Update Changelog for 3.2.0 release
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
diff --git a/ChangeLog b/ChangeLog
index 71ba44d..6b1bb21 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,274 @@
-mbed TLS ChangeLog (Sorted per branch, date)
+Mbed TLS ChangeLog (Sorted per branch, date)
+
+= Mbed TLS 3.2.0 branch released 2022-07-11
+
+Default behavior changes
+ * mbedtls_cipher_set_iv will now fail with ChaCha20 and ChaCha20+Poly1305
+ for IV lengths other than 12. The library was silently overwriting this
+ length with 12, but did not inform the caller about it. Fixes #4301.
+
+Requirement changes
+ * The library will no longer compile out of the box on a platform without
+ setbuf(). If your platform does not have setbuf(), you can configure an
+ alternative function by enabling MBEDTLS_PLATFORM_SETBUF_ALT or
+ MBEDTLS_PLATFORM_SETBUF_MACRO.
+
+New deprecations
+ * Deprecate mbedtls_ssl_conf_max_version() and
+ mbedtls_ssl_conf_min_version() in favor of
+ mbedtls_ssl_conf_max_tls_version() and
+ mbedtls_ssl_conf_min_tls_version().
+ * Deprecate mbedtls_cipher_setup_psa(). Use psa_aead_xxx() or
+ psa_cipher_xxx() directly instead.
+ * Secure element drivers enabled by MBEDTLS_PSA_CRYPTO_SE_C are deprecated.
+ This was intended as an experimental feature, but had not been explicitly
+ documented as such. Use opaque drivers with the interface enabled by
+ MBEDTLS_PSA_CRYPTO_DRIVERS instead.
+ * Deprecate mbedtls_ssl_conf_sig_hashes() in favor of the more generic
+ mbedtls_ssl_conf_sig_algs(). Signature algorithms for the TLS 1.2 and
+ TLS 1.3 handshake should now be configured with
+ mbedtls_ssl_conf_sig_algs().
+
+Features
+ * Add accessor to obtain ciphersuite id from ssl context.
+ * Add accessors to get members from ciphersuite info.
+ * Add mbedtls_ssl_ticket_rotate() for external ticket rotation.
+ * Add accessor to get the raw buffer pointer from a PEM context.
+ * The structures mbedtls_ssl_config and mbedtls_ssl_context now store
+ a piece of user data which is reserved for the application. The user
+ data can be either a pointer or an integer.
+ * Add an accessor function to get the configuration associated with
+ an SSL context.
+ * Add a function to access the protocol version from an SSL context in a
+ form that's easy to compare. Fixes #5407.
+ * Add function mbedtls_md_info_from_ctx() to recall the message digest
+ information that was used to set up a message digest context.
+ * Add ALPN support in TLS 1.3 clients.
+ * Add server certificate selection callback near end of Client Hello.
+ Register callback with mbedtls_ssl_conf_cert_cb().
+ * Provide mechanism to reset handshake cert list by calling
+ mbedtls_ssl_set_hs_own_cert() with NULL value for own_cert param.
+ * Add accessor mbedtls_ssl_get_hs_sni() to retrieve SNI from within
+ cert callback (mbedtls_ssl_conf_cert_cb()) during handshake.
+ * The X.509 module now uses PSA hash acceleration if present.
+ * Add support for psa crypto key derivation for elliptic curve
+ keys. Fixes #3260.
+ * Add function mbedtls_timing_get_final_delay() to access the private
+ final delay field in an mbedtls_timing_delay_context, as requested in
+ #5183.
+ * Add mbedtls_pk_sign_ext() which allows generating RSA-PSS signatures when
+ PSA Crypto is enabled.
+ * Add function mbedtls_ecp_export() to export ECP key pair parameters.
+ Fixes #4838.
+ * Add function mbedtls_ssl_is_handshake_over() to enable querying if the SSL
+ Handshake has completed or not, and thus whether to continue calling
+ mbedtls_ssl_handshake_step(), requested in #4383.
+ * Add the function mbedtls_ssl_get_own_cid() to access our own connection id
+ within mbedtls_ssl_context, as requested in #5184.
+ * Introduce mbedtls_ssl_hs_cb_t typedef for use with
+ mbedtls_ssl_conf_cert_cb() and perhaps future callbacks
+ during TLS handshake.
+ * Add functions mbedtls_ssl_conf_max_tls_version() and
+ mbedtls_ssl_conf_min_tls_version() that use a single value to specify
+ the protocol version.
+ * Extend the existing PSA_ALG_TLS12_PSK_TO_MS() algorithm to support
+ mixed-PSK. Add an optional input PSA_KEY_DERIVATION_INPUT_OTHER_SECRET
+ holding the other secret.
+ * When MBEDTLS_PSA_CRYPTO_CONFIG is enabled, you may list the PSA crypto
+ feature requirements in the file named by the new macro
+ MBEDTLS_PSA_CRYPTO_CONFIG_FILE instead of the default psa/crypto_config.h.
+ Furthermore you may name an additional file to include after the main
+ file with the macro MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE.
+ * Add the function mbedtls_x509_crt_has_ext_type() to access the ext types
+ field within mbedtls_x509_crt context, as requested in #5585.
+ * Add HKDF-Expand and HKDF-Extract as separate algorithms in the PSA API.
+ * Add support for the ARMv8 SHA-2 acceleration instructions when building
+ for Aarch64.
+ * Add support for authentication of TLS 1.3 clients by TLS 1.3 servers.
+ * Add support for server HelloRetryRequest message. The TLS 1.3 client is
+ now capable of negotiating another shared secret if the one sent in its
+ first ClientHello was not suitable to the server.
+ * Add support for client-side TLS version negotiation. If both TLS 1.2 and
+ TLS 1.3 protocols are enabled in the build of Mbed TLS, the TLS client now
+ negotiates TLS 1.3 or TLS 1.2 with TLS servers.
+ * Enable building of Mbed TLS with TLS 1.3 protocol support but without TLS
+ 1.2 protocol support.
+ * Mbed TLS provides an implementation of a TLS 1.3 server (ephemeral key
+ establishment only). See docs/architecture/tls13-support.md for a
+ description of the support. The MBEDTLS_SSL_PROTO_TLS1_3 and
+ MBEDTLS_SSL_SRV_C configuration options control this.
+ * Add accessors to configure DN hints for certificate request:
+ mbedtls_ssl_conf_dn_hints() and mbedtls_ssl_set_hs_dn_hints()
+ * The configuration option MBEDTLS_USE_PSA_CRYPTO, which previously
+ affected only a limited subset of crypto operations in TLS, X.509 and PK,
+ now causes most of them to be done using PSA Crypto; see
+ docs/use-psa-crypto.md for the list of exceptions.
+ * The function mbedtls_pk_setup_opaque() now supports RSA key pairs as well.
+ Opaque keys can now be used everywhere a private key is expected in the
+ TLS and X.509 modules.
+ * Opaque pre-shared keys for TLS, provisioned with
+ mbedtls_ssl_conf_psk_opaque() or mbedtls_ssl_set_hs_psk_opaque(), which
+ previously only worked for "pure" PSK key exchange, now can also be used
+ for the "mixed" PSK key exchanges as well: ECDHE-PSK, DHE-PSK, RSA-PSK.
