Added submodule contents into tree

externals/mbedtls/ChangeLog.d/00README.md

@@ -0,0 +1,91 @@
+# Pending changelog entry directory
+
+This directory contains changelog entries that have not yet been merged
+to the changelog file ([`../ChangeLog`](../ChangeLog)).
+
+## What requires a changelog entry?
+
+Write a changelog entry if there is a user-visible change. This includes:
+
+* Bug fixes in the library or in sample programs: fixing a security hole,
+  fixing broken behavior, fixing the build in some configuration or on some
+  platform, etc.
+* New features in the library, new sample programs, or new platform support.
+* Changes in existing behavior. These should be rare. Changes in features
+  that are documented as experimental may or may not be announced, depending
+  on the extent of the change and how widely we expect the feature to be used.
+
+We generally don't include changelog entries for:
+
+* Documentation improvements.
+* Performance improvements, unless they are particularly significant.
+* Changes to parts of the code base that users don't interact with directly,
+  such as test code and test data.
+* Fixes for compiler warnings. Releases typically contain a number of fixes
+  of this kind, so we will only mention them in the Changelog if they are
+  particularly significant.
+
+Until Mbed TLS 2.24.0, we required changelog entries in more cases.
+Looking at older changelog entries is good practice for how to write a
+changelog entry, but not for deciding whether to write one.
+
+## Changelog entry file format
+
+A changelog entry file must have the extension `*.txt` and must have the
+following format:
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+Security
+   * Change description.
+   * Another change description.
+
+Features
+   * Yet another change description. This is a long change description that
+     spans multiple lines.
+   * Yet again another change description.
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The permitted changelog entry categories are as follows:
+<!-- Keep this synchronized with STANDARD_CATEGORIES in assemble_changelog.py! -->
+
+    API changes
+    Default behavior changes
+    Requirement changes
+    New deprecations
+    Removals
+    Features
+    Security
+    Bugfix
+    Changes
+
+Use “Changes” for anything that doesn't fit in the other categories.
+
+## How to write a changelog entry
+
+Each entry starts with three spaces, an asterisk and a space. Continuation
+lines start with 5 spaces. Lines wrap at 79 characters.
+
+Write full English sentences with proper capitalization and punctuation. Use
+the present tense. Use the imperative where applicable. For example: “Fix a
+bug in mbedtls_xxx() ….”
+
+Include GitHub issue numbers where relevant. Use the format “#1234” for an
+Mbed TLS issue. Add other external references such as CVE numbers where
+applicable.
+
+Credit bug reporters where applicable.
+
+**Explain why, not how**. Remember that the audience is the users of the
+library, not its developers. In particular, for a bug fix, explain the
+consequences of the bug, not how the bug was fixed. For a new feature, explain
+why one might be interested in the feature. For an API change or a deprecation,
+explain how to update existing applications.
+
+See [existing entries](../ChangeLog) for examples.
+
+## How `ChangeLog` is updated
+
+Run [`../scripts/assemble_changelog.py`](../scripts/assemble_changelog.py)
+from a Git working copy
+to move the entries from files in `ChangeLog.d` to the main `ChangeLog` file.

externals/mbedtls/ChangeLog.d/7764.txt

@@ -0,0 +1,3 @@
+Features
+   * Add functions mbedtls_ecc_group_to_psa() and mbedtls_ecc_group_from_psa()
+     to convert between Mbed TLS and PSA curve identifiers.

externals/mbedtls/ChangeLog.d/7765.txt

@@ -0,0 +1,3 @@
+Features
+   * Add functions mbedtls_ecdsa_raw_to_der() and mbedtls_ecdsa_der_to_raw() to
+     convert ECDSA signatures between raw and DER (ASN.1) formats.

externals/mbedtls/ChangeLog.d/8030.txt

@@ -0,0 +1,7 @@
+Changes
+   * Extended PSA Crypto configurations options for FFDH by making it possible
+     to select only some of the parameters / groups, with the macros
+     PSA_WANT_DH_RFC7919_XXXX. You now need to defined the corresponding macro
+     for each size you want to support. Also, if you have an FFDH accelerator,
+     you'll need to define the appropriate MBEDTLS_PSA_ACCEL macros to signal
+     support for these domain parameters.

