Merge pull request #1038 from Mbed-TLS/development

Merge development into development-restricted

ChangeLog.d/Define-PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy.txt

@@ -0,0 +1,14 @@
+New deprecations
+   * PSA_WANT_KEY_TYPE_xxx_KEY_PAIR and
+     MBEDTLS_PSA_ACCEL_KEY_TYPE_xxx_KEY_PAIR, where xxx is either ECC or RSA,
+     are now being deprecated in favor of PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy and
+     MBEDTLS_PSA_ACCEL_KEY_TYPE_xxx_KEY_PAIR_yyy. Here yyy can be: USE, IMPORT,
+     EXPORT, GENERATE, DERIVE. The goal is to have a finer detail about the
+     capabilities of the PSA side for either key.
+
+Features
+   * New symbols PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy and
+     MBEDTLS_PSA_ACCEL_KEY_TYPE_xxx_KEY_PAIR_yyy (where xxx is either ECC, RSA
+     or DH) were introduced in order to have finer accuracy in defining the
+     PSA capabilities for each key. These capabilities, named yyy above, can be
+     any of: USE, IMPORT, EXPORT, GENERATE, DERIVE.

ChangeLog.d/X509Parse_SignatureKeyId_AuthorityKeyId.txt

@@ -0,0 +1,3 @@
+Features
+   * When parsing X.509 certificates, support the extensions
+     SignatureKeyIdentifier and AuthorityKeyIdentifier.

ChangeLog.d/add-aes-128bit-only.txt

@@ -0,0 +1,4 @@
+Features
+   * Add support to restrict AES to 128-bit keys in order to save code size.
+     A new configuration option, MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH, can be
+     used to enable this feature.

ChangeLog.d/add-getters-for-some-fields.txt

@@ -0,0 +1,7 @@
+Features
+   * Add getter (mbedtls_ssl_cache_get_timeout()) to access
+     `mbedtls_ssl_cache_context.timeout`.
+   * Add getter (mbedtls_ssl_get_hostname()) to access
+     `mbedtls_ssl_context.hostname`.
+   * Add getter (mbedtls_ssl_conf_get_endpoint()) to access
+     `mbedtls_ssl_config.endpoint`.

ChangeLog.d/add-pbkdf2-hmac.txt

@@ -0,0 +1,2 @@
+Features
+   * Add support for PBKDF2-HMAC through the PSA API.

ChangeLog.d/add-psa_want_alg_some_pake.txt

@@ -0,0 +1,3 @@
+Features
+   * Don't include the PSA dispatch functions for PAKEs (psa_pake_setup() etc)
+     if no PAKE algorithms are requested

ChangeLog.d/add-subjectAltName-certs.txt

@@ -0,0 +1,6 @@
+Features
+   * It is now possible to generate certificates with SubjectAltNames.
+     Currently supported subtypes: DnsName, UniformResourceIdentifier,
+     IP address, OtherName, and DirectoryName, as defined in RFC 5280.
+     See mbedtls_x509write_crt_set_subject_alternative_name for
+     more information.

ChangeLog.d/aes-perf.txt

@@ -0,0 +1,7 @@
+Features
+   * AES performance improvements. Uplift varies by platform,
+     toolchain, optimisation flags and mode.
+     Aarch64, gcc -Os and CCM, GCM and XTS benefit the most.
+     On Aarch64, uplift is typically around 20 - 110%.
+     When compiling with gcc -Os on Aarch64, AES-XTS improves
+     by 4.5x.

ChangeLog.d/armclang-compile-fix.txt

@@ -0,0 +1,7 @@
+Bugfix
+   * Fix clang and armclang compilation error when targeting certain Arm
+     M-class CPUs (Cortex-M0, Cortex-M0+, Cortex-M1, Cortex-M23,
+     SecurCore SC000). Fixes #1077.
+Changes
+   * Enable Arm / Thumb bignum assembly for most Arm platforms when
+     compiling with gcc, clang or armclang and -O0.

ChangeLog.d/basic-uri-verification.txt

@@ -0,0 +1,4 @@
+Features
+   * X.509 hostname verification now partially supports URI Subject Alternate
+     Names. Only exact matching, without any normalization procedures
+     described in 7.4 of RFC5280, will result in a positive URI verification.

