From 69661415610509fbd6891c3e809adbc0f981e999 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 14 Jun 2023 17:59:48 +0200
Subject: [PATCH] Changelog entry for the MBEDTLS_CIPHER_BLKSIZE_MAX
 deprecation

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 ChangeLog.d/MBEDTLS_CIPHER_BLKSIZE_MAX.txt | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 ChangeLog.d/MBEDTLS_CIPHER_BLKSIZE_MAX.txt

diff --git a/ChangeLog.d/MBEDTLS_CIPHER_BLKSIZE_MAX.txt b/ChangeLog.d/MBEDTLS_CIPHER_BLKSIZE_MAX.txt
new file mode 100644
index 000000000..e4e564cdb
--- /dev/null
+++ b/ChangeLog.d/MBEDTLS_CIPHER_BLKSIZE_MAX.txt
@@ -0,0 +1,13 @@
+New deprecations
+   * MBEDTLS_CIPHER_BLKSIZE_MAX is deprecated in favor of
+     MBEDTLS_MAX_BLOCK_LENGTH (if you intended what the name suggests:
+     maximum size of any supported block cipher) or the new name
+     MBEDTLS_CMAC_MAX_BLOCK_SIZE (if you intended the actual semantics:
+     maximum size of a block cipher supported by the CMAC module).
+
+Security
+   * In configurations with ARIA or Camellia but not AES, the value of
+     MBEDTLS_CIPHER_BLKSIZE_MAX was 8, rather than 16 as the name might
+     suggest. This did not affect any library code, because this macro was
+     only used in relation with CMAC which does not support these ciphers.
+     This may affect application code that uses this macro.