+ * cmake now detects if it is being built as a sub-project, and in that case
+ disables the target export/installation and package configuration.
+ * Make USE_PSA_CRYPTO compatible with KEY_ID_ENCODES_OWNER. Fixes #5259.
+ * Add example programs cipher_aead_demo.c, md_hmac_demo.c, aead_demo.c
+ and hmac_demo.c, which use PSA and the md/cipher interfaces side
+ by side in order to illustrate how the operation is performed in PSA.
+ Addresses #5208.
+
+Security
+ * Zeroize dynamically-allocated buffers used by the PSA Crypto key storage
+ module before freeing them. These buffers contain secret key material, and
+ could thus potentially leak the key through freed heap.
+ * Fix potential memory leak inside mbedtls_ssl_cache_set() with
+ an invalid session id length.
+ * Add the platform function mbedtls_setbuf() to allow buffering to be
+ disabled on stdio files, to stop secrets loaded from said files being
+ potentially left in memory after file operations. Reported by
+ Glenn Strauss.
+ * Fix a potential heap buffer overread in TLS 1.2 server-side when
+ MBEDTLS_USE_PSA_CRYPTO is enabled, an opaque key (created with
+ mbedtls_pk_setup_opaque()) is provisioned, and a static ECDH ciphersuite
+ is selected. This may result in an application crash or potentially an
+ information leak.
+ * Fix a buffer overread in DTLS ClientHello parsing in servers with
+ MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled. An unauthenticated client
+ or a man-in-the-middle could cause a DTLS server to read up to 255 bytes
+ after the end of the SSL input buffer. The buffer overread only happens
+ when MBEDTLS_SSL_IN_CONTENT_LEN is less than a threshold that depends on
+ the exact configuration: 258 bytes if using mbedtls_ssl_cookie_check(),
+ and possibly up to 571 bytes with a custom cookie check function.
+ Reported by the Cybeats PSI Team.
+ * Fix a buffer overread in TLS 1.3 Certificate parsing. An unauthenticated
+ client or server could cause an MbedTLS server or client to overread up
+ to 64 kBytes of data and potentially overread the input buffer by that
+ amount minus the size of the input buffer. As overread data undergoes
+ various checks, the likelihood of reaching the boundary of the input
+ buffer is rather small but increases as its size
+ MBEDTLS_SSL_IN_CONTENT_LEN decreases.
+ * Fix check of certificate key usage in TLS 1.3. The usage of the public key
+ provided by a client or server certificate for authentication was not
+ checked properly when validating the certificate. This could cause a
+ client or server to be able to authenticate itself through a certificate
+ to an Mbed TLS TLS 1.3 server or client while it does not own a proper
+ certificate to do so.
+
+Bugfix
+ * Declare or use PSA_WANT_ALG_CCM_STAR_NO_TAG following the general
+ pattern for PSA_WANT_xxx symbols. Previously you had to specify
+ PSA_WANT_ALG_CCM for PSA_ALG_CCM_STAR_NO_TAG.
+ * Fix a memory leak if mbedtls_ssl_config_defaults() is called twice.
+ * Fixed swap of client and server random bytes when exporting them alongside
+ TLS 1.3 handshake and application traffic secret.
+ * Fix several bugs (warnings, compiler and linker errors, test failures)
+ in reduced configurations when MBEDTLS_USE_PSA_CRYPTO is enabled.
+ * Fix a bug in (D)TLS curve negotiation: when MBEDTLS_USE_PSA_CRYPTO was
+ enabled and an ECDHE-ECDSA or ECDHE-RSA key exchange was used, the
+ client would fail to check that the curve selected by the server for
+ ECDHE was indeed one that was offered. As a result, the client would
+ accept any curve that it supported, even if that curve was not allowed
+ according to its configuration. Fixes #5291.
+ * The TLS 1.3 implementation is now compatible with the
+ MBEDTLS_USE_PSA_CRYPTO configuration option.
+ * Fix unit tests that used 0 as the file UID. This failed on some
+ implementations of PSA ITS. Fixes #3838.
+ * Fix mbedtls_ssl_get_version() not reporting TLSv1.3. Fixes #5406.
+ * Fix API violation in mbedtls_md_process() test by adding a call to
+ mbedtls_md_starts(). Fixes #2227.
+ * Fix compile errors when MBEDTLS_HAVE_TIME is not defined. Add tests
+ to catch bad uses of time.h.
+ * Fix a race condition in out-of-source builds with CMake when generated data
+ files are already present. Fixes #5374.
+ * Fix the library search path when building a shared library with CMake
+ on Windows.
+ * Fix bug in the alert sending function mbedtls_ssl_send_alert_message()
+ potentially leading to corrupted alert messages being sent in case
+ the function needs to be re-called after initially returning
+ MBEDTLS_SSL_WANT_WRITE. Fixes #1916.
+ * In configurations with MBEDTLS_SSL_DTLS_CONNECTION_ID enabled but not
+ MBEDTLS_DEBUG_C, DTLS handshakes using CID would crash due to a null
+ pointer dereference. Fix this. Fixes #3998.
+ The fix was released, but not announced, in Mbed TLS 3.1.0.
+ * Fix incorrect documentation of mbedtls_x509_crt_profile. The previous
+ documentation stated that the `allowed_pks` field applies to signatures
+ only, but in fact it does apply to the public key type of the end entity
+ certificate, too. Fixes #1992.
+ * Fix undefined behavior in mbedtls_asn1_find_named_data(), where val is
+ not NULL and val_len is zero.
+ * Fix compilation error with mingw32. Fixed by Cameron Cawley in #4211.
+ * Fix compilation error when using C++ Builder on Windows. Reported by
+ Miroslav Mastny in #4015.
+ * psa_raw_key_agreement() now returns PSA_ERROR_BUFFER_TOO_SMALL when
+ applicable. Fixes #5735.
+ * Fix a bug in the x25519 example program where the removal of
+ MBEDTLS_ECDH_LEGACY_CONTEXT caused the program not to run. Fixes #4901 and
+ #3191.
+ * Fix a TLS 1.3 handshake failure when the peer Finished message has not
+ been received yet when we first try to fetch it.
+ * Encode X.509 dates before 1/1/2000 as UTCTime rather than
+ GeneralizedTime. Fixes #5465.
+ * Add mbedtls_x509_dn_get_next function to return the next relative DN in
+ an X509 name, to allow walking the name list. Fixes #5431.
+ * Fix order value of curve x448.
+ * Fix string representation of DNs when outputting values containing commas
+ and other special characters, conforming to RFC 1779. Fixes #769.
+ * Silence a warning from GCC 12 in the selftest program. Fixes #5974.
+ * Fix check_config.h to check that we have MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
+ when MBEDTLS_SSL_PROTO_TLS1_3 is specified, and make this and other
+ dependencies explicit in the documentation. Fixes #5610.
+ * Fix mbedtls_asn1_write_mpi() writing an incorrect encoding of 0.
+ * Fix a TLS 1.3 handshake failure when the first attempt to send the client
+ Finished message on the network cannot be satisfied. Fixes #5499.
