Changelog: Removed psa migrated entries

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>

ChangeLog.d/psa/9126.txt

@@ -1,5 +0,0 @@
-Default behavior changes
-   * In a PSA-client-only build (i.e. MBEDTLS_PSA_CRYPTO_CLIENT &&
-     !MBEDTLS_PSA_CRYPTO_C), do not automatically enable local crypto when the
-     corresponding PSA mechanism is enabled, since the server provides the
-     crypto. Fixes #9126.

ChangeLog.d/psa/9302.txt

@@ -1,6 +0,0 @@
-Features
-   * Added new configuration option MBEDTLS_PSA_STATIC_KEY_SLOTS, which
-     uses static storage for keys, enabling malloc-less use of key slots.
-     The size of each buffer is given by the option
-     MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE. By default it accommodates the
-     largest PSA key enabled in the build.

ChangeLog.d/psa/9690.txt

@@ -1,8 +0,0 @@
-Security
-   * Fix a buffer underrun in mbedtls_pk_write_key_der() when
-     called on an opaque key, MBEDTLS_USE_PSA_CRYPTO is enabled,
-     and the output buffer is smaller than the actual output.
-     Fix a related buffer underrun in mbedtls_pk_write_key_pem()
-     when called on an opaque RSA key, MBEDTLS_USE_PSA_CRYPTO is enabled
-     and MBEDTLS_MPI_MAX_SIZE is smaller than needed for a 4096-bit RSA key.
-     CVE-2024-49195

ChangeLog.d/psa/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt

@@ -1,4 +0,0 @@
-Security
-   * Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does
-     not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when
-     MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRBG_C are disabled.

ChangeLog.d/psa/add-psa-iop-generate-key.txt

@@ -1,3 +0,0 @@
-Features
-   * Add an interruptible version of generate key to the PSA interface.
-     See psa_generate_key_iop_setup() and related functions.

ChangeLog.d/psa/add-psa-iop-key-agreement.txt

@@ -1,4 +0,0 @@
-Features
-   * Add an interruptible version of key agreement to the PSA interface.
-     See psa_key_agreement_iop_setup() and related functions.
-

ChangeLog.d/psa/add-psa-key-agreement.txt

@@ -1,3 +0,0 @@
-Features
-   * Add a new psa_key_agreement() PSA API to perform key agreement and return
-     an identifier for the newly created key.

ChangeLog.d/psa/asn1-missing-guard-in-rsa.txt

@@ -1,3 +0,0 @@
-Bugfix
-   * MBEDTLS_ASN1_PARSE_C and MBEDTLS_ASN1_WRITE_C are now automatically enabled
-     as soon as MBEDTLS_RSA_C is enabled. Fixes #9041.

ChangeLog.d/psa/configuration-split.txt

@@ -1,16 +0,0 @@
-Changes
-   * Cryptography and platform configuration options have been migrated
-     from the Mbed TLS library configuration file mbedtls_config.h to
-     crypto_config.h that will become the TF-PSA-Crypto configuration file,
-     see config-split.md for more information. The reference and test custom
-     configuration files respectively in configs/ and tests/configs/ have
-     been updated accordingly.
-     To migrate custom Mbed TLS configurations where
-     MBEDTLS_PSA_CRYPTO_CONFIG is disabled, you should first adapt them
-     to the PSA configuration scheme based on PSA_WANT_XXX symbols
-     (see psa-conditional-inclusion-c.md for more information).
-     To migrate custom Mbed TLS configurations where
-     MBEDTLS_PSA_CRYPTO_CONFIG is enabled, you should migrate the
-     cryptographic and platform configuration options from mbedtls_config.h
-     to crypto_config.h (see config-split.md for more information and configs/
-     for examples).

ChangeLog.d/psa/dynamic-keystore.txt

@@ -1,10 +0,0 @@
-Features
-   * When the new compilation option MBEDTLS_PSA_KEY_STORE_DYNAMIC is enabled,
-     the number of volatile PSA keys is virtually unlimited, at the expense
-     of increased code size. This option is off by default, but enabled in
-     the default mbedtls_config.h. Fixes #9216.
-
-Bugfix
-   * Fix interference between PSA volatile keys and built-in keys
-     when MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS is enabled and
-     MBEDTLS_PSA_KEY_SLOT_COUNT is more than 4096.

ChangeLog.d/psa/ecdsa-conversion-overflow.txt

@@ -1,6 +0,0 @@
-Security
-   * Fix a stack buffer overflow in mbedtls_ecdsa_der_to_raw() and
-     mbedtls_ecdsa_raw_to_der() when the bits parameter is larger than the
-     largest supported curve. In some configurations with PSA disabled,
-     all values of bits are affected. This never happens in internal library
-     calls, but can affect applications that call these functions directly.

ChangeLog.d/psa/fix-aesni-asm-clobbers.txt

@@ -1,5 +0,0 @@
-Bugfix
-   * Fix missing constraints on the AES-NI inline assembly which is used on
-     GCC-like compilers when building AES for generic x86_64 targets. This
-     may have resulted in incorrect code with some compilers, depending on
-     optimizations. Fixes #9819.

ChangeLog.d/psa/fix-concurrently-loading-non-existent-keys.txt

@@ -1,4 +0,0 @@
-Bugfix
-   * Fix rare concurrent access bug where attempting to operate on a
-     non-existent key while concurrently creating a new key could potentially
-     corrupt the key store.

ChangeLog.d/psa/fix-driver-schema-check.txt

@@ -1,3 +0,0 @@
-Bugfix
-   * Fix invalid JSON schemas for driver descriptions used by
-     generate_driver_wrappers.py.

