Assemble changelog
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
diff --git a/ChangeLog b/ChangeLog
index 80b8617..d79a050 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,211 @@
Mbed TLS ChangeLog (Sorted per branch, date)
+= Mbed TLS 3.3.0 branch released 2022-12-14
+
+API changes
+ * Add an ad-hoc key derivation function handling EC J-PAKE to PMS
+ calculation that can be used to derive the session secret in TLS 1.2,
+ as described in draft-cragie-tls-ecjpake-01. This can be achieved by
+ using PSA_ALG_TLS12_ECJPAKE_TO_PMS as the key derivation algorithm.
+
+Default behavior changes
+ * Previously the macro MBEDTLS_SSL_DTLS_CONNECTION_ID implemented version 05
+ of the IETF draft, and was marked experimental and disabled by default.
+ It is now no longer experimental, and implements the final version from
+ RFC 9146, which is not interoperable with the draft-05 version.
+ If you need to communicate with peers that use earlier versions of
+ Mbed TLS, then you need to define MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT
+ to 1, but then you won't be able to communicate with peers that use the
+ standard (non-draft) version.
+ If you need to interoperate with both classes of peers with the
+ same build of Mbed TLS, please let us know about your situation on the
+ mailing list or GitHub.
+
+Requirement changes
+ * When building with PSA drivers using generate_driver_wrappers.py, or
+ when building the library from the development branch rather than
+ from a release, the Python module jsonschema is now necessary, in
+ addition to jinja2. The official list of required Python modules is
+ maintained in scripts/basic.requirements.txt and may change again
+ in the future.
+
+New deprecations
+ * Deprecate mbedtls_asn1_free_named_data().
+ Use mbedtls_asn1_free_named_data_list()
+ or mbedtls_asn1_free_named_data_list_shallow().
+
+Features
+ * Support rsa_pss_rsae_* signature algorithms in TLS 1.2.
+ * make: enable building unversioned shared library, with e.g.:
+ "SHARED=1 SOEXT_TLS=so SOEXT_X509=so SOEXT_CRYPTO=so make lib"
+ resulting in library names like "libmbedtls.so" rather than
+ "libmbedcrypto.so.11".
+ * Expose the EC J-PAKE functionality through the Draft PSA PAKE Crypto API.
+ Only the ECC primitive with secp256r1 curve and SHA-256 hash algorithm
+ are supported in this implementation.
+ * Some modules can now use PSA drivers for hashes, including with no
+ built-in implementation present, but only in some configurations.
+ - RSA OAEP and PSS (PKCS#1 v2.1), PKCS5, PKCS12 and EC J-PAKE now use
+ hashes from PSA when (and only when) MBEDTLS_MD_C is disabled.
+ - PEM parsing of encrypted files now uses MD-5 from PSA when (and only
+ when) MBEDTLS_MD5_C is disabled.
+ See the documentation of the corresponding macros in mbedtls_config.h for
+ details.
+ Note that some modules are not able to use hashes from PSA yet, including
+ the entropy module. As a consequence, for now the only way to build with
+ all hashes only provided by drivers (no built-in hash) is to use
+ MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG.
+ * When MBEDTLS_USE_PSA_CRYPTO is enabled, X.509, TLS 1.2 and TLS 1.3 now
+ properly negotiate/accept hashes based on their availability in PSA.
+ As a consequence, they now work in configurations where the built-in
+ implementations of (some) hashes are excluded and those hashes are only
+ provided by PSA drivers. (See previous entry for limitation on RSA-PSS
+ though: that module only use hashes from PSA when MBEDTLS_MD_C is off).
+ * Add support for opaque keys as the private keys associated to certificates
+ for authentication in TLS 1.3.
+ * Add the LMS post-quantum-safe stateful-hash asymmetric signature scheme.
+ Signature verification is production-ready, but generation is for testing
+ purposes only. This currently only supports one parameter set
+ (LMS_SHA256_M32_H10), meaning that each private key can be used to sign
+ 1024 messages. As such, it is not intended for use in TLS, but instead
+ for verification of assets transmitted over an insecure channel,
+ particularly firmware images.
+ * Add the LM-OTS post-quantum-safe one-time signature scheme, which is
+ required for LMS. This can be used independently, but each key can only
+ be used to sign one message so is impractical for most circumstances.
+ * Mbed TLS now supports TLS 1.3 key establishment via pre-shared keys.
+ The pre-shared keys can be provisioned externally or via the ticket
+ mechanism (session resumption).
+ The ticket mechanism is supported when the configuration option
+ MBEDTLS_SSL_SESSION_TICKETS is enabled.
+ New options MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_xxx_ENABLED
+ control the support for the three possible TLS 1.3 key exchange modes.
