Assemble Changelog
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
diff --git a/ChangeLog b/ChangeLog
index 28f2654..3237b76 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,265 @@
Mbed TLS ChangeLog (Sorted per branch, date)
+= Mbed TLS x.x.x branch released xxxx-xx-xx
+
+API changes
+ * Remove `tls13_` in mbedtls_ssl_tls13_conf_early_data() and
+ mbedtls_ssl_tls13_conf_max_early_data_size() API names. Early data
+ feature may not be TLS 1.3 specific in the future. Fixes #6909.
+
+Default behavior changes
+ * psa_import_key() now only accepts RSA keys in the PSA standard formats.
+ The undocumented ability to import other formats (PKCS#8, SubjectPublicKey,
+ PEM) accepted by the pkparse module has been removed. Applications that
+ need these formats can call mbedtls_pk_parse_{public,}key() followed by
+ mbedtls_pk_import_into_psa().
+
+Requirement changes
+ * Drop support for Visual Studio 2013 and 2015, and Arm Compiler 5.
+
+New deprecations
+ * Rename the MBEDTLS_SHA256_USE_A64_CRYPTO_xxx config options to
+ MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_xxx. The old names may still
+ be used, but are deprecated.
+ * In the PSA API, domain parameters are no longer used for anything.
+ They are deprecated and will be removed in a future version of the
+ library.
+ * mbedtls_ecp_write_key() is deprecated in favor of
+ mbedtls_ecp_write_key_ext().
+
+Removals
+ * In the PSA API, the experimental way to encode the public exponent of
+ an RSA key as a domain parameter is no longer supported. Use
+ psa_generate_key_ext() instead.
+ * Temporary function mbedtls_pk_wrap_as_opaque() is removed. To mimic the
+ same behavior mbedtls_pk_get_psa_attributes() and
+ mbedtls_pk_import_into_psa() can be used to import a PK key into PSA,
+ while mbedtls_pk_setup_opaque() can be used to wrap a PSA key into a opaque
+ PK context.
+
+Features
+ * Added an example program showing how to hash with the PSA API.
+ * Support Armv8-A Crypto Extension acceleration for SHA-256
+ when compiling for Thumb (T32) or 32-bit Arm (A32).
+ * AES-NI is now supported in Windows builds with clang and clang-cl.
+ Resolves #8372.
+ * Add new mbedtls_x509_csr_parse_der_with_ext_cb() routine which allows
+ parsing unsupported certificate extensions via user provided callback.
+ * Enable the new option MBEDTLS_BLOCK_CIPHER_NO_DECRYPT to omit
+ the decryption direction of block ciphers (AES, ARIA, Camellia).
+ This affects both the low-level modules and the high-level APIs
+ (the cipher and PSA interfaces). This option is incompatible with modes
+ that use the decryption direction (ECB in PSA, CBC, XTS, KW) and with DES.
+ * Support use of Armv8-A Cryptographic Extensions for hardware acclerated
+ AES when compiling for Thumb (T32) or 32-bit Arm (A32).
+ * If a cipher or AEAD mechanism has a PSA driver, you can now build the
+ library without the corresponding built-in implementation. Generally
+ speaking that requires both the key type and algorithm to be accelerated
+ or they'll both be built in. However, for CCM and GCM the built-in
+ implementation is able to take advantage of a driver that only
+ accelerates the key type (that is, the block cipher primitive). See
+ docs/driver-only-builds.md for full details and current limitations.
+ * The CTR_DRBG module will now use AES from a PSA driver if MBEDTLS_AES_C is
+ disabled. This requires PSA_WANT_ALG_ECB_NO_PADDING in addition to
+ MBEDTLS_PSA_CRYPTO_C and PSA_WANT_KEY_TYPE_AES.
+ * Fewer modules depend on MBEDTLS_CIPHER_C, making it possible to save code
+ size by disabling it in more circumstances. In particular, the CCM and
+ GCM modules no longer depend on MBEDTLS_CIPHER_C. Also,
+ MBEDTLS_PSA_CRYPTO can now be enabled without MBEDTLS_CIPHER_C if all
+ unauthenticated (non-AEAD) ciphers are disabled, or if they're all
+ fully provided by drivers. See docs/driver-only-builds.md for full
+ details and current limitations; in particular, NIST_KW and PKCS5/PKCS12
+ decryption still unconditionally depend on MBEDTLS_CIPHER_C.
+ * Add support for record size limit extension as defined by RFC 8449
+ and configured with MBEDTLS_SSL_RECORD_SIZE_LIMIT.
+ Application data sent and received will be fragmented according to
+ Record size limits negotiated during handshake.
+ * Improve performance of AES-GCM, AES-CTR and CTR-DRBG when
+ hardware accelerated AES is not present (around 13-23% on 64-bit Arm).
+ * Add functions mbedtls_ecc_group_to_psa() and mbedtls_ecc_group_from_psa()
+ to convert between Mbed TLS and PSA curve identifiers.
+ * Add utility functions to manipulate mbedtls_ecp_keypair objects, filling
+ gaps made by making its fields private: mbedtls_ecp_set_public_key(),
+ mbedtls_ecp_write_public_key(), mbedtls_ecp_keypair_calc_public(),
+ mbedtls_ecp_keypair_get_group_id(). Fixes #5017, #5441, #8367, #8652.
+ * Add functions mbedtls_md_psa_alg_from_type() and
+ mbedtls_md_type_from_psa_alg() to convert between mbedtls_md_type_t and
+ psa_algorithm_t.
+ * Add partial platform support for z/OS.
+ * Improve performance for gcc (versions older than 9.3.0) and IAR.
+ * Add functions mbedtls_ecdsa_raw_to_der() and mbedtls_ecdsa_der_to_raw() to
+ convert ECDSA signatures between raw and DER (ASN.1) formats.
+ * Add support for using AES-CBC 128, 192, and 256 bit schemes
+ with PKCS#5 PBES2. Keys encrypted this way can now be parsed by PK parse.
+ * The new function mbedtls_rsa_get_bitlen() returns the length of the modulus
+ in bits, i.e. the key size for an RSA key.
