From 7de3eed6369ec81d3f0d77ed059f69f9a2cef48c Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 3 Oct 2023 22:26:03 +0100 Subject: [PATCH] Prepare ChangeLog for 2.28.5 release ``` ./scripts/assemble_changelog.py ``` Signed-off-by: Minos Galanakis --- ChangeLog | 49 +++++++++++++++++++ ChangeLog.d/MBEDTLS_CIPHER_BLKSIZE_MAX.txt | 7 --- .../MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND.txt | 4 -- ChangeLog.d/add-new-pkcs5-pbe2-ext-fun.txt | 7 --- ChangeLog.d/fix-a-few-unchecked-return.txt | 3 -- ChangeLog.d/fix-iar-compiler-warnings.txt | 2 - ...-on-ecp-curve-optimized-representation.txt | 3 -- .../initialize-struct-get-other-name.txt | 8 --- ...dtls_ecdsa_can_do-unconditional-define.txt | 3 -- ChangeLog.d/padding-ct-changelog.txt | 6 --- ChangeLog.d/ssl_decrypt_buf-short_record.txt | 3 -- .../x509-ec-algorithm-identifier-fix.txt | 4 -- 12 files changed, 49 insertions(+), 50 deletions(-) delete mode 100644 ChangeLog.d/MBEDTLS_CIPHER_BLKSIZE_MAX.txt delete mode 100644 ChangeLog.d/MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND.txt delete mode 100644 ChangeLog.d/add-new-pkcs5-pbe2-ext-fun.txt delete mode 100644 ChangeLog.d/fix-a-few-unchecked-return.txt delete mode 100644 ChangeLog.d/fix-iar-compiler-warnings.txt delete mode 100644 ChangeLog.d/improve-doc-on-ecp-curve-optimized-representation.txt delete mode 100644 ChangeLog.d/initialize-struct-get-other-name.txt delete mode 100644 ChangeLog.d/mbedtls_ecdsa_can_do-unconditional-define.txt delete mode 100644 ChangeLog.d/padding-ct-changelog.txt delete mode 100644 ChangeLog.d/ssl_decrypt_buf-short_record.txt delete mode 100644 ChangeLog.d/x509-ec-algorithm-identifier-fix.txt diff --git a/ChangeLog b/ChangeLog index c977a68151..2989ba3022 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,54 @@ Mbed TLS ChangeLog (Sorted per branch, date) += Mbed TLS x.x.x branch released xxxx-xx-xx + +Features + * The documentation of mbedtls_ecp_group now describes the optimized + representation of A for some curves. Fixes #8045. + +Security + * Developers using mbedtls_pkcs5_pbes2() or mbedtls_pkcs12_pbe() should + review the size of the output buffer passed to this function, and note + that the output after decryption may include CBC padding. Consider moving + to the new functions mbedtls_pkcs5_pbes2_ext() or mbedtls_pkcs12_pbe_ext() + which checks for overflow of the output buffer and reports the actual + length of the output. + * Improve padding calculations in CBC decryption, NIST key unwrapping and + RSA OAEP decryption. With the previous implementation, some compilers + (notably recent versions of Clang and IAR) could produce non-constant + time code, which could allow a padding oracle attack if the attacker + has access to precise timing measurements. + * Fix a buffer overread when parsing short TLS application data records in + ARC4 or null-cipher cipher suites. Credit to OSS-Fuzz. + +Bugfix + * Fix x509 certificate generation to conform to RFC 5480 / RFC 5758 when + using ECC key. The certificate was rejected by some crypto frameworks. + Fixes #2924. + * Fix some cases where mbedtls_mpi_mod_exp, RSA key construction or ECDSA + signature can silently return an incorrect result in low memory conditions. + * Fix IAR compiler warnings. Fixes #7873, #4300. + * Fix an issue when parsing an otherName subject alternative name into a + mbedtls_x509_san_other_name struct. The type-id of the otherName was not + copied to the struct. This meant that the struct had incomplete + information about the otherName SAN and contained uninitialized memory. + * Fix the detection of HardwareModuleName otherName SANs. These were being + detected by comparing the wrong field and the check was erroneously + inverted. + * Fix an error when MBEDTLS_ECDSA_SIGN_ALT is defined but not + MBEDTLS_ECDSA_VERIFY_ALT, causing ecdsa verify to fail. Fixes #7498. + * Functions in the ssl_cache module now return a negative MBEDTLS_ERR_xxx + error code on failure. Before, they returned 1 to indicate failure in + some cases involving a missing entry or a full cache. + +Changes + * In configurations with ARIA or Camellia but not AES, the value of + MBEDTLS_CIPHER_BLKSIZE_MAX was 8, rather than 16 as the name might + suggest. This did not affect any library code, because this macro was + only used in relation with CMAC which does not support these ciphers. + Its value is now 16 if ARIA or Camellia are present. This may affect + application code that uses this macro. + = Mbed TLS 2.28.4 branch released 2023-08-04 Features diff --git a/ChangeLog.d/MBEDTLS_CIPHER_BLKSIZE_MAX.txt b/ChangeLog.d/MBEDTLS_CIPHER_BLKSIZE_MAX.txt deleted file mode 100644 index fb0e8cc7ac..0000000000 --- a/ChangeLog.d/MBEDTLS_CIPHER_BLKSIZE_MAX.txt +++ /dev/null @@ -1,7 +0,0 @@ -Changes - * In configurations with ARIA or Camellia but not AES, the value of - MBEDTLS_CIPHER_BLKSIZE_MAX was 8, rather than 16 as the name might - suggest. This did not affect any library code, because this macro