+ * cert_write: support for setting extended key usage attributes. A
+ corresponding new public API call has been added in the library,
+ mbedtls_x509write_crt_set_ext_key_usage().
+ * cert_write: support for writing certificate files in either PEM
+ or DER format.
+ * The PSA driver wrapper generator generate_driver_wrappers.py now
+ supports a subset of the driver description language, including
+ the following entry points: import_key, export_key, export_public_key,
+ get_builtin_key, copy_key.
+ * The new functions mbedtls_asn1_free_named_data_list() and
+ mbedtls_asn1_free_named_data_list_shallow() simplify the management
+ of memory in named data lists in X.509 structures.
+ * The TLS 1.2 EC J-PAKE key exchange can now use the PSA Crypto API.
+ Additional PSA key slots will be allocated in the process of such key
+ exchange for builds that enable MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED and
+ MBEDTLS_USE_PSA_CRYPTO.
+ * Add support for DTLS Connection ID as defined by RFC 9146, controlled by
+ MBEDTLS_SSL_DTLS_CONNECTION_ID (enabled by default) and configured with
+ mbedtls_ssl_set_cid().
+ * Add a driver dispatch layer for raw key agreement, enabling alternative
+ implementations of raw key agreement through the key_agreement driver
+ entry point. This entry point is specified in the proposed PSA driver
+ interface, but had not yet been implemented.
+
+Security
+ * Fix potential heap buffer overread and overwrite in DTLS if
+ MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and
+ MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.
+ * An adversary with access to precise enough information about memory
+ accesses (typically, an untrusted operating system attacking a secure
+ enclave) could recover an RSA private key after observing the victim
+ performing a single private-key operation if the window size used for the
+ exponentiation was 3 or smaller. Found and reported by Zili KOU,
+ Wenjian HE, Sharad Sinha, and Wei ZHANG. See "Cache Side-channel Attacks
+ and Defenses of the Sliding Window Algorithm in TEEs" - Design, Automation
+ and Test in Europe 2023.
+
+Bugfix
+ * Refactor mbedtls_aes_context to support shallow-copying. Fixes #2147.
+ * Fix an issue with in-tree CMake builds in releases with GEN_FILES
+ turned off: if a shipped file was missing from the working directory,
+ it could be turned into a symbolic link to itself.
+ * Fix a long-standing build failure when building x86 PIC code with old
+ gcc (4.x). The code will be slower, but will compile. We do however
+ recommend upgrading to a more recent compiler instead. Fixes #1910.
+ * Fix support for little-endian Microblaze when MBEDTLS_HAVE_ASM is defined.
+ Contributed by Kazuyuki Kimura to fix #2020.
+ * Use double quotes to include private header file psa_crypto_cipher.h.
+ Fixes 'file not found with <angled> include' error
+ when building with Xcode.
+ * Fix handling of broken symlinks when loading certificates using
+ mbedtls_x509_crt_parse_path(). Instead of returning an error as soon as a
+ broken link is encountered, skip the broken link and continue parsing
+ other certificate files. Contributed by Eduardo Silva in #2602.
+ * Fix an interoperability failure between an Mbed TLS client with both
+ TLS 1.2 and TLS 1.3 support, and a TLS 1.2 server that supports
+ rsa_pss_rsae_* signature algorithms. This failed because Mbed TLS
+ advertised support for PSS in both TLS 1.2 and 1.3, but only
+ actually supported PSS in TLS 1.3.
+ * Fix a compilation error when using CMake with an IAR toolchain.
+ Fixes #5964.
+ * Fix a build error due to a missing prototype warning when
+ MBEDTLS_DEPRECATED_REMOVED is enabled.
+ * Fix mbedtls_ctr_drbg_free() on an initialized but unseeded context. When
+ MBEDTLS_AES_ALT is enabled, it could call mbedtls_aes_free() on an
+ uninitialized context.
+ * Fix a build issue on Windows using CMake where the source and build
+ directories could not be on different drives. Fixes #5751.
+ * Fix bugs and missing dependencies when building and testing
+ configurations with only one encryption type enabled in TLS 1.2.
+ * Provide the missing definition of mbedtls_setbuf() in some configurations
+ with MBEDTLS_PLATFORM_C disabled. Fixes #6118, #6196.
+ * Fix compilation errors when trying to build with
+ PSA drivers for AEAD (GCM, CCM, Chacha20-Poly1305).
+ * Fix memory leak in ssl_parse_certificate_request() caused by
+ mbedtls_x509_get_name() not freeing allocated objects in case of error.
+ Change mbedtls_x509_get_name() to clean up allocated objects on error.