+ * Add pc files for pkg-config, e.g.:
+ pkg-config --cflags --libs (mbedtls|mbedcrypto|mbedx509)
+ * Add getter (mbedtls_ssl_session_get_ticket_creation_time()) to access
+ `mbedtls_ssl_session.ticket_creation_time`.
+ * The new functions mbedtls_pk_get_psa_attributes() and
+ mbedtls_pk_import_into_psa() provide a uniform way to create a PSA
+ key from a PK key.
+ * The benchmark program now reports times for both ephemeral and static
+ ECDH in all ECDH configurations.
+ * Add support for 8-bit GCM tables for Shoup's algorithm to speedup GCM
+ operations when hardware accelerated AES is not present. Improves
+ performance by around 30% on 64-bit Intel; 125% on Armv7-M.
+ * The new function psa_generate_key_ext() allows generating an RSA
+ key pair with a custom public exponent.
+ * The new function mbedtls_ecp_write_key_ext() is similar to
+ mbedtls_ecp_write_key(), but can be used without separately calculating
+ the output length.
+ * Add new accessor to expose the private group id member of
+ `mbedtls_ecdh_context` structure.
+ * Add new accessor to expose the `MBEDTLS_PRIVATE(ca_istrue)` member of
+ `mbedtls_x509_crt` structure. This requires setting
+ the MBEDTLS_X509_EXT_BASIC_CONSTRAINTS bit in the certificate's
+ ext_types field.
+ * mbedtls_psa_get_random() is always available as soon as
+ MBEDTLS_PSA_CRYPTO_CLIENT is enabled at build time and psa_crypto_init() is
+ called at runtime. This together with MBEDTLS_PSA_RANDOM_STATE can be
+ used as random number generator function (f_rng) and context (p_rng) in
+ legacy functions.
+ * The new functions mbedtls_pk_copy_from_psa() and
+ mbedtls_pk_copy_public_from_psa() provide ways to set up a PK context
+ with the same content as a PSA key.
+ * Add new accessors to expose the private session-id,
+ session-id length, and ciphersuite-id members of
+ `mbedtls_ssl_session` structure.
+ Add new accessor to expose the ciphersuite-id of
+ `mbedtls_ssl_ciphersuite_t` structure.Design ref: #8529
+ * Mbed TLS now supports the writing and reading of TLS 1.3 early data (see
+ docs/tls13-early-data.md). The support enablement is controlled at build
+ time by the MBEDTLS_SSL_EARLY_DATA configuration option and at runtime by
+ the mbedtls_ssl_conf_early_data() API (by default disabled in both cases).
+ * Add protection for multithreaded access to the PSA keystore and protection
+ for multithreaded access to the the PSA global state, including
+ concurrently calling psa_crypto_init() when MBEDTLS_THREADING_C and
+ MBEDTLS_THREADING_PTHREAD are defined. See
+ docs/architecture/psa-thread-safety/psa-thread-safety.md for more details.
+ Resolves issues #3263 and #7945.
+
+Security
+ * Fix a stack buffer overread (less than 256 bytes) when parsing a TLS 1.3
+ ClientHello in a TLS 1.3 server supporting some PSK key exchange mode. A
+ malicious client could cause information disclosure or a denial of service.
+ * Passing buffers that are stored in untrusted memory as arguments
+ to PSA functions is now secure by default.
+ The PSA core now protects against modification of inputs or exposure
+ of intermediate outputs during operations. This is currently implemented
+ by copying buffers.
+ This feature increases code size and memory usage. If buffers passed to
+ PSA functions are owned exclusively by the PSA core for the duration of
+ the function call (i.e. no buffer parameters are in shared memory),
+ copying may be disabled by setting MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS.
+ Note that setting this option will cause input-output buffer overlap to
+ be only partially supported (#3266).
+ Fixes CVE-2024-28960
+ * Restore the maximum TLS version to be negotiated to the configured one
+ when an SSL context is reset with the mbedtls_ssl_session_reset() API.
+ An attacker was able to prevent an Mbed TLS server from establishing any
+ TLS 1.3 connection potentially resulting in a Denial of Service or forced
+ version downgrade from TLS 1.3 to TLS 1.2. Fixes #8654 reported by hey3e.
+ Fixes CVE-2024-28755.
+ * When negotiating TLS version on server side, do not fall back to the
+ TLS 1.2 implementation of the protocol if it is disabled.
+ - If the TLS 1.2 implementation was disabled at build time, a TLS 1.2
+ client could put the TLS 1.3-only server in an infinite loop processing
+ a TLS 1.2 ClientHello, resulting in a denial of service. Reported by
+ Matthias Mucha and Thomas Blattmann, SICK AG.
+ - If the TLS 1.2 implementation was disabled at runtime, a TLS 1.2 client
+ was able to successfully establish a TLS 1.2 connection with the server.
+ Reported by alluettiv on GitHub.
+ Fixes CVE-2024-28836.
+
+Bugfix
+ * Fix the build with CMake when Everest or P256-m is enabled through
+ a user configuration file or the compiler command line. Fixes #8165.
+ * Fix compilation error in C++ programs when MBEDTLS_ASN1_PARSE_C is
+ disabled.
+ * Fix possible NULL dereference issue in X509 cert_req program if an entry
+ in the san parameter is not separated by a colon.
+ * Fix possible NULL dereference issue in X509 cert_write program if an entry
+ in the san parameter is not separated by a colon.
+ * Fix an inconsistency between implementations and usages of `__cpuid`,
+ which mainly causes failures when building Windows target using
+ mingw or clang. Fixes #8334 & #8332.
+ * Fix build failure in conda-forge. Fixes #8422.
+ * Fix parsing of CSRs with critical extensions.
+ * Switch to milliseconds as the unit for ticket creation and reception time
+ instead of seconds. That avoids rounding errors when computing the age of
+ tickets compared to peer using a millisecond clock (observed with GnuTLS).
+ Fixes #6623.
+ * Fix TLS server accepting TLS 1.2 handshake while TLS 1.2
+ is disabled at runtime. Fixes #8593.
+ * Remove accidental introduction of RSA signature algorithms
+ in TLS Suite B Profile. Fixes #8221.
+ * Fix unsupported PSA asymmetric encryption and decryption
+ (psa_asymmetric_[en|de]crypt) with opaque keys.
