Prepare ChangeLog for 3.5.0 release
```
./scripts/assemble_changelog.py
```
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
diff --git a/ChangeLog b/ChangeLog
index bc1d32e..1758e7d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,291 @@
Mbed TLS ChangeLog (Sorted per branch, date)
+= Mbed TLS x.x.x branch released xxxx-xx-xx
+
+API changes
+ * Mbed TLS 3.4 introduced support for omitting the built-in implementation
+ of ECDSA and/or EC J-PAKE when those are provided by a driver. However,
+ their was a flaw in the logic checking if the built-in implementation, in
+ that if failed to check if all the relevant curves were supported by the
+ accelerator. As a result, it was possible to declare no curves as
+ accelerated and still have the built-in implementation compiled out.
+ Starting with this release, it is necessary to declare which curves are
+ accelerated (using MBEDTLS_PSA_ACCEL_ECC_xxx macros), or they will be
+ considered not accelerated, and the built-in implementation of the curves
+ and any algorithm possible using them will be included in the build.
+ * Add new millisecond time type `mbedtls_ms_time_t` and `mbedtls_ms_time()`
+ function, needed for TLS 1.3 ticket lifetimes. Alternative implementations
+ can be created using an ALT interface.
+
+Requirement changes
+ * Officially require Python 3.8 now that earlier versions are out of support.
+ * Minimum required Windows version is now Windows Vista, or
+ Windows Server 2008.
+
+New deprecations
+ * PSA_WANT_KEY_TYPE_xxx_KEY_PAIR and
+ MBEDTLS_PSA_ACCEL_KEY_TYPE_xxx_KEY_PAIR, where xxx is either ECC or RSA,
+ are now being deprecated in favor of PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy and
+ MBEDTLS_PSA_ACCEL_KEY_TYPE_xxx_KEY_PAIR_yyy. Here yyy can be: BASIC,
+ IMPORT, EXPORT, GENERATE, DERIVE. The goal is to have a finer detail about
+ the capabilities of the PSA side for either key.
+ * MBEDTLS_CIPHER_BLKSIZE_MAX is deprecated in favor of
+ MBEDTLS_MAX_BLOCK_LENGTH (if you intended what the name suggests:
+ maximum size of any supported block cipher) or the new name
+ MBEDTLS_CMAC_MAX_BLOCK_SIZE (if you intended the actual semantics:
+ maximum size of a block cipher supported by the CMAC module).
+ * mbedtls_pkcs5_pbes2() and mbedtls_pkcs12_pbe() functions are now
+ deprecated in favor of mbedtls_pkcs5_pbes2_ext() and
+ mbedtls_pkcs12_pbe_ext() as they offer more security by checking
+ for overflow of the output buffer and reporting the actual length
+ of the output.
+
+Features
+ * All modules that use hashes or HMAC can now take advantage of PSA Crypto
+ drivers when MBEDTLS_PSA_CRYPTO_C is enabled and psa_crypto_init() has
+ been called. Previously (in 3.3), this was restricted to a few modules,
+ and only in builds where MBEDTLS_MD_C was disabled; in particular the
+ entropy module was not covered which meant an external RNG had to be
+ provided - these limitations are lifted in this version. A new set of
+ feature macros, MBEDTLS_MD_CAN_xxx, has been introduced that can be used
+ to check for availability of hash algorithms, regardless of whether
+ they're provided by a built-in implementation, a driver or both. See
+ docs/driver-only-builds.md.
+ * When a PSA driver for ECDH is present, it is now possible to disable
+ MBEDTLS_ECDH_C in the build in order to save code size. For TLS 1.2
+ key exchanges based on ECDH(E) to work, this requires
+ MBEDTLS_USE_PSA_CRYPTO. Restartable/interruptible ECDHE operations in
+ TLS 1.2 (ECDHE-ECDSA key exchange) are not supported in those builds yet,
+ as PSA does not have an API for restartable ECDH yet.
+ * When all of ECDH, ECDSA and EC J-PAKE are either disabled or provided by
+ a driver, it is possible to disable MBEDTLS_ECP_C (and MBEDTLS_BIGNUM_C
+ if not required by another module) and still get support for ECC keys and
+ algorithms in PSA, with some limitations. See docs/driver-only-builds.txt
+ for details.
+ * Add parsing of directoryName subtype for subjectAltName extension in
+ x509 certificates.
+ * Add support for server-side TLS version negotiation. If both TLS 1.2 and
+ TLS 1.3 protocols are enabled, the TLS server now selects TLS 1.2 or
+ TLS 1.3 depending on the capabilities and preferences of TLS clients.
+ Fixes #6867.
+ * X.509 hostname verification now supports IPAddress Subject Alternate Names.
+ * Add support for reading and writing X25519 and X448
+ public and private keys in RFC 8410 format using the existing PK APIs.
+ * When parsing X.509 certificates, support the extensions
+ SignatureKeyIdentifier and AuthorityKeyIdentifier.
+ * Don't include the PSA dispatch functions for PAKEs (psa_pake_setup() etc)
+ if no PAKE algorithms are requested
+ * Add support for the FFDH algorithm and DH key types in PSA, with
+ parameters from RFC 7919. This includes a built-in implementation based
+ on MBEDTLS_BIGNUM_C, and a driver dispatch layer enabling alternative
+ implementations of FFDH through the driver entry points.
+ * It is now possible to generate certificates with SubjectAltNames.
+ Currently supported subtypes: DnsName, UniformResourceIdentifier,
+ IP address, OtherName, and DirectoryName, as defined in RFC 5280.
+ See mbedtls_x509write_crt_set_subject_alternative_name for
+ more information.
+ * X.509 hostname verification now partially supports URI Subject Alternate
+ Names. Only exact matching, without any normalization procedures
+ described in 7.4 of RFC5280, will result in a positive URI verification.
+ * Add function mbedtls_oid_from_numeric_string() to parse an OID from a
+ string to a DER-encoded mbedtls_asn1_buf.
+ * Add SHA-3 family hash functions.
+ * Add support to restrict AES to 128-bit keys in order to save code size.
+ A new configuration option, MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH, can be
+ used to enable this feature.
+ * AES performance improvements. Uplift varies by platform,
+ toolchain, optimisation flags and mode.
+ Aarch64, gcc -Os and CCM, GCM and XTS benefit the most.
+ On Aarch64, uplift is typically around 20 - 110%.
+ When compiling with gcc -Os on Aarch64, AES-XTS improves
+ by 4.5x.
+ * Add support for PBKDF2-HMAC through the PSA API.
+ * New symbols PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy and
+ MBEDTLS_PSA_ACCEL_KEY_TYPE_xxx_KEY_PAIR_yyy (where xxx is either ECC, RSA
+ or DH) were introduced in order to have finer accuracy in defining the
+ PSA capabilities for each key. These capabilities, named yyy above, can be
+ any of: BASIC, IMPORT, EXPORT, GENERATE, DERIVE.