+ * Fix build failure with MBEDTLS_RSA_C and MBEDTLS_PSA_CRYPTO_C but not
+ MBEDTLS_USE_PSA_CRYPTO or MBEDTLS_PK_WRITE_C. Fixes #6408.
+ * Fix build failure with MBEDTLS_RSA_C and MBEDTLS_PSA_CRYPTO_C but not
+ MBEDTLS_PK_PARSE_C. Fixes #6409.
+ * Fix ECDSA verification, where it was not always validating the
+ public key. This bug meant that it was possible to verify a
+ signature with an invalid public key, in some cases. Reported by
+ Guido Vranken using Cryptofuzz in #4420.
+ * Fix a possible null pointer dereference if a memory allocation fails
+ in TLS PRF code. Reported by Michael Madsen in #6516.
+ * Fix TLS 1.3 session resumption. Fixes #6488.
+ * Add a configuration check to exclude optional client authentication
+ in TLS 1.3 (where it is forbidden).
+ * Fix a bug in which mbedtls_x509_crt_info() would produce non-printable
+ bytes when parsing certificates containing a binary RFC 4108
+ HardwareModuleName as a Subject Alternative Name extension. Hardware
+ serial numbers are now rendered in hex format. Fixes #6262.
+ * Fix bug in error reporting in dh_genprime.c where upon failure,
+ the error code returned by mbedtls_mpi_write_file() is overwritten
+ and therefore not printed.
+ * In the bignum module, operations of the form (-A) - (+A) or (-A) - (-A)
+ with A > 0 created an unintended representation of the value 0 which was
+ not processed correctly by some bignum operations. Fix this. This had no
+ consequence on cryptography code, but might affect applications that call
+ bignum directly and use negative numbers.
+ * Fix a bug whereby the list of signature algorithms sent as part of
+ the TLS 1.2 server certificate request would get corrupted, meaning the
+ first algorithm would not get sent and an entry consisting of two random
+ bytes would be sent instead. Found by Serban Bejan and Dudek Sebastian.
+ * Fix undefined behavior (typically harmless in practice) of
+ mbedtls_mpi_add_mpi(), mbedtls_mpi_add_abs() and mbedtls_mpi_add_int()
+ when both operands are 0 and the left operand is represented with 0 limbs.
+ * Fix undefined behavior (typically harmless in practice) when some bignum
+ functions receive the most negative value of mbedtls_mpi_sint. Credit
+ to OSS-Fuzz. Fixes #6597.
+ * Fix undefined behavior (typically harmless in practice) in PSA ECB
+ encryption and decryption.
+ * Move some SSL-specific code out of libmbedcrypto where it had been placed
+ accidentally.
+ * Fix a build error when compiling the bignum module for some Arm platforms.
+ Fixes #6089, #6124, #6217.
+
+Changes
+ * Add the ability to query PSA_WANT_xxx macros to query_compile_time_config.
+ * Calling AEAD tag-specific functions for non-AEAD algorithms (which
+ should not be done - they are documented for use only by AES-GCM and
+ ChaCha20+Poly1305) now returns MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
+ instead of success (0).
+
= Mbed TLS 3.2.1 branch released 2022-07-12
Bugfix
diff --git a/ChangeLog.d/LMS.txt b/ChangeLog.d/LMS.txt
deleted file mode 100644
index 785bfcf..0000000
--- a/ChangeLog.d/LMS.txt
+++ /dev/null
@@ -1,11 +0,0 @@
-Features
- * Add the LMS post-quantum-safe stateful-hash asymmetric signature scheme.
- Signature verification is production-ready, but generation is for testing
- purposes only. This currently only supports one parameter set
- (LMS_SHA256_M32_H10), meaning that each private key can be used to sign
- 1024 messages. As such, it is not intended for use in TLS, but instead
- for verification of assets transmitted over an insecure channel,
- particularly firmware images.
- * Add the LM-OTS post-quantum-safe one-time signature scheme, which is
- required for LMS. This can be used independently, but each key can only
- be used to sign one message so is impractical for most circumstances.
diff --git a/ChangeLog.d/add-rsa-pss-rsae-support-for-tls12.txt b/ChangeLog.d/add-rsa-pss-rsae-support-for-tls12.txt
deleted file mode 100644
index 0d40968..0000000
--- a/ChangeLog.d/add-rsa-pss-rsae-support-for-tls12.txt
+++ /dev/null
@@ -1,8 +0,0 @@
-Features
- * Support rsa_pss_rsae_* signature algorithms in TLS 1.2.
