From bdc678f9101a814782ec10de6ed14f7ac5c1cb1f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 27 Sep 2023 10:49:02 +0200 Subject: [PATCH] Add ChangeLog entry for change in driver config API MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit While this was arguably a bug as much as it is a change, I'm choosing the "API changes" section in order to give this more visibility as it seems likely to "break" (that is, compile in the built-implementation when it isn't desired) the build of some people who were relying on the old behaviour by not declaring which curves were accelerated (as most of our tests did before this PR). Said otherwise, as a user, I expect that most of the time "Bugfix" is for things that were not working and are now working, but here interested users are more likely to see it as "previously doing what I want, but now no longer doing what I want unless I make changes to my code". (Though of course there's no clear distinction, see xkcd 1172.) Signed-off-by: Manuel Pégourié-Gonnard --- ChangeLog.d/driver-only-ecc.txt | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/ChangeLog.d/driver-only-ecc.txt b/ChangeLog.d/driver-only-ecc.txt index ca23db9ef..df70ca120 100644 --- a/ChangeLog.d/driver-only-ecc.txt +++ b/ChangeLog.d/driver-only-ecc.txt @@ -8,3 +8,14 @@ Features * When all of ECDH, ECDSA and EC J-PAKE are either disabled or provided by a driver, it is possible to disable MBEDTLS_ECP_C and still get support for ECC keys and algorithms in PSA. See docs/driver-only-builds.txt. +API changes + * Mbed TLS 3.4 introduced support for omitting the built-in implementation + of ECDSA and/or EC J-PAKE when those are provided by a driver. However, + their was a flaw in the logic checking if the built-in implementation, in + that if failed to check if all the relevant curves were supported by the + accelerator. As a result, it was possible to declare no curves as + accelerated and still have the built-in implementation compiled out. + Starting with this release, it is necessary to declare which curves are + accelerated (using MBEDTLS_PSA_ACCEL_ECC_xxx macros), or they will be + considered not accelerated, and the built-in implementation of the curves + and any algorithm possible using them will be included in the build.