Prepare ChangeLog for 2.28.5 release
```
./scripts/assemble_changelog.py
```
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
diff --git a/ChangeLog b/ChangeLog
index c977a68..2989ba3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,54 @@
Mbed TLS ChangeLog (Sorted per branch, date)
+= Mbed TLS x.x.x branch released xxxx-xx-xx
+
+Features
+ * The documentation of mbedtls_ecp_group now describes the optimized
+ representation of A for some curves. Fixes #8045.
+
+Security
+ * Developers using mbedtls_pkcs5_pbes2() or mbedtls_pkcs12_pbe() should
+ review the size of the output buffer passed to this function, and note
+ that the output after decryption may include CBC padding. Consider moving
+ to the new functions mbedtls_pkcs5_pbes2_ext() or mbedtls_pkcs12_pbe_ext()
+ which checks for overflow of the output buffer and reports the actual
+ length of the output.
+ * Improve padding calculations in CBC decryption, NIST key unwrapping and
+ RSA OAEP decryption. With the previous implementation, some compilers
+ (notably recent versions of Clang and IAR) could produce non-constant
+ time code, which could allow a padding oracle attack if the attacker
+ has access to precise timing measurements.
+ * Fix a buffer overread when parsing short TLS application data records in
+ ARC4 or null-cipher cipher suites. Credit to OSS-Fuzz.
+
+Bugfix
+ * Fix x509 certificate generation to conform to RFC 5480 / RFC 5758 when
+ using ECC key. The certificate was rejected by some crypto frameworks.
+ Fixes #2924.
+ * Fix some cases where mbedtls_mpi_mod_exp, RSA key construction or ECDSA
+ signature can silently return an incorrect result in low memory conditions.
+ * Fix IAR compiler warnings. Fixes #7873, #4300.
+ * Fix an issue when parsing an otherName subject alternative name into a
+ mbedtls_x509_san_other_name struct. The type-id of the otherName was not
+ copied to the struct. This meant that the struct had incomplete
+ information about the otherName SAN and contained uninitialized memory.
+ * Fix the detection of HardwareModuleName otherName SANs. These were being
+ detected by comparing the wrong field and the check was erroneously
+ inverted.
+ * Fix an error when MBEDTLS_ECDSA_SIGN_ALT is defined but not
+ MBEDTLS_ECDSA_VERIFY_ALT, causing ecdsa verify to fail. Fixes #7498.
+ * Functions in the ssl_cache module now return a negative MBEDTLS_ERR_xxx
+ error code on failure. Before, they returned 1 to indicate failure in
+ some cases involving a missing entry or a full cache.
+
+Changes
+ * In configurations with ARIA or Camellia but not AES, the value of
+ MBEDTLS_CIPHER_BLKSIZE_MAX was 8, rather than 16 as the name might
+ suggest. This did not affect any library code, because this macro was
+ only used in relation with CMAC which does not support these ciphers.
+ Its value is now 16 if ARIA or Camellia are present. This may affect
+ application code that uses this macro.
+
= Mbed TLS 2.28.4 branch released 2023-08-04
Features
diff --git a/ChangeLog.d/MBEDTLS_CIPHER_BLKSIZE_MAX.txt b/ChangeLog.d/MBEDTLS_CIPHER_BLKSIZE_MAX.txt
deleted file mode 100644
index fb0e8cc..0000000
--- a/ChangeLog.d/MBEDTLS_CIPHER_BLKSIZE_MAX.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-Changes
- * In configurations with ARIA or Camellia but not AES, the value of
- MBEDTLS_CIPHER_BLKSIZE_MAX was 8, rather than 16 as the name might
- suggest. This did not affect any library code, because this macro was
- only used in relation with CMAC which does not support these ciphers.
- Its value is now 16 if ARIA or Camellia are present. This may affect
- application code that uses this macro.
diff --git a/ChangeLog.d/MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND.txt b/ChangeLog.d/MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND.txt
deleted file mode 100644
index 6f091bb..0000000
--- a/ChangeLog.d/MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * Functions in the ssl_cache module now return a negative MBEDTLS_ERR_xxx
- error code on failure. Before, they returned 1 to indicate failure in
- some cases involving a missing entry or a full cache.