-Bugfix
- * Fix an interoperability failure between an Mbed TLS client with both
- TLS 1.2 and TLS 1.3 support, and a TLS 1.2 server that supports
- rsa_pss_rsae_* signature algorithms. This failed because Mbed TLS
- advertised support for PSS in both TLS 1.2 and 1.3, but only
- actually supported PSS in TLS 1.3.
diff --git a/ChangeLog.d/bn_mul-fix-x86-pic-compilation-for-gcc-4.txt b/ChangeLog.d/bn_mul-fix-x86-pic-compilation-for-gcc-4.txt
deleted file mode 100644
index 1d59c22..0000000
--- a/ChangeLog.d/bn_mul-fix-x86-pic-compilation-for-gcc-4.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * Fix a long-standing build failure when building x86 PIC code with old
- gcc (4.x). The code will be slower, but will compile. We do however
- recommend upgrading to a more recent compiler instead. Fixes #1910.
diff --git a/ChangeLog.d/cert_write-set-extended-key-usages.txt b/ChangeLog.d/cert_write-set-extended-key-usages.txt
deleted file mode 100644
index 18b7b04..0000000
--- a/ChangeLog.d/cert_write-set-extended-key-usages.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-Features
- * cert_write: support for setting extended key usage attributes. A
- corresponding new public API call has been added in the library,
- mbedtls_x509write_crt_set_ext_key_usage().
- * cert_write: support for writing certificate files in either PEM
- or DER format.
diff --git a/ChangeLog.d/driver-only-hashes.txt b/ChangeLog.d/driver-only-hashes.txt
deleted file mode 100644
index 6ccd199..0000000
--- a/ChangeLog.d/driver-only-hashes.txt
+++ /dev/null
@@ -1,19 +0,0 @@
-Features
- * Some modules can now use PSA drivers for hashes, including with no
- built-in implementation present, but only in some configurations.
- - RSA OAEP and PSS (PKCS#1 v2.1), PKCS5, PKCS12 and EC J-PAKE now use
- hashes from PSA when (and only when) MBEDTLS_MD_C is disabled.
- - PEM parsing of encrypted files now uses MD-5 from PSA when (and only
- when) MBEDTLS_MD5_C is disabled.
- See the documentation of the corresponding macros in mbedtls_config.h for
- details.
- Note that some modules are not able to use hashes from PSA yet, including
- the entropy module. As a consequence, for now the only way to build with
- all hashes only provided by drivers (no built-in hash) is to use
- MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG.
- * When MBEDTLS_USE_PSA_CRYPTO is enabled, X.509, TLS 1.2 and TLS 1.3 now
- properly negotiate/accept hashes based on their availability in PSA.
- As a consequence, they now work in configurations where the built-in
- implementations of (some) hashes are excluded and those hashes are only
- provided by PSA drivers. (See previous entry for limitation on RSA-PSS
- though: that module only use hashes from PSA when MBEDTLS_MD_C is off).
diff --git a/ChangeLog.d/dtls-connection-id.txt b/ChangeLog.d/dtls-connection-id.txt
deleted file mode 100644
index 840f837..0000000
--- a/ChangeLog.d/dtls-connection-id.txt
+++ /dev/null
@@ -1,17 +0,0 @@
-Features
- * Add support for DTLS Connection ID as defined by RFC 9146, controlled by
- MBEDTLS_SSL_DTLS_CONNECTION_ID (enabled by default) and configured with
- mbedtls_ssl_set_cid().
-
-Default behavior changes
- * Previously the macro MBEDTLS_SSL_DTLS_CONNECTION_ID implemented version 05
- of the IETF draft, and was marked experimental and disabled by default.
- It is now no longer experimental, and implements the final version from
- RFC 9146, which is not interoperable with the draft-05 version.
- If you need to communicate with peers that use earlier versions of
- Mbed TLS, then you need to define MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT
- to 1, but then you won't be able to communicate with peers that use the
- standard (non-draft) version.
- If you need to interoperate with both classes of peers with the
- same build of Mbed TLS, please let us know about your situation on the
- mailing list or GitHub.
diff --git a/ChangeLog.d/ecdsa-verify-fixes.txt b/ChangeLog.d/ecdsa-verify-fixes.txt
deleted file mode 100644
index b41b046..0000000
--- a/ChangeLog.d/ecdsa-verify-fixes.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Bugfix
- * Fix ECDSA verification, where it was not always validating the
- public key. This bug meant that it was possible to verify a
- signature with an invalid public key, in some cases. Reported by
- Guido Vranken using Cryptofuzz in #4420.
diff --git a/ChangeLog.d/ecjpake-in-tls.txt b/ChangeLog.d/ecjpake-in-tls.txt
deleted file mode 100644
index b84caab..0000000
--- a/ChangeLog.d/ecjpake-in-tls.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Features
- * The TLS 1.2 EC J-PAKE key exchange can now use the PSA Crypto API.
