Create aggregated ChangeLog
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
diff --git a/ChangeLog b/ChangeLog
index fcd8427..5074249 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,6 @@
mbed TLS ChangeLog (Sorted per branch, date)
-= Mbed TLS 3.0.0 branch released 2021-xx-xx
+= Mbed TLS 3.0.0 branch released 2021-07-07
API changes
* Remove HAVEGE module.
@@ -36,12 +36,146 @@
* Drop support for RC4 TLS ciphersuites.
* Drop support for single-DES ciphersuites.
* Drop support for MBEDTLS_SSL_HW_RECORD_ACCEL.
+ * Update AEAD output size macros to bring them in line with the PSA Crypto
+ API version 1.0 spec. This version of the spec parameterizes them on the
+ key type used, as well as the key bit-size in the case of
+ PSA_AEAD_TAG_LENGTH.
+ * Add configuration option MBEDTLS_X509_REMOVE_INFO which
+ removes the mbedtls_x509_*_info(), mbedtls_debug_print_crt()
+ as well as other functions and constants only used by
+ those functions. This reduces the code footprint by
+ several kB.
+ * Remove SSL error codes `MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED`
+ and `MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH` which are never
+ returned from the public SSL API.
+ * Remove `MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE` and return
+ `MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL` instead.
+ * The output parameter of mbedtls_sha512_finish_ret, mbedtls_sha512_ret,
+ mbedtls_sha256_finish_ret and mbedtls_sha256_ret now has a pointer type
+ rather than array type. This removes spurious warnings in some compilers
+ when outputting a SHA-384 or SHA-224 hash into a buffer of exactly
+ the hash size.
+ * Remove the MBEDTLS_TEST_NULL_ENTROPY config option. Fixes #4388.
+ * The interface of the GCM module has changed to remove restrictions on
+ how the input to multipart operations is broken down. mbedtls_gcm_finish()
+ now takes an extra output parameter for the last partial output block.
+ mbedtls_gcm_update() now takes extra parameters for the output length.
+ The software implementation always produces the full output at each
+ call to mbedtls_gcm_update(), but alternative implementations activated
+ by MBEDTLS_GCM_ALT may delay partial blocks to the next call to
+ mbedtls_gcm_update() or mbedtls_gcm_finish(). Furthermore, applications
+ no longer pass the associated data to mbedtls_gcm_starts(), but to the
+ new function mbedtls_gcm_update_ad().
+ These changes are backward compatible for users of the cipher API.
+ * Replace MBEDTLS_SHA512_NO_SHA384 config option with MBEDTLS_SHA384_C.
+ This separates config option enabling the SHA384 algorithm from option
+ enabling the SHA512 algorithm. Fixes #4034.
+ * Introduce MBEDTLS_SHA224_C.
+ This separates config option enabling the SHA224 algorithm from option
+ enabling SHA256.
+ * The getter and setter API of the SSL session cache (used for
+ session-ID based session resumption) has changed to that of
+ a key-value store with keys being session IDs and values
+ being opaque instances of `mbedtls_ssl_session`.
+ * Remove the mode parameter from RSA operation functions. Signature and
+ decryption functions now always use the private key and verification and
+ encryption use the public key. Verification functions also no longer have
+ RNG parameters.
+ * Modify semantics of `mbedtls_ssl_conf_[opaque_]psk()`:
+ In Mbed TLS 2.X, the API prescribes that later calls overwrite
+ the effect of earlier calls. In Mbed TLS 3.0, calling
+ `mbedtls_ssl_conf_[opaque_]psk()` more than once will fail,
+ leaving the PSK that was configured first intact.
+ Support for more than one PSK may be added in 3.X.
+ * The function mbedtls_x509write_csr_set_extension() has an extra parameter
+ which allows to mark an extension as critical. Fixes #4055.
+ * For multi-part AEAD operations with the cipher module, calling
+ mbedtls_cipher_finish() is now mandatory. Previously the documentation
+ was unclear on this point, and this function happened to never do
+ anything with the currently implemented AEADs, so in practice it was
+ possible to skip calling it, which is no longer supported.
+ * The option MBEDTLS_ECP_FIXED_POINT_OPTIM use pre-computed comb tables
+ instead of computing tables in runtime. Thus, this option now increase
+ code size, and it does not increase RAM usage in runtime anymore.
+ * Remove the SSL APIs mbedtls_ssl_get_input_max_frag_len() and
+ mbedtls_ssl_get_output_max_frag_len(), and add a new API
+ mbedtls_ssl_get_max_in_record_payload(), complementing the existing
+ mbedtls_ssl_get_max_out_record_payload().
+ Uses of mbedtls_ssl_get_input_max_frag_len() and
+ mbedtls_ssl_get_input_max_frag_len() should be replaced by
+ mbedtls_ssl_get_max_in_record_payload() and
+ mbedtls_ssl_get_max_out_record_payload(), respectively.
+ * mbedtls_rsa_init() now always selects the PKCS#1v1.5 encoding for an RSA
+ key. To use an RSA key with PSS or OAEP, call mbedtls_rsa_set_padding()
+ after initializing the context. mbedtls_rsa_set_padding() now returns an
+ error if its parameters are invalid.
+ * Replace MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE by a runtime
+ configuration function mbedtls_ssl_conf_preference_order(). Fixes #4398.
+ * Instead of accessing the len field of a DHM context, which is no longer
+ supported, use the new function mbedtls_dhm_get_len() .
+ * In modules that implement cryptographic hash functions, many functions
+ mbedtls_xxx() now return int instead of void, and the corresponding
+ function mbedtls_xxx_ret() which was identical except for returning int
+ has been removed. This also concerns mbedtls_xxx_drbg_update(). See the
+ migration guide for more information. Fixes #4212.
+ * For all functions that take a random number generator (RNG) as a
+ parameter, this parameter is now mandatory (that is, NULL is not an
+ acceptable value). Functions which previously accepted NULL and now
+ reject it are: the X.509 CRT and CSR writing functions; the PK and RSA
+ sign and decrypt function; mbedtls_rsa_private(); the functions
+ in DHM and ECDH that compute the shared secret; the scalar multiplication
+ functions in ECP.
+ * The following functions now require an RNG parameter:
+ mbedtls_ecp_check_pub_priv(), mbedtls_pk_check_pair(),
+ mbedtls_pk_parse_key(), mbedtls_pk_parse_keyfile().
+ * mbedtls_ssl_conf_export_keys_ext_cb() and
+ mbedtls_ssl_conf_export_keys_cb() have been removed and
+ replaced by a new API mbedtls_ssl_set_export_keys_cb().
+ Raw keys and IVs are no longer passed to the callback.
+ Further, callbacks now receive an additional parameter
+ indicating the type of secret that's being exported,
+ paving the way for the larger number of secrets
+ in TLS 1.3. Finally, the key export callback and
+ context are now connection-specific.
+ * Signature functions in the RSA and PK modules now require the hash
+ length parameter to be the size of the hash input. For RSA signatures
+ other than raw PKCS#1 v1.5, this must match the output size of the
+ specified hash algorithm.
+ * The functions mbedtls_pk_sign(), mbedtls_pk_sign_restartable(),
+ mbedtls_ecdsa_write_signature() and
+ mbedtls_ecdsa_write_signature_restartable() now take an extra parameter
+ indicating the size of the output buffer for the signature.
+ * Implement one-shot cipher functions, psa_cipher_encrypt and
+ psa_cipher_decrypt, according to the PSA Crypto API 1.0.0
+ specification.
+ * Direct access to fields of structures declared in public headers is no
+ longer supported except for fields that are documented public. Use accessor
+ functions instead. For more information, see the migration guide entry
+ "Most structure fields are now private".
+
+Default behavior changes
+ * Enable by default the functionalities which have no reason to be disabled.
+ They are: ARIA block cipher, CMAC mode, elliptic curve J-PAKE library and
+ Key Wrapping mode as defined in NIST SP 800-38F. Fixes #4036.
+ * Some default policies for X.509 certificate verification and TLS have
+ changed: curves and hashes weaker than 255 bits are no longer accepted
+ by default. The default order in TLS now favors faster curves over larger
+ curves.
Requirement changes
* The library now uses the %zu format specifier with the printf() family of
functions, so requires a toolchain that supports it. This change does not
affect the maintained LTS branches, so when contributing changes please
bear this in mind and do not add them to backported code.
+ * If you build the development version of Mbed TLS, rather than an official
+ release, some configuration-independent files are now generated at build
+ time rather than checked into source control. This includes some library
+ source files as well as the Visual Studio solution. Perl, Python 3 and a
+ C compiler for the host platform are required. See “Generated source files
+ in the development branch” in README.md for more information.
+ * Refresh the minimum supported versions of tools to build the
+ library. CMake versions older than 3.10.2 and Python older
+ than 3.6 are no longer supported.