+ - DERIVE is only available for ECC keys, not for RSA or DH ones.
+ - implementations are free to enable more than what it was strictly
+ requested. For example BASIC internally enables IMPORT and EXPORT
+ (useful for testing purposes), but this might change in the future.
+ * Add support for FFDH key exchange in TLS 1.3.
+ This is automatically enabled as soon as PSA_WANT_ALG_FFDH
+ and the ephemeral or psk-ephemeral key exchange mode are enabled.
+ By default, all groups are offered; the list of groups can be
+ configured using the existing API function mbedtls_ssl_conf_groups().
+ * Improve mbedtls_x509_time performance and reduce memory use.
+ * Reduce syscalls to time() during certificate verification.
+ * Allow MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE to be set by
+ setting the CMake variable of the same name at configuration time.
+ * Add getter (mbedtls_ssl_cache_get_timeout()) to access
+ `mbedtls_ssl_cache_context.timeout`.
+ * Add getter (mbedtls_ssl_get_hostname()) to access
+ `mbedtls_ssl_context.hostname`.
+ * Add getter (mbedtls_ssl_conf_get_endpoint()) to access
+ `mbedtls_ssl_config.endpoint`.
+ * Support for "opaque" (PSA-held) ECC keys in the PK module has been
+ extended: it is now possible to use mbedtls_pk_write_key_der(),
+ mbedtls_pk_write_key_pem(), mbedtls_pk_check_pair(), and
+ mbedtls_pk_verify() with opaque ECC keys (provided the PSA attributes
+ allow it).
+ * The documentation of mbedtls_ecp_group now describes the optimized
+ representation of A for some curves. Fixes #8045.
+ * Add a possibility to generate CSR's with RCF822 and directoryName subtype
+ of subjectAltName extension in x509 certificates.
+ * Add support for PBKDF2-CMAC through the PSA API.
+ * New configuration option MBEDTLS_AES_USE_HARDWARE_ONLY introduced. When
+ using CPU-accelerated AES (e.g., Arm Crypto Extensions), this option
+ disables the plain C implementation and the run-time detection for the
+ CPU feature, which reduces code size and avoids the vulnerability of the
+ plain C implementation.
+ * Accept arbitrary AttributeType and AttributeValue in certificate
+ Distinguished Names using RFC 4514 syntax.
+ * Applications using ECC over secp256r1 through the PSA API can use a
+ new implementation with a much smaller footprint, but some minor
+ usage restrictions. See the documentation of the new configuration
+ option MBEDTLS_PSA_P256M_DRIVER_ENABLED for details.
+
+Security
+ * Fix a case where potentially sensitive information held in memory would not
+ be completely zeroized during TLS 1.2 handshake, in both server and client
+ configurations.
+ * In configurations with ARIA or Camellia but not AES, the value of
+ MBEDTLS_CIPHER_BLKSIZE_MAX was 8, rather than 16 as the name might
+ suggest. This did not affect any library code, because this macro was
+ only used in relation with CMAC which does not support these ciphers.
+ This may affect application code that uses this macro.
+ * Developers using mbedtls_pkcs5_pbes2() or mbedtls_pkcs12_pbe() should
+ review the size of the output buffer passed to this function, and note
+ that the output after decryption may include CBC padding. Consider moving
+ to the new functions mbedtls_pkcs5_pbes2_ext() or mbedtls_pkcs12_pbe_ext()
+ which checks for overflow of the output buffer and reports the actual
+ length of the output.
+ * Improve padding calculations in CBC decryption, NIST key unwrapping and
+ RSA OAEP decryption. With the previous implementation, some compilers
+ (notably recent versions of Clang and IAR) could produce non-constant
+ time code, which could allow a padding oracle attack if the attacker
+ has access to precise timing measurements.
+ * Updates to constant-time C code so that compilers are less likely to use
+ conditional instructions, which can have an observable difference in
+ timing. (Clang has been seen to do this.) Also introduce assembly
+ implementations for 32- and 64-bit Arm and for x86 and x86-64, which are
+ guaranteed not to use conditional instructions.
+ * Fix definition of MBEDTLS_MD_MAX_BLOCK_SIZE, which was too
+ small when MBEDTLS_SHA384_C was defined and MBEDTLS_SHA512_C was
+ undefined. Mbed TLS itself was unaffected by this, but user code
+ which used MBEDTLS_MD_MAX_BLOCK_SIZE could be affected. The only
+ release containing this bug was Mbed TLS 3.4.0.
+ * Fix a buffer overread when parsing short TLS application data records in
+ null-cipher cipher suites. Credit to OSS-Fuzz.
+ * Fix a remotely exploitable heap buffer overflow in TLS handshake parsing.
+ In TLS 1.3, all configurations are affected except PSK-only ones, and
+ both clients and servers are affected.
+ In TLS 1.2, the affected configurations are those with
+ MBEDTLS_USE_PSA_CRYPTO and ECDH enabled but DHM and RSA disabled,
+ and only servers are affected, not clients.
+ Credit to OSS-Fuzz.
+
+Bugfix
+ * Fix proper sizing for PSA_EXPORT_[KEY_PAIR/PUBLIC_KEY]_MAX_SIZE and
+ PSA_SIGNATURE_MAX_SIZE buffers when at least one accelerated EC is bigger
+ than all built-in ones and RSA is disabled.
+ Resolves #6622.
+ * Add missing md.h includes to some of the external programs from
+ the programs directory. Without this, even though the configuration
+ was sufficient for a particular program to work, it would only print
+ a message that one of the required defines is missing.
+ * Fix declaration of mbedtls_ecdsa_sign_det_restartable() function
+ in the ecdsa.h header file. There was a build warning when the
+ configuration macro MBEDTLS_ECDSA_SIGN_ALT was defined.
+ Resolves #7407.
+ * Fix an error when MBEDTLS_ECDSA_SIGN_ALT is defined but not
+ MBEDTLS_ECDSA_VERIFY_ALT, causing ecdsa verify to fail. Fixes #7498.
+ * Fix missing PSA initialization in sample programs when
+ MBEDTLS_USE_PSA_CRYPTO is enabled.
+ * Fix the J-PAKE driver interface for user and peer to accept any values
+ (previously accepted values were limited to "client" or "server").
+ * Fix clang and armclang compilation error when targeting certain Arm
+ M-class CPUs (Cortex-M0, Cortex-M0+, Cortex-M1, Cortex-M23,
+ SecurCore SC000). Fixes #1077.
+ * Fix "unterminated '#pragma clang attribute push'" in sha256/sha512.c when
+ built with MBEDTLS_SHAxxx_USE_A64_CRYPTO_IF_PRESENT but don't have a
+ way to detect the crypto extensions required. A warning is still issued.
+ * Fixed an issue that caused compile errors when using CMake and the IAR
+ toolchain.
+ * Fix very high stack usage in SSL debug code. Reported by Maximilian
+ Gerhardt in #7804.