was - only used in relation with CMAC which does not support these ciphers. - Its value is now 16 if ARIA or Camellia are present. This may affect - application code that uses this macro. diff --git a/ChangeLog.d/MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND.txt b/ChangeLog.d/MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND.txt deleted file mode 100644 index 6f091bb9fb..0000000000 --- a/ChangeLog.d/MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Functions in the ssl_cache module now return a negative MBEDTLS_ERR_xxx - error code on failure. Before, they returned 1 to indicate failure in - some cases involving a missing entry or a full cache. diff --git a/ChangeLog.d/add-new-pkcs5-pbe2-ext-fun.txt b/ChangeLog.d/add-new-pkcs5-pbe2-ext-fun.txt deleted file mode 100644 index f2e7a4a2c1..0000000000 --- a/ChangeLog.d/add-new-pkcs5-pbe2-ext-fun.txt +++ /dev/null @@ -1,7 +0,0 @@ -Security - * Developers using mbedtls_pkcs5_pbes2() or mbedtls_pkcs12_pbe() should - review the size of the output buffer passed to this function, and note - that the output after decryption may include CBC padding. Consider moving - to the new functions mbedtls_pkcs5_pbes2_ext() or mbedtls_pkcs12_pbe_ext() - which checks for overflow of the output buffer and reports the actual - length of the output. diff --git a/ChangeLog.d/fix-a-few-unchecked-return.txt b/ChangeLog.d/fix-a-few-unchecked-return.txt deleted file mode 100644 index aadde36315..0000000000 --- a/ChangeLog.d/fix-a-few-unchecked-return.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix some cases where mbedtls_mpi_mod_exp, RSA key construction or ECDSA - signature can silently return an incorrect result in low memory conditions. diff --git a/ChangeLog.d/fix-iar-compiler-warnings.txt b/ChangeLog.d/fix-iar-compiler-warnings.txt deleted file mode 100644 index 50f1dcaad5..0000000000 --- a/ChangeLog.d/fix-iar-compiler-warnings.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bugfix - * Fix IAR compiler warnings. Fixes #7873, #4300. diff --git a/ChangeLog.d/improve-doc-on-ecp-curve-optimized-representation.txt b/ChangeLog.d/improve-doc-on-ecp-curve-optimized-representation.txt deleted file mode 100644 index 8fdc588b13..0000000000 --- a/ChangeLog.d/improve-doc-on-ecp-curve-optimized-representation.txt +++ /dev/null @@ -1,3 +0,0 @@ -Features - * The documentation of mbedtls_ecp_group now describes the optimized - representation of A for some curves. Fixes #8045. diff --git a/ChangeLog.d/initialize-struct-get-other-name.txt b/ChangeLog.d/initialize-struct-get-other-name.txt deleted file mode 100644 index dc8395d408..0000000000 --- a/ChangeLog.d/initialize-struct-get-other-name.txt +++ /dev/null @@ -1,8 +0,0 @@ -Bugfix - * Fix an issue when parsing an otherName subject alternative name into a - mbedtls_x509_san_other_name struct. The type-id of the otherName was not - copied to the struct. This meant that the struct had incomplete - information about the otherName SAN and contained uninitialized memory. - * Fix the detection of HardwareModuleName otherName SANs. These were being - detected by comparing the wrong field and the check was erroneously - inverted. diff --git a/ChangeLog.d/mbedtls_ecdsa_can_do-unconditional-define.txt b/ChangeLog.d/mbedtls_ecdsa_can_do-unconditional-define.txt deleted file mode 100644 index 22e8adbc58..0000000000 --- a/ChangeLog.d/mbedtls_ecdsa_can_do-unconditional-define.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix an error when MBEDTLS_ECDSA_SIGN_ALT is defined but not - MBEDTLS_ECDSA_VERIFY_ALT, causing ecdsa verify to fail. Fixes #7498. diff --git a/ChangeLog.d/padding-ct-changelog.txt b/ChangeLog.d/padding-ct-changelog.txt deleted file mode 100644 index 3e2c7e2e84..0000000000 --- a/ChangeLog.d/padding-ct-changelog.txt +++ /dev/null @@ -1,6 +0,0 @@ -Security - * Improve padding calculations in CBC decryption, NIST key unwrapping and - RSA OAEP decryption. With the previous implementation, some compilers - (notably recent versions of Clang and IAR) could produce non-constant - time code, which could allow a padding oracle attack if the attacker - has access to precise timing measurements. diff --git a/ChangeLog.d/ssl_decrypt_buf-short_record.txt b/ChangeLog.d/ssl_decrypt_buf-short_record.txt deleted file mode 100644 index 957cec4700..0000000000 --- a/ChangeLog.d/ssl_decrypt_buf-short_record.txt +++ /dev/null @@ -1,3 +0,0 @@ -Security - * Fix a buffer overread when parsing short TLS application data records in - ARC4 or null-cipher cipher suites. Credit to OSS-Fuzz. diff --git a/ChangeLog.d/x509-ec-algorithm-identifier-fix.txt b/ChangeLog.d/x509-ec-algorithm-identifier-fix.txt deleted file mode 100644 index c1de491e60..0000000000 --- a/ChangeLog.d/x509-ec-algorithm-identifier-fix.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Fix x509 certificate generation to conform to RFC 5480 / RFC 5758 when - using ECC key. The certificate was rejected by some crypto frameworks. - Fixes #2924.