Removals
* Remove the MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
@@ -49,7 +183,6 @@
certificates signed with SHA-1 due to the known attacks against SHA-1.
If needed, SHA-1 certificates can still be verified by using a custom
verification profile.
-
* Removed deprecated things in psa/crypto_compat.h. Fixes #4284
* Removed deprecated functions from hashing modules. Fixes #4280.
* Remove PKCS#11 library wrapper. PKCS#11 has limited functionality,
@@ -58,12 +191,133 @@
More details on PCKS#11 wrapper removal can be found in the mailing list
https://lists.trustedfirmware.org/pipermail/mbed-tls/2020-April/000024.html
* Remove deprecated error codes. Fix #4283
+ * Remove MBEDTLS_ENABLE_WEAK_CIPHERSUITES configuration option. Fixes #4416.
+ * Remove the MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
+ compile-time option. This option has been inactive for a long time.
+ Please use the `lifetime` parameter of `mbedtls_ssl_ticket_setup()`
+ instead.
+ * Remove the following deprecated functions and constants of hex-encoded
+ primes based on RFC 5114 and RFC 3526 from library code and tests:
+ mbedtls_aes_encrypt(), mbedtls_aes_decrypt(), mbedtls_mpi_is_prime(),
+ mbedtls_cipher_auth_encrypt(), mbedtls_cipher_auth_decrypt(),
+ mbedtls_ctr_drbg_update(), mbedtls_hmac_drbg_update(),
+ mbedtls_ecdsa_write_signature_det(), mbedtls_ecdsa_sign_det(),
+ mbedtls_ssl_conf_dh_param(), mbedtls_ssl_get_max_frag_len(),
+ MBEDTLS_DHM_RFC5114_MODP_2048_P, MBEDTLS_DHM_RFC5114_MODP_2048_G,
+ MBEDTLS_DHM_RFC3526_MODP_2048_P, MBEDTLS_DHM_RFC3526_MODP_2048_G,
+ MBEDTLS_DHM_RFC3526_MODP_3072_P, MBEDTLS_DHM_RFC3526_MODP_3072_G,
+ MBEDTLS_DHM_RFC3526_MODP_4096_P, MBEDTLS_DHM_RFC3526_MODP_4096_G.
+ Remove the deprecated file: include/mbedtls/net.h. Fixes #4282.
+ * Remove MBEDTLS_SSL_MAX_CONTENT_LEN configuration option, since
+ MBEDTLS_SSL_IN_CONTENT_LEN and MBEDTLS_SSL_OUT_CONTENT_LEN replace
+ it. Fixes #4362.
+ * Remove the MBEDTLS_SSL_RECORD_CHECKING option and enable by default its
+ previous action. Fixes #4361.
+ * Remove support for TLS 1.0, TLS 1.1 and DTLS 1.0, as well as support for
+ CBC record splitting, fallback SCSV, and the ability to configure
+ ciphersuites per version, which are no longer relevant. This removes the
+ configuration options MBEDTLS_SSL_PROTO_TLS1,
+ MBEDTLS_SSL_PROTO_TLS1_1, MBEDTLS_SSL_CBC_RECORD_SPLITTING and
+ MBEDTLS_SSL_FALLBACK_SCSV as well as the functions
+ mbedtls_ssl_conf_cbc_record_splitting(),
+ mbedtls_ssl_get_key_exchange_md_ssl_tls(), mbedtls_ssl_conf_fallback(),
+ and mbedtls_ssl_conf_ciphersuites_for_version(). Fixes #4286.
+ * The RSA module no longer supports private-key operations with the public
+ key and vice versa.
+ * Remove the MBEDTLS_SSL_DTLS_BADMAC_LIMIT config.h option. Fixes #4403.
+ * Remove all the 3DES ciphersuites:
+ MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
+ MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
+ MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
+ MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
+ MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
+ MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
+ MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA,
+ MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
+ MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA. Remove the
+ MBEDTLS_REMOVE_3DES_CIPHERSUITES option which is no longer relevant.
+ Fixes #4367.
+ * Remove the MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 option and let the code
+ behave as if it was always disabled. Fixes #4386.
+ * Remove MBEDTLS_ECDH_LEGACY_CONTEXT config option since this was purely for
+ backward compatibility which is no longer supported. Addresses #4404.
+ * Remove the following macros: MBEDTLS_CHECK_PARAMS,
+ MBEDTLS_CHECK_PARAMS_ASSERT, MBEDTLS_PARAM_FAILED,
+ MBEDTLS_PARAM_FAILED_ALT. Fixes #4313.
+ * Remove the MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION config.h
+ option. The mbedtls_x509_crt_parse_der_with_ext_cb() is the way to go for
+ migration path. Fixes #4378.
+ * Remove the MBEDTLS_X509_CHECK_KEY_USAGE and
+ MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE config.h options and let the code
+ behave as if they were always enabled. Fixes #4405.
+ * MBEDTLS_ECP_MAX_BITS is no longer a configuration option because it is
+ now determined automatically based on supported curves.
+ * Remove the following functions: mbedtls_timing_self_test(),
+ mbedtls_hardclock_poll(), mbedtls_timing_hardclock() and
+ mbedtls_set_alarm(). Fixes #4083.
+ * The configuration option MBEDTLS_ECP_NO_INTERNAL_RNG has been removed as
+ it no longer had any effect.
+ * Remove all support for MD2, MD4, RC4, Blowfish and XTEA. This removes the
+ corresponding modules and all their APIs and related configuration
+ options. Fixes #4084.
+ * Remove MBEDTLS_SSL_TRUNCATED_HMAC and also remove
+ MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT config option. Users are better served by
+ using a CCM-8 ciphersuite than a CBC ciphersuite with truncated HMAC.
+ See issue #4341 for more details.
+ * Remove the compile-time option
+ MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE.
Features
* Add mbedtls_rsa_rsassa_pss_sign_ext() function allowing to generate a
signature with a specific salt length. This function allows to validate
test cases provided in the NIST's CAVP test suite. Contributed by Cédric
Meuter in PR #3183.
+ * Added support for built-in driver keys through the PSA opaque crypto
+ driver interface. Refer to the documentation of
+ MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS for more information.
+ * Implement psa_sign_message() and psa_verify_message().
+ * The multi-part GCM interface (mbedtls_gcm_update() or
+ mbedtls_cipher_update()) no longer requires the size of partial inputs to
+ be a multiple of 16.
+ * The multi-part GCM interface now supports chunked associated data through
+ multiple calls to mbedtls_gcm_update_ad().
+ * The new function mbedtls_mpi_random() generates a random value in a
+ given range uniformly.
+ * Alternative implementations of the AES, DHM, ECJPAKE, ECP, RSA and timing
+ modules had undocumented constraints on their context types. These
+ constraints have been relaxed.
+ See docs/architecture/alternative-implementations.md for the remaining
+ constraints.
+ * The new functions mbedtls_dhm_get_len() and mbedtls_dhm_get_bitlen()
+ query the size of the modulus in a Diffie-Hellman context.
+ * The new function mbedtls_dhm_get_value() copy a field out of a
+ Diffie-Hellman context.
+ * Use the new function mbedtls_ecjpake_set_point_format() to select the
+ point format for ECJPAKE instead of accessing the point_format field
+ directly, which is no longer supported.
+ * Implement psa_mac_compute() and psa_mac_verify() as defined in the
+ PSA Cryptograpy API 1.0.0 specification.
+
+Security
+* Fix a bias in the generation of finite-field Diffie-Hellman-Merkle (DHM)
+ private keys and of blinding values for DHM and elliptic curves (ECP)
+ computations. Reported by FlorianF89 in #4245.
+* Fix a potential side channel vulnerability in ECDSA ephemeral key generation.
+ An adversary who is capable of very precise timing measurements could
+ learn partial information about the leading bits of the nonce used for the
+ signature, allowing the recovery of the private key after observing a
+ large number of signature operations. This completes a partial fix in
+ Mbed TLS 2.20.0.
+ * An adversary with access to precise enough information about memory
+ accesses (typically, an untrusted operating system attacking a secure
+ enclave) could recover an RSA private key after observing the victim
+ performing a single private-key operation. Found and reported by
+ Zili KOU, Wenjian HE, Sharad Sinha, and Wei ZHANG.
+ * An adversary with access to precise enough timing information (typically, a
+ co-located process) could recover a Curve25519 or Curve448 static ECDH key
+ after inputting a chosen public key and observing the victim performing the
+ corresponding private-key operation. Found and reported by Leila Batina,
+ Lukas Chmielewski, Björn Haase, Niels Samwel and Peter Schwabe.
Bugfix
* Fix premature fopen() call in mbedtls_entropy_write_seed_file which may
@@ -87,6 +341,76 @@
mbedtls_mpi_read_string() was called on "-0", or when
mbedtls_mpi_mul_mpi() and mbedtls_mpi_mul_int() was called with one of
the arguments being negative and the other being 0. Fixes #4643.