externals/mbedtls/ChangeLog.d/8340.txt

@@ -0,0 +1,4 @@
+Features
+   * Add functions mbedtls_md_psa_alg_from_type() and
+     mbedtls_md_type_from_psa_alg() to convert between mbedtls_md_type_t and
+     psa_algorithm_t.

externals/mbedtls/ChangeLog.d/8372.txt

@@ -0,0 +1,3 @@
+Features
+   *  AES-NI is now supported in Windows builds with clang and clang-cl.
+      Resolves #8372.

externals/mbedtls/ChangeLog.d/8461.txt

@@ -0,0 +1,4 @@
+Bugfix
+   * Fix unsupported PSA asymmetric encryption and decryption
+     (psa_asymmetric_[en|de]crypt) with opaque keys.
+     Resolves #8461.

externals/mbedtls/ChangeLog.d/8482.txt

@@ -0,0 +1,6 @@
+Changes
+    * PSA_WANT_ALG_CCM and PSA_WANT_ALG_CCM_STAR_NO_TAG are no more synonyms and
+      they are now treated separately. This means that they should be
+      individually enabled in order to enable respective support; also the
+      corresponding MBEDTLS_PSA_ACCEL symbol should be defined in case
+      acceleration is required.

externals/mbedtls/ChangeLog.d/8647.txt

@@ -0,0 +1,10 @@
+Default behavior changes
+   * psa_import_key() now only accepts RSA keys in the PSA standard formats.
+     The undocumented ability to import other formats (PKCS#8, SubjectPublicKey,
+     PEM) accepted by the pkparse module has been removed. Applications that
+     need these formats can call mbedtls_pk_parse_{public,}key() followed by
+     mbedtls_pk_import_into_psa().
+
+Changes
+   * RSA support in PSA no longer auto-enables the pkparse and pkwrite modules,
+     saving code size when those are not otherwise enabled.

externals/mbedtls/ChangeLog.d/8726.txt

@@ -0,0 +1,2 @@
+Features
+   * Add partial platform support for z/OS.

externals/mbedtls/ChangeLog.d/8799.txt

@@ -0,0 +1,3 @@
+Bugfix
+   * mbedtls_pem_read_buffer() now performs a check on the padding data of
+     decrypted keys and it rejects invalid ones.

externals/mbedtls/ChangeLog.d/8824.txt

@@ -0,0 +1,7 @@
+Bugfix
+   * Fix mbedtls_pk_sign(), mbedtls_pk_verify(), mbedtls_pk_decrypt() and
+     mbedtls_pk_encrypt() on non-opaque RSA keys to honor the padding mode in
+     the RSA context. Before, if MBEDTLS_USE_PSA_CRYPTO was enabled, they always
+     used PKCS#1 v1.5 even when the RSA context was configured for PKCS#1 v2.1
+     (PSS/OAEP). Fixes #8824.
+

externals/mbedtls/ChangeLog.d/8848.txt

@@ -0,0 +1,6 @@
+Removals
+   * Temporary function mbedtls_pk_wrap_as_opaque() is removed. To mimic the
+     same behavior mbedtls_pk_get_psa_attributes() and
+     mbedtls_pk_import_into_psa() can be used to import a PK key into PSA,
+     while mbedtls_pk_setup_opaque() can be used to wrap a PSA key into a opaque
+     PK context.

externals/mbedtls/ChangeLog.d/add-aes-cbc-to-pkcs5-pbes2.txt

@@ -0,0 +1,3 @@
+Features
+   * Add support for using AES-CBC 128, 192, and 256 bit schemes
+     with PKCS#5 PBES2. Keys encrypted this way can now be parsed by PK parse.

externals/mbedtls/ChangeLog.d/add-block-cipher-no-decrypt.txt

@@ -0,0 +1,6 @@
+Features
+   * Enable the new option MBEDTLS_BLOCK_CIPHER_NO_DECRYPT to omit
+     the decryption direction of block ciphers (AES, ARIA, Camellia).
+     This affects both the low-level modules and the high-level APIs
+     (the cipher and PSA interfaces). This option is incompatible with modes
+     that use the decryption direction (ECB in PSA, CBC, XTS, KW) and with DES.