+ * Fix a compilation failure in the constant_time module when
+ building for arm64_32 (e.g., for watchos). Reported by Paulo
+ Coutinho in #7787.
+ * Fix crypt_and_hash decryption fail when used with a stream cipher
+ mode of operation due to the input not being multiple of block size.
+ Resolves #7417.
+ * Fix a bug in which mbedtls_x509_string_to_names() would return success
+ when given a invalid name string if it did not contain '=' or ','.
+ * Fix compilation warnings in aes.c, which prevented the
+ example TF-M configuration in configs/ from building cleanly:
+ tfm_mbedcrypto_config_profile_medium.h with
+ crypto_config_profile_medium.h.
+ * In TLS 1.3, fix handshake failure when a client in its ClientHello
+ proposes an handshake based on PSK only key exchange mode or at least
+ one of the key exchange modes using ephemeral keys to a server that
+ supports only the PSK key exchange mode.
+ * Fix CCM* with no tag being not supported in a build with CCM as the only
+ symmetric encryption algorithm and the PSA configuration enabled.
+ * Fix the build with MBEDTLS_PSA_INJECT_ENTROPY. Fixes #7516.
+ * Fix a compilation error on some platforms when including mbedtls/ssl.h
+ with all TLS support disabled. Fixes #6628.
+ * Fix x509 certificate generation to conform to RFC 5480 / RFC 5758 when
+ using ECC key. The certificate was rejected by some crypto frameworks.
+ Fixes #2924.
+ * Fix a potential corruption of the passed-in IV when mbedtls_aes_crypt_cbc()
+ is called with zero length and padlock is not enabled.
+ * Fix compile failure due to empty enum in cipher_wrap.c, when building
+ with a very minimal configuration. Fixes #7625.
+ * Fix some cases where mbedtls_mpi_mod_exp, RSA key construction or ECDSA
+ signature can silently return an incorrect result in low memory conditions.
+ * Don't try to include MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE when
+ MBEDTLS_PSA_CRYPTO_CONFIG is disabled.
+ * Fix IAR compiler warnings.
+ * Fix an issue when parsing an otherName subject alternative name into a
+ mbedtls_x509_san_other_name struct. The type-id of the otherName was not
+ copied to the struct. This meant that the struct had incomplete
+ information about the otherName SAN and contained uninitialized memory.
+ * Fix the detection of HardwareModuleName otherName SANs. These were being
+ detected by comparing the wrong field and the check was erroneously
+ inverted.
+ * Fix a build error in some configurations with MBEDTLS_PSA_CRYPTO_CONFIG
+ enabled, where some low-level modules required by requested PSA crypto
+ features were not getting automatically enabled. Fixes #7420.
+ * Fix undefined symbols in some builds using TLS 1.3 with a custom
+ configuration file.
+ * Fix log level for the got supported group message. Fixes #6765
+ * Functions in the ssl_cache module now return a negative MBEDTLS_ERR_xxx
+ error code on failure. Before, they returned 1 to indicate failure in
+ some cases involving a missing entry or a full cache.
+ * mbedtls_pk_parse_key() now rejects trailing garbage in encrypted keys.
+
+Changes
+ * Enable Arm / Thumb bignum assembly for most Arm platforms when
+ compiling with gcc, clang or armclang and -O0.
+ * Enforce minimum RSA key size when generating a key
+ to avoid accidental misuse.
+ * Use heap memory to allocate DER encoded RSA private key.
+ This reduces stack usage significantly for RSA signature
+ operations when MBEDTLS_PSA_CRYPTO_C is defined.
+ * Update Windows code to use BCryptGenRandom and wcslen, and
+ ensure that conversions between size_t, ULONG, and int are
+ always done safely. Original contribution by Kevin Kane #635, #730
+ followed by Simon Butcher #1453.
+ * Users intergrating their own PSA drivers should be aware that
+ the file library/psa_crypto_driver_wrappers.c has been renamed
+ to psa_crypto_driver_wrappers_no_static.c.
+ * When using CBC with the cipher module, the requirement to call
+ mbedtls_cipher_set_padding_mode() is now enforced. Previously, omitting
+ this call accidentally applied a default padding mode chosen at compile
+ time.
+
= Mbed TLS 3.4.1 branch released 2023-08-04
Bugfix
diff --git a/ChangeLog.d/Define-PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy.txt b/ChangeLog.d/Define-PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy.txt
deleted file mode 100644
index 014eec6..0000000
--- a/ChangeLog.d/Define-PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy.txt
+++ /dev/null
@@ -1,18 +0,0 @@
-New deprecations
- * PSA_WANT_KEY_TYPE_xxx_KEY_PAIR and
- MBEDTLS_PSA_ACCEL_KEY_TYPE_xxx_KEY_PAIR, where xxx is either ECC or RSA,
- are now being deprecated in favor of PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy and
- MBEDTLS_PSA_ACCEL_KEY_TYPE_xxx_KEY_PAIR_yyy. Here yyy can be: BASIC,
- IMPORT, EXPORT, GENERATE, DERIVE. The goal is to have a finer detail about
- the capabilities of the PSA side for either key.
-
-Features
- * New symbols PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy and
- MBEDTLS_PSA_ACCEL_KEY_TYPE_xxx_KEY_PAIR_yyy (where xxx is either ECC, RSA
- or DH) were introduced in order to have finer accuracy in defining the
- PSA capabilities for each key. These capabilities, named yyy above, can be
- any of: BASIC, IMPORT, EXPORT, GENERATE, DERIVE.
- - DERIVE is only available for ECC keys, not for RSA or DH ones.
- - implementations are free to enable more than what it was strictly
- requested. For example BASIC internally enables IMPORT and EXPORT
- (useful for testing purposes), but this might change in the future.
diff --git a/ChangeLog.d/MBEDTLS_CIPHER_BLKSIZE_MAX.txt b/ChangeLog.d/MBEDTLS_CIPHER_BLKSIZE_MAX.txt
deleted file mode 100644
index e4e564c..0000000
--- a/ChangeLog.d/MBEDTLS_CIPHER_BLKSIZE_MAX.txt
+++ /dev/null
@@ -1,13 +0,0 @@
-New deprecations
- * MBEDTLS_CIPHER_BLKSIZE_MAX is deprecated in favor of
- MBEDTLS_MAX_BLOCK_LENGTH (if you intended what the name suggests:
- maximum size of any supported block cipher) or the new name
- MBEDTLS_CMAC_MAX_BLOCK_SIZE (if you intended the actual semantics:
- maximum size of a block cipher supported by the CMAC module).
-
-Security
- * In configurations with ARIA or Camellia but not AES, the value of
- MBEDTLS_CIPHER_BLKSIZE_MAX was 8, rather than 16 as the name might
- suggest. This did not affect any library code, because this macro was
- only used in relation with CMAC which does not support these ciphers.