+ * Fix a compilation error when MBEDTLS_ECP_RANDOMIZE_MXZ_ALT is
+ defined. Fixes #4217.
+ * Fix an incorrect error code when parsing a PKCS#8 private key.
+ * In a TLS client, enforce the Diffie-Hellman minimum parameter size
+ set with mbedtls_ssl_conf_dhm_min_bitlen() precisely. Before, the
+ minimum size was rounded down to the nearest multiple of 8.
+ * In library/net_sockets.c, _POSIX_C_SOURCE and _XOPEN_SOURCE are
+ defined to specific values. If the code is used in a context
+ where these are already defined, this can result in a compilation
+ error. Instead, assume that if they are defined, the values will
+ be adequate to build Mbed TLS.
+ * With MBEDTLS_PSA_CRYPTO_C disabled, some functions were getting built
+ nonetheless, resulting in undefined reference errors when building a
+ shared library. Reported by Guillermo Garcia M. in #4411.
+ * The cipher suite TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 was not available
+ when SHA-1 was disabled and was offered when SHA-1 was enabled but SHA-384
+ was disabled. Fix the dependency. Fixes #4472.
+ * Do not offer SHA384 cipher suites when SHA-384 is disabled. Fixes #4499.
+ * Fix test suite code on platforms where int32_t is not int, such as
+ Arm Cortex-M. Fixes #4530.
+ * Fix some issues affecting MBEDTLS_ARIA_ALT implementations: a misplaced
+ directive in a header and a missing initialization in the self-test.
+ * Fix a missing initialization in the Camellia self-test, affecting
+ MBEDTLS_CAMELLIA_ALT implementations.
+ * Restore the ability to configure PSA via Mbed TLS options to support RSA
+ key pair operations but exclude RSA key generation. When MBEDTLS_GENPRIME
+ is not defined PSA will no longer attempt to use mbedtls_rsa_gen_key().
+ Fixes #4512.
+ * Fix a regression introduced in 2.24.0 which broke (D)TLS CBC ciphersuites
+ (when the encrypt-then-MAC extension is not in use) with some ALT
+ implementations of the underlying hash (SHA-1, SHA-256, SHA-384), causing
+ the affected side to wrongly reject valid messages. Fixes #4118.
+ * Remove outdated check-config.h check that prevented implementing the
+ timing module on Mbed OS. Fixes #4633.
+ * Fix PSA_ALG_TLS12_PRF and PSA_ALG_TLS12_PSK_TO_MS being too permissive
+ about missing inputs.
+ * Fix mbedtls_net_poll() and mbedtls_net_recv_timeout() often failing with
+ MBEDTLS_ERR_NET_POLL_FAILED on Windows. Fixes #4465.
+ * Fix a resource leak in a test suite with an alternative AES
+ implementation. Fixes #4176.
+ * Fix a crash in mbedtls_mpi_debug_mpi on a bignum having 0 limbs. This
+ could notably be triggered by setting the TLS debug level to 3 or above
+ and using a Montgomery curve for the key exchange. Reported by lhuang04
+ in #4578. Fixes #4608.
+ * psa_verify_hash() was relying on implementation-specific behavior of
+ mbedtls_rsa_rsassa_pss_verify() and was causing failures in some _ALT
+ implementations. This reliance is now removed. Fixes #3990.
+ * Disallow inputs of length different from the corresponding hash when
+ signing or verifying with PSA_ALG_RSA_PSS (The PSA Crypto API mandates
+ that PSA_ALG_RSA_PSS uses the same hash throughout the algorithm.)
+ * Fix a null pointer dereference when mbedtls_mpi_exp_mod() was called with
+ A=0 represented with 0 limbs. Up to and including Mbed TLS 2.26, this bug
+ could not be triggered by code that constructed A with one of the
+ mbedtls_mpi_read_xxx functions (including in particular TLS code) since
+ those always built an mpi object with at least one limb.
+ Credit to OSS-Fuzz. Fixes #4641.
+ * Fix mbedtls_mpi_gcd(G,A,B) when the value of B is zero. This had no
+ effect on Mbed TLS's internal use of mbedtls_mpi_gcd(), but may affect
+ applications that call mbedtls_mpi_gcd() directly. Fixes #4642.
+ * The PSA API no longer allows the creation or destruction of keys with a
+ read-only lifetime. The persistence level PSA_KEY_PERSISTENCE_READ_ONLY
+ can now only be used as intended, for keys that cannot be modified through
+ normal use of the API.
+ * When MBEDTLS_PSA_CRYPTO_SPM is enabled, crypto_spe.h was not included
+ in all the right places. Include it from crypto_platform.h, which is
+ the natural place. Fixes #4649.
+ * Fix which alert is sent in some cases to conform to the
+ applicable RFC: on an invalid Finished message value, an
+ invalid max_fragment_length extension, or an
+ unsupported extension used by the server.
Changes
* Fix the setting of the read timeout in the DTLS sample programs.
@@ -94,6 +418,49 @@
* Fix memsan build false positive in x509_crt.c with clang 11
* There is ongoing work for the next release (= Mbed TLS 3.0.0 branch to
be released 2021-xx-xx), including various API-breaking changes.
+ * Alternative implementations of CMAC may now opt to not support 3DES as a
+ CMAC block cipher, and still pass the CMAC self test.
+ * Remove the AES sample application programs/aes/aescrypt2 which shows
+ bad cryptographic practice. Fix #1906.
+ * Remove configs/config-psa-crypto.h, which no longer had any intended
+ differences from the default configuration, but had accidentally diverged.
+ * When building the test suites with GNU make, invoke python3 or python, not
+ python2, which is no longer supported upstream.
+ * fix build failure on MinGW toolchain when __USE_MING_ANSI_STDIO is on.
+ When that flag is on, standard GNU C printf format specifiers
+ should be used.
+ * Replace MBEDTLS_SSL_CID_PADDING_GRANULARITY and
+ MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY with a new single unified option
+ MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY. Fixes #4335.
+ * Reduce the default value of MBEDTLS_ECP_WINDOW_SIZE. This reduces RAM usage
+ during ECC operations at a negligible performance cost.
+ * mbedtls_mpi_read_binary(), mbedtls_mpi_read_binary_le() and
+ mbedtls_mpi_read_string() now construct an mbedtls_mpi object with 0 limbs
+ when their input has length 0. Note that this is an implementation detail
+ and can change at any time, so this change should be transparent, but it
+ may result in mbedtls_mpi_write_binary() or mbedtls_mpi_write_string()
+ now writing an empty string where it previously wrote one or more
+ zero digits when operating from values constructed with an mpi_read
+ function and some mpi operations.
+ * Add CMake package config generation for CMake projects consuming Mbed TLS.
+ * config.h has been split into build_info.h and mbedtls_config.h
+ build_info.h is intended to be included from C code directly, while
+ mbedtls_config.h is intended to be edited by end users wishing to
+ change the build configuration, and should generally only be included from
+ build_info.h.
+ * The handling of MBEDTLS_CONFIG_FILE has been moved into build_info.h.
+ * A config file version symbol, MBEDTLS_CONFIG_VERSION was introduced.
+ Defining it to a particular value will ensure that Mbed TLS interprets
+ the config file in a way that's compatible with the config file format
+ used by the Mbed TLS release whose MBEDTLS_VERSION_NUMBER has the same
+ value.
+ The only value supported by Mbed TLS 3.0.0 is 0x03000000.
+ * Various changes to which alert and/or error code may be returned
+ * during the TLS handshake.
+ * Implicitly add PSA_KEY_USAGE_SIGN_MESSAGE key usage policy flag when
+ PSA_KEY_USAGE_SIGN_HASH flag is set and PSA_KEY_USAGE_VERIFY_MESSAGE flag
+ when PSA_KEY_USAGE_VERIFY_HASH flag is set. This usage flag extension
+ is also applied when loading a key from storage.