+ * Fix resource leaks in mbedtls_pk_parse_public_key() in low
+ memory conditions.
+ * Fix server connection identifier setting for outgoing encrypted records
+ on DTLS 1.2 session resumption. After DTLS 1.2 session resumption with
+ connection identifier, the Mbed TLS client now properly sends the server
+ connection identifier in encrypted record headers. Fix #5872.
+ * Fix a null pointer dereference when performing some operations on zero
+ represented with 0 limbs (specifically mbedtls_mpi_mod_int() dividing
+ by 2, and mbedtls_mpi_write_string() in base 2).
+ * Fix record sizes larger than 16384 being sometimes accepted despite being
+ non-compliant. This could not lead to a buffer overflow. In particular,
+ application data size was already checked correctly.
+ * Fix MBEDTLS_SVC_KEY_ID_GET_KEY_ID() and MBEDTLS_SVC_KEY_ID_GET_OWNER_ID()
+ which have been broken, resulting in compilation errors, since Mbed TLS
+ 3.0.
+ * Ensure that TLS 1.2 ciphersuite/certificate and key selection takes into
+ account not just the type of the key (RSA vs EC) but also what it can
+ actually do. Resolves #5831.
+ * Fix CMake windows host detection, especially when cross compiling.
+ * Fix an error in make where the absence of a generated file caused
+ make to break on a clean checkout. Fixes #5340.
+ * Work around an MSVC ARM64 compiler bug causing incorrect behaviour
+ in mbedtls_mpi_exp_mod(). Reported by Tautvydas Žilys in #5467.
+ * Removed the prompt to exit from all windows build programs that was causing
+ issues in CI/CD environments.
+
+Changes
+ * The file library/psa_crypto_driver_wrappers.c is now generated
+ from a template. In the future, the generation will support
+ driver descriptions. For the time being, to customize this file,
+ see docs/proposed/psa-driver-wrappers-codegen-migration-guide.md
+ * Return PSA_ERROR_INVALID_ARGUMENT if the algorithm passed to one-shot
+ AEAD functions is not an AEAD algorithm. This aligns them with the
+ multipart functions, and the PSA Crypto API 1.1 specification.
+ * In mbedtls_pk_parse_key(), if no password is provided, don't allocate a
+ temporary variable on the heap. Suggested by Sergey Kanatov in #5304.
+ * Assume source files are in UTF-8 when using MSVC with CMake.
+ * Fix runtime library install location when building with CMake and MinGW.
+ DLLs are now installed in the bin directory instead of lib.
+ * cmake: Use GnuInstallDirs to customize install directories
+ Replace custom LIB_INSTALL_DIR variable with standard CMAKE_INSTALL_LIBDIR
+ variable. For backward compatibility, set CMAKE_INSTALL_LIBDIR if
+ LIB_INSTALL_DIR is set.
+ * Add a CMake option that enables static linking of the runtime library
+ in Microsoft Visual C++ compiler. Contributed by Microplankton.
+ * In CMake builds, add aliases for libraries so that the normal MbedTLS::*
+ targets work when MbedTLS is built as a subdirectory. This allows the
+ use of FetchContent, as requested in #5688.
= mbed TLS 3.1.0 branch released 2021-12-17
diff --git a/ChangeLog.d/Driver_wrapper_codegen_1.0.txt b/ChangeLog.d/Driver_wrapper_codegen_1.0.txt
deleted file mode 100644
index a4d9c54..0000000
--- a/ChangeLog.d/Driver_wrapper_codegen_1.0.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Changes
- * The file library/psa_crypto_driver_wrappers.c is now generated
- from a template. In the future, the generation will support
- driver descriptions. For the time being, to customize this file,
- see docs/proposed/psa-driver-wrappers-codegen-migration-guide.md
diff --git a/ChangeLog.d/MD-X.509-hashing.txt b/ChangeLog.d/MD-X.509-hashing.txt
deleted file mode 100644
index 2ca989c..0000000
--- a/ChangeLog.d/MD-X.509-hashing.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Features
- * The X.509 module now uses PSA hash acceleration if present.
diff --git a/ChangeLog.d/PSA-test-suites-NOT-using-UID-0.txt b/ChangeLog.d/PSA-test-suites-NOT-using-UID-0.txt
deleted file mode 100644
index 9acbb0a..0000000
--- a/ChangeLog.d/PSA-test-suites-NOT-using-UID-0.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix unit tests that used 0 as the file UID. This failed on some
- implementations of PSA ITS. Fixes #3838.
diff --git a/ChangeLog.d/add-mbedtls_md_starts-to-mbedtls_md_process-test.txt b/ChangeLog.d/add-mbedtls_md_starts-to-mbedtls_md_process-test.txt
deleted file mode 100644
index 57c7561..0000000
--- a/ChangeLog.d/add-mbedtls_md_starts-to-mbedtls_md_process-test.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix API violation in mbedtls_md_process() test by adding a call to
- mbedtls_md_starts(). Fixes #2227.
diff --git a/ChangeLog.d/add_dn_get_next.txt b/ChangeLog.d/add_dn_get_next.txt
deleted file mode 100644
index 04ee954..0000000
--- a/ChangeLog.d/add_dn_get_next.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Add mbedtls_x509_dn_get_next function to return the next relative DN in
- an X509 name, to allow walking the name list. Fixes #5431.
diff --git a/ChangeLog.d/add_final_delay_accessor.txt b/ChangeLog.d/add_final_delay_accessor.txt
deleted file mode 100644
index 4b8117f..0000000
--- a/ChangeLog.d/add_final_delay_accessor.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Features
- * Add function mbedtls_timing_get_final_delay() to access the private
- final delay field in an mbedtls_timing_delay_context, as requested in
- #5183.
diff --git a/ChangeLog.d/add_handshake_completion_accessor.txt b/ChangeLog.d/add_handshake_completion_accessor.txt
deleted file mode 100644
index c06a539..0000000
--- a/ChangeLog.d/add_handshake_completion_accessor.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Features
- * Add function mbedtls_ssl_is_handshake_over() to enable querying if the SSL
- Handshake has completed or not, and thus whether to continue calling
- mbedtls_ssl_handshake_step(), requested in #4383.
diff --git a/ChangeLog.d/add_mbedtls_setbuf.txt b/ChangeLog.d/add_mbedtls_setbuf.txt
deleted file mode 100644
index d14cd18..0000000
--- a/ChangeLog.d/add_mbedtls_setbuf.txt
+++ /dev/null
@@ -1,11 +0,0 @@
-Security
- * Add the platform function mbedtls_setbuf() to allow buffering to be
- disabled on stdio files, to stop secrets loaded from said files being
- potentially left in memory after file operations. Reported by
- Glenn Strauss.
-Requirement changes
- * The library will no longer compile out of the box on a platform without
- setbuf(). If your platform does not have setbuf(), you can configure an
- alternative function by enabling MBEDTLS_PLATFORM_SETBUF_ALT or
- MBEDTLS_PLATFORM_SETBUF_MACRO.
