From f18db1f631bec1e3239ab2277cc1030723714394 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 23 Mar 2023 11:23:35 +0000 Subject: [PATCH] Assemble changelog for 2.28.3 release Signed-off-by: Paul Elliott --- ChangeLog | 79 +++++++++++++++++++ ChangeLog.d/aes-ni-security-notice.txt | 6 -- ChangeLog.d/aesni.txt | 7 -- ChangeLog.d/build-without-certs.txt | 3 - ChangeLog.d/c-build-helper-hostcc.txt | 4 - ChangeLog.d/clang-15-bignum-warning.txt | 3 - ChangeLog.d/coding-style.txt | 5 -- ...ditionalize-mbedtls_mpi_sub_abs-memcpy.txt | 4 - ChangeLog.d/empty-retval-description.txt | 3 - ChangeLog.d/fix-example-programs-no-args.txt | 4 - ChangeLog.d/fix-gettimeofday-overflow.txt | 4 - ChangeLog.d/fix-iar-warnings.txt | 2 - ChangeLog.d/fix-oid-to-string-bugs.txt | 10 --- ChangeLog.d/fix-rsaalt-test-guards.txt | 3 - ..._for_directory_names_containing_spaces.txt | 4 - ChangeLog.d/fix_hard_link_across_drives.txt | 3 - ChangeLog.d/fix_timing_alt.txt | 5 -- ..._cert_writing_serial_number_management.txt | 5 -- .../mbedtls_ssl_read_undefined_behavior.txt | 3 - ChangeLog.d/mpi-window-perf.txt | 7 -- ChangeLog.d/x509-subaltname-ext.txt | 5 -- 21 files changed, 79 insertions(+), 90 deletions(-) delete mode 100644 ChangeLog.d/aes-ni-security-notice.txt delete mode 100644 ChangeLog.d/aesni.txt delete mode 100644 ChangeLog.d/build-without-certs.txt delete mode 100644 ChangeLog.d/c-build-helper-hostcc.txt delete mode 100644 ChangeLog.d/clang-15-bignum-warning.txt delete mode 100644 ChangeLog.d/coding-style.txt delete mode 100644 ChangeLog.d/conditionalize-mbedtls_mpi_sub_abs-memcpy.txt delete mode 100644 ChangeLog.d/empty-retval-description.txt delete mode 100644 ChangeLog.d/fix-example-programs-no-args.txt delete mode 100644 ChangeLog.d/fix-gettimeofday-overflow.txt delete mode 100644 ChangeLog.d/fix-iar-warnings.txt delete mode 100644 ChangeLog.d/fix-oid-to-string-bugs.txt delete mode 100644 ChangeLog.d/fix-rsaalt-test-guards.txt delete mode 100644 ChangeLog.d/fix_build_for_directory_names_containing_spaces.txt delete mode 100644 ChangeLog.d/fix_hard_link_across_drives.txt delete mode 100644 ChangeLog.d/fix_timing_alt.txt delete mode 100644 ChangeLog.d/improve_x509_cert_writing_serial_number_management.txt delete mode 100644 ChangeLog.d/mbedtls_ssl_read_undefined_behavior.txt delete mode 100644 ChangeLog.d/mpi-window-perf.txt delete mode 100644 ChangeLog.d/x509-subaltname-ext.txt diff --git a/ChangeLog b/ChangeLog index 23be7dd02..4033839d9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,84 @@ Mbed TLS ChangeLog (Sorted per branch, date) += Mbed TLS 2.28.3 branch released 2023-03-28 + +Features + * Use HOSTCC (if it is set) when compiling C code during generation of the + configuration-independent files. This allows them to be generated when + CC is set for cross compilation. + * AES-NI is now supported with Visual Studio. + * AES-NI is now supported in 32-bit builds, or when MBEDTLS_HAVE_ASM + is disabled, when compiling with GCC or Clang or a compatible compiler + for a target CPU that supports the requisite instructions (for example + gcc -m32 -msse2 -maes -mpclmul). (Generic x86 builds with GCC-like + compilers still require MBEDTLS_HAVE_ASM and a 64-bit target.) + +Security + * MBEDTLS_AESNI_C, which is enabled by default, was silently ignored on + builds that couldn't compile the GCC-style assembly implementation + (most notably builds with Visual Studio), leaving them vulnerable to + timing side-channel attacks. There is now an intrinsics-based AES-NI + implementation as a fallback for when the assembly one cannot be used. + +Bugfix + * Fix a build issue on Windows where the source and build directory could + not be on different drives (#5751). + * Fix possible integer overflow in mbedtls_timing_hardclock(), which + could cause a crash for certain platforms & compiler options. + * Fix IAR compiler warnings. Fixes #6924. + * Fix a bug in the build where directory names containing spaces were + causing generate_errors.pl to error out resulting in a build failure. + Fixes