+ Resolves #8461.
+ * On Linux on ARMv8, fix a build error with SHA-256 and SHA-512
+ acceleration detection when the libc headers do not define the
+ corresponding constant. Reported by valord577.
+ * Correct initial capacities for key derivation algorithms:TLS12_PRF,
+ TLS12_PSK_TO_MS, PBKDF2-HMAC, PBKDF2-CMAC
+ * Fix mbedtls_pk_get_bitlen() for RSA keys whose size is not a
+ multiple of 8. Fixes #868.
+ * Avoid segmentation fault caused by releasing not initialized
+ entropy resource in gen_key example. Fixes #8809.
+ * mbedtls_pem_read_buffer() now performs a check on the padding data of
+ decrypted keys and it rejects invalid ones.
+ * Fix mbedtls_pk_sign(), mbedtls_pk_verify(), mbedtls_pk_decrypt() and
+ mbedtls_pk_encrypt() on non-opaque RSA keys to honor the padding mode in
+ the RSA context. Before, if MBEDTLS_USE_PSA_CRYPTO was enabled and the
+ RSA context was configured for PKCS#1 v2.1 (PSS/OAEP), the sign/verify
+ functions performed a PKCS#1 v1.5 signature instead and the
+ encrypt/decrypt functions returned an error. Fixes #8824.
+ * Fix missing bitflags in SSL session serialization headers. Their absence
+ allowed SSL sessions saved in one configuration to be loaded in a
+ different, incompatible configuration.
+ * In TLS 1.3 clients, fix an interoperability problem due to the client
+ generating a new random after a HelloRetryRequest. Fixes #8669.
+ * Fix the restoration of the ALPN when loading serialized connection with
+ * the mbedtls_ssl_context_load() API.
+ * Fix NULL pointer dereference in mbedtls_pk_verify_ext() when called using
+ an opaque RSA context and specifying MBEDTLS_PK_RSASSA_PSS as key type.
+ * Fix RSA opaque keys always using PKCS1 v1.5 algorithms instead of the
+ primary algorithm of the wrapped PSA key.
+ * Fully support arbitrary overlap between inputs and outputs of PSA
+ functions. Note that overlap is still only partially supported when
+ MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS is set (#3266).
+
+Changes
+ * Use heap memory to allocate DER encoded public/private key.
+ This reduces stack usage significantly for writing a public/private
+ key to a PEM string.
+ * PSA_WANT_ALG_CCM and PSA_WANT_ALG_CCM_STAR_NO_TAG are no more synonyms and
+ they are now treated separately. This means that they should be
+ individually enabled in order to enable respective support; also the
+ corresponding MBEDTLS_PSA_ACCEL symbol should be defined in case
+ acceleration is required.
+ * Moved declaration of functions mbedtls_ecc_group_to_psa and
+ mbedtls_ecc_group_of_psa from psa/crypto_extra.h to mbedtls/psa_util.h
+ * mbedtls_pk_sign_ext() is now always available, not just when
+ PSA (MBEDTLS_PSA_CRYPTO_C) is enabled.
+ * Extended PSA Crypto configurations options for FFDH by making it possible
+ to select only some of the parameters / groups, with the macros
+ PSA_WANT_DH_RFC7919_XXXX. You now need to defined the corresponding macro
+ for each size you want to support. Also, if you have an FFDH accelerator,
+ you'll need to define the appropriate MBEDTLS_PSA_ACCEL macros to signal
+ support for these domain parameters.
+ * RSA support in PSA no longer auto-enables the pkparse and pkwrite modules,
+ saving code size when those are not otherwise enabled.
+ * mbedtls_mpi_exp_mod and code that uses it, notably RSA and DHM operations,
+ have changed their speed/memory compromise as part of a proactive security
+ improvement. The new default value of MBEDTLS_MPI_WINDOW_SIZE roughly
+ preserves the current speed, at the expense of increasing memory
+ consumption.
+ * Rename directory containing Visual Studio files from visualc/VS2013 to
+ visualc/VS2017.
+ * The TLS 1.3 protocol is now enabled in the default configuration.
+
= Mbed TLS 3.5.2 branch released 2024-01-26
Security
diff --git a/ChangeLog.d/7764.txt b/ChangeLog.d/7764.txt
deleted file mode 100644
index 4cd2079..0000000
--- a/ChangeLog.d/7764.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Features
- * Add functions mbedtls_ecc_group_to_psa() and mbedtls_ecc_group_from_psa()
- to convert between Mbed TLS and PSA curve identifiers.
diff --git a/ChangeLog.d/7765.txt b/ChangeLog.d/7765.txt
deleted file mode 100644
index 3dd6b5d..0000000
--- a/ChangeLog.d/7765.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Features
- * Add functions mbedtls_ecdsa_raw_to_der() and mbedtls_ecdsa_der_to_raw() to
- convert ECDSA signatures between raw and DER (ASN.1) formats.
diff --git a/ChangeLog.d/8030.txt b/ChangeLog.d/8030.txt
deleted file mode 100644
index d99c9e7..0000000
--- a/ChangeLog.d/8030.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-Changes
- * Extended PSA Crypto configurations options for FFDH by making it possible
- to select only some of the parameters / groups, with the macros
- PSA_WANT_DH_RFC7919_XXXX. You now need to defined the corresponding macro
- for each size you want to support. Also, if you have an FFDH accelerator,
- you'll need to define the appropriate MBEDTLS_PSA_ACCEL macros to signal
- support for these domain parameters.
diff --git a/ChangeLog.d/8340.txt b/ChangeLog.d/8340.txt
deleted file mode 100644
index 5664bf1..0000000
--- a/ChangeLog.d/8340.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Features
- * Add functions mbedtls_md_psa_alg_from_type() and
- mbedtls_md_type_from_psa_alg() to convert between mbedtls_md_type_t and
- psa_algorithm_t.
diff --git a/ChangeLog.d/8372.txt b/ChangeLog.d/8372.txt
deleted file mode 100644
index 4a72edf..0000000
--- a/ChangeLog.d/8372.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Features
- * AES-NI is now supported in Windows builds with clang and clang-cl.