- Additional PSA key slots will be allocated in the process of such key
- exchange for builds that enable MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED and
- MBEDTLS_USE_PSA_CRYPTO.
diff --git a/ChangeLog.d/ecjpake_to_pms.txt b/ChangeLog.d/ecjpake_to_pms.txt
deleted file mode 100644
index 4dd2075..0000000
--- a/ChangeLog.d/ecjpake_to_pms.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-API changes
- * Add an ad-hoc key derivation function handling ECJPAKE to PMS
- calculation that can be used to derive the session secret in TLS 1.2,
- as described in draft-cragie-tls-ecjpake-01. This can be achieved by
- using PSA_ALG_TLS12_ECJPAKE_TO_PMS as the key derivation algorithm.
diff --git a/ChangeLog.d/extend-query_compile_time_config-to-psa_want.txt b/ChangeLog.d/extend-query_compile_time_config-to-psa_want.txt
deleted file mode 100644
index 99b2ec4..0000000
--- a/ChangeLog.d/extend-query_compile_time_config-to-psa_want.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Changes
- * Add the ability to query PSA_WANT_xxx macros to query_compile_time_config.
diff --git a/ChangeLog.d/fix-aes-shallow-copying.txt b/ChangeLog.d/fix-aes-shallow-copying.txt
deleted file mode 100644
index 0c119d6..0000000
--- a/ChangeLog.d/fix-aes-shallow-copying.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Bugfix
- * Refactor mbedtls_aes_context to support shallow-copying. Fixes #2147.
diff --git a/ChangeLog.d/fix-ctr-drbg-may-free-invalid-aes-context.txt b/ChangeLog.d/fix-ctr-drbg-may-free-invalid-aes-context.txt
deleted file mode 100644
index fe62c28..0000000
--- a/ChangeLog.d/fix-ctr-drbg-may-free-invalid-aes-context.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * Fix mbedtls_ctr_drbg_free() on an initialized but unseeded context. When
- MBEDTLS_AES_ALT is enabled, it could call mbedtls_aes_free() on an
- uninitialized context.
diff --git a/ChangeLog.d/fix-in-cid-buffer-size.txt b/ChangeLog.d/fix-in-cid-buffer-size.txt
deleted file mode 100644
index 8a6c850..0000000
--- a/ChangeLog.d/fix-in-cid-buffer-size.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Security
- * Fix potential heap buffer overread and overwrite in DTLS if
- MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and
- MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.
diff --git a/ChangeLog.d/fix-possible-false-success-in-mbedtls_cipher_check_tag.txt b/ChangeLog.d/fix-possible-false-success-in-mbedtls_cipher_check_tag.txt
deleted file mode 100644
index 1f9e0aa..0000000
--- a/ChangeLog.d/fix-possible-false-success-in-mbedtls_cipher_check_tag.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Changes
- * Calling AEAD tag-specific functions for non-AEAD algorithms (which
- should not be done - they are documented for use only by AES-GCM and
- ChaCha20+Poly1305) now returns MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
- instead of success (0).
diff --git a/ChangeLog.d/fix-tls12server-sent-sigalgs.txt b/ChangeLog.d/fix-tls12server-sent-sigalgs.txt
deleted file mode 100644
index b74c6ec..0000000
--- a/ChangeLog.d/fix-tls12server-sent-sigalgs.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Bugfix
- * Fix a bug whereby the list of signature algorithms sent as part of
- the TLS 1.2 server certificate request would get corrupted, meaning the
- first algorithm would not get sent and an entry consisting of two random
- bytes would be sent instead. Found by Serban Bejan and Dudek Sebastian.
diff --git a/ChangeLog.d/fix_aead_psa_driver_build.txt b/ChangeLog.d/fix_aead_psa_driver_build.txt
deleted file mode 100644
index a6d11d3..0000000
--- a/ChangeLog.d/fix_aead_psa_driver_build.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix compilation errors when trying to build with
- PSA drivers for AEAD (GCM, CCM, Chacha20-Poly1305).
diff --git a/ChangeLog.d/fix_arm_compile_erorr.txt b/ChangeLog.d/fix_arm_compile_erorr.txt
deleted file mode 100644
index 28c1d45..0000000
--- a/ChangeLog.d/fix_arm_compile_erorr.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix a build error when compiling the bignum module for some Arm platforms.