-
diff --git a/ChangeLog.d/add_own_cid_accessors.txt b/ChangeLog.d/add_own_cid_accessors.txt
deleted file mode 100644
index 553299c..0000000
--- a/ChangeLog.d/add_own_cid_accessors.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Features
- * Add the function mbedtls_ssl_get_own_cid() to access our own connection id
- within mbedtls_ssl_context, as requested in #5184.
-
diff --git a/ChangeLog.d/alert_reentrant.txt b/ChangeLog.d/alert_reentrant.txt
deleted file mode 100644
index 691d64c..0000000
--- a/ChangeLog.d/alert_reentrant.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Bugfix
- * Fix bug in the alert sending function mbedtls_ssl_send_alert_message()
- potentially leading to corrupted alert messages being sent in case
- the function needs to be re-called after initially returning
- MBEDTLS_SSL_WANT_WRITE. Fixes #1916.
diff --git a/ChangeLog.d/asn1write-0-fix.txt b/ChangeLog.d/asn1write-0-fix.txt
deleted file mode 100644
index 2e01244..0000000
--- a/ChangeLog.d/asn1write-0-fix.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Bugfix
- * Fix mbedtls_asn1_write_mpi() writing an incorrect encoding of 0.
diff --git a/ChangeLog.d/bignum-0-mod-2.txt b/ChangeLog.d/bignum-0-mod-2.txt
deleted file mode 100644
index 4a1ab16..0000000
--- a/ChangeLog.d/bignum-0-mod-2.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * Fix a null pointer dereference when performing some operations on zero
- represented with 0 limbs (specifically mbedtls_mpi_mod_int() dividing
- by 2, and mbedtls_mpi_write_string() in base 2).
diff --git a/ChangeLog.d/buf-overread-use-psa-static-ecdh.txt b/ChangeLog.d/buf-overread-use-psa-static-ecdh.txt
deleted file mode 100644
index 84b9f79..0000000
--- a/ChangeLog.d/buf-overread-use-psa-static-ecdh.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-Security
- * Fix a potential heap buffer overread in TLS 1.2 server-side when
- MBEDTLS_USE_PSA_CRYPTO is enabled, an opaque key (created with
- mbedtls_pk_setup_opaque()) is provisioned, and a static ECDH ciphersuite
- is selected. This may result in an application crash or potentially an
- information leak.
diff --git a/ChangeLog.d/bug_order_x448.txt b/ChangeLog.d/bug_order_x448.txt
deleted file mode 100644
index cebefc4..0000000
--- a/ChangeLog.d/bug_order_x448.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Bugfix
- * Fix order value of curve x448.
diff --git a/ChangeLog.d/ccm_star_no_tag.txt b/ChangeLog.d/ccm_star_no_tag.txt
deleted file mode 100644
index 21e829c..0000000
--- a/ChangeLog.d/ccm_star_no_tag.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * Declare or use PSA_WANT_ALG_CCM_STAR_NO_TAG following the general
- pattern for PSA_WANT_xxx symbols. Previously you had to specify
- PSA_WANT_ALG_CCM for PSA_ALG_CCM_STAR_NO_TAG.
diff --git a/ChangeLog.d/chacha20_invalid_iv_len_fix.txt b/ChangeLog.d/chacha20_invalid_iv_len_fix.txt
deleted file mode 100644
index af35e2a..0000000
--- a/ChangeLog.d/chacha20_invalid_iv_len_fix.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Default behavior changes
- * mbedtls_cipher_set_iv will now fail with ChaCha20 and ChaCha20+Poly1305
- for IV lengths other than 12. The library was silently overwriting this
- length with 12, but did not inform the caller about it. Fixes #4301.
diff --git a/ChangeLog.d/cmake-subproject-fix.txt b/ChangeLog.d/cmake-subproject-fix.txt
deleted file mode 100644
index dffdd14..0000000
--- a/ChangeLog.d/cmake-subproject-fix.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Features
- * cmake now detects if it is being built as a sub-project, and in that case
- disables the target export/installation and package configuration.
diff --git a/ChangeLog.d/cmake_add_subdirectory_support.txt b/ChangeLog.d/cmake_add_subdirectory_support.txt
deleted file mode 100644
index f14f3f8..0000000
--- a/ChangeLog.d/cmake_add_subdirectory_support.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Changes
- * In CMake builds, add aliases for libraries so that the normal MbedTLS::*
- targets work when MbedTLS is built as a subdirectory. This allows the
- use of FetchContent, as requested in #5688.
diff --git a/ChangeLog.d/cmake_fix_dll_install.txt b/ChangeLog.d/cmake_fix_dll_install.txt
deleted file mode 100644
index 7f407c4..0000000
--- a/ChangeLog.d/cmake_fix_dll_install.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Changes
- * Fix runtime library install location when building with CMake and MinGW.
- DLLs are now installed in the bin directory instead of lib.
diff --git a/ChangeLog.d/cmake_msvc_utf8.txt b/ChangeLog.d/cmake_msvc_utf8.txt
deleted file mode 100644
index 552eec7..0000000
--- a/ChangeLog.d/cmake_msvc_utf8.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Changes
- * Assume source files are in UTF-8 when using MSVC with CMake.
diff --git a/ChangeLog.d/cmake_use_GnuInstallDirs.txt b/ChangeLog.d/cmake_use_GnuInstallDirs.txt
deleted file mode 100644
index d848755..0000000
--- a/ChangeLog.d/cmake_use_GnuInstallDirs.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Changes
- * cmake: Use GnuInstallDirs to customize install directories
- Replace custom LIB_INSTALL_DIR variable with standard CMAKE_INSTALL_LIBDIR
- variable. For backward compatibility, set CMAKE_INSTALL_LIBDIR if
- LIB_INSTALL_DIR is set.
diff --git a/ChangeLog.d/cookie_parsing_bug.txt b/ChangeLog.d/cookie_parsing_bug.txt
deleted file mode 100644
index 1c25f39..0000000
--- a/ChangeLog.d/cookie_parsing_bug.txt
+++ /dev/null
@@ -1,9 +0,0 @@
-Security
- * Fix a buffer overread in DTLS ClientHello parsing in servers with
- MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled. An unauthenticated client
- or a man-in-the-middle could cause a DTLS server to read up to 255 bytes
- after the end of the SSL input buffer. The buffer overread only happens
- when MBEDTLS_SSL_IN_CONTENT_LEN is less than a threshold that depends on
- the exact configuration: 258 bytes if using mbedtls_ssl_cookie_check(),
- and possibly up to 571 bytes with a custom cookie check function.