= mbed TLS 2.26.0 branch released 2021-03-08
diff --git a/ChangeLog.d/add-cmake-package-config.txt b/ChangeLog.d/add-cmake-package-config.txt
deleted file mode 100644
index 3b73816..0000000
--- a/ChangeLog.d/add-cmake-package-config.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Changes
- * Add CMake package config generation for CMake projects consuming Mbed TLS.
diff --git a/ChangeLog.d/add-missing-parenthesis.txt b/ChangeLog.d/add-missing-parenthesis.txt
deleted file mode 100644
index 9576ff3..0000000
--- a/ChangeLog.d/add-missing-parenthesis.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix a compilation error when MBEDTLS_ECP_RANDOMIZE_MXZ_ALT is
- defined. Fixes #4217.
diff --git a/ChangeLog.d/aescrypt2.txt b/ChangeLog.d/aescrypt2.txt
deleted file mode 100644
index 7ffa49e..0000000
--- a/ChangeLog.d/aescrypt2.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Changes
- * Remove the AES sample application programs/aes/aescrypt2 which shows
- bad cryptographic practice. Fix #1906.
diff --git a/ChangeLog.d/allow_alt_cmac_without_des.txt b/ChangeLog.d/allow_alt_cmac_without_des.txt
deleted file mode 100644
index 5193a9e..0000000
--- a/ChangeLog.d/allow_alt_cmac_without_des.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Changes
- * Alternative implementations of CMAC may now opt to not support 3DES as a
- CMAC block cipher, and still pass the CMAC self test.
diff --git a/ChangeLog.d/alt-context-relaxation.txt b/ChangeLog.d/alt-context-relaxation.txt
deleted file mode 100644
index 10fd476..0000000
--- a/ChangeLog.d/alt-context-relaxation.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-Features
- * Alternative implementations of the AES, DHM, ECJPAKE, ECP, RSA and timing
- modules had undocumented constraints on their context types. These
- constraints have been relaxed.
- See docs/architecture/alternative-implementations.md for the remaining
- constraints.
diff --git a/ChangeLog.d/aria-alt.txt b/ChangeLog.d/aria-alt.txt
deleted file mode 100644
index 20aaa2b..0000000
--- a/ChangeLog.d/aria-alt.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Bugfix
- * Fix some issues affecting MBEDTLS_ARIA_ALT implementations: a misplaced
- directive in a header and a missing initialization in the self-test.
- * Fix a missing initialization in the Camellia self-test, affecting
- MBEDTLS_CAMELLIA_ALT implementations.
diff --git a/ChangeLog.d/cipher-delayed-output.txt b/ChangeLog.d/cipher-delayed-output.txt
deleted file mode 100644
index 4ca3a0c..0000000
--- a/ChangeLog.d/cipher-delayed-output.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-API changes
- * For multi-part AEAD operations with the cipher module, calling
- mbedtls_cipher_finish() is now mandatory. Previously the documentation
- was unclear on this point, and this function happened to never do
- anything with the currently implemented AEADs, so in practice it was
- possible to skip calling it, which is no longer supported.
diff --git a/ChangeLog.d/ciphersuite-sha1-sha384-guard.txt b/ChangeLog.d/ciphersuite-sha1-sha384-guard.txt
deleted file mode 100644
index d253f34..0000000
--- a/ChangeLog.d/ciphersuite-sha1-sha384-guard.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * The cipher suite TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 was not available
- when SHA-1 was disabled and was offered when SHA-1 was enabled but SHA-384
- was disabled. Fix the dependency. Fixes #4472.
diff --git a/ChangeLog.d/ciphersuite-sha384-guard.txt b/ChangeLog.d/ciphersuite-sha384-guard.txt
deleted file mode 100644
index 0ddf463..0000000
--- a/ChangeLog.d/ciphersuite-sha384-guard.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Bugfix
- * Do not offer SHA384 cipher suites when SHA-384 is disabled. Fixes #4499.
diff --git a/ChangeLog.d/default-curves.txt b/ChangeLog.d/default-curves.txt
deleted file mode 100644
index bfb0fd0..0000000
--- a/ChangeLog.d/default-curves.txt
+++ /dev/null
@@ -1,9 +0,0 @@
-Default behavior changes
- * Some default policies for X.509 certificate verification and TLS have
- changed: curves and hashes weaker than 255 bits are no longer accepted
- by default. The default order in TLS now favors faster curves over larger
- curves.
-
-Removals
- * Remove the compile-time option
- MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE.
diff --git a/ChangeLog.d/dhm-fields.txt b/ChangeLog.d/dhm-fields.txt
deleted file mode 100644
index 4d5c751..0000000
--- a/ChangeLog.d/dhm-fields.txt
+++ /dev/null
@@ -1,9 +0,0 @@
-Features
- * The new functions mbedtls_dhm_get_len() and mbedtls_dhm_get_bitlen()
- query the size of the modulus in a Diffie-Hellman context.
- * The new function mbedtls_dhm_get_value() copy a field out of a
- Diffie-Hellman context.
-
-API changes
- * Instead of accessing the len field of a DHM context, which is no longer
- supported, use the new function mbedtls_dhm_get_len() .
diff --git a/ChangeLog.d/dhm_min_bitlen.txt b/ChangeLog.d/dhm_min_bitlen.txt
deleted file mode 100644
index e7ea827..0000000
--- a/ChangeLog.d/dhm_min_bitlen.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * In a TLS client, enforce the Diffie-Hellman minimum parameter size
- set with mbedtls_ssl_conf_dhm_min_bitlen() precisely. Before, the
- minimum size was rounded down to the nearest multiple of 8.
diff --git a/ChangeLog.d/ecdsa-random-leading-zeros.txt b/ChangeLog.d/ecdsa-random-leading-zeros.txt
deleted file mode 100644
index cbc674b..0000000
--- a/ChangeLog.d/ecdsa-random-leading-zeros.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-Security
-* Fix a potential side channel vulnerability in ECDSA ephemeral key generation.
- An adversary who is capable of very precise timing measurements could
- learn partial information about the leading bits of the nonce used for the
- signature, allowing the recovery of the private key after observing a
- large number of signature operations. This completes a partial fix in
- Mbed TLS 2.20.0.
diff --git a/ChangeLog.d/ecjpake-point_format.txt b/ChangeLog.d/ecjpake-point_format.txt
deleted file mode 100644
index 6e05b23..0000000
--- a/ChangeLog.d/ecjpake-point_format.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Features
- * Use the new function mbedtls_ecjpake_set_point_format() to select the
- point format for ECJPAKE instead of accessing the point_format field
- directly, which is no longer supported.
diff --git a/ChangeLog.d/ecp-window-size.txt b/ChangeLog.d/ecp-window-size.txt
deleted file mode 100644
index 909d4e8..0000000
--- a/ChangeLog.d/ecp-window-size.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Changes
- * Reduce the default value of MBEDTLS_ECP_WINDOW_SIZE. This reduces RAM usage
- during ECC operations at a negligible performance cost.
diff --git a/ChangeLog.d/ecp_max_bits.txt b/ChangeLog.d/ecp_max_bits.txt
deleted file mode 100644
index b952469..0000000
--- a/ChangeLog.d/ecp_max_bits.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Removals
- * MBEDTLS_ECP_MAX_BITS is no longer a configuration option because it is
- now determined automatically based on supported curves.
diff --git a/ChangeLog.d/fix-mingw-build.txt b/ChangeLog.d/fix-mingw-build.txt
deleted file mode 100644
index 383b1c7..0000000
--- a/ChangeLog.d/fix-mingw-build.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Changes
- * fix build failure on MinGW toolchain when __USE_MING_ANSI_STDIO is on.
- When that flag is on, standard GNU C printf format specifiers
- should be used.
-
diff --git a/ChangeLog.d/fix-pk-parse-key-error-code.txt b/ChangeLog.d/fix-pk-parse-key-error-code.txt
deleted file mode 100644
index 3aa330b..0000000
--- a/ChangeLog.d/fix-pk-parse-key-error-code.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Bugfix
- * Fix an incorrect error code when parsing a PKCS#8 private key.
diff --git a/ChangeLog.d/fix-rsa-leak.txt b/ChangeLog.d/fix-rsa-leak.txt
deleted file mode 100644
index b7d3e3e..0000000
--- a/ChangeLog.d/fix-rsa-leak.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-Security
- * An adversary with access to precise enough information about memory
- accesses (typically, an untrusted operating system attacking a secure
- enclave) could recover an RSA private key after observing the victim
- performing a single private-key operation. Found and reported by
- Zili KOU, Wenjian HE, Sharad Sinha, and Wei ZHANG.
diff --git a/ChangeLog.d/fix-ssl-cf-hmac-alt.txt b/ChangeLog.d/fix-ssl-cf-hmac-alt.txt
deleted file mode 100644
index 57ffa02..0000000
--- a/ChangeLog.d/fix-ssl-cf-hmac-alt.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Bugfix
- * Fix a regression introduced in 2.24.0 which broke (D)TLS CBC ciphersuites
- (when the encrypt-then-MAC extension is not in use) with some ALT
- implementations of the underlying hash (SHA-1, SHA-256, SHA-384), causing
- the affected side to wrongly reject valid messages. Fixes #4118.
diff --git a/ChangeLog.d/fix_tls_alert_codes.txt b/ChangeLog.d/fix_tls_alert_codes.txt
deleted file mode 100644
index 10235d7..0000000
--- a/ChangeLog.d/fix_tls_alert_codes.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Bugfix
- * Fix which alert is sent in some cases to conform to the
- applicable RFC: on an invalid Finished message value, an
- invalid max_fragment_length extension, or an
- unsupported extension used by the server.
diff --git a/ChangeLog.d/gcm-update.txt b/ChangeLog.d/gcm-update.txt
deleted file mode 100644
index 858bd0a..0000000
--- a/ChangeLog.d/gcm-update.txt
+++ /dev/null
@@ -1,19 +0,0 @@
-API changes
- * The interface of the GCM module has changed to remove restrictions on
- how the input to multipart operations is broken down. mbedtls_gcm_finish()
- now takes an extra output parameter for the last partial output block.