ChangeLog.d/psa/fix-psa-cmac.txt

@@ -1,4 +0,0 @@
-Bugfix
-   * Fix the build when MBEDTLS_PSA_CRYPTO_CONFIG is enabled and the built-in
-     CMAC is enabled, but no built-in unauthenticated cipher is enabled.
-     Fixes #9209.

ChangeLog.d/psa/fix-redefination_warning_messages_for_GNU_SOURCE.txt

@@ -1,5 +0,0 @@
-Bugfix
-   * Fix issue of redefinition warning messages for _GNU_SOURCE in
-     entropy_poll.c and sha_256.c. There was a build warning during
-     building for linux platform.
-     Resolves #9026

ChangeLog.d/psa/fix-rsa-performance-regression.txt

@@ -1,3 +0,0 @@
-Bugfix
-   * Fix unintended performance regression when using short RSA public keys.
-     Fixes #9232.

ChangeLog.d/psa/fix-secure-element-key-creation.txt

@@ -1,5 +0,0 @@
-Bugfix
-   * Fix error handling when creating a key in a dynamic secure element
-     (feature enabled by MBEDTLS_PSA_CRYPTO_SE_C). In a low memory condition,
-     the creation could return PSA_SUCCESS but using or destroying the key
-     would not work. Fixes #8537.

ChangeLog.d/psa/fix-test-suite-pk-warnings.txt

@@ -1,3 +0,0 @@
-Bugfix
-   * Fix redefinition warnings when SECP192R1 and/or SECP192K1 are disabled.
-     Fixes #9029.

ChangeLog.d/psa/fix_ubsan_mp_aead_gcm.txt

@@ -1,3 +0,0 @@
-Bugfix
-   * Fix undefined behaviour (incrementing a NULL pointer by zero length) when
-     passing in zero length additional data to multipart AEAD.

ChangeLog.d/psa/mbedtls_psa_ecp_generate_key-no_public_key.txt

@@ -1,3 +0,0 @@
-Changes
-   * Improve performance of PSA key generation with ECC keys: it no longer
-     computes the public key (which was immediately discarded). Fixes #9732.

ChangeLog.d/psa/mbedtls_psa_register_se_key.txt

@@ -1,3 +0,0 @@
-Bugfix
-   * Document and enforce the limitation of mbedtls_psa_register_se_key()
-     to persistent keys. Resolves #9253.

ChangeLog.d/psa/mbedtls_psa_rsa_load_representation-memory_leak.txt

@@ -1,3 +0,0 @@
-Bugfix
-   * Fix a memory leak that could occur when failing to process an RSA
-     key through some PSA functions due to low memory conditions.

ChangeLog.d/psa/pk-norsa-warning.txt

@@ -1,2 +0,0 @@
-Bugfix
-   * Fix a compilation warning in pk.c when PSA is enabled and RSA is disabled.

ChangeLog.d/psa/psa-crypto-config-always-on.txt

@@ -1,7 +0,0 @@
-Default behavior changes
-   * The `PSA_WANT_XXX` symbols as defined in
-     tf-psa-crypto/include/psa/crypto_config.h are now always used in the
-     configuration of the cryptographic mechanisms exposed by the PSA API.
-     This corresponds to the configuration behavior of Mbed TLS 3.x when
-     MBEDTLS_PSA_CRYPTO_CONFIG is enabled. In effect, MBEDTLS_PSA_CRYPTO_CONFIG
-     is now always enabled and the configuration option has been removed.

ChangeLog.d/psa/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt

@@ -1,3 +0,0 @@
-Bugfix
-   * Fix psa_cipher_decrypt() with CCM* rejecting messages less than 3 bytes
-     long. Credit to Cryptofuzz. Fixes #9314.

ChangeLog.d/psa/psa_generate_key_custom.txt

@@ -1,9 +0,0 @@
-API changes
-   * The experimental functions psa_generate_key_ext() and
-     psa_key_derivation_output_key_ext() have been replaced by
-     psa_generate_key_custom() and psa_key_derivation_output_key_custom().
-     They have almost exactly the same interface, but the variable-length
-     data is passed in a separate parameter instead of a flexible array
-     member. This resolves a build failure under C++ compilers that do not
-     support flexible array members (a C99 feature not adopted by C++).
-     Fixes #9020.

ChangeLog.d/psa/psa_util-bits-0.txt

@@ -1,3 +0,0 @@
-Bugfix
-   * Fix undefined behavior in some cases when mbedtls_psa_raw_to_der() or
-     mbedtls_psa_der_to_raw() is called with bits=0.

ChangeLog.d/psa/psa_util_in_builds_without_psa.txt

@@ -1,5 +0,0 @@
-Bugfix
-   * When MBEDTLS_PSA_CRYPTO_C was disabled and MBEDTLS_ECDSA_C enabled,
-     some code was defining 0-size arrays, resulting in compilation errors.
-     Fixed by disabling the offending code in configurations without PSA
-     Crypto, where it never worked. Fixes #9311.

ChangeLog.d/psa/remove-crypto-alt-interface.txt

@@ -1,5 +0,0 @@
-Removals
-   * Drop support for crypto alt interface. Removes MBEDTLS_XXX_ALT options
-     at the module and function level for crypto mechanisms only. The remaining
-     alt interfaces for platform, threading and timing are unchanged.
-     Fixes #8149.

ChangeLog.d/psa/remove-via-padlock-support.txt

@@ -1,3 +0,0 @@
-Removals
-   * Drop support for VIA Padlock. Removes MBEDTLS_PADLOCK_C.
-     Fixes #5903.