Update ChangeLog
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
diff --git a/ChangeLog b/ChangeLog
index a6d4adf..aedd313 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,92 @@
mbed TLS ChangeLog (Sorted per branch, date)
+= mbed TLS x.x.x branch released xxxx-xx-xx
+
+API changes
+ * Remove HAVEGE module.
+ The design of HAVEGE makes it unsuitable for microcontrollers. Platforms
+ with a more complex CPU usually have an operating system interface that
+ provides better randomness. Instead of HAVEGE, declare OS or hardware RNG
+ interfaces with mbedtls_entropy_add_source() and/or use an entropy seed
+ file created securely during device provisioning. See
+ https://tls.mbed.org/kb/how-to/add-entropy-sources-to-entropy-pool for
+ more information.
+ * Add missing const attributes to API functions.
+ * Remove helpers for the transition from Mbed TLS 1.3 to Mbed TLS 2.0: the
+ header compat-1.3.h and the script rename.pl.
+ * Remove certs module from the API.
+ Transfer keys and certificates embedded in the library to the test
+ component. This contributes to minimizing library API and discourages
+ users from using unsafe keys in production.
+ * Move alt helpers and definitions.
+ Various helpers and definitions available for use in alt implementations
+ have been moved out of the include/ directory and into the library/
+ directory. The files concerned are ecp_internal.h and rsa_internal.h
+ which have also been renamed to ecp_alt.h and rsa_alt_helpers.h
+ respectively.
+ * Move internal headers.
+ Header files that were only meant for the library's internal use and
+ were not meant to be used in application code have been moved out of
+ the include/ directory. The headers concerned are bn_mul.h, aesni.h,
+ padlock.h, entropy_poll.h and *_internal.h.
+ * Drop support for parsing SSLv2 ClientHello
+ (MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO).
+ * Drop support for SSLv3 (MBEDTLS_SSL_PROTO_SSL3).
+ * Drop support for compatibility with our own previous buggy
+ implementation of truncated HMAC (MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT).
+ * Drop support for TLS record-level compression (MBEDTLS_ZLIB_SUPPORT).
+ * Drop support for RC4 TLS ciphersuites.
+ * Drop support for single-DES ciphersuites.
+ * Drop support for MBEDTLS_SSL_HW_RECORD_ACCEL.
+
+Requirement changes
+ * The library now uses the %zu format specifier with the printf() family of
+ functions, so requires a toolchain that supports it. This change does not
+ affect the maintained LTS branches, so when contributing changes please
+ bear this in mind and do not add them to backported code.
+
+Removals
+ * Removed deprecated things in psa/crypto_compat.h. Fixes #4284
+ * Removed deprecated functions from hashing modules. Fixes #4280.
+ * Remove PKCS#11 library wrapper. PKCS#11 has limited functionality,
+ lacks automated tests and has scarce documentation. Also, PSA Crypto
+ provides a more flexible private key management.
+ More details on PCKS#11 wrapper removal can be found in the mailing list
+ https://lists.trustedfirmware.org/pipermail/mbed-tls/2020-April/000024.html
+ * Remove deprecated error codes. Fix #4283
+
+Features
+ * Add mbedtls_rsa_rsassa_pss_sign_ext() function allowing to generate a
+ signature with a specific salt length. This function allows to validate
+ test cases provided in the NIST's CAVP test suite. Contributed by Cédric
+ Meuter in PR #3183.
+
+Bugfix
+ * Fix premature fopen() call in mbedtls_entropy_write_seed_file which may
+ lead to the seed file corruption in case if the path to the seed file is
+ equal to MBEDTLS_PLATFORM_STD_NV_SEED_FILE. Contributed by Victor
+ Krasnoshchok in #3616.
+ * PSA functions creating a key now return PSA_ERROR_INVALID_ARGUMENT rather
+ than PSA_ERROR_INVALID_HANDLE when the identifier specified for the key
+ to create is not valid, bringing them in line with version 1.0.0 of the
+ specification. Fix #4271.
+ * Add printf function attributes to mbedtls_debug_print_msg to ensure we
+ get printf format specifier warnings.
+ * PSA functions other than psa_open_key now return PSA_ERROR_INVALID_HANDLE
+ rather than PSA_ERROR_DOES_NOT_EXIST for an invalid handle, bringing them
+ in line with version 1.0.0 of the specification. Fix #4162.
+ * Fix a bug in ECDSA that would cause it to fail when the hash is all-bits
+ zero. Fixes #1792
+ * mbedtls_mpi_read_string on "-0" produced an MPI object that was not treated
+ as equal to 0 in all cases. Fix it to produce the same object as "0".
+
+Changes
+ * Fix the setting of the read timeout in the DTLS sample programs.
+ * Add extra printf compiler warning flags to builds.
+ * Fix memsan build false positive in x509_crt.c with clang 11
+ * There is ongoing work for the next release (= Mbed TLS 3.0.0 branch to
+ be released 2021-xx-xx), including various API-breaking changes.