- mbedtls_gcm_update() now takes extra parameters for the output length.
- The software implementation always produces the full output at each
- call to mbedtls_gcm_update(), but alternative implementations activated
- by MBEDTLS_GCM_ALT may delay partial blocks to the next call to
- mbedtls_gcm_update() or mbedtls_gcm_finish(). Furthermore, applications
- no longer pass the associated data to mbedtls_gcm_starts(), but to the
- new function mbedtls_gcm_update_ad().
- These changes are backward compatible for users of the cipher API.
-
-Features
- * The multi-part GCM interface (mbedtls_gcm_update() or
- mbedtls_cipher_update()) no longer requires the size of partial inputs to
- be a multiple of 16.
- * The multi-part GCM interface now supports chunked associated data through
- multiple calls to mbedtls_gcm_update_ad().
diff --git a/ChangeLog.d/host_test-int32.txt b/ChangeLog.d/host_test-int32.txt
deleted file mode 100644
index 60ef8e9..0000000
--- a/ChangeLog.d/host_test-int32.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix test suite code on platforms where int32_t is not int, such as
- Arm Cortex-M. Fixes #4530.
diff --git a/ChangeLog.d/implicit_key_usage_policy.txt b/ChangeLog.d/implicit_key_usage_policy.txt
deleted file mode 100644
index ee33ecb..0000000
--- a/ChangeLog.d/implicit_key_usage_policy.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Changes
- * Implicitly add PSA_KEY_USAGE_SIGN_MESSAGE key usage policy flag when
- PSA_KEY_USAGE_SIGN_HASH flag is set and PSA_KEY_USAGE_VERIFY_MESSAGE flag
- when PSA_KEY_USAGE_VERIFY_HASH flag is set. This usage flag extension
- is also applied when loading a key from storage.
diff --git a/ChangeLog.d/issue4036.txt b/ChangeLog.d/issue4036.txt
deleted file mode 100644
index 7009496..0000000
--- a/ChangeLog.d/issue4036.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Default behavior changes
- * Enable by default the functionalities which have no reason to be disabled.
- They are: ARIA block cipher, CMAC mode, elliptic curve J-PAKE library and
- Key Wrapping mode as defined in NIST SP 800-38F. Fixes #4036.
-
diff --git a/ChangeLog.d/issue4055.txt b/ChangeLog.d/issue4055.txt
deleted file mode 100644
index e9bd1d1..0000000
--- a/ChangeLog.d/issue4055.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-API changes
- * The function mbedtls_x509write_csr_set_extension() has an extra parameter
- which allows to mark an extension as critical. Fixes #4055.
diff --git a/ChangeLog.d/issue4083.txt b/ChangeLog.d/issue4083.txt
deleted file mode 100644
index 8457337..0000000
--- a/ChangeLog.d/issue4083.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Removals
- * Remove the following functions: mbedtls_timing_self_test(),
- mbedtls_hardclock_poll(), mbedtls_timing_hardclock() and
- mbedtls_set_alarm(). Fixes #4083.
diff --git a/ChangeLog.d/issue4084.txt b/ChangeLog.d/issue4084.txt
deleted file mode 100644
index 75273c1..0000000
--- a/ChangeLog.d/issue4084.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Removals
- * Remove all support for MD2, MD4, RC4, Blowfish and XTEA. This removes the
- corresponding modules and all their APIs and related configuration
- options. Fixes #4084.
diff --git a/ChangeLog.d/issue4128.txt b/ChangeLog.d/issue4128.txt
deleted file mode 100644
index bc41874..0000000
--- a/ChangeLog.d/issue4128.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-API changes
- * The option MBEDTLS_ECP_FIXED_POINT_OPTIM use pre-computed comb tables
- instead of computing tables in runtime. Thus, this option now increase
- code size, and it does not increase RAM usage in runtime anymore.
diff --git a/ChangeLog.d/issue4176.txt b/ChangeLog.d/issue4176.txt
deleted file mode 100644
index ddca37f..0000000
--- a/ChangeLog.d/issue4176.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix a resource leak in a test suite with an alternative AES
- implementation. Fixes #4176.
diff --git a/ChangeLog.d/issue4212.txt b/ChangeLog.d/issue4212.txt
deleted file mode 100644
index 9e72ca9..0000000
--- a/ChangeLog.d/issue4212.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-API changes
- * In modules that implement cryptographic hash functions, many functions
- mbedtls_xxx() now return int instead of void, and the corresponding
- function mbedtls_xxx_ret() which was identical except for returning int
- has been removed. This also concerns mbedtls_xxx_drbg_update(). See the
- migration guide for more information. Fixes #4212.
diff --git a/ChangeLog.d/issue4282.txt b/ChangeLog.d/issue4282.txt
deleted file mode 100644
index 685f64d..0000000
--- a/ChangeLog.d/issue4282.txt
+++ /dev/null
@@ -1,13 +0,0 @@
-Removals
- * Remove the following deprecated functions and constants of hex-encoded
- primes based on RFC 5114 and RFC 3526 from library code and tests:
- mbedtls_aes_encrypt(), mbedtls_aes_decrypt(), mbedtls_mpi_is_prime(),
- mbedtls_cipher_auth_encrypt(), mbedtls_cipher_auth_decrypt(),
- mbedtls_ctr_drbg_update(), mbedtls_hmac_drbg_update(),
- mbedtls_ecdsa_write_signature_det(), mbedtls_ecdsa_sign_det(),
- mbedtls_ssl_conf_dh_param(), mbedtls_ssl_get_max_frag_len(),
- MBEDTLS_DHM_RFC5114_MODP_2048_P, MBEDTLS_DHM_RFC5114_MODP_2048_G,
- MBEDTLS_DHM_RFC3526_MODP_2048_P, MBEDTLS_DHM_RFC3526_MODP_2048_G,
- MBEDTLS_DHM_RFC3526_MODP_3072_P, MBEDTLS_DHM_RFC3526_MODP_3072_G,
- MBEDTLS_DHM_RFC3526_MODP_4096_P, MBEDTLS_DHM_RFC3526_MODP_4096_G.
- Remove the deprecated file: include/mbedtls/net.h. Fixes #4282.
diff --git a/ChangeLog.d/issue4286.txt b/ChangeLog.d/issue4286.txt
deleted file mode 100644
index 75d2f09..0000000
--- a/ChangeLog.d/issue4286.txt
+++ /dev/null
@@ -1,10 +0,0 @@
-Removals
- * Remove support for TLS 1.0, TLS 1.1 and DTLS 1.0, as well as support for
- CBC record splitting, fallback SCSV, and the ability to configure
- ciphersuites per version, which are no longer relevant. This removes the
- configuration options MBEDTLS_SSL_PROTO_TLS1,
- MBEDTLS_SSL_PROTO_TLS1_1, MBEDTLS_SSL_CBC_RECORD_SPLITTING and
- MBEDTLS_SSL_FALLBACK_SCSV as well as the functions
- mbedtls_ssl_conf_cbc_record_splitting(),
- mbedtls_ssl_get_key_exchange_md_ssl_tls(), mbedtls_ssl_conf_fallback(),
- and mbedtls_ssl_conf_ciphersuites_for_version(). Fixes #4286.
diff --git a/ChangeLog.d/issue4313.txt b/ChangeLog.d/issue4313.txt
deleted file mode 100644
index 1fb6123..0000000
--- a/ChangeLog.d/issue4313.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Removals
- * Remove the following macros: MBEDTLS_CHECK_PARAMS,
- MBEDTLS_CHECK_PARAMS_ASSERT, MBEDTLS_PARAM_FAILED,
- MBEDTLS_PARAM_FAILED_ALT. Fixes #4313.
diff --git a/ChangeLog.d/issue4335.txt b/ChangeLog.d/issue4335.txt
deleted file mode 100644
index fe9b7af..0000000
--- a/ChangeLog.d/issue4335.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Changes
- * Replace MBEDTLS_SSL_CID_PADDING_GRANULARITY and
- MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY with a new single unified option
- MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY. Fixes #4335.
diff --git a/ChangeLog.d/issue4361.txt b/ChangeLog.d/issue4361.txt
deleted file mode 100644
index f1dbb3f..0000000
--- a/ChangeLog.d/issue4361.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Removals
- * Remove the MBEDTLS_SSL_RECORD_CHECKING option and enable by default its
- previous action. Fixes #4361.
diff --git a/ChangeLog.d/issue4367.txt b/ChangeLog.d/issue4367.txt
deleted file mode 100644
index 9012fc0..0000000
--- a/ChangeLog.d/issue4367.txt
+++ /dev/null
@@ -1,13 +0,0 @@
-Removals
- * Remove all the 3DES ciphersuites:
- MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
- MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
- MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
- MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
- MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
- MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
- MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA,
- MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
- MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA. Remove the
- MBEDTLS_REMOVE_3DES_CIPHERSUITES option which is no longer relevant.
