Assemble ChangeLog

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2026-03-20 11:11:08 +01:00 · 2025-10-02 15:43:02 +01:00
parent 0c4a951b37
commit 369ea7a041
8 changed files with 43 additions and 38 deletions
--- a/43
+++ b/43
@@ -1,5 +1,48 @@
 Mbed TLS ChangeLog (Sorted per branch, date)

+= Mbed TLS 3.6.5 branch released 2025-10-15
+
+API changes
+   * When building the library as a PSA client (MBEDTLS_PSA_CRYPTO_CLIENT
+     enabled and MBEDTLS_PSA_CRYPTO_C disabled), you need to provide the
+     function psa_can_do_cipher() in addition to psa_can_do_hash(). This
+     changed was made in Mbed TLS 3.6.0 but was not announced then.
+
+Features
+   * The new function mbedtls_cipher_finish_padded() is similar to
+     mbedtls_cipher_finish(), but makes it easier to process invalid-padding
+     conditions in constant time.
+
+Security
+   * Fix a timing side channel in CBC-PKCS7 decryption that could
+     allow an attacker who can submit chosen ciphertexts to recover
+     some plaintexts through a timing-based padding oracle attack.
+     Credits to Beat Heeb from Oberon microsystems AG. CVE-2025-59438
+   * Fix a local timing side-channel in modular inversion and GCD that was
+     exploitable in RSA key generation and other RSA operations (see the full
+     advisory for details), allowing a local attacker to fully recover the
+     private key. This can be exploited on some Arm-v9 CPUs by an unprivileged
+     attacker running code on the same core (SSBleed), or when Trustzone-M is
+     used, by the non-secure side abusing timer interrupts (M-Step), and
+     probably in other similar settings as well. Found and reported
+     independently by: SSBleed: Chang Liu (Tsinghua University) and Trevor E.
+     Carlson (National University of Singapore); M-Step: Cristiano Rodrigues
+     (University of Minho), Marton Bognar (DistriNet, KU Leuven), Sandro Pinto
+     (University of Minho), Jo Van Bulck (DistriNet, KU Leuven). CVE-2025-54764
+
+Bugfix
+    * Fix potential CMake parallel build failure when building both the static
+      and shared libraries.
+   * Fix a build error or incorrect TLS session
+     lifetime on platforms where mbedtls_time_t
+     is not time_t. Fixes #10236.
+
+Changes
+   * The function mbedtls_mpi_gcd() now always gives a non-negative output.
+     Previously the output was negative when B = 0 and A < 0, which was not
+     documented, and inconsistent as all other inputs resulted in a non-negative
+     output.
+
 = Mbed TLS 3.6.4 branch released 2025-06-30

 Features
--- a/ChangeLog.d/fix-dependency-on-generated-files.txt
+++ b/ChangeLog.d/fix-dependency-on-generated-files.txt
@@ -1,3 +0,0 @@
-Bugfix
-    * Fix potential CMake parallel build failure when building both the static
-      and shared libraries.
--- a/ChangeLog.d/gcd-sign.txt
+++ b/ChangeLog.d/gcd-sign.txt
@@ -1,5 +0,0 @@
-Changes
-   * The function mbedtls_mpi_gcd() now always gives a non-negative output.
-     Previously the output was negative when B = 0 and A < 0, which was not
-     documented, and inconsistent as all other inputs resulted in a non-negative
-     output.
--- a/ChangeLog.d/mbedtls_cipher_finish_padded.txt
+++ b/ChangeLog.d/mbedtls_cipher_finish_padded.txt
@@ -1,4 +0,0 @@
-Features
-   * The new function mbedtls_cipher_finish_padded() is similar to
-     mbedtls_cipher_finish(), but makes it easier to process invalid-padding
-     conditions in constant time.
--- a/ChangeLog.d/pkcs7-padding-error-leak.txt
+++ b/ChangeLog.d/pkcs7-padding-error-leak.txt
@@ -1,5 +0,0 @@
-Security
-   * Fix a timing side channel in CBC-PKCS7 decryption that could
-     allow an attacker who can submit chosen ciphertexts to recover
-     some plaintexts through a timing-based padding oracle attack.
-     Credits to Beat Heeb from Oberon microsystems AG. CVE-2025-59438
--- a/ChangeLog.d/psa_can_do_cipher.txt
+++ b/ChangeLog.d/psa_can_do_cipher.txt
@@ -1,5 +0,0 @@
-API changes
-   * When building the library as a PSA client (MBEDTLS_PSA_CRYPTO_CLIENT
-     enabled and MBEDTLS_PSA_CRYPTO_C disabled), you need to provide the
-     function psa_can_do_cipher() in addition to psa_can_do_hash(). This
-     changed was made in Mbed TLS 3.6.0 but was not announced then.
--- a/ChangeLog.d/replace_time_t.txt
+++ b/ChangeLog.d/replace_time_t.txt
@@ -1,4 +0,0 @@
-Bugfix
-   * Fix a build error or incorrect TLS session
-     lifetime on platforms where mbedtls_time_t
-     is not time_t. Fixes #10236.
--- a/ChangeLog.d/ssbleed-mstep.txt
+++ b/ChangeLog.d/ssbleed-mstep.txt
@@ -1,12 +0,0 @@
-Security
-   * Fix a local timing side-channel in modular inversion and GCD that was
-     exploitable in RSA key generation and other RSA operations (see the full
-     advisory for details), allowing a local attacker to fully recover the
-     private key. This can be exploited on some Arm-v9 CPUs by an unprivileged
-     attacker running code on the same core (SSBleed), or when Trustzone-M is
-     used, by the non-secure side abusing timer interrupts (M-Step), and
-     probably in other similar settings as well. Found and reported
-     independently by: SSBleed: Chang Liu (Tsinghua University) and Trevor E.
-     Carlson (National University of Singapore); M-Step: Cristiano Rodrigues
-     (University of Minho), Marton Bognar (DistriNet, KU Leuven), Sandro Pinto
-     (University of Minho), Jo Van Bulck (DistriNet, KU Leuven). CVE-2025-54764