- Fixes #6089, #6124, #6217.
diff --git a/ChangeLog.d/fix_build_error_for_mbedtls_deprecated_removed.txt b/ChangeLog.d/fix_build_error_for_mbedtls_deprecated_removed.txt
deleted file mode 100644
index f0fa000..0000000
--- a/ChangeLog.d/fix_build_error_for_mbedtls_deprecated_removed.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix a build error due to a missing prototype warning when
- MBEDTLS_DEPRECATED_REMOVED is enabled.
diff --git a/ChangeLog.d/fix_build_tls1_2_with_single_encryption_type.txt b/ChangeLog.d/fix_build_tls1_2_with_single_encryption_type.txt
deleted file mode 100644
index c7d2691..0000000
--- a/ChangeLog.d/fix_build_tls1_2_with_single_encryption_type.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix bugs and missing dependencies when building and testing
- configurations with only one encryption type enabled in TLS 1.2.
diff --git a/ChangeLog.d/fix_cmake_gen_files.txt b/ChangeLog.d/fix_cmake_gen_files.txt
deleted file mode 100644
index cdec6e8..0000000
--- a/ChangeLog.d/fix_cmake_gen_files.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * Fix an issue with in-tree CMake builds in releases with GEN_FILES
- turned off: if a shipped file was missing from the working directory,
- it could be turned into a symbolic link to itself.
diff --git a/ChangeLog.d/fix_cmake_using_iar_toolchain.txt b/ChangeLog.d/fix_cmake_using_iar_toolchain.txt
deleted file mode 100644
index 9ec6e0d..0000000
--- a/ChangeLog.d/fix_cmake_using_iar_toolchain.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix a compilation error when using CMake with an IAR toolchain.
- Fixes #5964.
diff --git a/ChangeLog.d/fix_dh_genprime_error_reporting.txt b/ChangeLog.d/fix_dh_genprime_error_reporting.txt
deleted file mode 100644
index 1c98947..0000000
--- a/ChangeLog.d/fix_dh_genprime_error_reporting.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * Fix bug in error reporting in dh_genprime.c where upon failure,
- the error code returned by mbedtls_mpi_write_file() is overwritten
- and therefore not printed.
diff --git a/ChangeLog.d/fix_hard_link_across_drives.txt b/ChangeLog.d/fix_hard_link_across_drives.txt
deleted file mode 100644
index 46d05c0..0000000
--- a/ChangeLog.d/fix_hard_link_across_drives.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix a build issue on Windows using CMake where the source and build
- directories could not be on different drives. Fixes #5751.
diff --git a/ChangeLog.d/fix_psa_crypto_cipher_h_include.txt b/ChangeLog.d/fix_psa_crypto_cipher_h_include.txt
deleted file mode 100644
index bf2e65d..0000000
--- a/ChangeLog.d/fix_psa_crypto_cipher_h_include.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * Use double quotes to include private header file psa_crypto_cipher.h.
- Fixes 'file not found with <angled> include' error
- when building with Xcode.
diff --git a/ChangeLog.d/fix_tls13_session_resumption_fail_when_hostname_is_not_localhost.txt b/ChangeLog.d/fix_tls13_session_resumption_fail_when_hostname_is_not_localhost.txt
deleted file mode 100644
index 9f5c649..0000000
--- a/ChangeLog.d/fix_tls13_session_resumption_fail_when_hostname_is_not_localhost.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * Fix TLS 1.3 session resumption. Fixes #6488.
- * Add a configuration check to exclude optional client authentication
- in TLS 1.3 (where it is forbidden).
diff --git a/ChangeLog.d/fix_x509_get_name_mem_leak.txt b/ChangeLog.d/fix_x509_get_name_mem_leak.txt
deleted file mode 100644
index 358d1af..0000000
--- a/ChangeLog.d/fix_x509_get_name_mem_leak.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * Fix memory leak in ssl_parse_certificate_request() caused by
- mbedtls_x509_get_name() not freeing allocated objects in case of error.
- Change mbedtls_x509_get_name() to clean up allocated objects on error.
diff --git a/ChangeLog.d/fix_x509_info_hwmodulename.txt b/ChangeLog.d/fix_x509_info_hwmodulename.txt
deleted file mode 100644
index 8b227ce..0000000
--- a/ChangeLog.d/fix_x509_info_hwmodulename.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Bugfix
- * Fix a bug in which mbedtls_x509_crt_info() would produce non-printable
- bytes when parsing certificates containing a binary RFC 4108
- HardwareModuleName as a Subject Alternative Name extension. Hardware
- serial numbers are now rendered in hex format. Fixes #6262.
diff --git a/ChangeLog.d/fix_zeroization.txt b/ChangeLog.d/fix_zeroization.txt
deleted file mode 100644
index 8b00dcc..0000000
--- a/ChangeLog.d/fix_zeroization.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix a possible null pointer dereference if a memory allocation fails
- in TLS PRF code. Reported by Michael Madsen in #6516.
diff --git a/ChangeLog.d/mbedtls_asn1_type_free.txt b/ChangeLog.d/mbedtls_asn1_type_free.txt
deleted file mode 100644
index 3459bbe..0000000
--- a/ChangeLog.d/mbedtls_asn1_type_free.txt
+++ /dev/null
@@ -1,8 +0,0 @@
-Features
- * The new functions mbedtls_asn1_free_named_data_list() and
- mbedtls_asn1_free_named_data_list_shallow() simplify the management
- of memory in named data lists in X.509 structures.