- This may affect application code that uses this macro.
diff --git a/ChangeLog.d/MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND.txt b/ChangeLog.d/MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND.txt
deleted file mode 100644
index 6f091bb..0000000
--- a/ChangeLog.d/MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * Functions in the ssl_cache module now return a negative MBEDTLS_ERR_xxx
- error code on failure. Before, they returned 1 to indicate failure in
- some cases involving a missing entry or a full cache.
diff --git a/ChangeLog.d/Switch-pkparse-to-new-pbe-funsctions.txt b/ChangeLog.d/Switch-pkparse-to-new-pbe-funsctions.txt
deleted file mode 100644
index d819e82..0000000
--- a/ChangeLog.d/Switch-pkparse-to-new-pbe-funsctions.txt
+++ /dev/null
@@ -1,9 +0,0 @@
-New deprecations
- * mbedtls_pkcs5_pbes2() and mbedtls_pkcs12_pbe() functions are now
- deprecated in favor of mbedtls_pkcs5_pbes2_ext() and
- mbedtls_pkcs12_pbe_ext() as they offer more security by checking
- for overflow of the output buffer and reporting the actual length
- of the output.
-
-Bugfix
- * mbedtls_pk_parse_key() now rejects trailing garbage in encrypted keys.
diff --git a/ChangeLog.d/X509Parse_SignatureKeyId_AuthorityKeyId.txt b/ChangeLog.d/X509Parse_SignatureKeyId_AuthorityKeyId.txt
deleted file mode 100644
index 9aa3ff9..0000000
--- a/ChangeLog.d/X509Parse_SignatureKeyId_AuthorityKeyId.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Features
- * When parsing X.509 certificates, support the extensions
- SignatureKeyIdentifier and AuthorityKeyIdentifier.
diff --git a/ChangeLog.d/add-aes-128bit-only.txt b/ChangeLog.d/add-aes-128bit-only.txt
deleted file mode 100644
index b080cac..0000000
--- a/ChangeLog.d/add-aes-128bit-only.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Features
- * Add support to restrict AES to 128-bit keys in order to save code size.
- A new configuration option, MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH, can be
- used to enable this feature.
diff --git a/ChangeLog.d/add-aes-hardware-only-option.txt b/ChangeLog.d/add-aes-hardware-only-option.txt
deleted file mode 100644
index a185aff..0000000
--- a/ChangeLog.d/add-aes-hardware-only-option.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-Features
- * New configuration option MBEDTLS_AES_USE_HARDWARE_ONLY introduced. When
- using CPU-accelerated AES (e.g., Arm Crypto Extensions), this option
- disables the plain C implementation and the run-time detection for the
- CPU feature, which reduces code size and avoids the vulnerability of the
- plain C implementation.
diff --git a/ChangeLog.d/add-directoryname-san.txt b/ChangeLog.d/add-directoryname-san.txt
deleted file mode 100644
index e116298..0000000
--- a/ChangeLog.d/add-directoryname-san.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Features
- * Add parsing of directoryName subtype for subjectAltName extension in
- x509 certificates.
diff --git a/ChangeLog.d/add-getters-for-some-fields.txt b/ChangeLog.d/add-getters-for-some-fields.txt
deleted file mode 100644
index 6a6fbad..0000000
--- a/ChangeLog.d/add-getters-for-some-fields.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-Features
- * Add getter (mbedtls_ssl_cache_get_timeout()) to access
- `mbedtls_ssl_cache_context.timeout`.
- * Add getter (mbedtls_ssl_get_hostname()) to access
- `mbedtls_ssl_context.hostname`.
- * Add getter (mbedtls_ssl_conf_get_endpoint()) to access
- `mbedtls_ssl_config.endpoint`.
diff --git a/ChangeLog.d/add-milliseconds-time-api.txt b/ChangeLog.d/add-milliseconds-time-api.txt
deleted file mode 100644
index d9e939f..0000000
--- a/ChangeLog.d/add-milliseconds-time-api.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-API changes
- * Add new millisecond time type `mbedtls_ms_time_t` and `mbedtls_ms_time()`
- function, needed for TLS 1.3 ticket lifetimes. Alternative implementations
- can be created using an ALT interface.
-
diff --git a/ChangeLog.d/add-missing-md-includes.txt b/ChangeLog.d/add-missing-md-includes.txt
deleted file mode 100644
index 408c361..0000000
--- a/ChangeLog.d/add-missing-md-includes.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Bugfix
- * Add missing md.h includes to some of the external programs from
- the programs directory. Without this, even though the configuration
- was sufficient for a particular program to work, it would only print
- a message that one of the required defines is missing.
diff --git a/ChangeLog.d/add-new-pkcs5-pbe2-ext-fun.txt b/ChangeLog.d/add-new-pkcs5-pbe2-ext-fun.txt
deleted file mode 100644
index f2e7a4a..0000000
--- a/ChangeLog.d/add-new-pkcs5-pbe2-ext-fun.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-Security
- * Developers using mbedtls_pkcs5_pbes2() or mbedtls_pkcs12_pbe() should
- review the size of the output buffer passed to this function, and note
- that the output after decryption may include CBC padding. Consider moving
- to the new functions mbedtls_pkcs5_pbes2_ext() or mbedtls_pkcs12_pbe_ext()
- which checks for overflow of the output buffer and reports the actual
- length of the output.
diff --git a/ChangeLog.d/add-pbkdf2-cmac.txt b/ChangeLog.d/add-pbkdf2-cmac.txt
deleted file mode 100644
index 0ed84ea..0000000
--- a/ChangeLog.d/add-pbkdf2-cmac.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Features
- * Add support for PBKDF2-CMAC through the PSA API.
diff --git a/ChangeLog.d/add-pbkdf2-hmac.txt b/ChangeLog.d/add-pbkdf2-hmac.txt
deleted file mode 100644
index 2708098..0000000
--- a/ChangeLog.d/add-pbkdf2-hmac.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Features
- * Add support for PBKDF2-HMAC through the PSA API.
diff --git a/ChangeLog.d/add-psa_want_alg_some_pake.txt b/ChangeLog.d/add-psa_want_alg_some_pake.txt
deleted file mode 100644
index 00b3002..0000000
--- a/ChangeLog.d/add-psa_want_alg_some_pake.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Features
- * Don't include the PSA dispatch functions for PAKEs (psa_pake_setup() etc)
- if no PAKE algorithms are requested
diff --git a/ChangeLog.d/add-rfc822-directoryname-csr-gen.txt b/ChangeLog.d/add-rfc822-directoryname-csr-gen.txt
deleted file mode 100644
index ff8693c..0000000
--- a/ChangeLog.d/add-rfc822-directoryname-csr-gen.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Features
- * Add a possibility to generate CSR's with RCF822 and directoryName subtype
- of subjectAltName extension in x509 certificates.
diff --git a/ChangeLog.d/add-subjectAltName-certs.txt b/ChangeLog.d/add-subjectAltName-certs.txt
deleted file mode 100644
index 487e5c6..0000000
--- a/ChangeLog.d/add-subjectAltName-certs.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-Features
- * It is now possible to generate certificates with SubjectAltNames.
