Prepare ChangeLog for 2.28.5 release

``` ./scripts/assemble_changelog.py ``` Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2025-05-28 16:21:27 +03:00 · 2023-10-03 22:26:03 +01:00 · 2023-10-03 22:26:03 +01:00 · 7de3eed636
commit 7de3eed636
parent c7a8ea998d
12 changed files with 49 additions and 50 deletions
--- a/49
+++ b/49
@ -1,5 +1,54 @@
 Mbed TLS ChangeLog (Sorted per branch, date)

+= Mbed TLS x.x.x branch released xxxx-xx-xx
+
+Features
+   * The documentation of mbedtls_ecp_group now describes the optimized
+     representation of A for some curves. Fixes #8045.
+
+Security
+   * Developers using mbedtls_pkcs5_pbes2() or mbedtls_pkcs12_pbe() should
+     review the size of the output buffer passed to this function, and note
+     that the output after decryption may include CBC padding. Consider moving
+     to the new functions mbedtls_pkcs5_pbes2_ext() or mbedtls_pkcs12_pbe_ext()
+     which checks for overflow of the output buffer and reports the actual
+     length of the output.
+   * Improve padding calculations in CBC decryption, NIST key unwrapping and
+     RSA OAEP decryption. With the previous implementation, some compilers
+     (notably recent versions of Clang and IAR) could produce non-constant
+     time code, which could allow a padding oracle attack if the attacker
+     has access to precise timing measurements.
+   * Fix a buffer overread when parsing short TLS application data records in
+     ARC4 or null-cipher cipher suites. Credit to OSS-Fuzz.
+
+Bugfix
+   * Fix x509 certificate generation to conform to RFC 5480 / RFC 5758 when
+     using ECC key. The certificate was rejected by some crypto frameworks.
+     Fixes #2924.
+   * Fix some cases where mbedtls_mpi_mod_exp, RSA key construction or ECDSA
+     signature can silently return an incorrect result in low memory conditions.
+   * Fix IAR compiler warnings. Fixes #7873, #4300.
+   * Fix an issue when parsing an otherName subject alternative name into a
+     mbedtls_x509_san_other_name struct. The type-id of the otherName was not
+     copied to the struct. This meant that the struct had incomplete
+     information about the otherName SAN and contained uninitialized memory.
+   * Fix the detection of HardwareModuleName otherName SANs. These were being
+     detected by comparing the wrong field and the check was erroneously
+     inverted.
+   * Fix an error when MBEDTLS_ECDSA_SIGN_ALT is defined but not
+     MBEDTLS_ECDSA_VERIFY_ALT, causing ecdsa verify to fail. Fixes #7498.
+   * Functions in the ssl_cache module now return a negative MBEDTLS_ERR_xxx
+     error code on failure. Before, they returned 1 to indicate failure in
+     some cases involving a missing entry or a full cache.
+
+Changes
+   * In configurations with ARIA or Camellia but not AES, the value of
+     MBEDTLS_CIPHER_BLKSIZE_MAX was 8, rather than 16 as the name might
+     suggest. This did not affect any library code, because this macro was
+     only used in relation with CMAC which does not support these ciphers.
+     Its value is now 16 if ARIA or Camellia are present. This may affect
+     application code that uses this macro.
+
 = Mbed TLS 2.28.4 branch released 2023-08-04

 Features
--- a/ChangeLog.d/MBEDTLS_CIPHER_BLKSIZE_MAX.txt
+++ b/ChangeLog.d/MBEDTLS_CIPHER_BLKSIZE_MAX.txt
@ -1,7 +0,0 @@
-Changes
-   * In configurations with ARIA or Camellia but not AES, the value of
-     MBEDTLS_CIPHER_BLKSIZE_MAX was 8, rather than 16 as the name might
-     suggest. This did not affect any library code, because this macro was
-     only used in relation with CMAC which does not support these ciphers.
-     Its value is now 16 if ARIA or Camellia are present. This may affect
-     application code that uses this macro.
--- a/ChangeLog.d/MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND.txt
+++ b/ChangeLog.d/MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND.txt
@ -1,4 +0,0 @@
-Bugfix
-   * Functions in the ssl_cache module now return a negative MBEDTLS_ERR_xxx
-     error code on failure. Before, they returned 1 to indicate failure in
-     some cases involving a missing entry or a full cache.