- Reported by the Cybeats PSI Team.
diff --git a/ChangeLog.d/deprecate_mbedtls_cipher_setup_psa.txt b/ChangeLog.d/deprecate_mbedtls_cipher_setup_psa.txt
deleted file mode 100644
index b145243..0000000
--- a/ChangeLog.d/deprecate_mbedtls_cipher_setup_psa.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-New deprecations
- * Deprecate mbedtls_cipher_setup_psa(). Use psa_aead_xxx() or
- psa_cipher_xxx() directly instead.
diff --git a/ChangeLog.d/doc-x509-profile-pk.txt b/ChangeLog.d/doc-x509-profile-pk.txt
deleted file mode 100644
index 35625fe..0000000
--- a/ChangeLog.d/doc-x509-profile-pk.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Bugfix
- * Fix incorrect documentation of mbedtls_x509_crt_profile. The previous
- documentation stated that the `allowed_pks` field applies to signatures
- only, but in fact it does apply to the public key type of the end entity
- certificate, too. Fixes #1992.
diff --git a/ChangeLog.d/dtls-cid-null.txt b/ChangeLog.d/dtls-cid-null.txt
deleted file mode 100644
index b020616..0000000
--- a/ChangeLog.d/dtls-cid-null.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Bugfix
- * In configurations with MBEDTLS_SSL_DTLS_CONNECTION_ID enabled but not
- MBEDTLS_DEBUG_C, DTLS handshakes using CID would crash due to a null
- pointer dereference. Fix this. Fixes #3998.
- The fix was released, but not announced, in Mbed TLS 3.1.0.
diff --git a/ChangeLog.d/fix-csr_subject_commas.txt b/ChangeLog.d/fix-csr_subject_commas.txt
deleted file mode 100644
index e01c9a8..0000000
--- a/ChangeLog.d/fix-csr_subject_commas.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix string representation of DNs when outputting values containing commas
- and other special characters, conforming to RFC 1779. Fixes #769.
diff --git a/ChangeLog.d/fix-parllel-cmake-build-fail.txt b/ChangeLog.d/fix-parllel-cmake-build-fail.txt
deleted file mode 100644
index 112fa85..0000000
--- a/ChangeLog.d/fix-parllel-cmake-build-fail.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix a race condition in out-of-source builds with CMake when generated data
- files are already present. Fixes #5374.
diff --git a/ChangeLog.d/fix-time-format-pre-2000.txt b/ChangeLog.d/fix-time-format-pre-2000.txt
deleted file mode 100644
index 414201e..0000000
--- a/ChangeLog.d/fix-time-format-pre-2000.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Encode X.509 dates before 1/1/2000 as UTCTime rather than
- GeneralizedTime. Fixes #5465.
diff --git a/ChangeLog.d/fix-undefined-memcpy-mbedtls_asn1_named_data.txt b/ChangeLog.d/fix-undefined-memcpy-mbedtls_asn1_named_data.txt
deleted file mode 100644
index b30f7fa..0000000
--- a/ChangeLog.d/fix-undefined-memcpy-mbedtls_asn1_named_data.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix undefined behavior in mbedtls_asn1_find_named_data(), where val is
- not NULL and val_len is zero.
diff --git a/ChangeLog.d/fix-windows-cmake-build-with-shared-libraries.txt b/ChangeLog.d/fix-windows-cmake-build-with-shared-libraries.txt
deleted file mode 100644
index a6540a1..0000000
--- a/ChangeLog.d/fix-windows-cmake-build-with-shared-libraries.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix the library search path when building a shared library with CMake
- on Windows.
diff --git a/ChangeLog.d/fix-x25519-program.txt b/ChangeLog.d/fix-x25519-program.txt
deleted file mode 100644
index bf5d6ac..0000000
--- a/ChangeLog.d/fix-x25519-program.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * Fix a bug in the x25519 example program where the removal of
- MBEDTLS_ECDH_LEGACY_CONTEXT caused the program not to run. Fixes #4901 and
- #3191.
diff --git a/ChangeLog.d/fix_keyid_and_ownerid_accessor_macros.txt b/ChangeLog.d/fix_keyid_and_ownerid_accessor_macros.txt
deleted file mode 100644
index 5d52fd5..0000000
--- a/ChangeLog.d/fix_keyid_and_ownerid_accessor_macros.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * Fix MBEDTLS_SVC_KEY_ID_GET_KEY_ID() and MBEDTLS_SVC_KEY_ID_GET_OWNER_ID()
- which have been broken, resulting in compilation errors, since Mbed TLS
- 3.0.
diff --git a/ChangeLog.d/fix_some_resource_leaks.txt b/ChangeLog.d/fix_some_resource_leaks.txt
deleted file mode 100644
index 9761537..0000000
--- a/ChangeLog.d/fix_some_resource_leaks.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-Bugfix
- * Fix resource leaks in mbedtls_pk_parse_public_key() in low
- memory conditions.
-Security
- * Fix potential memory leak inside mbedtls_ssl_cache_set() with
- an invalid session id length.
diff --git a/ChangeLog.d/fix_tls_12_ciphersuite_selection.txt b/ChangeLog.d/fix_tls_12_ciphersuite_selection.txt
deleted file mode 100644
index ad615bc..0000000
--- a/ChangeLog.d/fix_tls_12_ciphersuite_selection.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Bugfix
- * Ensure that TLS 1.2 ciphersuite/certificate and key selection takes into
- account not just the type of the key (RSA vs EC) but also what it can
- actually do. Resolves #5831.
-
diff --git a/ChangeLog.d/fix_tls_record_size_check.txt b/ChangeLog.d/fix_tls_record_size_check.txt
deleted file mode 100644
index 13d452d..0000000
--- a/ChangeLog.d/fix_tls_record_size_check.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * Fix record sizes larger than 16384 being sometimes accepted despite being
- non-compliant. This could not lead to a buffer overflow. In particular,
- application data size was already checked correctly.
diff --git a/ChangeLog.d/fix_windows_build_host_detection.txt b/ChangeLog.d/fix_windows_build_host_detection.txt
deleted file mode 100644
index d593eb8..0000000
--- a/ChangeLog.d/fix_windows_build_host_detection.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix CMake windows host detection, especially when cross compiling.
-
diff --git a/ChangeLog.d/hkdf_extract_expand.txt b/ChangeLog.d/hkdf_extract_expand.txt
deleted file mode 100644
index c394bbd..0000000
--- a/ChangeLog.d/hkdf_extract_expand.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Features
- * Add HKDF-Expand and HKDF-Extract as separate algorithms in the PSA API.
diff --git a/ChangeLog.d/keyidowner-psacrypto-compat.txt b/ChangeLog.d/keyidowner-psacrypto-compat.txt
deleted file mode 100644
index 77ce9e3..0000000
--- a/ChangeLog.d/keyidowner-psacrypto-compat.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Features
- * Make USE_PSA_CRYPTO compatible with KEY_ID_ENCODES_OWNER. Fixes #5259.
diff --git a/ChangeLog.d/make-generated-file-fix.txt b/ChangeLog.d/make-generated-file-fix.txt
deleted file mode 100644
index d0c1437..0000000
--- a/ChangeLog.d/make-generated-file-fix.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix an error in make where the absence of a generated file caused
- make to break on a clean checkout. Fixes #5340.
diff --git a/ChangeLog.d/mbedtls_ecp_export.txt b/ChangeLog.d/mbedtls_ecp_export.txt
deleted file mode 100644
index 5dce5b4..0000000
--- a/ChangeLog.d/mbedtls_ecp_export.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Features
- * Add function mbedtls_ecp_export() to export ECP key pair parameters.
