Assemble ChangeLog
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
diff --git a/ChangeLog b/ChangeLog
index 4d4bbdb..59a9604 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,48 @@
Mbed TLS ChangeLog (Sorted per branch, date)
+= Mbed TLS 3.6.5 branch released 2025-10-15
+
+API changes
+ * When building the library as a PSA client (MBEDTLS_PSA_CRYPTO_CLIENT
+ enabled and MBEDTLS_PSA_CRYPTO_C disabled), you need to provide the
+ function psa_can_do_cipher() in addition to psa_can_do_hash(). This
+ changed was made in Mbed TLS 3.6.0 but was not announced then.
+
+Features
+ * The new function mbedtls_cipher_finish_padded() is similar to
+ mbedtls_cipher_finish(), but makes it easier to process invalid-padding
+ conditions in constant time.
+
+Security
+ * Fix a timing side channel in CBC-PKCS7 decryption that could
+ allow an attacker who can submit chosen ciphertexts to recover
+ some plaintexts through a timing-based padding oracle attack.
+ Credits to Beat Heeb from Oberon microsystems AG. CVE-2025-59438
+ * Fix a local timing side-channel in modular inversion and GCD that was
+ exploitable in RSA key generation and other RSA operations (see the full
+ advisory for details), allowing a local attacker to fully recover the
+ private key. This can be exploited on some Arm-v9 CPUs by an unprivileged
+ attacker running code on the same core (SSBleed), or when Trustzone-M is
+ used, by the non-secure side abusing timer interrupts (M-Step), and
+ probably in other similar settings as well. Found and reported
+ independently by: SSBleed: Chang Liu (Tsinghua University) and Trevor E.
+ Carlson (National University of Singapore); M-Step: Cristiano Rodrigues
+ (University of Minho), Marton Bognar (DistriNet, KU Leuven), Sandro Pinto
+ (University of Minho), Jo Van Bulck (DistriNet, KU Leuven). CVE-2025-54764
+
+Bugfix
+ * Fix potential CMake parallel build failure when building both the static
+ and shared libraries.
+ * Fix a build error or incorrect TLS session
+ lifetime on platforms where mbedtls_time_t
+ is not time_t. Fixes #10236.
+
+Changes
+ * The function mbedtls_mpi_gcd() now always gives a non-negative output.
+ Previously the output was negative when B = 0 and A < 0, which was not
+ documented, and inconsistent as all other inputs resulted in a non-negative
+ output.
+
= Mbed TLS 3.6.4 branch released 2025-06-30
Features
diff --git a/ChangeLog.d/fix-dependency-on-generated-files.txt b/ChangeLog.d/fix-dependency-on-generated-files.txt
deleted file mode 100644
index b3e7e4e..0000000
--- a/ChangeLog.d/fix-dependency-on-generated-files.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix potential CMake parallel build failure when building both the static
- and shared libraries.
diff --git a/ChangeLog.d/gcd-sign.txt b/ChangeLog.d/gcd-sign.txt
deleted file mode 100644
index 52d1e1f..0000000
--- a/ChangeLog.d/gcd-sign.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Changes
- * The function mbedtls_mpi_gcd() now always gives a non-negative output.
- Previously the output was negative when B = 0 and A < 0, which was not
- documented, and inconsistent as all other inputs resulted in a non-negative
- output.
diff --git a/ChangeLog.d/mbedtls_cipher_finish_padded.txt b/ChangeLog.d/mbedtls_cipher_finish_padded.txt
deleted file mode 100644
index bf2405e..0000000
--- a/ChangeLog.d/mbedtls_cipher_finish_padded.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Features
- * The new function mbedtls_cipher_finish_padded() is similar to
- mbedtls_cipher_finish(), but makes it easier to process invalid-padding
- conditions in constant time.
diff --git a/ChangeLog.d/pkcs7-padding-error-leak.txt b/ChangeLog.d/pkcs7-padding-error-leak.txt
deleted file mode 100644
index 9193a08..0000000
--- a/ChangeLog.d/pkcs7-padding-error-leak.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Security
- * Fix a timing side channel in CBC-PKCS7 decryption that could
- allow an attacker who can submit chosen ciphertexts to recover
- some plaintexts through a timing-based padding oracle attack.
- Credits to Beat Heeb from Oberon microsystems AG. CVE-2025-59438
diff --git a/ChangeLog.d/psa_can_do_cipher.txt b/ChangeLog.d/psa_can_do_cipher.txt
deleted file mode 100644
index 16598b6..0000000
--- a/ChangeLog.d/psa_can_do_cipher.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-API changes
- * When building the library as a PSA client (MBEDTLS_PSA_CRYPTO_CLIENT
- enabled and MBEDTLS_PSA_CRYPTO_C disabled), you need to provide the
- function psa_can_do_cipher() in addition to psa_can_do_hash(). This
- changed was made in Mbed TLS 3.6.0 but was not announced then.
diff --git a/ChangeLog.d/replace_time_t.txt b/ChangeLog.d/replace_time_t.txt
deleted file mode 100644
index ec0282a..0000000
--- a/ChangeLog.d/replace_time_t.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * Fix a build error or incorrect TLS session
- lifetime on platforms where mbedtls_time_t
- is not time_t. Fixes #10236.
diff --git a/ChangeLog.d/ssbleed-mstep.txt b/ChangeLog.d/ssbleed-mstep.txt
deleted file mode 100644
index 8fc9ef7..0000000
--- a/ChangeLog.d/ssbleed-mstep.txt
+++ /dev/null
@@ -1,12 +0,0 @@
-Security
- * Fix a local timing side-channel in modular inversion and GCD that was
- exploitable in RSA key generation and other RSA operations (see the full
- advisory for details), allowing a local attacker to fully recover the
- private key. This can be exploited on some Arm-v9 CPUs by an unprivileged
- attacker running code on the same core (SSBleed), or when Trustzone-M is
- used, by the non-secure side abusing timer interrupts (M-Step), and
- probably in other similar settings as well. Found and reported
- independently by: SSBleed: Chang Liu (Tsinghua University) and Trevor E.
- Carlson (National University of Singapore); M-Step: Cristiano Rodrigues
- (University of Minho), Marton Bognar (DistriNet, KU Leuven), Sandro Pinto
- (University of Minho), Jo Van Bulck (DistriNet, KU Leuven). CVE-2025-54764