- Fixes #4367.
diff --git a/ChangeLog.d/issue4378.txt b/ChangeLog.d/issue4378.txt
deleted file mode 100644
index 9a7522b..0000000
--- a/ChangeLog.d/issue4378.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Removals
- * Remove the MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION config.h
- option. The mbedtls_x509_crt_parse_der_with_ext_cb() is the way to go for
- migration path. Fixes #4378.
diff --git a/ChangeLog.d/issue4386.txt b/ChangeLog.d/issue4386.txt
deleted file mode 100644
index 9e61fdb..0000000
--- a/ChangeLog.d/issue4386.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Removals
- * Remove the MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 option and let the code
- behave as if it was always disabled. Fixes #4386.
diff --git a/ChangeLog.d/issue4398.txt b/ChangeLog.d/issue4398.txt
deleted file mode 100644
index b7f2413..0000000
--- a/ChangeLog.d/issue4398.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-API changes
- * Replace MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE by a runtime
- configuration function mbedtls_ssl_conf_preference_order(). Fixes #4398.
diff --git a/ChangeLog.d/issue4403.txt b/ChangeLog.d/issue4403.txt
deleted file mode 100644
index 08ac60e..0000000
--- a/ChangeLog.d/issue4403.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Removals
- * Remove the MBEDTLS_SSL_DTLS_BADMAC_LIMIT config.h option. Fixes #4403.
diff --git a/ChangeLog.d/issue4405.txt b/ChangeLog.d/issue4405.txt
deleted file mode 100644
index c36aefa..0000000
--- a/ChangeLog.d/issue4405.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Removals
- * Remove the MBEDTLS_X509_CHECK_KEY_USAGE and
- MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE config.h options and let the code
- behave as if they were always enabled. Fixes #4405.
diff --git a/ChangeLog.d/key-export.txt b/ChangeLog.d/key-export.txt
deleted file mode 100644
index 2fc01a4..0000000
--- a/ChangeLog.d/key-export.txt
+++ /dev/null
@@ -1,10 +0,0 @@
-API changes
- * mbedtls_ssl_conf_export_keys_ext_cb() and
- mbedtls_ssl_conf_export_keys_cb() have been removed and
- replaced by a new API mbedtls_ssl_set_export_keys_cb().
- Raw keys and IVs are no longer passed to the callback.
- Further, callbacks now receive an additional parameter
- indicating the type of secret that's being exported,
- paving the way for the larger number of secrets
- in TLS 1.3. Finally, the key export callback and
- context are now connection-specific.
diff --git a/ChangeLog.d/make-generate-tests-python.txt b/ChangeLog.d/make-generate-tests-python.txt
deleted file mode 100644
index 4b9009d..0000000
--- a/ChangeLog.d/make-generate-tests-python.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Changes
- * When building the test suites with GNU make, invoke python3 or python, not
- python2, which is no longer supported upstream.
diff --git a/ChangeLog.d/mandatory-rng-param.txt b/ChangeLog.d/mandatory-rng-param.txt
deleted file mode 100644
index 39ee335..0000000
--- a/ChangeLog.d/mandatory-rng-param.txt
+++ /dev/null
@@ -1,14 +0,0 @@
-API changes
- * For all functions that take a random number generator (RNG) as a
- parameter, this parameter is now mandatory (that is, NULL is not an
- acceptable value). Functions which previously accepted NULL and now
- reject it are: the X.509 CRT and CSR writing functions; the PK and RSA
- sign and decrypt function; mbedtls_rsa_private(); the functions
- in DHM and ECDH that compute the shared secret; the scalar multiplication
- functions in ECP.
- * The following functions now require an RNG parameter:
- mbedtls_ecp_check_pub_priv(), mbedtls_pk_check_pair(),
- mbedtls_pk_parse_key(), mbedtls_pk_parse_keyfile().
-Removals
- * The configuration option MBEDTLS_ECP_NO_INTERNAL_RNG has been removed as
- it no longer had any effect.
diff --git a/ChangeLog.d/max-record-payload-api.txt b/ChangeLog.d/max-record-payload-api.txt
deleted file mode 100644
index 02b47e4..0000000
--- a/ChangeLog.d/max-record-payload-api.txt
+++ /dev/null
@@ -1,9 +0,0 @@
-API changes
- * Remove the SSL APIs mbedtls_ssl_get_input_max_frag_len() and
- mbedtls_ssl_get_output_max_frag_len(), and add a new API
- mbedtls_ssl_get_max_in_record_payload(), complementing the existing
- mbedtls_ssl_get_max_out_record_payload().
- Uses of mbedtls_ssl_get_input_max_frag_len() and
- mbedtls_ssl_get_input_max_frag_len() should be replaced by
- mbedtls_ssl_get_max_in_record_payload() and
- mbedtls_ssl_get_max_out_record_payload(), respectively.
diff --git a/ChangeLog.d/mbed-can-do-timing.txt b/ChangeLog.d/mbed-can-do-timing.txt
deleted file mode 100644
index d83da02..0000000
--- a/ChangeLog.d/mbed-can-do-timing.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Remove outdated check-config.h check that prevented implementing the
- timing module on Mbed OS. Fixes #4633.
diff --git a/ChangeLog.d/mbedtls_debug_print_mpi.txt b/ChangeLog.d/mbedtls_debug_print_mpi.txt
deleted file mode 100644
index d1b4f5b..0000000
--- a/ChangeLog.d/mbedtls_debug_print_mpi.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Bugfix
- * Fix a crash in mbedtls_mpi_debug_mpi on a bignum having 0 limbs. This
- could notably be triggered by setting the TLS debug level to 3 or above
- and using a Montgomery curve for the key exchange. Reported by lhuang04
- in #4578. Fixes #4608.
diff --git a/ChangeLog.d/mpi_exp_mod-zero.txt b/ChangeLog.d/mpi_exp_mod-zero.txt
deleted file mode 100644
index 9df9031..0000000
--- a/ChangeLog.d/mpi_exp_mod-zero.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-Bugfix
- * Fix a null pointer dereference when mbedtls_mpi_exp_mod() was called with
- A=0 represented with 0 limbs. Up to and including Mbed TLS 2.26, this bug
- could not be triggered by code that constructed A with one of the
- mbedtls_mpi_read_xxx functions (including in particular TLS code) since
- those always built an mpi object with at least one limb.
- Credit to OSS-Fuzz. Fixes #4641.
diff --git a/ChangeLog.d/mpi_gcd-0.txt b/ChangeLog.d/mpi_gcd-0.txt
deleted file mode 100644
index 41e11e1..0000000
--- a/ChangeLog.d/mpi_gcd-0.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * Fix mbedtls_mpi_gcd(G,A,B) when the value of B is zero. This had no
- effect on Mbed TLS's internal use of mbedtls_mpi_gcd(), but may affect
- applications that call mbedtls_mpi_gcd() directly. Fixes #4642.
diff --git a/ChangeLog.d/mpi_random.txt b/ChangeLog.d/mpi_random.txt
deleted file mode 100644
index 9e6a416..0000000
--- a/ChangeLog.d/mpi_random.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Features
- * The new function mbedtls_mpi_random() generates a random value in a
- given range uniformly.
diff --git a/ChangeLog.d/mpi_read_zero.txt b/ChangeLog.d/mpi_read_zero.txt
deleted file mode 100644
index 0c25159..0000000
--- a/ChangeLog.d/mpi_read_zero.txt
+++ /dev/null
@@ -1,9 +0,0 @@
-Changes
- * mbedtls_mpi_read_binary(), mbedtls_mpi_read_binary_le() and
- mbedtls_mpi_read_string() now construct an mbedtls_mpi object with 0 limbs
- when their input has length 0. Note that this is an implementation detail
- and can change at any time, so this change should be transparent, but it
- may result in mbedtls_mpi_write_binary() or mbedtls_mpi_write_string()
- now writing an empty string where it previously wrote one or more
- zero digits when operating from values constructed with an mpi_read
- function and some mpi operations.
