Merge branch 'development_3.0' into drop_old_tls_options

ChangeLog.d/bugfix_PR3616.txt

@@ -0,0 +1,5 @@
+Bugfix
+   * Fix premature fopen() call in mbedtls_entropy_write_seed_file which may
+     lead to the seed file corruption in case if the path to the seed file is
+     equal to MBEDTLS_PLATFORM_STD_NV_SEED_FILE. Contributed by Victor
+     Krasnoshchok in #3616.

ChangeLog.d/dtls_sample_use_read_timeout.txt

@@ -0,0 +1,2 @@
+Changes
+   * Fix the setting of the read timeout in the DTLS sample programs.

ChangeLog.d/fix-invalid-id-error-code.txt

@@ -0,0 +1,5 @@
+Bugfix
+   * PSA functions creating a key now return PSA_ERROR_INVALID_ARGUMENT rather
+     than PSA_ERROR_INVALID_HANDLE when the identifier specified for the key
+     to create is not valid, bringing them in line with version 1.0.0 of the
+     specification. Fix #4271.

ChangeLog.d/fix-printf-specifiers.txt

@@ -0,0 +1,10 @@
+Bugfix
+   * Add printf function attributes to mbedtls_debug_print_msg to ensure we
+     get printf format specifier warnings.
+Changes
+   * Add extra printf compiler warning flags to builds.
+Requirement changes
+   * The library now uses the %zu format specifier with the printf() family of
+     functions, so requires a toolchain that supports it. This change does not
+     affect the maintained LTS branches, so when contributing changes please
+     bear this in mind and do not add them to backported code.

ChangeLog.d/fix_memsan_build_clang11.txt

@@ -0,0 +1,2 @@
+Changes
+   * Fix memsan build false positive in x509_crt.c with clang 11

ChangeLog.d/fix_return_type_for_invalid_crypto_key.txt

@@ -0,0 +1,4 @@
+Bugfix
+   * PSA functions other than psa_open_key now return PSA_ERROR_INVALID_HANDLE
+     rather than PSA_ERROR_DOES_NOT_EXIST for an invalid handle, bringing them
+     in line with version 1.0.0 of the specification. Fix #4162.

ChangeLog.d/issue3819.txt

@@ -1,10 +0,0 @@
-Security
-   * Fix a security reduction in CTR_DRBG when the initial seeding obtained a
-     nonce from entropy. Applications were affected if they called
-     mbedtls_ctr_drbg_set_nonce_len(), if they called
-     mbedtls_ctr_drbg_set_entropy_len() with a size that was 3/2 times the key
-     length, or when the entropy module uses SHA-256 and CTR_DRBG uses AES-256.
-     In such cases, a random nonce was necessary to achieve the advertised
-     security strength, but the code incorrectly used a constant instead of
-     entropy from the nonce.
-     Found by John Stroebel in #3819 and fixed in #3973.

ChangeLog.d/move_alt_helpers.txt

@@ -0,0 +1,7 @@
+API changes
+   * Move alt helpers and definitions.
+     Various helpers and definitions available for use in alt implementations
+     have been moved out of the include/ directory and into the library/
+     directory. The files concerned are ecp_internal.h and rsa_internal.h
+     which have also been renamed to ecp_alt.h and rsa_alt_helpers.h
+     respectively.

ChangeLog.d/move_internal_headers.txt

@@ -0,0 +1,6 @@
+API changes
+   * Move internal headers.
+     Header files that were only meant for the library's internal use and
+     were not meant to be used in application code have been moved out of
+     the include/ directory. The headers concerned are bn_mul.h, aesni.h,
+     padlock.h, entropy_poll.h and *_internal.h.

ChangeLog.d/pkcs1_v21_sign_ext.txt

@@ -0,0 +1,5 @@
+Features
+   * Add mbedtls_rsa_rsassa_pss_sign_ext() function allowing to generate a
+     signature with a specific salt length. This function allows to validate
+     test cases provided in the NIST's CAVP test suite. Contributed by Cédric
+     Meuter in PR #3183.

ChangeLog.d/programs-ssl-use-after-scope.txt

@@ -1,2 +0,0 @@
-Bugfix
-   * Fix use-after-scope error in programs/ssl/ssl_client2.c and ssl_server2.c

ChangeLog.d/psa-crypto-hmac-drbg.txt

@@ -1,5 +0,0 @@
-Features
-   * The PSA crypto subsystem can now use HMAC_DRBG instead of CTR_DRBG.
-     CTR_DRBG is used by default if it is available, but you can override
-     this choice by setting MBEDTLS_PSA_HMAC_DRBG_MD_TYPE at compile time.
-     Fix #3354.

ChangeLog.d/psa_close_key_memory_leak_fix.txt

@@ -1,3 +0,0 @@
-Bugfix
-   * Fix memory leak that occured when calling psa_close_key() on a
-     wrapped key with MBEDTLS_PSA_CRYPTO_SE_C defined.

ChangeLog.d/remove_certs.txt

@@ -0,0 +1,5 @@
+API changes
+   * Remove certs module from the API.
+     Transfer keys and certificates embedded in the library to the test
+     component. This contributes to minimizing library API and discourages
+     users from using unsafe keys in production.

ChangeLog.d/remove_havege.txt

@@ -1,7 +1,9 @@
 API changes
    * Remove HAVEGE module.
-     The design of HAVEGE makes it unsuitable for microcontrollers. Platforms with a more complex
-     CPU usually have an operating system interface that provides better randomness.
-     Instead of HAVEGE, declare OS or hardware RNG interfaces with mbedtls_entropy_add_source()
-     and/or use an entropy seed file created securely during device provisioning.
-     See https://tls.mbed.org/kb/how-to/add-entropy-sources-to-entropy-pool for more information.
+     The design of HAVEGE makes it unsuitable for microcontrollers. Platforms
+     with a more complex CPU usually have an operating system interface that
+     provides better randomness. Instead of HAVEGE, declare OS or hardware RNG
+     interfaces with mbedtls_entropy_add_source() and/or use an entropy seed
+     file created securely during device provisioning. See
+     https://tls.mbed.org/kb/how-to/add-entropy-sources-to-entropy-pool for
+     more information.

ChangeLog.d/remove_old_transition_helpers.txt

@@ -1,2 +1,3 @@
 API changes
-   * Remove helpers for the transition from Mbed TLS 1.3 to Mbed TLS 2.0: the header compat-1.3.h and the script rename.pl.
+   * Remove helpers for the transition from Mbed TLS 1.3 to Mbed TLS 2.0: the
+   header compat-1.3.h and the script rename.pl.

ChangeLog.d/rsa_private-ret.txt

@@ -1,2 +0,0 @@
-Bugfix
-   * Fix an incorrect error code if an RSA private operation glitched.