+
= mbed TLS 2.26.0 branch released 2021-03-08
API changes
diff --git a/ChangeLog.d/add_const_parameters.txt b/ChangeLog.d/add_const_parameters.txt
deleted file mode 100644
index a55ca36..0000000
--- a/ChangeLog.d/add_const_parameters.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-API changes
- * Add missing const attributes to API functions.
diff --git a/ChangeLog.d/bugfix_PR3616.txt b/ChangeLog.d/bugfix_PR3616.txt
deleted file mode 100644
index 47d1044..0000000
--- a/ChangeLog.d/bugfix_PR3616.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Bugfix
- * Fix premature fopen() call in mbedtls_entropy_write_seed_file which may
- lead to the seed file corruption in case if the path to the seed file is
- equal to MBEDTLS_PLATFORM_STD_NV_SEED_FILE. Contributed by Victor
- Krasnoshchok in #3616.
diff --git a/ChangeLog.d/dtls_sample_use_read_timeout.txt b/ChangeLog.d/dtls_sample_use_read_timeout.txt
deleted file mode 100644
index e3150d6..0000000
--- a/ChangeLog.d/dtls_sample_use_read_timeout.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Changes
- * Fix the setting of the read timeout in the DTLS sample programs.
diff --git a/ChangeLog.d/fix-invalid-id-error-code.txt b/ChangeLog.d/fix-invalid-id-error-code.txt
deleted file mode 100644
index 069a767..0000000
--- a/ChangeLog.d/fix-invalid-id-error-code.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Bugfix
- * PSA functions creating a key now return PSA_ERROR_INVALID_ARGUMENT rather
- than PSA_ERROR_INVALID_HANDLE when the identifier specified for the key
- to create is not valid, bringing them in line with version 1.0.0 of the
- specification. Fix #4271.
diff --git a/ChangeLog.d/fix-printf-specifiers.txt b/ChangeLog.d/fix-printf-specifiers.txt
deleted file mode 100644
index 4867721..0000000
--- a/ChangeLog.d/fix-printf-specifiers.txt
+++ /dev/null
@@ -1,10 +0,0 @@
-Bugfix
- * Add printf function attributes to mbedtls_debug_print_msg to ensure we
- get printf format specifier warnings.
-Changes
- * Add extra printf compiler warning flags to builds.
-Requirement changes
- * The library now uses the %zu format specifier with the printf() family of
- functions, so requires a toolchain that supports it. This change does not
- affect the maintained LTS branches, so when contributing changes please
- bear this in mind and do not add them to backported code.
diff --git a/ChangeLog.d/fix_memsan_build_clang11.txt b/ChangeLog.d/fix_memsan_build_clang11.txt
deleted file mode 100644
index 3f5cc05..0000000
--- a/ChangeLog.d/fix_memsan_build_clang11.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Changes
- * Fix memsan build false positive in x509_crt.c with clang 11
diff --git a/ChangeLog.d/fix_return_type_for_invalid_crypto_key.txt b/ChangeLog.d/fix_return_type_for_invalid_crypto_key.txt
deleted file mode 100644
index dc6996e..0000000
--- a/ChangeLog.d/fix_return_type_for_invalid_crypto_key.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * PSA functions other than psa_open_key now return PSA_ERROR_INVALID_HANDLE
- rather than PSA_ERROR_DOES_NOT_EXIST for an invalid handle, bringing them
- in line with version 1.0.0 of the specification. Fix #4162.
diff --git a/ChangeLog.d/issue1792.txt b/ChangeLog.d/issue1792.txt
deleted file mode 100644
index 9949bf4..0000000
--- a/ChangeLog.d/issue1792.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix a bug in ECDSA that would cause it to fail when the hash is all-bits
- zero. Fixes #1792
diff --git a/ChangeLog.d/issue4280.txt b/ChangeLog.d/issue4280.txt
deleted file mode 100644
index 38d9b2c..0000000
--- a/ChangeLog.d/issue4280.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Removals
- * Removed deprecated functions from hashing modules. Fixes #4280.
diff --git a/ChangeLog.d/issue4283.txt b/ChangeLog.d/issue4283.txt
deleted file mode 100644
index 021ea7e..0000000
--- a/ChangeLog.d/issue4283.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Removals
- * Remove deprecated error codes. Fix #4283
diff --git a/ChangeLog.d/issue4284.txt b/ChangeLog.d/issue4284.txt
deleted file mode 100644
index 1429bec..0000000
--- a/ChangeLog.d/issue4284.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Removals
- * Removed deprecated things in psa/crypto_compat.h. Fixes #4284
diff --git a/ChangeLog.d/mbedtls3.0.txt b/ChangeLog.d/mbedtls3.0.txt
deleted file mode 100644
index 73b7cc0..0000000
--- a/ChangeLog.d/mbedtls3.0.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Changes
- * There is ongoing work for the next release (= Mbed TLS 3.0.0 branch to
- be released 2021-xx-xx), including various API-breaking changes.
diff --git a/ChangeLog.d/move_alt_helpers.txt b/ChangeLog.d/move_alt_helpers.txt
deleted file mode 100644
index ba96c9d..0000000
--- a/ChangeLog.d/move_alt_helpers.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-API changes
- * Move alt helpers and definitions.