issue #6879. + * Fix compile error where MBEDTLS_RSA_C and MBEDTLS_X509_CRT_WRITE_C are + defined, but MBEDTLS_PK_RSA_ALT_SUPPORT is not defined. Fixes #3174. + * Fix a build issue when defining MBEDTLS_TIMING_ALT and MBEDTLS_SELF_TEST. + The library would not link if the user didn't provide an external self-test + function. The self-test is now provided regardless of the choice of + internal/alternative timing implementation. Fixes #6923. + * mbedtls_x509write_crt_set_serial() now explicitly rejects serial numbers + whose binary representation is longer than 20 bytes. This was already + forbidden by the standard (RFC5280 - section 4.1.2.2) and now it's being + enforced also at code level. + * Fix potential undefined behavior in mbedtls_mpi_sub_abs(). Reported by + Pascal Cuoq using TrustInSoft Analyzer in #6701; observed independently by + Aaron Ucko under Valgrind. + * Fix behavior of certain sample programs which could, when run with no + arguments, access uninitialized memory in some cases. Fixes #6700 (which + was found by TrustInSoft Analyzer during REDOCS'22) and #1120. + * Fix build errors in test programs when MBEDTLS_CERTS_C is disabled. + Fixes #6243. + * Fix parsing of X.509 SubjectAlternativeName extension. Previously, + malformed alternative name components were not caught during initial + certificate parsing, but only on subsequent calls to + mbedtls_x509_parse_subject_alt_name(). Fixes #2838. + * Fix bug in conversion from OID to string in + mbedtls_oid_get_numeric_string(). OIDs such as 2.40.0.25 are now printed + correctly. + * Reject OIDs with overlong-encoded subidentifiers when converting + them to a string. + * Reject OIDs with subidentifier values exceeding UINT_MAX. Such + subidentifiers can be valid, but Mbed TLS cannot currently handle them. + * Reject OIDs that have unterminated subidentifiers, or (equivalently) + have the most-significant bit set in their last byte. + * Silence a warning about an unused local variable in bignum.c on + some architectures. Fixes #7166. + * Silence warnings from clang -Wdocumentation about empty \retval + descriptions, which started appearing with Clang 15. Fixes #6960. + * Fix undefined behavior in mbedtls_ssl_read() and mbedtls_ssl_write() if + len argument is 0 and buffer is NULL. + +Changes + * The C code follows a new coding style. This is transparent for users but + affects contributors and maintainers of local patches. For more + information, see + https://mbed-tls.readthedocs.io/en/latest/kb/how-to/rewrite-branch-for-coding-style/ + * Changed the default MBEDTLS_ECP_WINDOW_SIZE from 6 to 2. + As tested in issue 6790, the correlation between this define and + RSA decryption performance has changed lately due to security fixes. + To fix the performance degradation when using default values the + window was reduced from 6 to 2, a value that gives the best or close + to best results when tested on Cortex-M4 and Intel i7. + = Mbed TLS 2.28.2 branch released 2022-12-14 Security diff --git a/ChangeLog.d/aes-ni-security-notice.txt b/ChangeLog.d/aes-ni-security-notice.txt deleted file mode 100644 index ccf8c9a67..000000000 --- a/ChangeLog.d/aes-ni-security-notice.txt +++ /dev/null @@ -1,6 +0,0 @@ -Security - * MBEDTLS_AESNI_C, which is enabled by default, was silently ignored on - builds that couldn't compile the GCC-style assembly implementation - (most notably builds with Visual Studio), leaving them vulnerable to - timing side-channel attacks. There is now an intrinsics-based AES-NI - implementation as a fallback for when the assembly one cannot be used. diff --git a/ChangeLog.d/aesni.txt b/ChangeLog.d/aesni.txt deleted file mode 100644 index 2d90a6e1c..000000000 --- a/ChangeLog.d/aesni.txt +++ /dev/null @@ -1,7 +0,0 @@ -Features - * AES-NI is now supported with Visual Studio. - * AES-NI is now supported in 32-bit builds, or when MBEDTLS_HAVE_ASM - is disabled, when compiling with GCC or Clang or a compatible compiler - for a target CPU that supports the requisite instructions (for example - gcc -m32 -msse2 -maes -mpclmul). (Generic x86 builds with GCC-like - compilers still require MBEDTLS_HAVE_ASM and a 64-bit target.) diff --git a/ChangeLog.d/build-without-certs.txt b/ChangeLog.d/build-without-certs.txt deleted file mode 100644 index dcb5c777d..000000000 --- a/ChangeLog.d/build-without-certs.