- Currently supported subtypes: DnsName, UniformResourceIdentifier,
- IP address, OtherName, and DirectoryName, as defined in RFC 5280.
- See mbedtls_x509write_crt_set_subject_alternative_name for
- more information.
diff --git a/ChangeLog.d/aes-perf.txt b/ChangeLog.d/aes-perf.txt
deleted file mode 100644
index ab716bc..0000000
--- a/ChangeLog.d/aes-perf.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-Features
- * AES performance improvements. Uplift varies by platform,
- toolchain, optimisation flags and mode.
- Aarch64, gcc -Os and CCM, GCM and XTS benefit the most.
- On Aarch64, uplift is typically around 20 - 110%.
- When compiling with gcc -Os on Aarch64, AES-XTS improves
- by 4.5x.
diff --git a/ChangeLog.d/armclang-compile-fix.txt b/ChangeLog.d/armclang-compile-fix.txt
deleted file mode 100644
index 59ae1cd..0000000
--- a/ChangeLog.d/armclang-compile-fix.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-Bugfix
- * Fix clang and armclang compilation error when targeting certain Arm
- M-class CPUs (Cortex-M0, Cortex-M0+, Cortex-M1, Cortex-M23,
- SecurCore SC000). Fixes #1077.
-Changes
- * Enable Arm / Thumb bignum assembly for most Arm platforms when
- compiling with gcc, clang or armclang and -O0.
diff --git a/ChangeLog.d/basic-uri-verification.txt b/ChangeLog.d/basic-uri-verification.txt
deleted file mode 100644
index aa039ea..0000000
--- a/ChangeLog.d/basic-uri-verification.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Features
- * X.509 hostname verification now partially supports URI Subject Alternate
- Names. Only exact matching, without any normalization procedures
- described in 7.4 of RFC5280, will result in a positive URI verification.
diff --git a/ChangeLog.d/bugfix_iar_typo.txt b/ChangeLog.d/bugfix_iar_typo.txt
deleted file mode 100644
index 95f97b1..0000000
--- a/ChangeLog.d/bugfix_iar_typo.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fixed an issue that caused compile errors when using CMake and the IAR
- toolchain.
diff --git a/ChangeLog.d/check-set_padding-is-called.txt b/ChangeLog.d/check-set_padding-is-called.txt
deleted file mode 100644
index 2c26de8..0000000
--- a/ChangeLog.d/check-set_padding-is-called.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Changes
- * When using CBC with the cipher module, the requirement to call
- mbedtls_cipher_set_padding_mode() is now enforced. Previously, omitting
- this call accidentally applied a default padding mode chosen at compile
- time.
diff --git a/ChangeLog.d/cmake-pass-through-config-defines.txt b/ChangeLog.d/cmake-pass-through-config-defines.txt
deleted file mode 100644
index 6122f37..0000000
--- a/ChangeLog.d/cmake-pass-through-config-defines.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Features
- * Allow MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE to be set by
- setting the CMake variable of the same name at configuration time.
diff --git a/ChangeLog.d/config_psa-include-order.txt b/ChangeLog.d/config_psa-include-order.txt
deleted file mode 100644
index 674c286..0000000
--- a/ChangeLog.d/config_psa-include-order.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * Fix a build error in some configurations with MBEDTLS_PSA_CRYPTO_CONFIG
- enabled, where some low-level modules required by requested PSA crypto
- features were not getting automatically enabled. Fixes #7420.
diff --git a/ChangeLog.d/driver-ffdh.txt b/ChangeLog.d/driver-ffdh.txt
deleted file mode 100644
index a9fa641..0000000
--- a/ChangeLog.d/driver-ffdh.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Features
- * Add support for the FFDH algorithm and DH key types in PSA, with
- parameters from RFC 7919. This includes a built-in implementation based
- on MBEDTLS_BIGNUM_C, and a driver dispatch layer enabling alternative
- implementations of FFDH through the driver entry points.
diff --git a/ChangeLog.d/driver-only-ecc.txt b/ChangeLog.d/driver-only-ecc.txt
deleted file mode 100644
index 8878085..0000000
--- a/ChangeLog.d/driver-only-ecc.txt
+++ /dev/null
@@ -1,23 +0,0 @@
-Features
- * When a PSA driver for ECDH is present, it is now possible to disable
- MBEDTLS_ECDH_C in the build in order to save code size. For TLS 1.2
- key exchanges based on ECDH(E) to work, this requires
- MBEDTLS_USE_PSA_CRYPTO. Restartable/interruptible ECDHE operations in
- TLS 1.2 (ECDHE-ECDSA key exchange) are not supported in those builds yet,
- as PSA does not have an API for restartable ECDH yet.
- * When all of ECDH, ECDSA and EC J-PAKE are either disabled or provided by
- a driver, it is possible to disable MBEDTLS_ECP_C (and MBEDTLS_BIGNUM_C
- if not required by another module) and still get support for ECC keys and
- algorithms in PSA, with some limitations. See docs/driver-only-builds.txt
- for details.
-API changes
- * Mbed TLS 3.4 introduced support for omitting the built-in implementation
- of ECDSA and/or EC J-PAKE when those are provided by a driver. However,
- their was a flaw in the logic checking if the built-in implementation, in
- that if failed to check if all the relevant curves were supported by the
- accelerator. As a result, it was possible to declare no curves as
- accelerated and still have the built-in implementation compiled out.
- Starting with this release, it is necessary to declare which curves are
- accelerated (using MBEDTLS_PSA_ACCEL_ECC_xxx macros), or they will be
- considered not accelerated, and the built-in implementation of the curves
- and any algorithm possible using them will be included in the build.
diff --git a/ChangeLog.d/driver-only-hashes.txt b/ChangeLog.d/driver-only-hashes.txt
deleted file mode 100644
index cd1e030..0000000
--- a/ChangeLog.d/driver-only-hashes.txt
+++ /dev/null
@@ -1,11 +0,0 @@
-Features
- * All modules that use hashes or HMAC can now take advantage of PSA Crypto
- drivers when MBEDTLS_PSA_CRYPTO_C is enabled and psa_crypto_init() has
- been called. Previously (in 3.3), this was restricted to a few modules,
- and only in builds where MBEDTLS_MD_C was disabled; in particular the
- entropy module was not covered which meant an external RNG had to be
- provided - these limitations are lifted in this version. A new set of
- feature macros, MBEDTLS_MD_CAN_xxx, has been introduced that can be used
- to check for availability of hash algorithms, regardless of whether
- they're provided by a built-in implementation, a driver or both. See
- docs/driver-only-builds.md.