externals/mbedtls/ChangeLog.d/add-psa-example-program-hash.txt

@@ -0,0 +1,2 @@
+Features
+   * Added an example program showing how to hash with the PSA API.

externals/mbedtls/ChangeLog.d/add-record-size-limit-extension-support.txt

@@ -0,0 +1,5 @@
+Features
+   * Add support for record size limit extension as defined by RFC 8449
+     and configured with MBEDTLS_SSL_RECORD_SIZE_LIMIT.
+     Application data sent and received will be fragmented according to
+     Record size limits negotiated during handshake.

externals/mbedtls/ChangeLog.d/armv8-aesce.txt

@@ -0,0 +1,3 @@
+Features
+   * Support use of Armv8-A Cryptographic Extensions for hardware acclerated
+     AES when compiling for Thumb (T32) or 32-bit Arm (A32).

externals/mbedtls/ChangeLog.d/benchmark-ecdh.txt

@@ -0,0 +1,3 @@
+Features
+   * The benchmark program now reports times for both ephemeral and static
+     ECDH in all ECDH configurations.

externals/mbedtls/ChangeLog.d/ctr-perf.txt

@@ -0,0 +1,3 @@
+Features
+   * Improve performance of AES-GCM, AES-CTR and CTR-DRBG when
+     hardware accelerated AES is not present (around 13-23% on 64-bit Arm).

externals/mbedtls/ChangeLog.d/domain_parameters.txt

@@ -0,0 +1,9 @@
+New deprecations
+   * In the PSA API, domain parameters are no longer used for anything.
+     They are deprecated and will be removed in a future version of the
+     library.
+
+Removals
+   * In the PSA API, the experimental way to encode the public exponent of
+     an RSA key as a domain parameter is no longer supported. Use
+     psa_generate_key_ext() instead.

externals/mbedtls/ChangeLog.d/driver-only-cipher.txt

@@ -0,0 +1,11 @@
+Features
+   * If a cipher or AEAD mechanism has a PSA driver, you can now build the
+     library without the corresponding built-in implementation. Generally
+     speaking that requires both the key type and algorithm to be accelerated
+     or they'll both be built in. However, for CCM and GCM the built-in
+     implementation is able to take advantage of a driver that only
+     accelerates the key type (that is, the block cipher primitive). See
+     docs/driver-only-builds.md for full details and current limitations.
+   * The CTR_DRBG module will now use AES from a PSA driver if MBEDTLS_AES_C is
+     disabled. This requires PSA_WANT_ALG_ECB_NO_PADDING in addition to
+     MBEDTLS_PSA_CRYPTO_C and PSA_WANT_KEY_TYPE_AES.

externals/mbedtls/ChangeLog.d/ecp-keypair-utilities.txt

@@ -0,0 +1,5 @@
+Features
+   * Add utility functions to manipulate mbedtls_ecp_keypair objects, filling
+     gaps made by making its fields private: mbedtls_ecp_set_public_key(),
+     mbedtls_ecp_write_public_key(), mbedtls_ecp_keypair_calc_public(),
+     mbedtls_ecp_keypair_get_group_id(). Fixes #5017, #5441, #8367, #8652.

externals/mbedtls/ChangeLog.d/ecp_write_key.txt

@@ -0,0 +1,8 @@
+Features
+   * The new function mbedtls_ecp_write_key_ext() is similar to
+     mbedtls_ecp_write_key(), but can be used without separately calculating
+     the output length.
+
+New deprecations
+   * mbedtls_ecp_write_key() is deprecated in favor of
+     mbedtls_ecp_write_key_ext().

externals/mbedtls/ChangeLog.d/fix-cmake-3rdparty-custom-config.txt

@@ -0,0 +1,3 @@
+Bugfix
+   * Fix the build with CMake when Everest or P256-m is enabled through
+     a user configuration file or the compiler command line. Fixes #8165.

