Changelog: Removed psa migrated entries
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
diff --git a/ChangeLog.d/psa/9126.txt b/ChangeLog.d/psa/9126.txt
deleted file mode 100644
index 22939df..0000000
--- a/ChangeLog.d/psa/9126.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Default behavior changes
- * In a PSA-client-only build (i.e. MBEDTLS_PSA_CRYPTO_CLIENT &&
- !MBEDTLS_PSA_CRYPTO_C), do not automatically enable local crypto when the
- corresponding PSA mechanism is enabled, since the server provides the
- crypto. Fixes #9126.
diff --git a/ChangeLog.d/psa/9302.txt b/ChangeLog.d/psa/9302.txt
deleted file mode 100644
index d61ba19..0000000
--- a/ChangeLog.d/psa/9302.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-Features
- * Added new configuration option MBEDTLS_PSA_STATIC_KEY_SLOTS, which
- uses static storage for keys, enabling malloc-less use of key slots.
- The size of each buffer is given by the option
- MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE. By default it accommodates the
- largest PSA key enabled in the build.
diff --git a/ChangeLog.d/psa/9690.txt b/ChangeLog.d/psa/9690.txt
deleted file mode 100644
index d00eb16..0000000
--- a/ChangeLog.d/psa/9690.txt
+++ /dev/null
@@ -1,8 +0,0 @@
-Security
- * Fix a buffer underrun in mbedtls_pk_write_key_der() when
- called on an opaque key, MBEDTLS_USE_PSA_CRYPTO is enabled,
- and the output buffer is smaller than the actual output.
- Fix a related buffer underrun in mbedtls_pk_write_key_pem()
- when called on an opaque RSA key, MBEDTLS_USE_PSA_CRYPTO is enabled
- and MBEDTLS_MPI_MAX_SIZE is smaller than needed for a 4096-bit RSA key.
- CVE-2024-49195
diff --git a/ChangeLog.d/psa/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt b/ChangeLog.d/psa/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt
deleted file mode 100644
index 079cd74..0000000
--- a/ChangeLog.d/psa/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Security
- * Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does
- not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when
- MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRBG_C are disabled.
diff --git a/ChangeLog.d/psa/add-psa-iop-generate-key.txt b/ChangeLog.d/psa/add-psa-iop-generate-key.txt
deleted file mode 100644
index 0f586ee..0000000
--- a/ChangeLog.d/psa/add-psa-iop-generate-key.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Features
- * Add an interruptible version of generate key to the PSA interface.
- See psa_generate_key_iop_setup() and related functions.
diff --git a/ChangeLog.d/psa/add-psa-iop-key-agreement.txt b/ChangeLog.d/psa/add-psa-iop-key-agreement.txt
deleted file mode 100644
index 92dfde1..0000000
--- a/ChangeLog.d/psa/add-psa-iop-key-agreement.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Features
- * Add an interruptible version of key agreement to the PSA interface.
- See psa_key_agreement_iop_setup() and related functions.
-
diff --git a/ChangeLog.d/psa/add-psa-key-agreement.txt b/ChangeLog.d/psa/add-psa-key-agreement.txt
deleted file mode 100644
index 771e6e2..0000000
--- a/ChangeLog.d/psa/add-psa-key-agreement.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Features
- * Add a new psa_key_agreement() PSA API to perform key agreement and return
- an identifier for the newly created key.
diff --git a/ChangeLog.d/psa/asn1-missing-guard-in-rsa.txt b/ChangeLog.d/psa/asn1-missing-guard-in-rsa.txt
deleted file mode 100644
index bb5b470..0000000
--- a/ChangeLog.d/psa/asn1-missing-guard-in-rsa.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * MBEDTLS_ASN1_PARSE_C and MBEDTLS_ASN1_WRITE_C are now automatically enabled
- as soon as MBEDTLS_RSA_C is enabled. Fixes #9041.
diff --git a/ChangeLog.d/psa/configuration-split.txt b/ChangeLog.d/psa/configuration-split.txt
deleted file mode 100644
index f4d9bc6..0000000
--- a/ChangeLog.d/psa/configuration-split.txt
+++ /dev/null
@@ -1,16 +0,0 @@
-Changes
- * Cryptography and platform configuration options have been migrated
- from the Mbed TLS library configuration file mbedtls_config.h to
- crypto_config.h that will become the TF-PSA-Crypto configuration file,
- see config-split.md for more information. The reference and test custom
- configuration files respectively in configs/ and tests/configs/ have
- been updated accordingly.