- Resolves #8372.
diff --git a/ChangeLog.d/8461.txt b/ChangeLog.d/8461.txt
deleted file mode 100644
index d6a65f0..0000000
--- a/ChangeLog.d/8461.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * Fix unsupported PSA asymmetric encryption and decryption
- (psa_asymmetric_[en|de]crypt) with opaque keys.
- Resolves #8461.
diff --git a/ChangeLog.d/8482.txt b/ChangeLog.d/8482.txt
deleted file mode 100644
index a392232..0000000
--- a/ChangeLog.d/8482.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-Changes
- * PSA_WANT_ALG_CCM and PSA_WANT_ALG_CCM_STAR_NO_TAG are no more synonyms and
- they are now treated separately. This means that they should be
- individually enabled in order to enable respective support; also the
- corresponding MBEDTLS_PSA_ACCEL symbol should be defined in case
- acceleration is required.
diff --git a/ChangeLog.d/8647.txt b/ChangeLog.d/8647.txt
deleted file mode 100644
index 98326dc..0000000
--- a/ChangeLog.d/8647.txt
+++ /dev/null
@@ -1,10 +0,0 @@
-Default behavior changes
- * psa_import_key() now only accepts RSA keys in the PSA standard formats.
- The undocumented ability to import other formats (PKCS#8, SubjectPublicKey,
- PEM) accepted by the pkparse module has been removed. Applications that
- need these formats can call mbedtls_pk_parse_{public,}key() followed by
- mbedtls_pk_import_into_psa().
-
-Changes
- * RSA support in PSA no longer auto-enables the pkparse and pkwrite modules,
- saving code size when those are not otherwise enabled.
diff --git a/ChangeLog.d/8709.txt b/ChangeLog.d/8709.txt
deleted file mode 100644
index e0bea44..0000000
--- a/ChangeLog.d/8709.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Features
- * The new functions mbedtls_pk_copy_from_psa() and
- mbedtls_pk_copy_public_from_psa() provide ways to set up a PK context
- with the same content as a PSA key.
diff --git a/ChangeLog.d/8726.txt b/ChangeLog.d/8726.txt
deleted file mode 100644
index c1e5a40..0000000
--- a/ChangeLog.d/8726.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Features
- * Add partial platform support for z/OS.
diff --git a/ChangeLog.d/8799.txt b/ChangeLog.d/8799.txt
deleted file mode 100644
index 50e7c11..0000000
--- a/ChangeLog.d/8799.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * mbedtls_pem_read_buffer() now performs a check on the padding data of
- decrypted keys and it rejects invalid ones.
diff --git a/ChangeLog.d/8824.txt b/ChangeLog.d/8824.txt
deleted file mode 100644
index 6d6bcb7..0000000
--- a/ChangeLog.d/8824.txt
+++ /dev/null
@@ -1,8 +0,0 @@
-Bugfix
- * Fix mbedtls_pk_sign(), mbedtls_pk_verify(), mbedtls_pk_decrypt() and
- mbedtls_pk_encrypt() on non-opaque RSA keys to honor the padding mode in
- the RSA context. Before, if MBEDTLS_USE_PSA_CRYPTO was enabled and the
- RSA context was configured for PKCS#1 v2.1 (PSS/OAEP), the sign/verify
- functions performed a PKCS#1 v1.5 signature instead and the
- encrypt/decrypt functions returned an error. Fixes #8824.
-
diff --git a/ChangeLog.d/8825.txt b/ChangeLog.d/8825.txt
deleted file mode 100644
index 914bd08..0000000
--- a/ChangeLog.d/8825.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-Features
- * mbedtls_psa_get_random() is always available as soon as
- MBEDTLS_PSA_CRYPTO_CLIENT is enabled at build time and psa_crypto_init() is
- called at runtime. This together with MBEDTLS_PSA_RANDOM_STATE can be
- used as random number generator function (f_rng) and context (p_rng) in
- legacy functions.
diff --git a/ChangeLog.d/8848.txt b/ChangeLog.d/8848.txt
deleted file mode 100644
index 71bb7e3..0000000
--- a/ChangeLog.d/8848.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-Removals
- * Temporary function mbedtls_pk_wrap_as_opaque() is removed. To mimic the
- same behavior mbedtls_pk_get_psa_attributes() and
- mbedtls_pk_import_into_psa() can be used to import a PK key into PSA,
- while mbedtls_pk_setup_opaque() can be used to wrap a PSA key into a opaque
- PK context.
diff --git a/ChangeLog.d/8938.txt b/ChangeLog.d/8938.txt
deleted file mode 100644
index 68a1c08..0000000
--- a/ChangeLog.d/8938.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix RSA opaque keys always using PKCS1 v1.5 algorithms instead of the
- primary algorithm of the wrapped PSA key.
diff --git a/ChangeLog.d/add-aes-cbc-to-pkcs5-pbes2.txt b/ChangeLog.d/add-aes-cbc-to-pkcs5-pbes2.txt
deleted file mode 100644
index 7f0fbc7..0000000
--- a/ChangeLog.d/add-aes-cbc-to-pkcs5-pbes2.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Features
- * Add support for using AES-CBC 128, 192, and 256 bit schemes
- with PKCS#5 PBES2. Keys encrypted this way can now be parsed by PK parse.
diff --git a/ChangeLog.d/add-block-cipher-no-decrypt.txt b/ChangeLog.d/add-block-cipher-no-decrypt.txt
deleted file mode 100644
index d05bf86..0000000
--- a/ChangeLog.d/add-block-cipher-no-decrypt.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-Features
- * Enable the new option MBEDTLS_BLOCK_CIPHER_NO_DECRYPT to omit
- the decryption direction of block ciphers (AES, ARIA, Camellia).
- This affects both the low-level modules and the high-level APIs
- (the cipher and PSA interfaces). This option is incompatible with modes
- that use the decryption direction (ECB in PSA, CBC, XTS, KW) and with DES.
diff --git a/ChangeLog.d/add-psa-example-program-hash.txt b/ChangeLog.d/add-psa-example-program-hash.txt
deleted file mode 100644
index ba4da20..0000000
--- a/ChangeLog.d/add-psa-example-program-hash.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Features
- * Added an example program showing how to hash with the PSA API.
diff --git a/ChangeLog.d/add-record-size-limit-extension-support.txt b/ChangeLog.d/add-record-size-limit-extension-support.txt
deleted file mode 100644
index 3562b85..0000000
--- a/ChangeLog.d/add-record-size-limit-extension-support.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Features
- * Add support for record size limit extension as defined by RFC 8449
- and configured with MBEDTLS_SSL_RECORD_SIZE_LIMIT.