diff --git a/ChangeLog.d/no-generated-files.txt b/ChangeLog.d/no-generated-files.txt
deleted file mode 100644
index 0f9648a..0000000
--- a/ChangeLog.d/no-generated-files.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-Requirement changes
- * If you build the development version of Mbed TLS, rather than an official
- release, some configuration-independent files are now generated at build
- time rather than checked into source control. This includes some library
- source files as well as the Visual Studio solution. Perl, Python 3 and a
- C compiler for the host platform are required. See “Generated source files
- in the development branch” in README.md for more information.
diff --git a/ChangeLog.d/one-shot-mac.txt b/ChangeLog.d/one-shot-mac.txt
deleted file mode 100644
index 112891d..0000000
--- a/ChangeLog.d/one-shot-mac.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Features
- * Implement psa_mac_compute() and psa_mac_verify() as defined in the
- PSA Cryptograpy API 1.0.0 specification.
diff --git a/ChangeLog.d/one-shot_cipher_functions.txt b/ChangeLog.d/one-shot_cipher_functions.txt
deleted file mode 100644
index 3bb85e1..0000000
--- a/ChangeLog.d/one-shot_cipher_functions.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-API changes
- * Implement one-shot cipher functions, psa_cipher_encrypt and
- psa_cipher_decrypt, according to the PSA Crypto API 1.0.0
- specification.
diff --git a/ChangeLog.d/out_size.txt b/ChangeLog.d/out_size.txt
deleted file mode 100644
index 721bf6a..0000000
--- a/ChangeLog.d/out_size.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-API changes
- * The functions mbedtls_pk_sign(), mbedtls_pk_sign_restartable(),
- mbedtls_ecdsa_write_signature() and
- mbedtls_ecdsa_write_signature_restartable() now take an extra parameter
- indicating the size of the output buffer for the signature.
diff --git a/ChangeLog.d/posix-define.txt b/ChangeLog.d/posix-define.txt
deleted file mode 100644
index 98cf2d0..0000000
--- a/ChangeLog.d/posix-define.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-Bugfix
- * In library/net_sockets.c, _POSIX_C_SOURCE and _XOPEN_SOURCE are
- defined to specific values. If the code is used in a context
- where these are already defined, this can result in a compilation
- error. Instead, assume that if they are defined, the values will
- be adequate to build Mbed TLS.
diff --git a/ChangeLog.d/private-fields.txt b/ChangeLog.d/private-fields.txt
deleted file mode 100644
index 10b9a59..0000000
--- a/ChangeLog.d/private-fields.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-API changes
- * Direct access to fields of structures declared in public headers is no
- longer supported except for fields that are documented public. Use accessor
- functions instead. For more information, see the migration guide entry
- "Most structure fields are now private".
diff --git a/ChangeLog.d/psa-aead-output-size-macros-1.0.txt b/ChangeLog.d/psa-aead-output-size-macros-1.0.txt
deleted file mode 100644
index 22756f1..0000000
--- a/ChangeLog.d/psa-aead-output-size-macros-1.0.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-API changes
- * Update AEAD output size macros to bring them in line with the PSA Crypto
- API version 1.0 spec. This version of the spec parameterizes them on the
- key type used, as well as the key bit-size in the case of
- PSA_AEAD_TAG_LENGTH.
diff --git a/ChangeLog.d/psa-builtin-keys-implementation.txt b/ChangeLog.d/psa-builtin-keys-implementation.txt
deleted file mode 100644
index 66ba77d..0000000
--- a/ChangeLog.d/psa-builtin-keys-implementation.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Features
- * Added support for built-in driver keys through the PSA opaque crypto
- driver interface. Refer to the documentation of
- MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS for more information.
diff --git a/ChangeLog.d/psa-read-only-keys.txt b/ChangeLog.d/psa-read-only-keys.txt
deleted file mode 100644
index a4a2823..0000000
--- a/ChangeLog.d/psa-read-only-keys.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Bugfix
- * The PSA API no longer allows the creation or destruction of keys with a
- read-only lifetime. The persistence level PSA_KEY_PERSISTENCE_READ_ONLY
- can now only be used as intended, for keys that cannot be modified through
- normal use of the API.
diff --git a/ChangeLog.d/psa-rsa-verify-alt-fix.txt b/ChangeLog.d/psa-rsa-verify-alt-fix.txt
deleted file mode 100644
index 74804ca..0000000
--- a/ChangeLog.d/psa-rsa-verify-alt-fix.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-Bugfix
- * psa_verify_hash() was relying on implementation-specific behavior of
- mbedtls_rsa_rsassa_pss_verify() and was causing failures in some _ALT
- implementations. This reliance is now removed. Fixes #3990.
- * Disallow inputs of length different from the corresponding hash when
- signing or verifying with PSA_ALG_RSA_PSS (The PSA Crypto API mandates
- that PSA_ALG_RSA_PSS uses the same hash throughout the algorithm.)
diff --git a/ChangeLog.d/psa-without-genprime-fix.txt b/ChangeLog.d/psa-without-genprime-fix.txt
deleted file mode 100644
index 8a7153a..0000000
--- a/ChangeLog.d/psa-without-genprime-fix.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Bugfix
- * Restore the ability to configure PSA via Mbed TLS options to support RSA
- key pair operations but exclude RSA key generation. When MBEDTLS_GENPRIME
- is not defined PSA will no longer attempt to use mbedtls_rsa_gen_key().
- Fixes #4512.
diff --git a/ChangeLog.d/psa_key_derivation-bad_workflow.txt b/ChangeLog.d/psa_key_derivation-bad_workflow.txt
deleted file mode 100644
index 7fd03e6..0000000
--- a/ChangeLog.d/psa_key_derivation-bad_workflow.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix PSA_ALG_TLS12_PRF and PSA_ALG_TLS12_PSK_TO_MS being too permissive
- about missing inputs.
diff --git a/ChangeLog.d/psa_sign_message.txt b/ChangeLog.d/psa_sign_message.txt
deleted file mode 100644
index 2d77ec0..0000000
--- a/ChangeLog.d/psa_sign_message.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Features
- * Implement psa_sign_message() and psa_verify_message().
diff --git a/ChangeLog.d/random-range.txt b/ChangeLog.d/random-range.txt
deleted file mode 100644
index dc35ec6..0000000
--- a/ChangeLog.d/random-range.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Security
-* Fix a bias in the generation of finite-field Diffie-Hellman-Merkle (DHM)
- private keys and of blinding values for DHM and elliptic curves (ECP)
- computations. Reported by FlorianF89 in #4245.
diff --git a/ChangeLog.d/reject-low-order-points-early.txt b/ChangeLog.d/reject-low-order-points-early.txt
deleted file mode 100644
index eb73569..0000000
--- a/ChangeLog.d/reject-low-order-points-early.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-Security
- * An adversary with access to precise enough timing information (typically, a
- co-located process) could recover a Curve25519 or Curve448 static ECDH key
- after inputting a chosen public key and observing the victim performing the
- corresponding private-key operation. Found and reported by Leila Batina,
- Lukas Chmielewski, Björn Haase, Niels Samwel and Peter Schwabe.
diff --git a/ChangeLog.d/relaxed-psk-semantics.txt b/ChangeLog.d/relaxed-psk-semantics.txt
deleted file mode 100644
index 418ff6f..0000000
--- a/ChangeLog.d/relaxed-psk-semantics.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-API changes
- * Modify semantics of `mbedtls_ssl_conf_[opaque_]psk()`:
- In Mbed TLS 2.X, the API prescribes that later calls overwrite
- the effect of earlier calls. In Mbed TLS 3.0, calling
- `mbedtls_ssl_conf_[opaque_]psk()` more than once will fail,
- leaving the PSK that was configured first intact.
- Support for more than one PSK may be added in 3.X.
diff --git a/ChangeLog.d/remove-config-psa-crypto.txt b/ChangeLog.d/remove-config-psa-crypto.txt
deleted file mode 100644
index eb7cc50..0000000
--- a/ChangeLog.d/remove-config-psa-crypto.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Changes
- * Remove configs/config-psa-crypto.h, which no longer had any intended
- differences from the default configuration, but had accidentally diverged.
diff --git a/ChangeLog.d/remove-enable-weak-ciphersuites.txt b/ChangeLog.d/remove-enable-weak-ciphersuites.txt
deleted file mode 100644
index 97f63eb..0000000
--- a/ChangeLog.d/remove-enable-weak-ciphersuites.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Removals
- * Remove MBEDTLS_ENABLE_WEAK_CIPHERSUITES configuration option. Fixes #4416.
diff --git a/ChangeLog.d/remove-max-content-len.txt b/ChangeLog.d/remove-max-content-len.txt
deleted file mode 100644
index b7607e6..0000000
--- a/ChangeLog.d/remove-max-content-len.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Removals
- * Remove MBEDTLS_SSL_MAX_CONTENT_LEN configuration option, since
- MBEDTLS_SSL_IN_CONTENT_LEN and MBEDTLS_SSL_OUT_CONTENT_LEN replace
- it. Fixes #4362.
diff --git a/ChangeLog.d/remove-rsa-mode-parameter.txt b/ChangeLog.d/remove-rsa-mode-parameter.txt
deleted file mode 100644
index 2590d3a..0000000
--- a/ChangeLog.d/remove-rsa-mode-parameter.txt
+++ /dev/null
@@ -1,8 +0,0 @@
-Removals
- * The RSA module no longer supports private-key operations with the public
- key and vice versa.