externals/mbedtls/ChangeLog.d/fix-cpp-compilation-error.txt

@@ -0,0 +1,3 @@
+Bugfix
+   * Fix compilation error in C++ programs when MBEDTLS_ASN1_PARSE_C is
+     disabled.

externals/mbedtls/ChangeLog.d/fix-csr-parsing-with-critical-fields-fails.txt

@@ -0,0 +1,6 @@
+Features
+   * Add new mbedtls_x509_csr_parse_der_with_ext_cb() routine which allows
+     parsing unsupported certificate extensions via user provided callback.
+
+Bugfix
+   * Fix parsing of CSRs with critical extensions.

externals/mbedtls/ChangeLog.d/fix-issue-x509-cert_req.txt

@@ -0,0 +1,3 @@
+Bugfix
+   * Fix possible NULL dereference issue in X509 cert_req program if an entry
+     in the san parameter is not separated by a colon.

externals/mbedtls/ChangeLog.d/fix-issue-x509-cert_write.txt

@@ -0,0 +1,3 @@
+Bugfix
+   * Fix possible NULL dereference issue in X509 cert_write program if an entry
+     in the san parameter is not separated by a colon.

externals/mbedtls/ChangeLog.d/fix-linux-builds-in-conda-forge.txt

@@ -0,0 +1,2 @@
+Bugfix
+   * Fix build failure in conda-forge.  Fixes #8422.

externals/mbedtls/ChangeLog.d/fix-mingw32-build.txt

@@ -0,0 +1,4 @@
+Bugfix
+  * Fix an inconsistency between implementations and usages of `__cpuid`,
+    which mainly causes failures when building Windows target using
+    mingw or clang. Fixes #8334 & #8332.

externals/mbedtls/ChangeLog.d/fix-tls-SuiteB.txt

@@ -0,0 +1,3 @@
+Bugfix
+   * Remove accidental introduction of RSA signature algorithms
+     in TLS Suite B Profile. Fixes #8221.

externals/mbedtls/ChangeLog.d/fix-tls13-server-min-version-check.txt

@@ -0,0 +1,3 @@
+Bugfix
+   * Fix TLS server accepting TLS 1.2 handshake while TLS 1.2
+     is disabled at runtime. Fixes #8593.

externals/mbedtls/ChangeLog.d/fix_kdf_incorrect_initial_capacity.txt

@@ -0,0 +1,3 @@
+Bugfix
+   * Correct initial capacities for key derivation algorithms:TLS12_PRF,
+     TLS12_PSK_TO_MS, PBKDF2-HMAC, PBKDF2-CMAC

externals/mbedtls/ChangeLog.d/gcm-large-tables.txt

@@ -0,0 +1,4 @@
+Features
+    * Add support for 8-bit GCM tables for Shoup's algorithm to speedup GCM
+      operations when hardware accelerated AES is not present. Improves
+      performance by around 30% on 64-bit Intel; 125% on Armv7-M.

externals/mbedtls/ChangeLog.d/gen-key-segfault.txt

@@ -0,0 +1,3 @@
+Bugfix
+   * Avoid segmentation fault caused by releasing not initialized
+     entropy resource in gen_key example. Fixes #8809.

externals/mbedtls/ChangeLog.d/get_ticket_creation_time.txt

@@ -0,0 +1,3 @@
+Features
+   * Add getter (mbedtls_ssl_session_get_ticket_creation_time()) to access
+     `mbedtls_ssl_session.ticket_creation_time`.

externals/mbedtls/ChangeLog.d/gnutls_anti_replay_fail.txt

@@ -0,0 +1,5 @@
+Bugfix
+    * Switch to milliseconds as the unit for ticket creation and reception time
+      instead of seconds. That avoids rounding errors when computing the age of
+      tickets compared to peer using a millisecond clock (observed with GnuTLS).
+      Fixes #6623.

externals/mbedtls/ChangeLog.d/iar-gcc-perf.txt

@@ -0,0 +1,2 @@
+Features
+   * Improve performance for gcc (versions older than 9.3.0) and IAR.