-New deprecations
- * Deprecate mbedtls_asn1_free_named_data().
- Use mbedtls_asn1_free_named_data_list()
- or mbedtls_asn1_free_named_data_list_shallow().
diff --git a/ChangeLog.d/move-ssl-modules.txt b/ChangeLog.d/move-ssl-modules.txt
deleted file mode 100644
index f00e5ad..0000000
--- a/ChangeLog.d/move-ssl-modules.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Move some SSL-specific code out of libmbedcrypto where it had been placed
- accidentally.
diff --git a/ChangeLog.d/mpi-add-0-ub.txt b/ChangeLog.d/mpi-add-0-ub.txt
deleted file mode 100644
index 9f131a4..0000000
--- a/ChangeLog.d/mpi-add-0-ub.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * Fix undefined behavior (typically harmless in practice) of
- mbedtls_mpi_add_mpi(), mbedtls_mpi_add_abs() and mbedtls_mpi_add_int()
- when both operands are 0 and the left operand is represented with 0 limbs.
diff --git a/ChangeLog.d/mpi-most-negative-sint.txt b/ChangeLog.d/mpi-most-negative-sint.txt
deleted file mode 100644
index 5e775c4..0000000
--- a/ChangeLog.d/mpi-most-negative-sint.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * Fix undefined behavior (typically harmless in practice) when some bignum
- functions receive the most negative value of mbedtls_mpi_sint. Credit
- to OSS-Fuzz. Fixes #6597.
diff --git a/ChangeLog.d/muladdc_microblaze.txt b/ChangeLog.d/muladdc_microblaze.txt
deleted file mode 100644
index 70fdff0..0000000
--- a/ChangeLog.d/muladdc_microblaze.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix support for little-endian Microblaze when MBEDTLS_HAVE_ASM is defined.
- Contributed by Kazuyuki Kimura to fix #2020.
diff --git a/ChangeLog.d/negative-zero-from-add.txt b/ChangeLog.d/negative-zero-from-add.txt
deleted file mode 100644
index 107d858..0000000
--- a/ChangeLog.d/negative-zero-from-add.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-Bugfix
- * In the bignum module, operations of the form (-A) - (+A) or (-A) - (-A)
- with A > 0 created an unintended representation of the value 0 which was
- not processed correctly by some bignum operations. Fix this. This had no
- consequence on cryptography code, but might affect applications that call
- bignum directly and use negative numbers.
diff --git a/ChangeLog.d/nonversioned-library-soname.txt b/ChangeLog.d/nonversioned-library-soname.txt
deleted file mode 100644
index 8d83a2d..0000000
--- a/ChangeLog.d/nonversioned-library-soname.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Features
- * make: enable building unversioned shared library, with e.g.:
- "SHARED=1 SOEXT_TLS=so SOEXT_X509=so SOEXT_CRYPTO=so make lib"
- resulting in library names like "libmbedtls.so" rather than
- "libmbedcrypto.so.11".
diff --git a/ChangeLog.d/platform-setbuf.txt b/ChangeLog.d/platform-setbuf.txt
deleted file mode 100644
index 844f70c..0000000
--- a/ChangeLog.d/platform-setbuf.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Provide the missing definition of mbedtls_setbuf() in some configurations
- with MBEDTLS_PLATFORM_C disabled. Fixes #6118, #6196.
diff --git a/ChangeLog.d/psa-ecb-ub.txt b/ChangeLog.d/psa-ecb-ub.txt
deleted file mode 100644
index 9d725ac..0000000
--- a/ChangeLog.d/psa-ecb-ub.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix undefined behavior (typically harmless in practice) in PSA ECB
- encryption and decryption.
diff --git a/ChangeLog.d/psa_crypto_code_gen_1_1.txt b/ChangeLog.d/psa_crypto_code_gen_1_1.txt
deleted file mode 100644
index e10a81c..0000000
--- a/ChangeLog.d/psa_crypto_code_gen_1_1.txt
+++ /dev/null
@@ -1,13 +0,0 @@
-Features
- * The PSA driver wrapper generator generate_driver_wrappers.py now
- supports a subset of the driver description language, including
- the following entry points: import_key, export_key, export_public_key,
- get_builtin_key, copy_key.