- Application data sent and received will be fragmented according to
- Record size limits negotiated during handshake.
diff --git a/ChangeLog.d/add_get_ecp_group_id.txt b/ChangeLog.d/add_get_ecp_group_id.txt
deleted file mode 100644
index 3328062..0000000
--- a/ChangeLog.d/add_get_ecp_group_id.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Features
- * Add new accessor to expose the private group id member of
- `mbedtls_ecdh_context` structure.
diff --git a/ChangeLog.d/add_ssl_session_accessors.txt b/ChangeLog.d/add_ssl_session_accessors.txt
deleted file mode 100644
index 516a3bf..0000000
--- a/ChangeLog.d/add_ssl_session_accessors.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-Features
- * Add new accessors to expose the private session-id,
- session-id length, and ciphersuite-id members of
- `mbedtls_ssl_session` structure.
- Add new accessor to expose the ciphersuite-id of
- `mbedtls_ssl_ciphersuite_t` structure.Design ref: #8529
diff --git a/ChangeLog.d/add_threading_changelog.txt b/ChangeLog.d/add_threading_changelog.txt
deleted file mode 100644
index e9f6cc7..0000000
--- a/ChangeLog.d/add_threading_changelog.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-Features
- * Add protection for multithreaded access to the PSA keystore and protection
- for multithreaded access to the the PSA global state, including
- concurrently calling psa_crypto_init() when MBEDTLS_THREADING_C and
- MBEDTLS_THREADING_PTHREAD are defined. See
- docs/architecture/psa-thread-safety/psa-thread-safety.md for more details.
- Resolves issues #3263 and #7945.
diff --git a/ChangeLog.d/armv8-aesce.txt b/ChangeLog.d/armv8-aesce.txt
deleted file mode 100644
index ec5889c..0000000
--- a/ChangeLog.d/armv8-aesce.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Features
- * Support use of Armv8-A Cryptographic Extensions for hardware acclerated
- AES when compiling for Thumb (T32) or 32-bit Arm (A32).
diff --git a/ChangeLog.d/benchmark-ecdh.txt b/ChangeLog.d/benchmark-ecdh.txt
deleted file mode 100644
index ef243b8..0000000
--- a/ChangeLog.d/benchmark-ecdh.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Features
- * The benchmark program now reports times for both ephemeral and static
- ECDH in all ECDH configurations.
diff --git a/ChangeLog.d/binder-overread.txt b/ChangeLog.d/binder-overread.txt
deleted file mode 100644
index c0ed4b7..0000000
--- a/ChangeLog.d/binder-overread.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Security
- * Fix a stack buffer overread (less than 256 bytes) when parsing a TLS 1.3
- ClientHello in a TLS 1.3 server supporting some PSK key exchange mode. A
- malicious client could cause information disclosure or a denial of service.
diff --git a/ChangeLog.d/ctr-perf.txt b/ChangeLog.d/ctr-perf.txt
deleted file mode 100644
index bc04080..0000000
--- a/ChangeLog.d/ctr-perf.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Features
- * Improve performance of AES-GCM, AES-CTR and CTR-DRBG when
- hardware accelerated AES is not present (around 13-23% on 64-bit Arm).
diff --git a/ChangeLog.d/domain_parameters.txt b/ChangeLog.d/domain_parameters.txt
deleted file mode 100644
index d860cc4..0000000
--- a/ChangeLog.d/domain_parameters.txt
+++ /dev/null
@@ -1,9 +0,0 @@
-New deprecations
- * In the PSA API, domain parameters are no longer used for anything.
- They are deprecated and will be removed in a future version of the
- library.
-
-Removals
- * In the PSA API, the experimental way to encode the public exponent of
- an RSA key as a domain parameter is no longer supported. Use
- psa_generate_key_ext() instead.
diff --git a/ChangeLog.d/driver-only-cipher.txt b/ChangeLog.d/driver-only-cipher.txt
deleted file mode 100644
index 331b2f9..0000000
--- a/ChangeLog.d/driver-only-cipher.txt
+++ /dev/null
@@ -1,11 +0,0 @@
-Features
- * If a cipher or AEAD mechanism has a PSA driver, you can now build the
- library without the corresponding built-in implementation. Generally
- speaking that requires both the key type and algorithm to be accelerated
- or they'll both be built in. However, for CCM and GCM the built-in
- implementation is able to take advantage of a driver that only
- accelerates the key type (that is, the block cipher primitive). See
- docs/driver-only-builds.md for full details and current limitations.
- * The CTR_DRBG module will now use AES from a PSA driver if MBEDTLS_AES_C is
- disabled. This requires PSA_WANT_ALG_ECB_NO_PADDING in addition to
- MBEDTLS_PSA_CRYPTO_C and PSA_WANT_KEY_TYPE_AES.
diff --git a/ChangeLog.d/drop-msvc-2015-and-armcc-5.txt b/ChangeLog.d/drop-msvc-2015-and-armcc-5.txt
deleted file mode 100644
index 435cc98..0000000
--- a/ChangeLog.d/drop-msvc-2015-and-armcc-5.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Requirement changes
- * Drop support for Visual Studio 2013 and 2015, and Arm Compiler 5.
