Changelog: Split changelogs for both libraries
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
diff --git a/ChangeLog.d/fix-asn1-store-named-data.txt b/ChangeLog.d/fix-asn1-store-named-data.txt
new file mode 100644
index 0000000..7a040bd
--- /dev/null
+++ b/ChangeLog.d/fix-asn1-store-named-data.txt
@@ -0,0 +1,8 @@
+Security
+ * Fix a bug in tf-psa-crypto's mbedtls_asn1_store_named_data() where it
+ would sometimes leave an item in the output list in an inconsistent
+ state with val.p == NULL but val.len > 0. Affected functions used in X.509
+ would then dereference a NULL pointer. Applications that do not
+ call this function (directly, or indirectly through X.509 writing) are not
+ affected. Found by Linh Le and Ngan Nguyen from Calif.
+
diff --git a/ChangeLog.d/psa/psa-always-on.txt b/ChangeLog.d/psa/psa-always-on.txt
index 45f4d9b..6607e9f 100644
--- a/ChangeLog.d/psa/psa-always-on.txt
+++ b/ChangeLog.d/psa/psa-always-on.txt
@@ -1,5 +1,5 @@
Default behavior changes
- * The PK, X.509, PKCS7 and TLS modules now always use the PSA subsystem
+ * The X.509 and TLS modules now always use the PSA subsystem
to perform cryptographic operations, with a few exceptions documented
in docs/architecture/psa-migration/psa-limitations.md. This
corresponds to the behavior of Mbed TLS 3.x when
@@ -8,3 +8,4 @@
* psa_crypto_init() must be called before performing any cryptographic
operation, including indirect requests such as parsing a key or
certificate or starting a TLS handshake.
+