--- a/ChangeLog.d/add-new-pkcs5-pbe2-ext-fun.txt
+++ b/ChangeLog.d/add-new-pkcs5-pbe2-ext-fun.txt
@ -1,7 +0,0 @@
-Security
-   * Developers using mbedtls_pkcs5_pbes2() or mbedtls_pkcs12_pbe() should
-     review the size of the output buffer passed to this function, and note
-     that the output after decryption may include CBC padding. Consider moving
-     to the new functions mbedtls_pkcs5_pbes2_ext() or mbedtls_pkcs12_pbe_ext()
-     which checks for overflow of the output buffer and reports the actual
-     length of the output.
--- a/ChangeLog.d/fix-a-few-unchecked-return.txt
+++ b/ChangeLog.d/fix-a-few-unchecked-return.txt
@ -1,3 +0,0 @@
-Bugfix
-   * Fix some cases where mbedtls_mpi_mod_exp, RSA key construction or ECDSA
-     signature can silently return an incorrect result in low memory conditions.
--- a/ChangeLog.d/fix-iar-compiler-warnings.txt
+++ b/ChangeLog.d/fix-iar-compiler-warnings.txt
@ -1,2 +0,0 @@
-Bugfix
-   * Fix IAR compiler warnings. Fixes #7873, #4300.
--- a/ChangeLog.d/improve-doc-on-ecp-curve-optimized-representation.txt
+++ b/ChangeLog.d/improve-doc-on-ecp-curve-optimized-representation.txt
@ -1,3 +0,0 @@
-Features
-   * The documentation of mbedtls_ecp_group now describes the optimized
-     representation of A for some curves. Fixes #8045.
--- a/ChangeLog.d/initialize-struct-get-other-name.txt
+++ b/ChangeLog.d/initialize-struct-get-other-name.txt
@ -1,8 +0,0 @@
-Bugfix
-   * Fix an issue when parsing an otherName subject alternative name into a
-     mbedtls_x509_san_other_name struct. The type-id of the otherName was not
-     copied to the struct. This meant that the struct had incomplete
-     information about the otherName SAN and contained uninitialized memory.
-   * Fix the detection of HardwareModuleName otherName SANs. These were being
-     detected by comparing the wrong field and the check was erroneously
-     inverted.
--- a/ChangeLog.d/mbedtls_ecdsa_can_do-unconditional-define.txt
+++ b/ChangeLog.d/mbedtls_ecdsa_can_do-unconditional-define.txt
@ -1,3 +0,0 @@
-Bugfix
-   * Fix an error when MBEDTLS_ECDSA_SIGN_ALT is defined but not
-     MBEDTLS_ECDSA_VERIFY_ALT, causing ecdsa verify to fail. Fixes #7498.
--- a/ChangeLog.d/padding-ct-changelog.txt
+++ b/ChangeLog.d/padding-ct-changelog.txt
@ -1,6 +0,0 @@
-Security
-   * Improve padding calculations in CBC decryption, NIST key unwrapping and
-     RSA OAEP decryption. With the previous implementation, some compilers
-     (notably recent versions of Clang and IAR) could produce non-constant
-     time code, which could allow a padding oracle attack if the attacker
-     has access to precise timing measurements.
--- a/ChangeLog.d/ssl_decrypt_buf-short_record.txt
+++ b/ChangeLog.d/ssl_decrypt_buf-short_record.txt
@ -1,3 +0,0 @@
-Security
-   * Fix a buffer overread when parsing short TLS application data records in
-     ARC4 or null-cipher cipher suites. Credit to OSS-Fuzz.
--- a/ChangeLog.d/x509-ec-algorithm-identifier-fix.txt
+++ b/ChangeLog.d/x509-ec-algorithm-identifier-fix.txt
@ -1,4 +0,0 @@
-Bugfix
-   * Fix x509 certificate generation to conform to RFC 5480 / RFC 5758 when
-     using ECC key. The certificate was rejected by some crypto frameworks.
-     Fixes #2924.