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix build errors in test programs when MBEDTLS_CERTS_C is disabled. - Fixes #6243. diff --git a/ChangeLog.d/c-build-helper-hostcc.txt b/ChangeLog.d/c-build-helper-hostcc.txt deleted file mode 100644 index 86182c3be..000000000 --- a/ChangeLog.d/c-build-helper-hostcc.txt +++ /dev/null @@ -1,4 +0,0 @@ -Features - * Use HOSTCC (if it is set) when compiling C code during generation of the - configuration-independent files. This allows them to be generated when - CC is set for cross compilation. diff --git a/ChangeLog.d/clang-15-bignum-warning.txt b/ChangeLog.d/clang-15-bignum-warning.txt deleted file mode 100644 index d3308b4c9..000000000 --- a/ChangeLog.d/clang-15-bignum-warning.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Silence a warning about an unused local variable in bignum.c on - some architectures. Fixes #7166. diff --git a/ChangeLog.d/coding-style.txt b/ChangeLog.d/coding-style.txt deleted file mode 100644 index b2cff5cc0..000000000 --- a/ChangeLog.d/coding-style.txt +++ /dev/null @@ -1,5 +0,0 @@ -Changes - * The C code follows a new coding style. This is transparent for users but - affects contributors and maintainers of local patches. For more - information, see - https://mbed-tls.readthedocs.io/en/latest/kb/how-to/rewrite-branch-for-coding-style/ diff --git a/ChangeLog.d/conditionalize-mbedtls_mpi_sub_abs-memcpy.txt b/ChangeLog.d/conditionalize-mbedtls_mpi_sub_abs-memcpy.txt deleted file mode 100644 index 0a90721ea..000000000 --- a/ChangeLog.d/conditionalize-mbedtls_mpi_sub_abs-memcpy.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Fix potential undefined behavior in mbedtls_mpi_sub_abs(). Reported by - Pascal Cuoq using TrustInSoft Analyzer in #6701; observed independently by - Aaron Ucko under Valgrind. diff --git a/ChangeLog.d/empty-retval-description.txt b/ChangeLog.d/empty-retval-description.txt deleted file mode 100644 index 491adf55d..000000000 --- a/ChangeLog.d/empty-retval-description.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Silence warnings from clang -Wdocumentation about empty \retval - descriptions, which started appearing with Clang 15. Fixes #6960. diff --git a/ChangeLog.d/fix-example-programs-no-args.txt b/ChangeLog.d/fix-example-programs-no-args.txt deleted file mode 100644 index 57fe37a8e..000000000 --- a/ChangeLog.d/fix-example-programs-no-args.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Fix behavior of certain sample programs which could, when run with no - arguments, access uninitialized memory in some cases. Fixes #6700 (which - was found by TrustInSoft Analyzer during REDOCS'22) and #1120. diff --git a/ChangeLog.d/fix-gettimeofday-overflow.txt b/ChangeLog.d/fix-gettimeofday-overflow.txt deleted file mode 100644 index 99a049d8c..000000000 --- a/ChangeLog.d/fix-gettimeofday-overflow.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Fix possible integer overflow in mbedtls_timing_hardclock(), which - could cause a crash for certain platforms & compiler options. - diff --git a/ChangeLog.d/fix-iar-warnings.txt b/ChangeLog.d/fix-iar-warnings.txt deleted file mode 100644 index 8a3013232..000000000 --- a/ChangeLog.d/fix-iar-warnings.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bugfix - * Fix IAR compiler warnings. Fixes #6924. diff --git a/ChangeLog.d/fix-oid-to-string-bugs.txt b/ChangeLog.d/fix-oid-to-string-bugs.txt deleted file mode 100644 index 3cf02c39c..000000000 --- a/ChangeLog.d/fix-oid-to-string-bugs.txt +++ /dev/null @@ -1,10 +0,0 @@ -Bugfix - * Fix bug in conversion from OID to string in - mbedtls_oid_get_numeric_string(). OIDs such as 2.40.0.25 are now printed - correctly. - * Reject OIDs with overlong-encoded subidentifiers when converting - them to a string. - * Reject OIDs with subidentifier values exceeding UINT_MAX. Such - subidentifiers can be valid, but Mbed TLS cannot currently handle them. - * Reject OIDs that have unterminated subidentifiers, or (equivalently) - have the most-significant bit set in their last byte. diff --git a/ChangeLog.d/fix-rsaalt-test-guards.txt b/ChangeLog.d/fix-rsaalt-test-guards.txt deleted file mode 100644 index f4f39c9e5..000000000 --- a/ChangeLog.d/fix-rsaalt-test-guards.