externals/mbedtls/ChangeLog.d/linux-aarch64-hwcap.txt

@@ -0,0 +1,4 @@
+Bugfix
+   * On Linux on ARMv8, fix a build error with SHA-256 and SHA-512
+     acceleration detection when the libc headers do not define the
+     corresponding constant. Reported by valord577.

externals/mbedtls/ChangeLog.d/mbedtls_pk_import_into_psa.txt

@@ -0,0 +1,4 @@
+Features
+   * The new functions mbedtls_pk_get_psa_attributes() and
+     mbedtls_pk_import_into_psa() provide a uniform way to create a PSA
+     key from a PK key.

externals/mbedtls/ChangeLog.d/move-mbedtls-ecc-psa-helpers.txt

@@ -0,0 +1,3 @@
+Changes
+    * Moved declaration of functions mbedtls_ecc_group_to_psa and
+      mbedtls_ecc_group_of_psa from psa/crypto_extra.h to mbedtls/psa_util.h

externals/mbedtls/ChangeLog.d/no-cipher.txt

@@ -0,0 +1,9 @@
+Features
+   * Fewer modules depend on MBEDTLS_CIPHER_C, making it possible to save code
+     size by disabling it in more circumstances. In particular, the CCM and
+     GCM modules no longer depend on MBEDTLS_CIPHER_C. Also,
+     MBEDTLS_PSA_CRYPTO can now be enabled without MBEDTLS_CIPHER_C if all
+     unauthenticated (non-AEAD) ciphers are disabled, or if they're all
+     fully provided by drivers. See docs/driver-only-builds.md for full
+     details and current limitations; in particular, NIST_KW and PKCS5/PKCS12
+     decryption still unconditionally depend on MBEDTLS_CIPHER_C.

externals/mbedtls/ChangeLog.d/non-psa-pk-implementation.txt

@@ -0,0 +1,3 @@
+Changes
+   * mbedtls_pk_sign_ext() is now always available, not just when
+     PSA (MBEDTLS_PSA_CRYPTO_C) is enabled.

externals/mbedtls/ChangeLog.d/pkg-config-files-addition.txt

@@ -0,0 +1,4 @@
+Features
+   * Add pc files for pkg-config, e.g.:
+     pkg-config --cflags --libs (mbedtls|mbedcrypto|mbedx509)
+

externals/mbedtls/ChangeLog.d/pkwrite-pem-use-heap.txt

@@ -0,0 +1,4 @@
+Changes
+   * Use heap memory to allocate DER encoded public/private key.
+     This reduces stack usage significantly for writing a public/private
+     key to a PEM string.

externals/mbedtls/ChangeLog.d/psa_generate_key_ext.txt

@@ -0,0 +1,3 @@
+Features
+   * The new function psa_generate_key_ext() allows generating an RSA
+     key pair with a custom public exponent.

externals/mbedtls/ChangeLog.d/rename-conf-early-data-API.txt

@@ -0,0 +1,4 @@
+API changes
+   * Remove `tls13_` in mbedtls_ssl_tls13_conf_early_data() and
+     mbedtls_ssl_tls13_conf_max_early_data_size() API names. Early data
+     feature may not be TLS 1.3 specific in the future. Fixes #6909.

externals/mbedtls/ChangeLog.d/rsa-bitlen.txt

@@ -0,0 +1,7 @@
+Bugfix
+   * Fix mbedtls_pk_get_bitlen() for RSA keys whose size is not a
+     multiple of 8. Fixes #868.
+
+Features
+   * The new function mbedtls_rsa_get_bitlen() returns the length of the modulus
+     in bits, i.e. the key size for an RSA key.

externals/mbedtls/ChangeLog.d/sha256-armce-arm.txt

@@ -0,0 +1,7 @@
+Features
+    * Support Armv8-A Crypto Extension acceleration for SHA-256
+      when compiling for Thumb (T32) or 32-bit Arm (A32).
+New deprecations
+    * Rename the MBEDTLS_SHA256_USE_A64_CRYPTO_xxx config options to
+      MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_xxx. The old names may still
+      be used, but are deprecated.