- Various helpers and definitions available for use in alt implementations
- have been moved out of the include/ directory and into the library/
- directory. The files concerned are ecp_internal.h and rsa_internal.h
- which have also been renamed to ecp_alt.h and rsa_alt_helpers.h
- respectively.
diff --git a/ChangeLog.d/move_internal_headers.txt b/ChangeLog.d/move_internal_headers.txt
deleted file mode 100644
index 8a38fe6..0000000
--- a/ChangeLog.d/move_internal_headers.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-API changes
- * Move internal headers.
- Header files that were only meant for the library's internal use and
- were not meant to be used in application code have been moved out of
- the include/ directory. The headers concerned are bn_mul.h, aesni.h,
- padlock.h, entropy_poll.h and *_internal.h.
diff --git a/ChangeLog.d/mpi_read_negative_zero.txt b/ChangeLog.d/mpi_read_negative_zero.txt
deleted file mode 100644
index e338de7..0000000
--- a/ChangeLog.d/mpi_read_negative_zero.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * mbedtls_mpi_read_string on "-0" produced an MPI object that was not treated
- as equal to 0 in all cases. Fix it to produce the same object as "0".
diff --git a/ChangeLog.d/pkcs1_v21_sign_ext.txt b/ChangeLog.d/pkcs1_v21_sign_ext.txt
deleted file mode 100644
index 76dfaf9..0000000
--- a/ChangeLog.d/pkcs1_v21_sign_ext.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Features
- * Add mbedtls_rsa_rsassa_pss_sign_ext() function allowing to generate a
- signature with a specific salt length. This function allows to validate
- test cases provided in the NIST's CAVP test suite. Contributed by Cédric
- Meuter in PR #3183.
diff --git a/ChangeLog.d/remove_certs.txt b/ChangeLog.d/remove_certs.txt
deleted file mode 100644
index 20fa0c6..0000000
--- a/ChangeLog.d/remove_certs.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-API changes
- * Remove certs module from the API.
- Transfer keys and certificates embedded in the library to the test
- component. This contributes to minimizing library API and discourages
- users from using unsafe keys in production.
diff --git a/ChangeLog.d/remove_havege.txt b/ChangeLog.d/remove_havege.txt
deleted file mode 100644
index 9054010..0000000
--- a/ChangeLog.d/remove_havege.txt
+++ /dev/null
@@ -1,9 +0,0 @@
-API changes
- * Remove HAVEGE module.
- The design of HAVEGE makes it unsuitable for microcontrollers. Platforms
- with a more complex CPU usually have an operating system interface that
- provides better randomness. Instead of HAVEGE, declare OS or hardware RNG
- interfaces with mbedtls_entropy_add_source() and/or use an entropy seed
- file created securely during device provisioning. See
- https://tls.mbed.org/kb/how-to/add-entropy-sources-to-entropy-pool for
- more information.
diff --git a/ChangeLog.d/remove_obsolete_tls_features.txt b/ChangeLog.d/remove_obsolete_tls_features.txt
deleted file mode 100644
index 87186bf..0000000
--- a/ChangeLog.d/remove_obsolete_tls_features.txt
+++ /dev/null
@@ -1,10 +0,0 @@
-API changes
- * Drop support for parsing SSLv2 ClientHello
- (MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO).
- * Drop support for SSLv3 (MBEDTLS_SSL_PROTO_SSL3).
- * Drop support for compatibility with our own previous buggy
- implementation of truncated HMAC (MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT).
- * Drop support for TLS record-level compression (MBEDTLS_ZLIB_SUPPORT).
- * Drop support for RC4 TLS ciphersuites.
- * Drop support for single-DES ciphersuites.
- * Drop support for MBEDTLS_SSL_HW_RECORD_ACCEL.
diff --git a/ChangeLog.d/remove_old_transition_helpers.txt b/ChangeLog.d/remove_old_transition_helpers.txt
deleted file mode 100644
index c23bbe9..0000000
--- a/ChangeLog.d/remove_old_transition_helpers.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-API changes
- * Remove helpers for the transition from Mbed TLS 1.3 to Mbed TLS 2.0: the
- header compat-1.3.h and the script rename.pl.
diff --git a/ChangeLog.d/remove_pkcs11.txt b/ChangeLog.d/remove_pkcs11.txt
deleted file mode 100644
index 5c8134c..0000000
--- a/ChangeLog.d/remove_pkcs11.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-Removals
- * Remove PKCS#11 library wrapper. PKCS#11 has limited functionality,
- lacks automated tests and has scarce documentation. Also, PSA Crypto
- provides a more flexible private key management.
- More details on PCKS#11 wrapper removal can be found in the mailing list
- https://lists.trustedfirmware.org/pipermail/mbed-tls/2020-April/000024.html