- Fixes #4838.
diff --git a/ChangeLog.d/mbedtls_pem_get_der.txt b/ChangeLog.d/mbedtls_pem_get_der.txt
deleted file mode 100644
index b03b058..0000000
--- a/ChangeLog.d/mbedtls_pem_get_der.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Features
- * Add accessor to get the raw buffer pointer from a PEM context.
diff --git a/ChangeLog.d/mbedtls_pk_sign_ext.txt b/ChangeLog.d/mbedtls_pk_sign_ext.txt
deleted file mode 100644
index 8dfa2e5..0000000
--- a/ChangeLog.d/mbedtls_pk_sign_ext.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Features
- * Add mbedtls_pk_sign_ext() which allows generating RSA-PSS signatures when
- PSA Crypto is enabled.
diff --git a/ChangeLog.d/mbedtls_sha2_a64_crypto_acceleration.txt b/ChangeLog.d/mbedtls_sha2_a64_crypto_acceleration.txt
deleted file mode 100644
index a6e7f6d..0000000
--- a/ChangeLog.d/mbedtls_sha2_a64_crypto_acceleration.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Features
- * Add support for the ARMv8 SHA-2 acceleration instructions when building
- for Aarch64.
diff --git a/ChangeLog.d/mbedtls_ssl_cert_cb.txt b/ChangeLog.d/mbedtls_ssl_cert_cb.txt
deleted file mode 100644
index fcdc23c..0000000
--- a/ChangeLog.d/mbedtls_ssl_cert_cb.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-Features
- * Add server certificate selection callback near end of Client Hello.
- Register callback with mbedtls_ssl_conf_cert_cb().
- * Provide mechanism to reset handshake cert list by calling
- mbedtls_ssl_set_hs_own_cert() with NULL value for own_cert param.
- * Add accessor mbedtls_ssl_get_hs_sni() to retrieve SNI from within
- cert callback (mbedtls_ssl_conf_cert_cb()) during handshake.
diff --git a/ChangeLog.d/mbedtls_ssl_comfig_defaults-memleak.txt b/ChangeLog.d/mbedtls_ssl_comfig_defaults-memleak.txt
deleted file mode 100644
index 043b273..0000000
--- a/ChangeLog.d/mbedtls_ssl_comfig_defaults-memleak.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Bugfix
- * Fix a memory leak if mbedtls_ssl_config_defaults() is called twice.
diff --git a/ChangeLog.d/mbedtls_ssl_dn_hint.txt b/ChangeLog.d/mbedtls_ssl_dn_hint.txt
deleted file mode 100644
index f569a36..0000000
--- a/ChangeLog.d/mbedtls_ssl_dn_hint.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Features
- * Add accessors to configure DN hints for certificate request:
- mbedtls_ssl_conf_dn_hints() and mbedtls_ssl_set_hs_dn_hints()
diff --git a/ChangeLog.d/mbedtls_ssl_get_ciphersuite_id.txt b/ChangeLog.d/mbedtls_ssl_get_ciphersuite_id.txt
deleted file mode 100644
index c4235b7..0000000
--- a/ChangeLog.d/mbedtls_ssl_get_ciphersuite_id.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Features
- * Add accessor to obtain ciphersuite id from ssl context.
- * Add accessors to get members from ciphersuite info.
diff --git a/ChangeLog.d/mbedtls_ssl_hs_cb_t.txt b/ChangeLog.d/mbedtls_ssl_hs_cb_t.txt
deleted file mode 100644
index 28c3371..0000000
--- a/ChangeLog.d/mbedtls_ssl_hs_cb_t.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Features
- * Introduce mbedtls_ssl_hs_cb_t typedef for use with
- mbedtls_ssl_conf_cert_cb() and perhaps future callbacks
- during TLS handshake.
diff --git a/ChangeLog.d/mbedtls_ssl_ticket_rotate.txt b/ChangeLog.d/mbedtls_ssl_ticket_rotate.txt
deleted file mode 100644
index b843bfd..0000000
--- a/ChangeLog.d/mbedtls_ssl_ticket_rotate.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Features
- * Add mbedtls_ssl_ticket_rotate() for external ticket rotation.
diff --git a/ChangeLog.d/mbedtls_ssl_tls13_client.txt b/ChangeLog.d/mbedtls_ssl_tls13_client.txt
deleted file mode 100644
index 57a26e1..0000000
--- a/ChangeLog.d/mbedtls_ssl_tls13_client.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Features
- * Add ALPN support in TLS 1.3 clients.
diff --git a/ChangeLog.d/mbedtls_tlsver_enum.txt b/ChangeLog.d/mbedtls_tlsver_enum.txt
deleted file mode 100644
index c027ab7..0000000
--- a/ChangeLog.d/mbedtls_tlsver_enum.txt
+++ /dev/null
@@ -1,10 +0,0 @@
-New deprecations
- * Deprecate mbedtls_ssl_conf_max_version() and
- mbedtls_ssl_conf_min_version() in favor of
- mbedtls_ssl_conf_max_tls_version() and
- mbedtls_ssl_conf_min_tls_version().
-
-Features
- * Add functions mbedtls_ssl_conf_max_tls_version() and
- mbedtls_ssl_conf_min_tls_version() that use a single value to specify
- the protocol version.
diff --git a/ChangeLog.d/md_info_from_ctx.txt b/ChangeLog.d/md_info_from_ctx.txt
deleted file mode 100644
index aa61e1a..0000000
--- a/ChangeLog.d/md_info_from_ctx.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Features
- * Add function mbedtls_md_info_from_ctx() to recall the message digest
- information that was used to set up a message digest context.
diff --git a/ChangeLog.d/mingw.txt b/ChangeLog.d/mingw.txt
deleted file mode 100644
index ac4e741..0000000
--- a/ChangeLog.d/mingw.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * Fix compilation error with mingw32. Fixed by Cameron Cawley in #4211.
- * Fix compilation error when using C++ Builder on Windows. Reported by
- Miroslav Mastny in #4015.
diff --git a/ChangeLog.d/msvc-compiler-bug.txt b/ChangeLog.d/msvc-compiler-bug.txt
deleted file mode 100644
index 06062bc..0000000
--- a/ChangeLog.d/msvc-compiler-bug.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Work around an MSVC ARM64 compiler bug causing incorrect behaviour
- in mbedtls_mpi_exp_mod(). Reported by Tautvydas Žilys in #5467.
diff --git a/ChangeLog.d/new-examples.txt b/ChangeLog.d/new-examples.txt
deleted file mode 100644
index 71ec833..0000000
--- a/ChangeLog.d/new-examples.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Features
- * Add example programs cipher_aead_demo.c, md_hmac_demo.c, aead_demo.c
- and hmac_demo.c, which use PSA and the md/cipher interfaces side
- by side in order to illustrate how the operation is performed in PSA.