diff --git a/ChangeLog.d/ec_jpake_user_peer_2.txt b/ChangeLog.d/ec_jpake_user_peer_2.txt
deleted file mode 100644
index 9572ac7..0000000
--- a/ChangeLog.d/ec_jpake_user_peer_2.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix the J-PAKE driver interface for user and peer to accept any values
- (previously accepted values were limited to "client" or "server").
diff --git a/ChangeLog.d/enforce-min-RSA-key-size.txt b/ChangeLog.d/enforce-min-RSA-key-size.txt
deleted file mode 100644
index 06cd2a2..0000000
--- a/ChangeLog.d/enforce-min-RSA-key-size.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Changes
- * Enforce minimum RSA key size when generating a key
- to avoid accidental misuse.
diff --git a/ChangeLog.d/extend-distinguished-names.txt b/ChangeLog.d/extend-distinguished-names.txt
deleted file mode 100644
index b148424..0000000
--- a/ChangeLog.d/extend-distinguished-names.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Features
- * Accept arbitrary AttributeType and AttributeValue in certificate
- Distinguished Names using RFC 4514 syntax.
diff --git a/ChangeLog.d/extend-pk-opaque-ecc.txt b/ChangeLog.d/extend-pk-opaque-ecc.txt
deleted file mode 100644
index ad5bdc0..0000000
--- a/ChangeLog.d/extend-pk-opaque-ecc.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-Features
- * Support for "opaque" (PSA-held) ECC keys in the PK module has been
- extended: it is now possible to use mbedtls_pk_write_key_der(),
- mbedtls_pk_write_key_pem(), mbedtls_pk_check_pair(), and
- mbedtls_pk_verify() with opaque ECC keys (provided the PSA attributes
- allow it).
diff --git a/ChangeLog.d/ffdh-tls-1-3.txt b/ChangeLog.d/ffdh-tls-1-3.txt
deleted file mode 100644
index c5d07d6..0000000
--- a/ChangeLog.d/ffdh-tls-1-3.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-Features
- * Add support for FFDH key exchange in TLS 1.3.
- This is automatically enabled as soon as PSA_WANT_ALG_FFDH
- and the ephemeral or psk-ephemeral key exchange mode are enabled.
- By default, all groups are offered; the list of groups can be
- configured using the existing API function mbedtls_ssl_conf_groups().
diff --git a/ChangeLog.d/fix-a-few-unchecked-return.txt b/ChangeLog.d/fix-a-few-unchecked-return.txt
deleted file mode 100644
index aadde36..0000000
--- a/ChangeLog.d/fix-a-few-unchecked-return.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix some cases where mbedtls_mpi_mod_exp, RSA key construction or ECDSA
- signature can silently return an incorrect result in low memory conditions.
diff --git a/ChangeLog.d/fix-aes-cbc-iv-corruption.txt b/ChangeLog.d/fix-aes-cbc-iv-corruption.txt
deleted file mode 100644
index 11eb946..0000000
--- a/ChangeLog.d/fix-aes-cbc-iv-corruption.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix a potential corruption of the passed-in IV when mbedtls_aes_crypt_cbc()
- is called with zero length and padlock is not enabled.
diff --git a/ChangeLog.d/fix-crypt_and_hash-decrypt-issue.txt b/ChangeLog.d/fix-crypt_and_hash-decrypt-issue.txt
deleted file mode 100644
index ded9b2d..0000000
--- a/ChangeLog.d/fix-crypt_and_hash-decrypt-issue.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * Fix crypt_and_hash decryption fail when used with a stream cipher
- mode of operation due to the input not being multiple of block size.
- Resolves #7417.
diff --git a/ChangeLog.d/fix-declaration-of-mbedtls_ecdsa_sign_det_restartable-function.txt b/ChangeLog.d/fix-declaration-of-mbedtls_ecdsa_sign_det_restartable-function.txt
deleted file mode 100644
index c30e074..0000000
--- a/ChangeLog.d/fix-declaration-of-mbedtls_ecdsa_sign_det_restartable-function.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Bugfix
- * Fix declaration of mbedtls_ecdsa_sign_det_restartable() function
- in the ecdsa.h header file. There was a build warning when the
- configuration macro MBEDTLS_ECDSA_SIGN_ALT was defined.
- Resolves #7407.
diff --git a/ChangeLog.d/fix-empty-enum.txt b/ChangeLog.d/fix-empty-enum.txt
deleted file mode 100644
index 458d58f..0000000
--- a/ChangeLog.d/fix-empty-enum.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix compile failure due to empty enum in cipher_wrap.c, when building
- with a very minimal configuration. Fixes #7625.
diff --git a/ChangeLog.d/fix-hrr-in-psk-kem.txt b/ChangeLog.d/fix-hrr-in-psk-kem.txt
deleted file mode 100644
index 0377711..0000000
--- a/ChangeLog.d/fix-hrr-in-psk-kem.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Bugfix
- * In TLS 1.3, fix handshake failure when a client in its ClientHello
- proposes an handshake based on PSK only key exchange mode or at least
- one of the key exchange modes using ephemeral keys to a server that
- supports only the PSK key exchange mode.
diff --git a/ChangeLog.d/fix-iar-compiler-warnings.txt b/ChangeLog.d/fix-iar-compiler-warnings.txt
deleted file mode 100644
index 0dc2623..0000000
--- a/ChangeLog.d/fix-iar-compiler-warnings.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Bugfix
- * Fix IAR compiler warnings.
diff --git a/ChangeLog.d/fix-ilp32.txt b/ChangeLog.d/fix-ilp32.txt
deleted file mode 100644
index 3f18ac5..0000000
--- a/ChangeLog.d/fix-ilp32.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * Fix a compilation failure in the constant_time module when
- building for arm64_32 (e.g., for watchos). Reported by Paulo
- Coutinho in #7787.
diff --git a/ChangeLog.d/fix-log-level-msg.txt b/ChangeLog.d/fix-log-level-msg.txt
deleted file mode 100644
index 4e82ad1..0000000
--- a/ChangeLog.d/fix-log-level-msg.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Bugfix
- * Fix log level for the got supported group message. Fixes #6765
diff --git a/ChangeLog.d/fix-string-to-names-retcode.txt b/ChangeLog.d/fix-string-to-names-retcode.txt
deleted file mode 100644
index ac4b3d1..0000000
--- a/ChangeLog.d/fix-string-to-names-retcode.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix a bug in which mbedtls_x509_string_to_names() would return success
- when given a invalid name string if it did not contain '=' or ','.
diff --git a/ChangeLog.d/fix-tfm-build.txt b/ChangeLog.d/fix-tfm-build.txt
deleted file mode 100644
index 64cb837..0000000
--- a/ChangeLog.d/fix-tfm-build.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Bugfix
- * Fix compilation warnings in aes.c, which prevented the
- example TF-M configuration in configs/ from building cleanly:
- tfm_mbedcrypto_config_profile_medium.h with
- crypto_config_profile_medium.h.