-Changes
- * Rename directory containing Visual Studio files from visualc/VS2013 to
- visualc/VS2017.
diff --git a/ChangeLog.d/early-data.txt b/ChangeLog.d/early-data.txt
deleted file mode 100644
index 3c3826c..0000000
--- a/ChangeLog.d/early-data.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Features
- * Mbed TLS now supports the writing and reading of TLS 1.3 early data (see
- docs/tls13-early-data.md). The support enablement is controlled at build
- time by the MBEDTLS_SSL_EARLY_DATA configuration option and at runtime by
- the mbedtls_ssl_conf_early_data() API (by default disabled in both cases).
diff --git a/ChangeLog.d/ecp-keypair-utilities.txt b/ChangeLog.d/ecp-keypair-utilities.txt
deleted file mode 100644
index 6f9714a..0000000
--- a/ChangeLog.d/ecp-keypair-utilities.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Features
- * Add utility functions to manipulate mbedtls_ecp_keypair objects, filling
- gaps made by making its fields private: mbedtls_ecp_set_public_key(),
- mbedtls_ecp_write_public_key(), mbedtls_ecp_keypair_calc_public(),
- mbedtls_ecp_keypair_get_group_id(). Fixes #5017, #5441, #8367, #8652.
diff --git a/ChangeLog.d/ecp_write_key.txt b/ChangeLog.d/ecp_write_key.txt
deleted file mode 100644
index 73354c8..0000000
--- a/ChangeLog.d/ecp_write_key.txt
+++ /dev/null
@@ -1,8 +0,0 @@
-Features
- * The new function mbedtls_ecp_write_key_ext() is similar to
- mbedtls_ecp_write_key(), but can be used without separately calculating
- the output length.
-
-New deprecations
- * mbedtls_ecp_write_key() is deprecated in favor of
- mbedtls_ecp_write_key_ext().
diff --git a/ChangeLog.d/enable-tls13-by-default.txt b/ChangeLog.d/enable-tls13-by-default.txt
deleted file mode 100644
index 636078c..0000000
--- a/ChangeLog.d/enable-tls13-by-default.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Changes
- * The TLS 1.3 protocol is now enabled in the default configuration.
diff --git a/ChangeLog.d/fix-alpn-negotiating-bug.txt b/ChangeLog.d/fix-alpn-negotiating-bug.txt
deleted file mode 100644
index 3bceb37..0000000
--- a/ChangeLog.d/fix-alpn-negotiating-bug.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix the restoration of the ALPN when loading serialized connection with
- * the mbedtls_ssl_context_load() API.
diff --git a/ChangeLog.d/fix-cmake-3rdparty-custom-config.txt b/ChangeLog.d/fix-cmake-3rdparty-custom-config.txt
deleted file mode 100644
index ec543aa..0000000
--- a/ChangeLog.d/fix-cmake-3rdparty-custom-config.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix the build with CMake when Everest or P256-m is enabled through
- a user configuration file or the compiler command line. Fixes #8165.
diff --git a/ChangeLog.d/fix-cpp-compilation-error.txt b/ChangeLog.d/fix-cpp-compilation-error.txt
deleted file mode 100644
index 32d86dc..0000000
--- a/ChangeLog.d/fix-cpp-compilation-error.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix compilation error in C++ programs when MBEDTLS_ASN1_PARSE_C is
- disabled.
diff --git a/ChangeLog.d/fix-csr-parsing-with-critical-fields-fails.txt b/ChangeLog.d/fix-csr-parsing-with-critical-fields-fails.txt
deleted file mode 100644
index 5b15512..0000000
--- a/ChangeLog.d/fix-csr-parsing-with-critical-fields-fails.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-Features
- * Add new mbedtls_x509_csr_parse_der_with_ext_cb() routine which allows
- parsing unsupported certificate extensions via user provided callback.
-
-Bugfix
- * Fix parsing of CSRs with critical extensions.
diff --git a/ChangeLog.d/fix-issue-x509-cert_req.txt b/ChangeLog.d/fix-issue-x509-cert_req.txt
deleted file mode 100644
index 3a5171b..0000000
--- a/ChangeLog.d/fix-issue-x509-cert_req.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix possible NULL dereference issue in X509 cert_req program if an entry
- in the san parameter is not separated by a colon.
diff --git a/ChangeLog.d/fix-issue-x509-cert_write.txt b/ChangeLog.d/fix-issue-x509-cert_write.txt
deleted file mode 100644
index 43d67c2..0000000
--- a/ChangeLog.d/fix-issue-x509-cert_write.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix possible NULL dereference issue in X509 cert_write program if an entry
- in the san parameter is not separated by a colon.
diff --git a/ChangeLog.d/fix-linux-builds-in-conda-forge.txt b/ChangeLog.d/fix-linux-builds-in-conda-forge.txt
deleted file mode 100644
index 5cfee85..0000000
--- a/ChangeLog.d/fix-linux-builds-in-conda-forge.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Bugfix
- * Fix build failure in conda-forge. Fixes #8422.
diff --git a/ChangeLog.d/fix-mingw32-build.txt b/ChangeLog.d/fix-mingw32-build.txt
deleted file mode 100644
index feef0a2..0000000
--- a/ChangeLog.d/fix-mingw32-build.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * Fix an inconsistency between implementations and usages of `__cpuid`,
- which mainly causes failures when building Windows target using
- mingw or clang. Fixes #8334 & #8332.
diff --git a/ChangeLog.d/fix-new-rn-on-hrr.txt b/ChangeLog.d/fix-new-rn-on-hrr.txt
deleted file mode 100644
index 1b4f5e6..0000000
--- a/ChangeLog.d/fix-new-rn-on-hrr.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * In TLS 1.3 clients, fix an interoperability problem due to the client
- generating a new random after a HelloRetryRequest. Fixes #8669.
diff --git a/ChangeLog.d/fix-null-dereference-verify-ext.txt b/ChangeLog.d/fix-null-dereference-verify-ext.txt
deleted file mode 100644
index 4654178..0000000
--- a/ChangeLog.d/fix-null-dereference-verify-ext.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix NULL pointer dereference in mbedtls_pk_verify_ext() when called using
- an opaque RSA context and specifying MBEDTLS_PK_RSASSA_PSS as key type.
diff --git a/ChangeLog.d/fix-ssl-session-serialization-config.txt b/ChangeLog.d/fix-ssl-session-serialization-config.txt
deleted file mode 100644
index ca1cc81..0000000
--- a/ChangeLog.d/fix-ssl-session-serialization-config.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * Fix missing bitflags in SSL session serialization headers. Their absence
- allowed SSL sessions saved in one configuration to be loaded in a
- different, incompatible configuration.