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix compile error where MBEDTLS_RSA_C and MBEDTLS_X509_CRT_WRITE_C are - defined, but MBEDTLS_PK_RSA_ALT_SUPPORT is not defined. Fixes #3174. diff --git a/ChangeLog.d/fix_build_for_directory_names_containing_spaces.txt b/ChangeLog.d/fix_build_for_directory_names_containing_spaces.txt deleted file mode 100644 index e7643b703..000000000 --- a/ChangeLog.d/fix_build_for_directory_names_containing_spaces.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Fix a bug in the build where directory names containing spaces were - causing generate_errors.pl to error out resulting in a build failure. - Fixes issue #6879. diff --git a/ChangeLog.d/fix_hard_link_across_drives.txt b/ChangeLog.d/fix_hard_link_across_drives.txt deleted file mode 100644 index 99df0f091..000000000 --- a/ChangeLog.d/fix_hard_link_across_drives.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix a build issue on Windows where the source and build directory could - not be on different drives (#5751). diff --git a/ChangeLog.d/fix_timing_alt.txt b/ChangeLog.d/fix_timing_alt.txt deleted file mode 100644 index 86ec16d47..000000000 --- a/ChangeLog.d/fix_timing_alt.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * Fix a build issue when defining MBEDTLS_TIMING_ALT and MBEDTLS_SELF_TEST. - The library would not link if the user didn't provide an external self-test - function. The self-test is now provided regardless of the choice of - internal/alternative timing implementation. Fixes #6923. diff --git a/ChangeLog.d/improve_x509_cert_writing_serial_number_management.txt b/ChangeLog.d/improve_x509_cert_writing_serial_number_management.txt deleted file mode 100644 index a85c79b70..000000000 --- a/ChangeLog.d/improve_x509_cert_writing_serial_number_management.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * mbedtls_x509write_crt_set_serial() now explicitly rejects serial numbers - whose binary representation is longer than 20 bytes. This was already - forbidden by the standard (RFC5280 - section 4.1.2.2) and now it's being - enforced also at code level. diff --git a/ChangeLog.d/mbedtls_ssl_read_undefined_behavior.txt b/ChangeLog.d/mbedtls_ssl_read_undefined_behavior.txt deleted file mode 100644 index 1f2c563be..000000000 --- a/ChangeLog.d/mbedtls_ssl_read_undefined_behavior.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix undefined behavior in mbedtls_ssl_read() and mbedtls_ssl_write() if - len argument is 0 and buffer is NULL. diff --git a/ChangeLog.d/mpi-window-perf.txt b/ChangeLog.d/mpi-window-perf.txt deleted file mode 100644 index 0f75d6af1..000000000 --- a/ChangeLog.d/mpi-window-perf.txt +++ /dev/null @@ -1,7 +0,0 @@ -Changes - * Changed the default MBEDTLS_ECP_WINDOW_SIZE from 6 to 2. - As tested in issue 6790, the correlation between this define and - RSA decryption performance has changed lately due to security fixes. - To fix the performance degradation when using default values the - window was reduced from 6 to 2, a value that gives the best or close - to best results when tested on Cortex-M4 and Intel i7. diff --git a/ChangeLog.d/x509-subaltname-ext.txt b/ChangeLog.d/x509-subaltname-ext.txt deleted file mode 100644 index 7845f181a..000000000 --- a/ChangeLog.d/x509-subaltname-ext.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * Fix parsing of X.509 SubjectAlternativeName extension. Previously, - malformed alternative name components were not caught during initial - certificate parsing, but only on subsequent calls to - mbedtls_x509_parse_subject_alt_name(). Fixes #2838.