diff --git a/ChangeLog.d/fix-tls-padbuf-zeroization.txt b/ChangeLog.d/fix-tls-padbuf-zeroization.txt
deleted file mode 100644
index 36451cb..0000000
--- a/ChangeLog.d/fix-tls-padbuf-zeroization.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Security
- * Fix a case where potentially sensitive information held in memory would not
- be completely zeroized during TLS 1.2 handshake, in both server and client
- configurations.
diff --git a/ChangeLog.d/fix-unterminated-pragma-clang-attribute-push.txt b/ChangeLog.d/fix-unterminated-pragma-clang-attribute-push.txt
deleted file mode 100644
index 7fcb5ec..0000000
--- a/ChangeLog.d/fix-unterminated-pragma-clang-attribute-push.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * Fix "unterminated '#pragma clang attribute push'" in sha256/sha512.c when
- built with MBEDTLS_SHAxxx_USE_A64_CRYPTO_IF_PRESENT but don't have a
- way to detect the crypto extensions required. A warning is still issued.
diff --git a/ChangeLog.d/improve-doc-on-ecp-curve-optimized-representation.txt b/ChangeLog.d/improve-doc-on-ecp-curve-optimized-representation.txt
deleted file mode 100644
index 8fdc588..0000000
--- a/ChangeLog.d/improve-doc-on-ecp-curve-optimized-representation.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Features
- * The documentation of mbedtls_ecp_group now describes the optimized
- representation of A for some curves. Fixes #8045.
diff --git a/ChangeLog.d/initialize-struct-get-other-name.txt b/ChangeLog.d/initialize-struct-get-other-name.txt
deleted file mode 100644
index dc8395d..0000000
--- a/ChangeLog.d/initialize-struct-get-other-name.txt
+++ /dev/null
@@ -1,8 +0,0 @@
-Bugfix
- * Fix an issue when parsing an otherName subject alternative name into a
- mbedtls_x509_san_other_name struct. The type-id of the otherName was not
- copied to the struct. This meant that the struct had incomplete
- information about the otherName SAN and contained uninitialized memory.
- * Fix the detection of HardwareModuleName otherName SANs. These were being
- detected by comparing the wrong field and the check was erroneously
- inverted.
diff --git a/ChangeLog.d/inject-entropy.txt b/ChangeLog.d/inject-entropy.txt
deleted file mode 100644
index 7626629..0000000
--- a/ChangeLog.d/inject-entropy.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Bugfix
- * Fix the build with MBEDTLS_PSA_INJECT_ENTROPY. Fixes #7516.
diff --git a/ChangeLog.d/mbedtls_ecdsa_can_do-unconditional-define.txt b/ChangeLog.d/mbedtls_ecdsa_can_do-unconditional-define.txt
deleted file mode 100644
index 22e8adb..0000000
--- a/ChangeLog.d/mbedtls_ecdsa_can_do-unconditional-define.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix an error when MBEDTLS_ECDSA_SIGN_ALT is defined but not
- MBEDTLS_ECDSA_VERIFY_ALT, causing ecdsa verify to fail. Fixes #7498.
diff --git a/ChangeLog.d/mbedtls_x509_time.txt b/ChangeLog.d/mbedtls_x509_time.txt
deleted file mode 100644
index 557f191..0000000
--- a/ChangeLog.d/mbedtls_x509_time.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Features
- * Improve mbedtls_x509_time performance and reduce memory use.
- * Reduce syscalls to time() during certificate verification.
diff --git a/ChangeLog.d/misc-from-psa-crypto.txt b/ChangeLog.d/misc-from-psa-crypto.txt
deleted file mode 100644
index 40a043a..0000000
--- a/ChangeLog.d/misc-from-psa-crypto.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix CCM* with no tag being not supported in a build with CCM as the only
- symmetric encryption algorithm and the PSA configuration enabled.
diff --git a/ChangeLog.d/oid-parse-from-numeric-string.txt b/ChangeLog.d/oid-parse-from-numeric-string.txt
deleted file mode 100644
index 82ed2fd..0000000
--- a/ChangeLog.d/oid-parse-from-numeric-string.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Features
- * Add function mbedtls_oid_from_numeric_string() to parse an OID from a
- string to a DER-encoded mbedtls_asn1_buf.
diff --git a/ChangeLog.d/p256-m.txt b/ChangeLog.d/p256-m.txt
deleted file mode 100644
index e473580..0000000
--- a/ChangeLog.d/p256-m.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Features
- * Applications using ECC over secp256r1 through the PSA API can use a
- new implementation with a much smaller footprint, but some minor
- usage restrictions. See the documentation of the new configuration
- option MBEDTLS_PSA_P256M_DRIVER_ENABLED for details.
diff --git a/ChangeLog.d/padding-ct-changelog.txt b/ChangeLog.d/padding-ct-changelog.txt
deleted file mode 100644
index 3e2c7e2..0000000
--- a/ChangeLog.d/padding-ct-changelog.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-Security
- * Improve padding calculations in CBC decryption, NIST key unwrapping and
- RSA OAEP decryption. With the previous implementation, some compilers
- (notably recent versions of Clang and IAR) could produce non-constant
- time code, which could allow a padding oracle attack if the attacker
- has access to precise timing measurements.
diff --git a/ChangeLog.d/programs_psa_fix.txt b/ChangeLog.d/programs_psa_fix.txt
deleted file mode 100644
index fe2099e..0000000
--- a/ChangeLog.d/programs_psa_fix.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix missing PSA initialization in sample programs when
- MBEDTLS_USE_PSA_CRYPTO is enabled.
diff --git a/ChangeLog.d/psa_crypto_user_config_file.txt b/ChangeLog.d/psa_crypto_user_config_file.txt
deleted file mode 100644
index f538f47..0000000
--- a/ChangeLog.d/psa_crypto_user_config_file.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Don't try to include MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE when
- MBEDTLS_PSA_CRYPTO_CONFIG is disabled.
diff --git a/ChangeLog.d/python3.8.txt b/ChangeLog.d/python3.8.txt
deleted file mode 100644
index 32a7c09..0000000
--- a/ChangeLog.d/python3.8.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Requirement changes
- * Officially require Python 3.8 now that earlier versions are out of support.
diff --git a/ChangeLog.d/rename_psa_crypto_driver_wrappers.txt b/ChangeLog.d/rename_psa_crypto_driver_wrappers.txt
deleted file mode 100644
index a071096..0000000
--- a/ChangeLog.d/rename_psa_crypto_driver_wrappers.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Changes
- * Users intergrating their own PSA drivers should be aware that
- the file library/psa_crypto_driver_wrappers.c has been renamed
- to psa_crypto_driver_wrappers_no_static.c.