diff --git a/ChangeLog.d/add-new-pkcs5-pbe2-ext-fun.txt b/ChangeLog.d/add-new-pkcs5-pbe2-ext-fun.txt
deleted file mode 100644
index f2e7a4a..0000000
--- a/ChangeLog.d/add-new-pkcs5-pbe2-ext-fun.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-Security
- * Developers using mbedtls_pkcs5_pbes2() or mbedtls_pkcs12_pbe() should
- review the size of the output buffer passed to this function, and note
- that the output after decryption may include CBC padding. Consider moving
- to the new functions mbedtls_pkcs5_pbes2_ext() or mbedtls_pkcs12_pbe_ext()
- which checks for overflow of the output buffer and reports the actual
- length of the output.
diff --git a/ChangeLog.d/fix-a-few-unchecked-return.txt b/ChangeLog.d/fix-a-few-unchecked-return.txt
deleted file mode 100644
index aadde36..0000000
--- a/ChangeLog.d/fix-a-few-unchecked-return.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix some cases where mbedtls_mpi_mod_exp, RSA key construction or ECDSA
- signature can silently return an incorrect result in low memory conditions.
diff --git a/ChangeLog.d/fix-iar-compiler-warnings.txt b/ChangeLog.d/fix-iar-compiler-warnings.txt
deleted file mode 100644
index 50f1dca..0000000
--- a/ChangeLog.d/fix-iar-compiler-warnings.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Bugfix
- * Fix IAR compiler warnings. Fixes #7873, #4300.
diff --git a/ChangeLog.d/improve-doc-on-ecp-curve-optimized-representation.txt b/ChangeLog.d/improve-doc-on-ecp-curve-optimized-representation.txt
deleted file mode 100644
index 8fdc588..0000000
--- a/ChangeLog.d/improve-doc-on-ecp-curve-optimized-representation.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Features
- * The documentation of mbedtls_ecp_group now describes the optimized
- representation of A for some curves. Fixes #8045.
diff --git a/ChangeLog.d/initialize-struct-get-other-name.txt b/ChangeLog.d/initialize-struct-get-other-name.txt
deleted file mode 100644
index dc8395d..0000000
--- a/ChangeLog.d/initialize-struct-get-other-name.txt
+++ /dev/null
@@ -1,8 +0,0 @@
-Bugfix
- * Fix an issue when parsing an otherName subject alternative name into a
- mbedtls_x509_san_other_name struct. The type-id of the otherName was not
- copied to the struct. This meant that the struct had incomplete
- information about the otherName SAN and contained uninitialized memory.
- * Fix the detection of HardwareModuleName otherName SANs. These were being
- detected by comparing the wrong field and the check was erroneously
- inverted.
diff --git a/ChangeLog.d/mbedtls_ecdsa_can_do-unconditional-define.txt b/ChangeLog.d/mbedtls_ecdsa_can_do-unconditional-define.txt
deleted file mode 100644
index 22e8adb..0000000
--- a/ChangeLog.d/mbedtls_ecdsa_can_do-unconditional-define.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix an error when MBEDTLS_ECDSA_SIGN_ALT is defined but not
- MBEDTLS_ECDSA_VERIFY_ALT, causing ecdsa verify to fail. Fixes #7498.
diff --git a/ChangeLog.d/padding-ct-changelog.txt b/ChangeLog.d/padding-ct-changelog.txt
deleted file mode 100644
index 3e2c7e2..0000000
--- a/ChangeLog.d/padding-ct-changelog.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-Security
- * Improve padding calculations in CBC decryption, NIST key unwrapping and
- RSA OAEP decryption. With the previous implementation, some compilers
- (notably recent versions of Clang and IAR) could produce non-constant
- time code, which could allow a padding oracle attack if the attacker
- has access to precise timing measurements.
diff --git a/ChangeLog.d/ssl_decrypt_buf-short_record.txt b/ChangeLog.d/ssl_decrypt_buf-short_record.txt
deleted file mode 100644
index 957cec4..0000000
--- a/ChangeLog.d/ssl_decrypt_buf-short_record.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Security
- * Fix a buffer overread when parsing short TLS application data records in
- ARC4 or null-cipher cipher suites. Credit to OSS-Fuzz.
diff --git a/ChangeLog.d/x509-ec-algorithm-identifier-fix.txt b/ChangeLog.d/x509-ec-algorithm-identifier-fix.txt
deleted file mode 100644
index c1de491..0000000
--- a/ChangeLog.d/x509-ec-algorithm-identifier-fix.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * Fix x509 certificate generation to conform to RFC 5480 / RFC 5758 when
- using ECC key. The certificate was rejected by some crypto frameworks.
- Fixes #2924.