-
-Requirement changes
- * When building with PSA drivers using generate_driver_wrappers.py, or
- when building the library from the development branch rather than
- from a release, the Python module jsonschema is now necessary, in
- addition to jinja2. The official list of required Python modules is
- maintained in scripts/basic.requirements.txt and may change again
- in the future.
diff --git a/ChangeLog.d/psa_crypto_pake.txt b/ChangeLog.d/psa_crypto_pake.txt
deleted file mode 100644
index e0ae046..0000000
--- a/ChangeLog.d/psa_crypto_pake.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Features
- * Expose the EC J-PAKE functionality through the Draft PSA PAKE Crypto API.
- Only the ECC primitive with secp256r1 curve and SHA-256 hash algorithm
- are supported in this implementation.
diff --git a/ChangeLog.d/psa_driver_wrapper_for_raw_key_agreement.txt b/ChangeLog.d/psa_driver_wrapper_for_raw_key_agreement.txt
deleted file mode 100644
index b9c78a6..0000000
--- a/ChangeLog.d/psa_driver_wrapper_for_raw_key_agreement.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Features
- * Add a driver dispatch layer for raw key agreement, enabling alternative
- implementations of raw key agreement through the key_agreement driver
- entry point. This entry point is specified in the proposed PSA driver
- interface, but had not yet been implemented.
diff --git a/ChangeLog.d/psa_rsa_needs_pk.txt b/ChangeLog.d/psa_rsa_needs_pk.txt
deleted file mode 100644
index 995963d..0000000
--- a/ChangeLog.d/psa_rsa_needs_pk.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Bugfix
- * Fix build failure with MBEDTLS_RSA_C and MBEDTLS_PSA_CRYPTO_C but not
- MBEDTLS_USE_PSA_CRYPTO or MBEDTLS_PK_WRITE_C. Fixes #6408.
- * Fix build failure with MBEDTLS_RSA_C and MBEDTLS_PSA_CRYPTO_C but not
- MBEDTLS_PK_PARSE_C. Fixes #6409.
diff --git a/ChangeLog.d/rsa-fix-priviliged-side-channel.txt b/ChangeLog.d/rsa-fix-priviliged-side-channel.txt
deleted file mode 100644
index bafe18d..0000000
--- a/ChangeLog.d/rsa-fix-priviliged-side-channel.txt
+++ /dev/null
@@ -1,10 +0,0 @@
-Security
- * An adversary with access to precise enough information about memory
- accesses (typically, an untrusted operating system attacking a secure
- enclave) could recover an RSA private key after observing the victim
- performing a single private-key operation if the window size used for the
- exponentiation was 3 or smaller. Found and reported by Zili KOU,
- Wenjian HE, Sharad Sinha, and Wei ZHANG. See "Cache Side-channel Attacks
- and Defenses of the Sliding Window Algorithm in TEEs" - Design, Automation
- and Test in Europe 2023.
-
diff --git a/ChangeLog.d/tls13-misc.txt b/ChangeLog.d/tls13-misc.txt
deleted file mode 100644
index 6733173..0000000
--- a/ChangeLog.d/tls13-misc.txt
+++ /dev/null
@@ -1,8 +0,0 @@
-Features
- * Mbed TLS now supports TLS 1.3 key establishment via pre-shared keys.
- The pre-shared keys can be provisioned externally or via the ticket
- mechanism (session resumption).
- The ticket mechanism is supported when the configuration option
- MBEDTLS_SSL_SESSION_TICKETS is enabled.
- New options MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_xxx_ENABLED
- control the support for the three possible TLS 1.3 key exchange modes.
diff --git a/ChangeLog.d/tls13_sig_alg_selection.txt b/ChangeLog.d/tls13_sig_alg_selection.txt
deleted file mode 100644
index 8857750..0000000
--- a/ChangeLog.d/tls13_sig_alg_selection.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Features
- * Add support for opaque keys as the private keys associated to certificates
- for authentication in TLS 1.3.
diff --git a/ChangeLog.d/x509-broken-symlink-handling.txt b/ChangeLog.d/x509-broken-symlink-handling.txt
deleted file mode 100644
index 52288dc..0000000
--- a/ChangeLog.d/x509-broken-symlink-handling.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Bugfix
- * Fix handling of broken symlinks when loading certificates using
- mbedtls_x509_crt_parse_path(). Instead of returning an error as soon as a
- broken link is encountered, skip the broken link and continue parsing
- other certificate files. Contributed by Eduardo Silva in #2602.