- To migrate custom Mbed TLS configurations where
- MBEDTLS_PSA_CRYPTO_CONFIG is disabled, you should first adapt them
- to the PSA configuration scheme based on PSA_WANT_XXX symbols
- (see psa-conditional-inclusion-c.md for more information).
- To migrate custom Mbed TLS configurations where
- MBEDTLS_PSA_CRYPTO_CONFIG is enabled, you should migrate the
- cryptographic and platform configuration options from mbedtls_config.h
- to crypto_config.h (see config-split.md for more information and configs/
- for examples).
diff --git a/ChangeLog.d/psa/dynamic-keystore.txt b/ChangeLog.d/psa/dynamic-keystore.txt
deleted file mode 100644
index c6aac3c..0000000
--- a/ChangeLog.d/psa/dynamic-keystore.txt
+++ /dev/null
@@ -1,10 +0,0 @@
-Features
- * When the new compilation option MBEDTLS_PSA_KEY_STORE_DYNAMIC is enabled,
- the number of volatile PSA keys is virtually unlimited, at the expense
- of increased code size. This option is off by default, but enabled in
- the default mbedtls_config.h. Fixes #9216.
-
-Bugfix
- * Fix interference between PSA volatile keys and built-in keys
- when MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS is enabled and
- MBEDTLS_PSA_KEY_SLOT_COUNT is more than 4096.
diff --git a/ChangeLog.d/psa/ecdsa-conversion-overflow.txt b/ChangeLog.d/psa/ecdsa-conversion-overflow.txt
deleted file mode 100644
index 83b7f2f..0000000
--- a/ChangeLog.d/psa/ecdsa-conversion-overflow.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-Security
- * Fix a stack buffer overflow in mbedtls_ecdsa_der_to_raw() and
- mbedtls_ecdsa_raw_to_der() when the bits parameter is larger than the
- largest supported curve. In some configurations with PSA disabled,
- all values of bits are affected. This never happens in internal library
- calls, but can affect applications that call these functions directly.
diff --git a/ChangeLog.d/psa/fix-aesni-asm-clobbers.txt b/ChangeLog.d/psa/fix-aesni-asm-clobbers.txt
deleted file mode 100644
index 538f0c5..0000000
--- a/ChangeLog.d/psa/fix-aesni-asm-clobbers.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Bugfix
- * Fix missing constraints on the AES-NI inline assembly which is used on
- GCC-like compilers when building AES for generic x86_64 targets. This
- may have resulted in incorrect code with some compilers, depending on
- optimizations. Fixes #9819.
diff --git a/ChangeLog.d/psa/fix-concurrently-loading-non-existent-keys.txt b/ChangeLog.d/psa/fix-concurrently-loading-non-existent-keys.txt
deleted file mode 100644
index 8a406a1..0000000
--- a/ChangeLog.d/psa/fix-concurrently-loading-non-existent-keys.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * Fix rare concurrent access bug where attempting to operate on a
- non-existent key while concurrently creating a new key could potentially
- corrupt the key store.
diff --git a/ChangeLog.d/psa/fix-driver-schema-check.txt b/ChangeLog.d/psa/fix-driver-schema-check.txt
deleted file mode 100644
index 9b6d8ac..0000000
--- a/ChangeLog.d/psa/fix-driver-schema-check.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix invalid JSON schemas for driver descriptions used by
- generate_driver_wrappers.py.
diff --git a/ChangeLog.d/psa/fix-psa-cmac.txt b/ChangeLog.d/psa/fix-psa-cmac.txt
deleted file mode 100644
index e3c8aec..0000000
--- a/ChangeLog.d/psa/fix-psa-cmac.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * Fix the build when MBEDTLS_PSA_CRYPTO_CONFIG is enabled and the built-in
- CMAC is enabled, but no built-in unauthenticated cipher is enabled.