-API changes
- * Remove the mode parameter from RSA operation functions. Signature and
- decryption functions now always use the private key and verification and
- encryption use the public key. Verification functions also no longer have
- RNG parameters.
diff --git a/ChangeLog.d/remove_null_entropy.txt b/ChangeLog.d/remove_null_entropy.txt
deleted file mode 100644
index 3d9674b..0000000
--- a/ChangeLog.d/remove_null_entropy.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-API changes
- * Remove the MBEDTLS_TEST_NULL_ENTROPY config option. Fixes #4388.
diff --git a/ChangeLog.d/require-matching-hashlen-rsa.txt b/ChangeLog.d/require-matching-hashlen-rsa.txt
deleted file mode 100644
index 096b577..0000000
--- a/ChangeLog.d/require-matching-hashlen-rsa.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-API changes
- * Signature functions in the RSA and PK modules now require the hash
- length parameter to be the size of the hash input. For RSA signatures
- other than raw PKCS#1 v1.5, this must match the output size of the
- specified hash algorithm.
diff --git a/ChangeLog.d/rm-ecdh-legacy-context-option.txt b/ChangeLog.d/rm-ecdh-legacy-context-option.txt
deleted file mode 100644
index d5a527b..0000000
--- a/ChangeLog.d/rm-ecdh-legacy-context-option.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Removals
- * Remove MBEDTLS_ECDH_LEGACY_CONTEXT config option since this was purely for
- backward compatibility which is no longer supported. Addresses #4404.
diff --git a/ChangeLog.d/rm-ticket-lifetime-option.txt b/ChangeLog.d/rm-ticket-lifetime-option.txt
deleted file mode 100644
index 4851512..0000000
--- a/ChangeLog.d/rm-ticket-lifetime-option.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Removals
- * Remove the MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
- compile-time option. This option has been inactive for a long time.
- Please use the `lifetime` parameter of `mbedtls_ssl_ticket_setup()`
- instead.
diff --git a/ChangeLog.d/rm-truncated-hmac-ext.txt b/ChangeLog.d/rm-truncated-hmac-ext.txt
deleted file mode 100644
index 3739256..0000000
--- a/ChangeLog.d/rm-truncated-hmac-ext.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Removals
- * Remove MBEDTLS_SSL_TRUNCATED_HMAC and also remove
- MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT config option. Users are better served by
- using a CCM-8 ciphersuite than a CBC ciphersuite with truncated HMAC.
- See issue #4341 for more details.
diff --git a/ChangeLog.d/rsa-padding.txt b/ChangeLog.d/rsa-padding.txt
deleted file mode 100644
index 5f9c11f..0000000
--- a/ChangeLog.d/rsa-padding.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-API changes
- * mbedtls_rsa_init() now always selects the PKCS#1v1.5 encoding for an RSA
- key. To use an RSA key with PSS or OAEP, call mbedtls_rsa_set_padding()
- after initializing the context. mbedtls_rsa_set_padding() now returns an
- error if its parameters are invalid.
diff --git a/ChangeLog.d/session-cache-api.txt b/ChangeLog.d/session-cache-api.txt
deleted file mode 100644
index 75cc943..0000000
--- a/ChangeLog.d/session-cache-api.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-API changes
- * The getter and setter API of the SSL session cache (used for
- session-ID based session resumption) has changed to that of
- a key-value store with keys being session IDs and values
- being opaque instances of `mbedtls_ssl_session`.
diff --git a/ChangeLog.d/sha224_sha384.txt b/ChangeLog.d/sha224_sha384.txt
deleted file mode 100644
index f60ea56..0000000
--- a/ChangeLog.d/sha224_sha384.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-API changes
- * Replace MBEDTLS_SHA512_NO_SHA384 config option with MBEDTLS_SHA384_C.
- This separates config option enabling the SHA384 algorithm from option
- enabling the SHA512 algorithm. Fixes #4034.
- * Introduce MBEDTLS_SHA224_C.
- This separates config option enabling the SHA224 algorithm from option
- enabling SHA256.
diff --git a/ChangeLog.d/sha512-output-type.txt b/ChangeLog.d/sha512-output-type.txt
deleted file mode 100644
index eabc67d..0000000
--- a/ChangeLog.d/sha512-output-type.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-API changes
- * The output parameter of mbedtls_sha512_finish_ret, mbedtls_sha512_ret,
- mbedtls_sha256_finish_ret and mbedtls_sha256_ret now has a pointer type
- rather than array type. This removes spurious warnings in some compilers
- when outputting a SHA-384 or SHA-224 hash into a buffer of exactly
- the hash size.
diff --git a/ChangeLog.d/split-config.txt b/ChangeLog.d/split-config.txt
deleted file mode 100644
index f66dc93..0000000
--- a/ChangeLog.d/split-config.txt
+++ /dev/null
@@ -1,13 +0,0 @@
-Changes
- * config.h has been split into build_info.h and mbedtls_config.h
- build_info.h is intended to be included from C code directly, while
- mbedtls_config.h is intended to be edited by end users wishing to
- change the build configuration, and should generally only be included from
- build_info.h.
- * The handling of MBEDTLS_CONFIG_FILE has been moved into build_info.h.
- * A config file version symbol, MBEDTLS_CONFIG_VERSION was introduced.
- Defining it to a particular value will ensure that Mbed TLS interprets
- the config file in a way that's compatible with the config file format
- used by the Mbed TLS release whose MBEDTLS_VERSION_NUMBER has the same
- value.
- The only value supported by Mbed TLS 3.0.0 is 0x03000000.
diff --git a/ChangeLog.d/spm_build.txt b/ChangeLog.d/spm_build.txt
deleted file mode 100644
index 6016d84..0000000
--- a/ChangeLog.d/spm_build.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * When MBEDTLS_PSA_CRYPTO_SPM is enabled, crypto_spe.h was not included
- in all the right places. Include it from crypto_platform.h, which is
- the natural place. Fixes #4649.
diff --git a/ChangeLog.d/ssl-error-code-cleanup.txt b/ChangeLog.d/ssl-error-code-cleanup.txt
deleted file mode 100644
index 768d190..0000000
--- a/ChangeLog.d/ssl-error-code-cleanup.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-API changes
- * Remove SSL error codes `MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED`
- and `MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH` which are never
- returned from the public SSL API.
- * Remove `MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE` and return
- `MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL` instead.
diff --git a/ChangeLog.d/tool-versions.txt b/ChangeLog.d/tool-versions.txt
deleted file mode 100644
index b89b384..0000000
--- a/ChangeLog.d/tool-versions.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Requirement changes
- * Refresh the minimum supported versions of tools to build the
- library. CMake versions older than 3.10.2 and Python older
- than 3.6 are no longer supported.
diff --git a/ChangeLog.d/undefined_reference_without_psa.txt b/ChangeLog.d/undefined_reference_without_psa.txt
deleted file mode 100644
index 4dae534..0000000
--- a/ChangeLog.d/undefined_reference_without_psa.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * With MBEDTLS_PSA_CRYPTO_C disabled, some functions were getting built
- nonetheless, resulting in undefined reference errors when building a
- shared library. Reported by Guillermo Garcia M. in #4411.
diff --git a/ChangeLog.d/update_ssl_error_codes.txt b/ChangeLog.d/update_ssl_error_codes.txt
deleted file mode 100644
index 0630b54..0000000
--- a/ChangeLog.d/update_ssl_error_codes.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Changes
- * Various changes to which alert and/or error code may be returned
- * during the TLS handshake.
diff --git a/ChangeLog.d/winsock.txt b/ChangeLog.d/winsock.txt
deleted file mode 100644
index 0b42e69..0000000
--- a/ChangeLog.d/winsock.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * Fix mbedtls_net_poll() and mbedtls_net_recv_timeout() often failing with
- MBEDTLS_ERR_NET_POLL_FAILED on Windows. Fixes #4465.
-
diff --git a/ChangeLog.d/x509_remove_info.txt b/ChangeLog.d/x509_remove_info.txt
deleted file mode 100644
index c103b1b..0000000
--- a/ChangeLog.d/x509_remove_info.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-API changes
- * Add configuration option MBEDTLS_X509_REMOVE_INFO which
- removes the mbedtls_x509_*_info(), mbedtls_debug_print_crt()
- as well as other functions and constants only used by
- those functions. This reduces the code footprint by
- several kB.