- Addresses #5208.
diff --git a/ChangeLog.d/pkparse-pkcs8-unencrypted-no-alloc.txt b/ChangeLog.d/pkparse-pkcs8-unencrypted-no-alloc.txt
deleted file mode 100644
index 9d7a32e..0000000
--- a/ChangeLog.d/pkparse-pkcs8-unencrypted-no-alloc.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Changes
- * In mbedtls_pk_parse_key(), if no password is provided, don't allocate a
- temporary variable on the heap. Suggested by Sergey Kanatov in #5304.
diff --git a/ChangeLog.d/psa_aead_singleshot_error.txt b/ChangeLog.d/psa_aead_singleshot_error.txt
deleted file mode 100644
index ccf1d4c..0000000
--- a/ChangeLog.d/psa_aead_singleshot_error.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Changes
- * Return PSA_ERROR_INVALID_ARGUMENT if the algorithm passed to one-shot
- AEAD functions is not an AEAD algorithm. This aligns them with the
- multipart functions, and the PSA Crypto API 1.1 specification.
diff --git a/ChangeLog.d/psa_crypto_config_file.txt b/ChangeLog.d/psa_crypto_config_file.txt
deleted file mode 100644
index d42651d..0000000
--- a/ChangeLog.d/psa_crypto_config_file.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-Features
- * When MBEDTLS_PSA_CRYPTO_CONFIG is enabled, you may list the PSA crypto
- feature requirements in the file named by the new macro
- MBEDTLS_PSA_CRYPTO_CONFIG_FILE instead of the default psa/crypto_config.h.
- Furthermore you may name an additional file to include after the main
- file with the macro MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE.
diff --git a/ChangeLog.d/psa_crypto_key_derivation_for_ECC_keys.txt b/ChangeLog.d/psa_crypto_key_derivation_for_ECC_keys.txt
deleted file mode 100644
index 393fa8d..0000000
--- a/ChangeLog.d/psa_crypto_key_derivation_for_ECC_keys.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Features
- * Add support for psa crypto key derivation for elliptic curve
- keys. Fixes #3260.
diff --git a/ChangeLog.d/psa_crypto_reduced_configs_bugs.txt b/ChangeLog.d/psa_crypto_reduced_configs_bugs.txt
deleted file mode 100644
index 0d61cb7..0000000
--- a/ChangeLog.d/psa_crypto_reduced_configs_bugs.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix several bugs (warnings, compiler and linker errors, test failures)
- in reduced configurations when MBEDTLS_USE_PSA_CRYPTO is enabled.
diff --git a/ChangeLog.d/psa_crypto_se.txt b/ChangeLog.d/psa_crypto_se.txt
deleted file mode 100644
index f8136b1..0000000
--- a/ChangeLog.d/psa_crypto_se.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-New deprecations
- * Secure element drivers enabled by MBEDTLS_PSA_CRYPTO_SE_C are deprecated.
- This was intended as an experimental feature, but had not been explicitly
- documented as such. Use opaque drivers with the interface enabled by
- MBEDTLS_PSA_CRYPTO_DRIVERS instead.
diff --git a/ChangeLog.d/psa_raw_key_agreement-buffer_too_small.txt b/ChangeLog.d/psa_raw_key_agreement-buffer_too_small.txt
deleted file mode 100644
index 415c849..0000000
--- a/ChangeLog.d/psa_raw_key_agreement-buffer_too_small.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * psa_raw_key_agreement() now returns PSA_ERROR_BUFFER_TOO_SMALL when
- applicable. Fixes #5735.
diff --git a/ChangeLog.d/psk_to_ms_mixed_psk.txt b/ChangeLog.d/psk_to_ms_mixed_psk.txt
deleted file mode 100644
index 998cc11..0000000
--- a/ChangeLog.d/psk_to_ms_mixed_psk.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Features
- * Extend the existing PSA_ALG_TLS12_PSK_TO_MS() algorithm to support
- mixed-PSK. Add an optional input PSA_KEY_DERIVATION_INPUT_OTHER_SECRET
- holding the other secret.
diff --git a/ChangeLog.d/remove_prompt_to_exit.txt b/ChangeLog.d/remove_prompt_to_exit.txt
deleted file mode 100644
index 4cd40c3..0000000
--- a/ChangeLog.d/remove_prompt_to_exit.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * Removed the prompt to exit from all windows build programs that was causing
- issues in CI/CD environments.
-
diff --git a/ChangeLog.d/resumption_cid.txt b/ChangeLog.d/resumption_cid.txt
deleted file mode 100644
index 5c237aa..0000000
--- a/ChangeLog.d/resumption_cid.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Bugfix
- * Fix server connection identifier setting for outgoing encrypted records
- on DTLS 1.2 session resumption. After DTLS 1.2 session resumption with
- connection identifier, the Mbed TLS client now properly sends the server
- connection identifier in encrypted record headers. Fix #5872.
diff --git a/ChangeLog.d/selftest-gcc12.txt b/ChangeLog.d/selftest-gcc12.txt
deleted file mode 100644
index aafa256..0000000
--- a/ChangeLog.d/selftest-gcc12.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Bugfix
- * Silence a warning from GCC 12 in the selftest program. Fixes #5974.
diff --git a/ChangeLog.d/ssl_context-user_data.txt b/ChangeLog.d/ssl_context-user_data.txt
deleted file mode 100644
index 630d8f0..0000000
--- a/ChangeLog.d/ssl_context-user_data.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-Features
- * The structures mbedtls_ssl_config and mbedtls_ssl_context now store
- a piece of user data which is reserved for the application. The user
- data can be either a pointer or an integer.
- * Add an accessor function to get the configuration associated with
- an SSL context.
diff --git a/ChangeLog.d/ssl_context-version_number.txt b/ChangeLog.d/ssl_context-version_number.txt
deleted file mode 100644
index b5951d0..0000000
--- a/ChangeLog.d/ssl_context-version_number.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Features
- * Add a function to access the protocol version from an SSL context in a
- form that's easy to compare. Fixes #5407.
diff --git a/ChangeLog.d/ssl_get_version_1_3.txt b/ChangeLog.d/ssl_get_version_1_3.txt
deleted file mode 100644
index 4436522..0000000
--- a/ChangeLog.d/ssl_get_version_1_3.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Bugfix
- * Fix mbedtls_ssl_get_version() not reporting TLSv1.3. Fixes #5406.
diff --git a/ChangeLog.d/static_link_common_runtime_msvc.txt b/ChangeLog.d/static_link_common_runtime_msvc.txt
deleted file mode 100644
index 6104943..0000000
--- a/ChangeLog.d/static_link_common_runtime_msvc.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Changes
- * Add a CMake option that enables static linking of the runtime library
- in Microsoft Visual C++ compiler. Contributed by Microplankton.
diff --git a/ChangeLog.d/timeless.txt b/ChangeLog.d/timeless.txt
deleted file mode 100644
index 84f07d6..0000000
--- a/ChangeLog.d/timeless.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix compile errors when MBEDTLS_HAVE_TIME is not defined. Add tests
- to catch bad uses of time.h.
diff --git a/ChangeLog.d/tls13-add-missing-overread-check.txt b/ChangeLog.d/tls13-add-missing-overread-check.txt
deleted file mode 100644
index 4552cd7..0000000
--- a/ChangeLog.d/tls13-add-missing-overread-check.txt
+++ /dev/null
@@ -1,8 +0,0 @@
-Security
- * Fix a buffer overread in TLS 1.3 Certificate parsing. An unauthenticated
- client or server could cause an MbedTLS server or client to overread up
- to 64 kBytes of data and potentially overread the input buffer by that
- amount minus the size of the input buffer. As overread data undergoes
- various checks, the likelihood of reaching the boundary of the input
- buffer is rather small but increases as its size
- MBEDTLS_SSL_IN_CONTENT_LEN decreases.