-
diff --git a/ChangeLog.d/rfc8410.txt b/ChangeLog.d/rfc8410.txt
deleted file mode 100644
index e2984ee..0000000
--- a/ChangeLog.d/rfc8410.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Features
- * Add support for reading and writing X25519 and X448
- public and private keys in RFC 8410 format using the existing PK APIs.
diff --git a/ChangeLog.d/safer-ct.txt b/ChangeLog.d/safer-ct.txt
deleted file mode 100644
index 0a5b632..0000000
--- a/ChangeLog.d/safer-ct.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-Security
- * Updates to constant-time C code so that compilers are less likely to use
- conditional instructions, which can have an observable difference in
- timing. (Clang has been seen to do this.) Also introduce assembly
- implementations for 32- and 64-bit Arm and for x86 and x86-64, which are
- guaranteed not to use conditional instructions.
diff --git a/ChangeLog.d/sha3.txt b/ChangeLog.d/sha3.txt
deleted file mode 100644
index 9426f87..0000000
--- a/ChangeLog.d/sha3.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Features
- * Add SHA-3 family hash functions.
-
diff --git a/ChangeLog.d/sha384-blocksize.txt b/ChangeLog.d/sha384-blocksize.txt
deleted file mode 100644
index 4917eb2..0000000
--- a/ChangeLog.d/sha384-blocksize.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-Security
- * Fix definition of MBEDTLS_MD_MAX_BLOCK_SIZE, which was too
- small when MBEDTLS_SHA384_C was defined and MBEDTLS_SHA512_C was
- undefined. Mbed TLS itself was unaffected by this, but user code
- which used MBEDTLS_MD_MAX_BLOCK_SIZE could be affected. The only
- release containing this bug was Mbed TLS 3.4.0.
diff --git a/ChangeLog.d/some-max-size-macro-are-too-small-when-psa-ecc-is-accelerated.txt b/ChangeLog.d/some-max-size-macro-are-too-small-when-psa-ecc-is-accelerated.txt
deleted file mode 100644
index 8cc6e5e..0000000
--- a/ChangeLog.d/some-max-size-macro-are-too-small-when-psa-ecc-is-accelerated.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Bugfix
- * Fix proper sizing for PSA_EXPORT_[KEY_PAIR/PUBLIC_KEY]_MAX_SIZE and
- PSA_SIGNATURE_MAX_SIZE buffers when at least one accelerated EC is bigger
- than all built-in ones and RSA is disabled.
- Resolves #6622.
diff --git a/ChangeLog.d/ssl_debug_helpers-stack_usage.txt b/ChangeLog.d/ssl_debug_helpers-stack_usage.txt
deleted file mode 100644
index e2c2475..0000000
--- a/ChangeLog.d/ssl_debug_helpers-stack_usage.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix very high stack usage in SSL debug code. Reported by Maximilian
- Gerhardt in #7804.
diff --git a/ChangeLog.d/ssl_decrypt_buf-short_record.txt b/ChangeLog.d/ssl_decrypt_buf-short_record.txt
deleted file mode 100644
index c2af1ec..0000000
--- a/ChangeLog.d/ssl_decrypt_buf-short_record.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Security
- * Fix a buffer overread when parsing short TLS application data records in
- null-cipher cipher suites. Credit to OSS-Fuzz.
diff --git a/ChangeLog.d/ssl_premaster_secret-empty.txt b/ChangeLog.d/ssl_premaster_secret-empty.txt
deleted file mode 100644
index 0ce5f36..0000000
--- a/ChangeLog.d/ssl_premaster_secret-empty.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix a compilation error on some platforms when including mbedtls/ssl.h
- with all TLS support disabled. Fixes #6628.
diff --git a/ChangeLog.d/tls13-custom-config.txt b/ChangeLog.d/tls13-custom-config.txt
deleted file mode 100644
index da2e25d..0000000
--- a/ChangeLog.d/tls13-custom-config.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix undefined symbols in some builds using TLS 1.3 with a custom
- configuration file.
diff --git a/ChangeLog.d/tls13-server-version-negotiation.txt b/ChangeLog.d/tls13-server-version-negotiation.txt
deleted file mode 100644
index 989018b..0000000
--- a/ChangeLog.d/tls13-server-version-negotiation.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Features
- * Add support for server-side TLS version negotiation. If both TLS 1.2 and
- TLS 1.3 protocols are enabled, the TLS server now selects TLS 1.2 or
- TLS 1.3 depending on the capabilities and preferences of TLS clients.
- Fixes #6867.
diff --git a/ChangeLog.d/updated_windows_apis.txt b/ChangeLog.d/updated_windows_apis.txt
deleted file mode 100644
index 73b17df..0000000
--- a/ChangeLog.d/updated_windows_apis.txt
+++ /dev/null
@@ -1,9 +0,0 @@
-Requirement changes
- * Minimum required Windows version is now Windows Vista, or
- Windows Server 2008.
-
-Changes
- * Update Windows code to use BCryptGenRandom and wcslen, and
- ensure that conversions between size_t, ULONG, and int are
- always done safely. Original contribution by Kevin Kane #635, #730
- followed by Simon Butcher #1453.
diff --git a/ChangeLog.d/use_heap_rsa_signature.txt b/ChangeLog.d/use_heap_rsa_signature.txt
deleted file mode 100644
index e6d7b12..0000000
--- a/ChangeLog.d/use_heap_rsa_signature.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Changes
- * Use heap memory to allocate DER encoded RSA private key.
- This reduces stack usage significantly for RSA signature
- operations when MBEDTLS_PSA_CRYPTO_C is defined.
diff --git a/ChangeLog.d/verify-ip-sans-properly.txt b/ChangeLog.d/verify-ip-sans-properly.txt
deleted file mode 100644
index 00203a8..0000000
--- a/ChangeLog.d/verify-ip-sans-properly.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Features
- * X.509 hostname verification now supports IPAddress Subject Alternate Names.
diff --git a/ChangeLog.d/x509-ec-algorithm-identifier-fix.txt b/ChangeLog.d/x509-ec-algorithm-identifier-fix.txt
deleted file mode 100644
index c1de491..0000000
--- a/ChangeLog.d/x509-ec-algorithm-identifier-fix.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * Fix x509 certificate generation to conform to RFC 5480 / RFC 5758 when
- using ECC key. The certificate was rejected by some crypto frameworks.
- Fixes #2924.
diff --git a/ChangeLog.d/xxx_psa_peerkey.txt b/ChangeLog.d/xxx_psa_peerkey.txt
deleted file mode 100644
index d25e4ec..0000000
--- a/ChangeLog.d/xxx_psa_peerkey.txt
+++ /dev/null
@@ -1,8 +0,0 @@
-Security
- * Fix a remotely exploitable heap buffer overflow in TLS handshake parsing.
- In TLS 1.3, all configurations are affected except PSK-only ones, and
- both clients and servers are affected.
- In TLS 1.2, the affected configurations are those with
- MBEDTLS_USE_PSA_CRYPTO and ECDH enabled but DHM and RSA disabled,
- and only servers are affected, not clients.
- Credit to OSS-Fuzz.