ChangeLog.d/bugfix_iar_typo.txt

@@ -0,0 +1,3 @@
+Bugfix
+   * Fixed an issue that caused compile errors when using CMake and the IAR
+     toolchain.

ChangeLog.d/cmake-pass-through-config-defines.txt

@@ -0,0 +1,3 @@
+Features
+   * Allow MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE to be set by
+     setting the CMake variable of the same name at configuration time.

ChangeLog.d/driver-ffdh.txt

@@ -0,0 +1,3 @@
+Features
+   * Add a driver dispatch layer for FFDH keys, enabling alternative
+     implementations of FFDH through the driver entry points.

ChangeLog.d/ffdh-tls-1-3.txt

@@ -0,0 +1,6 @@
+Features
+   * Add support for FFDH key exchange in TLS 1.3.
+     This is automatically enabled as soon as PSA_WANT_ALG_FFDH
+     and the ephemeral or psk-ephemeral key exchange mode are enabled.
+     By default, all groups are offered; the list of groups can be
+     configured using the existing API function mbedtls_ssl_conf_groups().

ChangeLog.d/fix-crypt_and_hash-decrypt-issue.txt

@@ -0,0 +1,4 @@
+Bugfix
+   * Fix crypt_and_hash decryption fail when used with a stream cipher
+     mode of operation due to the input not being multiple of block size.
+     Resolves #7417.

ChangeLog.d/fix-hrr-in-psk-kem.txt

@@ -0,0 +1,5 @@
+Bugfix
+   * In TLS 1.3, fix handshake failure when a client in its ClientHello
+     proposes an handshake based on PSK only key exchange mode or at least
+     one of the key exchange modes using ephemeral keys to a server that
+     supports only the PSK key exchange mode.

ChangeLog.d/fix-ilp32.txt

@@ -0,0 +1,4 @@
+Bugfix
+   * Fix a compilation failure in the constant_time module when
+     building for arm64_32 (e.g., for watchos). Reported by Paulo
+     Coutinho in #7787.

ChangeLog.d/fix-string-to-names-retcode.txt

@@ -0,0 +1,3 @@
+Bugfix
+   * Fix a bug in which mbedtls_x509_string_to_names() would return success
+     when given a invalid name string if it did not contain '=' or ','.

ChangeLog.d/fix-tfm-build.txt

@@ -0,0 +1,5 @@
+Bugfix
+   * Fix compilation warnings in aes.c, which prevented the
+     example TF-M configuration in configs/ from building cleanly:
+     tfm_mbedcrypto_config_profile_medium.h with
+     crypto_config_profile_medium.h.

ChangeLog.d/fix-unterminated-pragma-clang-attribute-push.txt

@@ -0,0 +1,4 @@
+Bugfix
+   * Fix "unterminated '#pragma clang attribute push'" in sha256/sha512.c when
+     built with MBEDTLS_SHAxxx_USE_A64_CRYPTO_IF_PRESENT but don't have a
+     way to detect the crypto extensions required. A warning is still issued.

ChangeLog.d/mbedtls_x509_time.txt

@@ -0,0 +1,3 @@
+Features
+   * Improve mbedtls_x509_time performance and reduce memory use.
+   * Reduce syscalls to time() during certificate verification.

ChangeLog.d/oid-parse-from-numeric-string.txt

@@ -0,0 +1,3 @@
+Features
+   * Add function mbedtls_oid_from_numeric_string() to parse an OID from a
+     string to a DER-encoded mbedtls_asn1_buf.

ChangeLog.d/python3.8.txt

@@ -0,0 +1,2 @@
+Requirement changes
+   * Officially require Python 3.8 now that earlier versions are out of support.

ChangeLog.d/sha3.txt

@@ -0,0 +1,3 @@
+Features
+    * Add SHA-3 family hash functions.
+

ChangeLog.d/ssl_debug_helpers-stack_usage.txt

@@ -0,0 +1,3 @@
+Bugfix
+   * Fix very high stack usage in SSL debug code. Reported by Maximilian
+     Gerhardt in #7804.