diff --git a/ChangeLog.d/fix-tls-SuiteB.txt b/ChangeLog.d/fix-tls-SuiteB.txt
deleted file mode 100644
index 0be753a..0000000
--- a/ChangeLog.d/fix-tls-SuiteB.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Remove accidental introduction of RSA signature algorithms
- in TLS Suite B Profile. Fixes #8221.
diff --git a/ChangeLog.d/fix-tls13-server-min-version-check.txt b/ChangeLog.d/fix-tls13-server-min-version-check.txt
deleted file mode 100644
index 258ec6d..0000000
--- a/ChangeLog.d/fix-tls13-server-min-version-check.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix TLS server accepting TLS 1.2 handshake while TLS 1.2
- is disabled at runtime. Fixes #8593.
diff --git a/ChangeLog.d/fix_kdf_incorrect_initial_capacity.txt b/ChangeLog.d/fix_kdf_incorrect_initial_capacity.txt
deleted file mode 100644
index 10e2795..0000000
--- a/ChangeLog.d/fix_kdf_incorrect_initial_capacity.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Correct initial capacities for key derivation algorithms:TLS12_PRF,
- TLS12_PSK_TO_MS, PBKDF2-HMAC, PBKDF2-CMAC
diff --git a/ChangeLog.d/gcm-large-tables.txt b/ChangeLog.d/gcm-large-tables.txt
deleted file mode 100644
index f9bba5b..0000000
--- a/ChangeLog.d/gcm-large-tables.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Features
- * Add support for 8-bit GCM tables for Shoup's algorithm to speedup GCM
- operations when hardware accelerated AES is not present. Improves
- performance by around 30% on 64-bit Intel; 125% on Armv7-M.
diff --git a/ChangeLog.d/gen-key-segfault.txt b/ChangeLog.d/gen-key-segfault.txt
deleted file mode 100644
index fefc702..0000000
--- a/ChangeLog.d/gen-key-segfault.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Avoid segmentation fault caused by releasing not initialized
- entropy resource in gen_key example. Fixes #8809.
diff --git a/ChangeLog.d/get_ticket_creation_time.txt b/ChangeLog.d/get_ticket_creation_time.txt
deleted file mode 100644
index 7b5166c..0000000
--- a/ChangeLog.d/get_ticket_creation_time.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Features
- * Add getter (mbedtls_ssl_session_get_ticket_creation_time()) to access
- `mbedtls_ssl_session.ticket_creation_time`.
diff --git a/ChangeLog.d/gnutls_anti_replay_fail.txt b/ChangeLog.d/gnutls_anti_replay_fail.txt
deleted file mode 100644
index cb35284..0000000
--- a/ChangeLog.d/gnutls_anti_replay_fail.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Bugfix
- * Switch to milliseconds as the unit for ticket creation and reception time
- instead of seconds. That avoids rounding errors when computing the age of
- tickets compared to peer using a millisecond clock (observed with GnuTLS).
- Fixes #6623.
diff --git a/ChangeLog.d/iar-gcc-perf.txt b/ChangeLog.d/iar-gcc-perf.txt
deleted file mode 100644
index fb0fbb1..0000000
--- a/ChangeLog.d/iar-gcc-perf.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Features
- * Improve performance for gcc (versions older than 9.3.0) and IAR.
diff --git a/ChangeLog.d/linux-aarch64-hwcap.txt b/ChangeLog.d/linux-aarch64-hwcap.txt
deleted file mode 100644
index 23af878..0000000
--- a/ChangeLog.d/linux-aarch64-hwcap.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * On Linux on ARMv8, fix a build error with SHA-256 and SHA-512
- acceleration detection when the libc headers do not define the
- corresponding constant. Reported by valord577.
diff --git a/ChangeLog.d/mbedtls_pk_import_into_psa.txt b/ChangeLog.d/mbedtls_pk_import_into_psa.txt
deleted file mode 100644
index c294f44..0000000
--- a/ChangeLog.d/mbedtls_pk_import_into_psa.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Features
- * The new functions mbedtls_pk_get_psa_attributes() and
- mbedtls_pk_import_into_psa() provide a uniform way to create a PSA
- key from a PK key.
diff --git a/ChangeLog.d/move-mbedtls-ecc-psa-helpers.txt b/ChangeLog.d/move-mbedtls-ecc-psa-helpers.txt
deleted file mode 100644
index 85d970c..0000000
--- a/ChangeLog.d/move-mbedtls-ecc-psa-helpers.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Changes
- * Moved declaration of functions mbedtls_ecc_group_to_psa and
- mbedtls_ecc_group_of_psa from psa/crypto_extra.h to mbedtls/psa_util.h
diff --git a/ChangeLog.d/no-cipher.txt b/ChangeLog.d/no-cipher.txt
deleted file mode 100644
index 87f2f6d..0000000
--- a/ChangeLog.d/no-cipher.txt
+++ /dev/null
@@ -1,9 +0,0 @@
-Features
- * Fewer modules depend on MBEDTLS_CIPHER_C, making it possible to save code
- size by disabling it in more circumstances. In particular, the CCM and
- GCM modules no longer depend on MBEDTLS_CIPHER_C. Also,
- MBEDTLS_PSA_CRYPTO can now be enabled without MBEDTLS_CIPHER_C if all
- unauthenticated (non-AEAD) ciphers are disabled, or if they're all
- fully provided by drivers. See docs/driver-only-builds.md for full
- details and current limitations; in particular, NIST_KW and PKCS5/PKCS12
- decryption still unconditionally depend on MBEDTLS_CIPHER_C.
diff --git a/ChangeLog.d/non-psa-pk-implementation.txt b/ChangeLog.d/non-psa-pk-implementation.txt
deleted file mode 100644
index 535bbf5..0000000
--- a/ChangeLog.d/non-psa-pk-implementation.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Changes
- * mbedtls_pk_sign_ext() is now always available, not just when
- PSA (MBEDTLS_PSA_CRYPTO_C) is enabled.
diff --git a/ChangeLog.d/pkg-config-files-addition.txt b/ChangeLog.d/pkg-config-files-addition.txt
deleted file mode 100644
index e459470..0000000
--- a/ChangeLog.d/pkg-config-files-addition.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Features
- * Add pc files for pkg-config, e.g.:
- pkg-config --cflags --libs (mbedtls|mbedcrypto|mbedx509)
-
diff --git a/ChangeLog.d/pkwrite-pem-use-heap.txt b/ChangeLog.d/pkwrite-pem-use-heap.txt
deleted file mode 100644
index 11db7b6..0000000
--- a/ChangeLog.d/pkwrite-pem-use-heap.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Changes
- * Use heap memory to allocate DER encoded public/private key.
