbedtls_ssl_cookie_check(),
-     and possibly up to 571 bytes with a custom cookie check function.
-     Reported by the Cybeats PSI Team.

ChangeLog.d/doc-x509-profile-pk.txt

@@ -1,5 +0,0 @@
-Bugfix
-   * Fix incorrect documentation of mbedtls_x509_crt_profile. The previous
-     documentation stated that the `allowed_pks` field applies to signatures
-     only, but in fact it does apply to the public key type of the end entity
-     certificate, too. Fixes #1992.

ChangeLog.d/dtls-cid-null.txt

@@ -1,5 +0,0 @@
-Bugfix
-   * In configurations with MBEDTLS_SSL_DTLS_CONNECTION_ID enabled but none of
-     MBEDTLS_SSL_HW_RECORD_ACCEL, MBEDTLS_SSL_EXPORT_KEYS or MBEDTLS_DEBUG_C,
-     DTLS handshakes using CID would crash due to a null pointer dereference.
-     Fix this. Fixes #3998.

ChangeLog.d/fix-csr_subject_commas.txt

@@ -1,3 +0,0 @@
-Bugfix
-   * Fix string representation of DNs when outputting values containing commas
-     and other special characters, conforming to RFC 1779. Fixes #769.

ChangeLog.d/fix-time-format-pre-2000.txt

@@ -1,3 +0,0 @@
-Bugfix
-   * Encode X.509 dates before 1/1/2000 as UTCTime rather than
-     GeneralizedTime. Fixes #5465.

ChangeLog.d/fix-undefined-memcpy-mbedtls_asn1_named_data.txt

@@ -1,3 +0,0 @@
-Bugfix
-   * Fix undefined behavior in mbedtls_asn1_find_named_data(), where val is
-     not NULL and val_len is zero.

ChangeLog.d/fix-windows-cmake-build-with-shared-libraries.txt

@@ -1,3 +0,0 @@
-Bugfix
-   * Fix the library search path when building a shared library with CMake
-     on Windows.

ChangeLog.d/fix-x25519-program.txt

@@ -1,4 +0,0 @@
-Bugfix
-   * Fix a bug in the x25519 example program where the removal of
-     MBEDTLS_ECDH_LEGACY_CONTEXT caused the program not to run. Fixes #4901 and
-     #3191.

ChangeLog.d/fix_some_resource_leaks.txt

@@ -1,4 +0,0 @@
-Bugfix
-   * Fix resource leaks in mbedtls_pk_parse_public_key() in low
-     memory conditions.
-

ChangeLog.d/fix_tls_record_size_check.txt

@@ -1,4 +0,0 @@
-Bugfix
-   * Fix record sizes larger than 16384 being sometimes accepted despite being
-     non-compliant. This could not lead to a buffer overflow. In particular,
-     application data size was already checked correctly.

ChangeLog.d/mbedtls_ssl_config_defaults-memleak.txt

@@ -1,2 +0,0 @@
-Bugfix
-   * Fix a memory leak if mbedtls_ssl_config_defaults() is called twice.

ChangeLog.d/psa-rc4.txt

@@ -1,3 +0,0 @@
-Bugfix
-   * Fix PSA cipher multipart operations using ARC4. Previously, an IV was
-     required but discarded. Now, an IV is rejected, as it should be.

ChangeLog.d/psa_crypto_config_file.txt

@@ -1,6 +0,0 @@
-Features
-   * When MBEDTLS_PSA_CRYPTO_CONFIG is enabled, you may list the PSA crypto
-     feature requirements in the file named by the new macro
-     MBEDTLS_PSA_CRYPTO_CONFIG_FILE instead of the default psa/crypto_config.h.
-     Furthermore you may name an additional file to include after the main
-     file with the macro MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE.

ChangeLog.d/psa_crypto_reduced_configs_bugs.txt

@@ -1,3 +0,0 @@
-Bugfix
-   * Fix several bugs (warnings, compiler and linker errors, test failures)
-     in reduced configurations when MBEDTLS_USE_PSA_CRYPTO is enabled.

ChangeLog.d/psa_raw_key_agreement-buffer_too_small.txt

@@ -1,3 +0,0 @@
-Bugfix
-   * psa_raw_key_agreement() now returns PSA_ERROR_BUFFER_TOO_SMALL when
-     applicable. Fixes #5735.

ChangeLog.d/resumption_cid.txt

@@ -1,5 +0,0 @@
-Bugfix
-   * Fix server connection identifier setting for outgoing encrypted records
-     on DTLS 1.2 session resumption. After DTLS 1.2 session resumption with
-     connection identifier, the Mbed TLS client now properly sends the server
-     connection identifier in encrypted record headers. Fix #5872.

ChangeLog.d/selftest-gcc12.txt

@@ -1,2 +0,0 @@
-Bugfix
-   * Silence a warning from GCC 12 in the selftest program. Fixes #5974.

ChangeLog.d/timeless.txt

@@ -1,3 +0,0 @@
-Bugfix
-   * Fix compile errors when MBEDTLS_HAVE_TIME is not defined. Add tests
-     to catch bad uses of time.h.

ChangeLog.d/use-psa-ecdhe-curve.txt

@@ -1,7 +0,0 @@
-Bugfix
-   * Fix a bug in (D)TLS curve negotiation: when MBEDTLS_USE_PSA_CRYPTO was
-     enabled and an ECDHE-ECDSA or ECDHE-RSA key exchange was used, the
-     client would fail to check that the curve selected by the server for
-     ECDHE was indeed one that was offered. As a result, the client would
-     accept any curve that it supported, even if that curve was not allowed
-     according to its configuration. Fixes #5291.

ChangeLog.d/zeroize_key_buffers_before_free.txt

@@ -1,4 +0,0 @@
-Security
-   * Zeroize dynamically-allocated buffers used by the PSA Crypto key storage
-     module before freeing them. These buffers contain secret key material, and
-     could thus potentially leak the key through freed heap.