- Fixes #9209.
diff --git a/ChangeLog.d/psa/fix-redefination_warning_messages_for_GNU_SOURCE.txt b/ChangeLog.d/psa/fix-redefination_warning_messages_for_GNU_SOURCE.txt
deleted file mode 100644
index b5c2650..0000000
--- a/ChangeLog.d/psa/fix-redefination_warning_messages_for_GNU_SOURCE.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Bugfix
- * Fix issue of redefinition warning messages for _GNU_SOURCE in
- entropy_poll.c and sha_256.c. There was a build warning during
- building for linux platform.
- Resolves #9026
diff --git a/ChangeLog.d/psa/fix-rsa-performance-regression.txt b/ChangeLog.d/psa/fix-rsa-performance-regression.txt
deleted file mode 100644
index 603612a..0000000
--- a/ChangeLog.d/psa/fix-rsa-performance-regression.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix unintended performance regression when using short RSA public keys.
- Fixes #9232.
diff --git a/ChangeLog.d/psa/fix-secure-element-key-creation.txt b/ChangeLog.d/psa/fix-secure-element-key-creation.txt
deleted file mode 100644
index 23a46c0..0000000
--- a/ChangeLog.d/psa/fix-secure-element-key-creation.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Bugfix
- * Fix error handling when creating a key in a dynamic secure element
- (feature enabled by MBEDTLS_PSA_CRYPTO_SE_C). In a low memory condition,
- the creation could return PSA_SUCCESS but using or destroying the key
- would not work. Fixes #8537.
diff --git a/ChangeLog.d/psa/fix-test-suite-pk-warnings.txt b/ChangeLog.d/psa/fix-test-suite-pk-warnings.txt
deleted file mode 100644
index 2604219..0000000
--- a/ChangeLog.d/psa/fix-test-suite-pk-warnings.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix redefinition warnings when SECP192R1 and/or SECP192K1 are disabled.
- Fixes #9029.
diff --git a/ChangeLog.d/psa/fix_ubsan_mp_aead_gcm.txt b/ChangeLog.d/psa/fix_ubsan_mp_aead_gcm.txt
deleted file mode 100644
index e4726a4..0000000
--- a/ChangeLog.d/psa/fix_ubsan_mp_aead_gcm.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix undefined behaviour (incrementing a NULL pointer by zero length) when
- passing in zero length additional data to multipart AEAD.
diff --git a/ChangeLog.d/psa/mbedtls_psa_ecp_generate_key-no_public_key.txt b/ChangeLog.d/psa/mbedtls_psa_ecp_generate_key-no_public_key.txt
deleted file mode 100644
index 69c00e1..0000000
--- a/ChangeLog.d/psa/mbedtls_psa_ecp_generate_key-no_public_key.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Changes
- * Improve performance of PSA key generation with ECC keys: it no longer
- computes the public key (which was immediately discarded). Fixes #9732.
diff --git a/ChangeLog.d/psa/mbedtls_psa_register_se_key.txt b/ChangeLog.d/psa/mbedtls_psa_register_se_key.txt
deleted file mode 100644
index 2fc2751..0000000
--- a/ChangeLog.d/psa/mbedtls_psa_register_se_key.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Document and enforce the limitation of mbedtls_psa_register_se_key()
- to persistent keys. Resolves #9253.
diff --git a/ChangeLog.d/psa/mbedtls_psa_rsa_load_representation-memory_leak.txt b/ChangeLog.d/psa/mbedtls_psa_rsa_load_representation-memory_leak.txt
deleted file mode 100644
index dba25af..0000000
--- a/ChangeLog.d/psa/mbedtls_psa_rsa_load_representation-memory_leak.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix a memory leak that could occur when failing to process an RSA
- key through some PSA functions due to low memory conditions.