- This reduces stack usage significantly for writing a public/private
- key to a PEM string.
diff --git a/ChangeLog.d/psa-shared-memory-protection.txt b/ChangeLog.d/psa-shared-memory-protection.txt
deleted file mode 100644
index 09779b7..0000000
--- a/ChangeLog.d/psa-shared-memory-protection.txt
+++ /dev/null
@@ -1,17 +0,0 @@
-Security
- * Passing buffers that are stored in untrusted memory as arguments
- to PSA functions is now secure by default.
- The PSA core now protects against modification of inputs or exposure
- of intermediate outputs during operations. This is currently implemented
- by copying buffers.
- This feature increases code size and memory usage. If buffers passed to
- PSA functions are owned exclusively by the PSA core for the duration of
- the function call (i.e. no buffer parameters are in shared memory),
- copying may be disabled by setting MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS.
- Note that setting this option will cause input-output buffer overlap to
- be only partially supported (#3266).
- Fixes CVE-2024-28960
-Bugfix
- * Fully support arbitrary overlap between inputs and outputs of PSA
- functions. Note that overlap is still only partially supported when
- MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS is set (#3266).
diff --git a/ChangeLog.d/psa_generate_key_ext.txt b/ChangeLog.d/psa_generate_key_ext.txt
deleted file mode 100644
index 8340f01..0000000
--- a/ChangeLog.d/psa_generate_key_ext.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Features
- * The new function psa_generate_key_ext() allows generating an RSA
- key pair with a custom public exponent.
diff --git a/ChangeLog.d/rename-conf-early-data-API.txt b/ChangeLog.d/rename-conf-early-data-API.txt
deleted file mode 100644
index d436811..0000000
--- a/ChangeLog.d/rename-conf-early-data-API.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-API changes
- * Remove `tls13_` in mbedtls_ssl_tls13_conf_early_data() and
- mbedtls_ssl_tls13_conf_max_early_data_size() API names. Early data
- feature may not be TLS 1.3 specific in the future. Fixes #6909.
diff --git a/ChangeLog.d/rsa-bitlen.txt b/ChangeLog.d/rsa-bitlen.txt
deleted file mode 100644
index bcd185f..0000000
--- a/ChangeLog.d/rsa-bitlen.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-Bugfix
- * Fix mbedtls_pk_get_bitlen() for RSA keys whose size is not a
- multiple of 8. Fixes #868.
-
-Features
- * The new function mbedtls_rsa_get_bitlen() returns the length of the modulus
- in bits, i.e. the key size for an RSA key.
diff --git a/ChangeLog.d/sha256-armce-arm.txt b/ChangeLog.d/sha256-armce-arm.txt
deleted file mode 100644
index 5b18eb3..0000000
--- a/ChangeLog.d/sha256-armce-arm.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-Features
- * Support Armv8-A Crypto Extension acceleration for SHA-256
- when compiling for Thumb (T32) or 32-bit Arm (A32).
-New deprecations
- * Rename the MBEDTLS_SHA256_USE_A64_CRYPTO_xxx config options to
- MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_xxx. The old names may still
- be used, but are deprecated.
diff --git a/ChangeLog.d/tls-max-version-reset.txt b/ChangeLog.d/tls-max-version-reset.txt
deleted file mode 100644
index b7c81eb..0000000
--- a/ChangeLog.d/tls-max-version-reset.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-Security
- * Restore the maximum TLS version to be negotiated to the configured one
- when an SSL context is reset with the mbedtls_ssl_session_reset() API.
- An attacker was able to prevent an Mbed TLS server from establishing any
- TLS 1.3 connection potentially resulting in a Denial of Service or forced
- version downgrade from TLS 1.3 to TLS 1.2. Fixes #8654 reported by hey3e.
- Fixes CVE-2024-28755.
diff --git a/ChangeLog.d/tls13-only-server.txt b/ChangeLog.d/tls13-only-server.txt
deleted file mode 100644
index 736896e..0000000
--- a/ChangeLog.d/tls13-only-server.txt
+++ /dev/null
@@ -1,11 +0,0 @@
-Security
- * When negotiating TLS version on server side, do not fall back to the
- TLS 1.2 implementation of the protocol if it is disabled.
- - If the TLS 1.2 implementation was disabled at build time, a TLS 1.2
- client could put the TLS 1.3-only server in an infinite loop processing
- a TLS 1.2 ClientHello, resulting in a denial of service. Reported by
- Matthias Mucha and Thomas Blattmann, SICK AG.
- - If the TLS 1.2 implementation was disabled at runtime, a TLS 1.2 client
- was able to successfully establish a TLS 1.2 connection with the server.
- Reported by alluettiv on GitHub.
- Fixes CVE-2024-28836.
diff --git a/ChangeLog.d/use_exp_mod_core.txt b/ChangeLog.d/use_exp_mod_core.txt
deleted file mode 100644
index 8f7193a..0000000
--- a/ChangeLog.d/use_exp_mod_core.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-Changes
- * mbedtls_mpi_exp_mod and code that uses it, notably RSA and DHM operations,
- have changed their speed/memory compromise as part of a proactive security
- improvement. The new default value of MBEDTLS_MPI_WINDOW_SIZE roughly
- preserves the current speed, at the expense of increasing memory
- consumption.
diff --git a/ChangeLog.d/x509-add-ca_istrue.txt b/ChangeLog.d/x509-add-ca_istrue.txt
deleted file mode 100644
index c950dbc..0000000
--- a/ChangeLog.d/x509-add-ca_istrue.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Features
- * Add new accessor to expose the `MBEDTLS_PRIVATE(ca_istrue)` member of
- `mbedtls_x509_crt` structure. This requires setting
- the MBEDTLS_X509_EXT_BASIC_CONSTRAINTS bit in the certificate's
- ext_types field.