Changelog entry for the MBEDTLS_CIPHER_BLKSIZE_MAX deprecation Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

commit: 69661415610509fbd6891c3e809adbc0f981e999 [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Wed Jun 14 17:59:48 2023 +0200
committer: Gilles Peskine <Gilles.Peskine@arm.com> Wed Jun 14 18:00:37 2023 +0200
tree: 07287d4c2bc483d63fa5204ff736600757d48bec
parent: c453e2e7e835415608733fc6873c7419defc5b38 [diff]
diff --git a/ChangeLog.d/MBEDTLS_CIPHER_BLKSIZE_MAX.txt b/ChangeLog.d/MBEDTLS_CIPHER_BLKSIZE_MAX.txt
new file mode 100644
index 0000000..e4e564c
--- /dev/null
+++ b/ChangeLog.d/MBEDTLS_CIPHER_BLKSIZE_MAX.txt

@@ -0,0 +1,13 @@
+New deprecations
+   * MBEDTLS_CIPHER_BLKSIZE_MAX is deprecated in favor of
+     MBEDTLS_MAX_BLOCK_LENGTH (if you intended what the name suggests:
+     maximum size of any supported block cipher) or the new name
+     MBEDTLS_CMAC_MAX_BLOCK_SIZE (if you intended the actual semantics:
+     maximum size of a block cipher supported by the CMAC module).
+
+Security
+   * In configurations with ARIA or Camellia but not AES, the value of
+     MBEDTLS_CIPHER_BLKSIZE_MAX was 8, rather than 16 as the name might
+     suggest. This did not affect any library code, because this macro was
+     only used in relation with CMAC which does not support these ciphers.
+     This may affect application code that uses this macro.
commit	69661415610509fbd6891c3e809adbc0f981e999	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Wed Jun 14 17:59:48 2023 +0200
committer	Gilles Peskine <Gilles.Peskine@arm.com>	Wed Jun 14 18:00:37 2023 +0200
tree	07287d4c2bc483d63fa5204ff736600757d48bec
parent	c453e2e7e835415608733fc6873c7419defc5b38 [diff]