diff --git a/ChangeLog.d/tls13-fix-finished-fetch.txt b/ChangeLog.d/tls13-fix-finished-fetch.txt
deleted file mode 100644
index 9a8acb3..0000000
--- a/ChangeLog.d/tls13-fix-finished-fetch.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix a TLS 1.3 handshake failure when the peer Finished message has not
- been received yet when we first try to fetch it.
diff --git a/ChangeLog.d/tls13-fix-key-usage-checks.txt b/ChangeLog.d/tls13-fix-key-usage-checks.txt
deleted file mode 100644
index f19bf52..0000000
--- a/ChangeLog.d/tls13-fix-key-usage-checks.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-Security
- * Fix check of certificate key usage in TLS 1.3. The usage of the public key
- provided by a client or server certificate for authentication was not
- checked properly when validating the certificate. This could cause a
- client or server to be able to authenticate itself through a certificate
- to an Mbed TLS TLS 1.3 server or client while it does not own a proper
- certificate to do so.
diff --git a/ChangeLog.d/tls13-misc-changelogs.txt b/ChangeLog.d/tls13-misc-changelogs.txt
deleted file mode 100644
index a575b33..0000000
--- a/ChangeLog.d/tls13-misc-changelogs.txt
+++ /dev/null
@@ -1,18 +0,0 @@
-Bugfix
- * Fix a TLS 1.3 handshake failure when the first attempt to send the client
- Finished message on the network cannot be satisfied. Fixes #5499.
-
-Features
- * Add support for authentication of TLS 1.3 clients by TLS 1.3 servers.
- * Add support for server HelloRetryRequest message. The TLS 1.3 client is
- now capable of negotiating another shared secret if the one sent in its
- first ClientHello was not suitable to the server.
- * Add support for client-side TLS version negotiation. If both TLS 1.2 and
- TLS 1.3 protocols are enabled in the build of Mbed TLS, the TLS client now
- negotiates TLS 1.3 or TLS 1.2 with TLS servers.
- * Enable building of Mbed TLS with TLS 1.3 protocol support but without TLS
- 1.2 protocol support.
- * Mbed TLS provides an implementation of a TLS 1.3 server (ephemeral key
- establishment only). See docs/architecture/tls13-support.md for a
- description of the support. The MBEDTLS_SSL_PROTO_TLS1_3 and
- MBEDTLS_SSL_SRV_C configuration options control this.
diff --git a/ChangeLog.d/tls13-sig-alg-deprecations.txt b/ChangeLog.d/tls13-sig-alg-deprecations.txt
deleted file mode 100644
index b56fa17..0000000
--- a/ChangeLog.d/tls13-sig-alg-deprecations.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-New deprecations
- * Deprecate mbedtls_ssl_conf_sig_hashes() in favor of the more generic
- mbedtls_ssl_conf_sig_algs(). Signature algorithms for the TLS 1.2 and
- TLS 1.3 handshake should now be configured with
- mbedtls_ssl_conf_sig_algs().
diff --git a/ChangeLog.d/tls13_and_keep_certificates.txt b/ChangeLog.d/tls13_and_keep_certificates.txt
deleted file mode 100644
index 8c2421f..0000000
--- a/ChangeLog.d/tls13_and_keep_certificates.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * Fix check_config.h to check that we have MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
- when MBEDTLS_SSL_PROTO_TLS1_3 is specified, and make this and other
- dependencies explicit in the documentation. Fixes #5610.
diff --git a/ChangeLog.d/tls13_and_use_psa_crypto.txt b/ChangeLog.d/tls13_and_use_psa_crypto.txt
deleted file mode 100644
index 6198804..0000000
--- a/ChangeLog.d/tls13_and_use_psa_crypto.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * The TLS 1.3 implementation is now compatible with the
- MBEDTLS_USE_PSA_CRYPTO configuration option.
diff --git a/ChangeLog.d/tls13_f_export_keys.txt b/ChangeLog.d/tls13_f_export_keys.txt
deleted file mode 100644
index 31debc2..0000000
--- a/ChangeLog.d/tls13_f_export_keys.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fixed swap of client and server random bytes when exporting them alongside
- TLS 1.3 handshake and application traffic secret.
diff --git a/ChangeLog.d/use-psa-ecdhe-curve.txt b/ChangeLog.d/use-psa-ecdhe-curve.txt
deleted file mode 100644
index 658f88f..0000000
--- a/ChangeLog.d/use-psa-ecdhe-curve.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-Bugfix
- * Fix a bug in (D)TLS curve negotiation: when MBEDTLS_USE_PSA_CRYPTO was
- enabled and an ECDHE-ECDSA or ECDHE-RSA key exchange was used, the
- client would fail to check that the curve selected by the server for
- ECDHE was indeed one that was offered. As a result, the client would
- accept any curve that it supported, even if that curve was not allowed
- according to its configuration. Fixes #5291.
diff --git a/ChangeLog.d/use-psa-improvements.txt b/ChangeLog.d/use-psa-improvements.txt
deleted file mode 100644
index 1bd97a4..0000000
--- a/ChangeLog.d/use-psa-improvements.txt
+++ /dev/null
@@ -1,12 +0,0 @@
-Features
- * The configuration option MBEDTLS_USE_PSA_CRYPTO, which previously
- affected only a limited subset of crypto operations in TLS, X.509 and PK,
- now causes most of them to be done using PSA Crypto; see
- docs/use-psa-crypto.md for the list of exceptions.
- * The function mbedtls_pk_setup_opaque() now supports RSA key pairs as well.
- Opaque keys can now be used everywhere a private key is expected in the
- TLS and X.509 modules.
- * Opaque pre-shared keys for TLS, provisioned with
- mbedtls_ssl_conf_psk_opaque() or mbedtls_ssl_set_hs_psk_opaque(), which
- previously only worked for "pure" PSK key exchange, now can also be used
- for the "mixed" PSK key exchanges as well: ECDHE-PSK, DHE-PSK, RSA-PSK.
diff --git a/ChangeLog.d/x509_ext_types_accessor.txt b/ChangeLog.d/x509_ext_types_accessor.txt
deleted file mode 100644
index 13a3152..0000000
--- a/ChangeLog.d/x509_ext_types_accessor.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Features
- * Add the function mbedtls_x509_crt_has_ext_type() to access the ext types
- field within mbedtls_x509_crt context, as requested in #5585.
diff --git a/ChangeLog.d/zeroize_key_buffers_before_free.txt b/ChangeLog.d/zeroize_key_buffers_before_free.txt
deleted file mode 100644
index ba5bae1..0000000
--- a/ChangeLog.d/zeroize_key_buffers_before_free.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Security
- * Zeroize dynamically-allocated buffers used by the PSA Crypto key storage
- module before freeing them. These buffers contain secret key material, and
- could thus potentially leak the key through freed heap.
