Update ChangeLog for crypto changes since Mbed Crypto 3.0.1
Add ChangeLog entries for changes brought by the submodule update in
81d31002503f0cdc735176279e913106155666c4.
diff --git a/ChangeLog b/ChangeLog
index aadc9e9..b05b522 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,6 +10,27 @@
library which allows TLS authentication to use keys stored in a
PKCS#11 token such as a smartcard.
+Security
+ * Fix potential memory overread when performing an ECDSA signature
+ operation. The overread only happens with cryptographically low
+ probability (of the order of 2^-n where n is the bitsize of the curve)
+ unless the RNG is broken, and could result in information disclosure or
+ denial of service (application crash or extra resource consumption).
+ Found by Auke Zeilstra and Peter Schwabe, using static analysis.
+
+Features
+ * The new build option MBEDTLS_SHA512_NO_SHA384 allows building SHA-512
+ support without SHA-384.
+
+API changes
+ * Change the encoding of key types and curves in the PSA API. The new
+ values are aligned with the upcoming release of the PSA Crypto API
+ specification version 1.0.0. The main change which may break some
+ existing code is that elliptic curve key types no longer encode the
+ exact curve: a psa_ecc_curve_t or psa_key_type_t value only encodes
+ a curve family and the key size determines the exact curve (for example,
+ PSA_ECC_CURVE_SECP_R1 with 256 bits is P256R1). ARMmbed/mbed-crypto#330
+
Bugfix
* Fix an unchecked call to mbedtls_md() in the x509write module.
* Fix build failure with MBEDTLS_ZLIB_SUPPORT enabled. Reported by