diff --git a/ChangeLog.d/psa/pk-norsa-warning.txt b/ChangeLog.d/psa/pk-norsa-warning.txt
deleted file mode 100644
index d00aa8a..0000000
--- a/ChangeLog.d/psa/pk-norsa-warning.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Bugfix
- * Fix a compilation warning in pk.c when PSA is enabled and RSA is disabled.
diff --git a/ChangeLog.d/psa/psa-crypto-config-always-on.txt b/ChangeLog.d/psa/psa-crypto-config-always-on.txt
deleted file mode 100644
index d255f8c..0000000
--- a/ChangeLog.d/psa/psa-crypto-config-always-on.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-Default behavior changes
- * The `PSA_WANT_XXX` symbols as defined in
- tf-psa-crypto/include/psa/crypto_config.h are now always used in the
- configuration of the cryptographic mechanisms exposed by the PSA API.
- This corresponds to the configuration behavior of Mbed TLS 3.x when
- MBEDTLS_PSA_CRYPTO_CONFIG is enabled. In effect, MBEDTLS_PSA_CRYPTO_CONFIG
- is now always enabled and the configuration option has been removed.
diff --git a/ChangeLog.d/psa/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt b/ChangeLog.d/psa/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt
deleted file mode 100644
index 39e03b9..0000000
--- a/ChangeLog.d/psa/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix psa_cipher_decrypt() with CCM* rejecting messages less than 3 bytes
- long. Credit to Cryptofuzz. Fixes #9314.
diff --git a/ChangeLog.d/psa/psa_generate_key_custom.txt b/ChangeLog.d/psa/psa_generate_key_custom.txt
deleted file mode 100644
index 3fc1bd7..0000000
--- a/ChangeLog.d/psa/psa_generate_key_custom.txt
+++ /dev/null
@@ -1,9 +0,0 @@
-API changes
- * The experimental functions psa_generate_key_ext() and
- psa_key_derivation_output_key_ext() have been replaced by
- psa_generate_key_custom() and psa_key_derivation_output_key_custom().
- They have almost exactly the same interface, but the variable-length
- data is passed in a separate parameter instead of a flexible array
- member. This resolves a build failure under C++ compilers that do not
- support flexible array members (a C99 feature not adopted by C++).
- Fixes #9020.
diff --git a/ChangeLog.d/psa/psa_util-bits-0.txt b/ChangeLog.d/psa/psa_util-bits-0.txt
deleted file mode 100644
index 9aa70ad..0000000
--- a/ChangeLog.d/psa/psa_util-bits-0.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix undefined behavior in some cases when mbedtls_psa_raw_to_der() or
- mbedtls_psa_der_to_raw() is called with bits=0.
diff --git a/ChangeLog.d/psa/psa_util_in_builds_without_psa.txt b/ChangeLog.d/psa/psa_util_in_builds_without_psa.txt
deleted file mode 100644
index 7c0866d..0000000
--- a/ChangeLog.d/psa/psa_util_in_builds_without_psa.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Bugfix
- * When MBEDTLS_PSA_CRYPTO_C was disabled and MBEDTLS_ECDSA_C enabled,
- some code was defining 0-size arrays, resulting in compilation errors.
- Fixed by disabling the offending code in configurations without PSA
- Crypto, where it never worked. Fixes #9311.
diff --git a/ChangeLog.d/psa/remove-crypto-alt-interface.txt b/ChangeLog.d/psa/remove-crypto-alt-interface.txt
deleted file mode 100644
index f9ab4c2..0000000
--- a/ChangeLog.d/psa/remove-crypto-alt-interface.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Removals
- * Drop support for crypto alt interface. Removes MBEDTLS_XXX_ALT options
- at the module and function level for crypto mechanisms only. The remaining
- alt interfaces for platform, threading and timing are unchanged.
- Fixes #8149.
diff --git a/ChangeLog.d/psa/remove-via-padlock-support.txt b/ChangeLog.d/psa/remove-via-padlock-support.txt
deleted file mode 100644
index a3f4b96..0000000
--- a/ChangeLog.d/psa/remove-via-padlock-support.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Removals
- * Drop support for VIA Padlock. Removes MBEDTLS_PADLOCK_C.
- Fixes #5903.