Build aggregated ChangeLog

Signed-off-by: Paul Elliott <paul.elliott@arm.com>

ChangeLog.d/add-missing-parenthesis.txt

@@ -1,3 +0,0 @@
-Bugfix
-   * Fix a compilation error when MBEDTLS_ECP_RANDOMIZE_MXZ_ALT is
-     defined. Fixes #4217.

ChangeLog.d/aescrypt2.txt

@@ -1,3 +0,0 @@
-Changes
-   * Remove the AES sample application programs/aes/aescrypt2 which shows
-     bad cryptographic practice. Fix #1906.

ChangeLog.d/allow_alt_cmac_without_des.txt

@@ -1,3 +0,0 @@
-Changes
-   * Alternative implementations of CMAC may now opt to not support 3DES as a
-     CMAC block cipher, and still pass the CMAC self test.

ChangeLog.d/aria-alt.txt

@@ -1,5 +0,0 @@
-Bugfix
-   * Fix some issues affecting MBEDTLS_ARIA_ALT implementations: a misplaced
-     directive in a header and a missing initialization in the self-test.
-   * Fix a missing initialization in the Camellia self-test, affecting
-     MBEDTLS_CAMELLIA_ALT implementations.

ChangeLog.d/bugfix_PR3616.txt

@@ -1,5 +0,0 @@
-Bugfix
-   * Fix premature fopen() call in mbedtls_entropy_write_seed_file which may
-     lead to the seed file corruption in case if the path to the seed file is
-     equal to MBEDTLS_PLATFORM_STD_NV_SEED_FILE. Contributed by Victor
-     Krasnoshchok in #3616.

ChangeLog.d/ciphersuite-sha1-sha384-guard.txt

@@ -1,4 +0,0 @@
-Bugfix
-   * The cipher suite TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 was not available
-     when SHA-1 was disabled and was offered when SHA-1 was enabled but SHA-384
-     was disabled. Fix the dependency. Fixes #4472.

ChangeLog.d/ciphersuite-sha384-guard.txt

@@ -1,2 +0,0 @@
-Bugfix
-   * Do not offer SHA384 cipher suites when SHA-384 is disabled. Fixes #4499.

ChangeLog.d/dhm_min_bitlen.txt

@@ -1,4 +0,0 @@
-Bugfix
-   * In a TLS client, enforce the Diffie-Hellman minimum parameter size
-     set with mbedtls_ssl_conf_dhm_min_bitlen() precisely. Before, the
-     minimum size was rounded down to the nearest multiple of 8.

ChangeLog.d/dtls_sample_use_read_timeout.txt

@@ -1,2 +0,0 @@
-Changes
-   * Fix the setting of the read timeout in the DTLS sample programs.

ChangeLog.d/ecdsa-random-leading-zeros.txt

@@ -1,7 +0,0 @@
-Security
-* Fix a potential side channel vulnerability in ECDSA ephemeral key generation.
-  An adversary who is capable of very precise timing measurements could
-  learn partial information about the leading bits of the nonce used for the
-  signature, allowing the recovery of the private key after observing a
-  large number of signature operations. This completes a partial fix in
-  Mbed TLS 2.20.0.

ChangeLog.d/ecp-window-size.txt

@@ -1,3 +0,0 @@
-Changes
-   * Reduce the default value of MBEDTLS_ECP_WINDOW_SIZE. This reduces RAM usage
-     during ECC operations at a negligible performance cost.

ChangeLog.d/ecp_max_bits.txt

@@ -1,8 +0,0 @@
-Security
-   * It was possible to configure MBEDTLS_ECP_MAX_BITS to a value that is
-     too small, leading to buffer overflows in ECC operations. Fail the build
-     in such a case.
-
-Features
-   * MBEDTLS_ECP_MAX_BITS is now determined automatically from the configured
-     curves and no longer needs to be configured explicitly to save RAM.

ChangeLog.d/ensure_hash_len_is_valid.txt

@@ -1,5 +0,0 @@
-Bugfix
-   * mbedtls_pk_sign() and mbedtls_pk_verify() and their extended and
-     restartable variants now always honor the specified hash length if
-     nonzero. Before, for RSA, hash_len was ignored in favor of the length of
-     the specified hash algorithm.

ChangeLog.d/fix-invalid-id-error-code.txt

@@ -1,5 +0,0 @@
-Bugfix
-   * PSA functions creating a key now return PSA_ERROR_INVALID_ARGUMENT rather
-     than PSA_ERROR_INVALID_HANDLE when the identifier specified for the key
-     to create is not valid, bringing them in line with version 1.0.0 of the
-     specification. Fix #4271.

ChangeLog.d/fix-mingw-build.txt

@@ -1,5 +0,0 @@
-Changes
-   * fix build failure on MinGW toolchain when __USE_MING_ANSI_STDIO is on.
-     When that flag is on, standard GNU C printf format specifiers
-     should be used.
-

ChangeLog.d/fix-pk-parse-key-error-code.txt

@@ -1,2 +0,0 @@
-Bugfix
-   * Fix an incorrect error code when parsing a PKCS#8 private key.

ChangeLog.d/fix-printf-specifiers.txt

@@ -1,10 +0,0 @@
-Bugfix
-   * Add printf function attributes to mbedtls_debug_print_msg to ensure we
-     get printf format specifier warnings.
-Changes
-   * Add extra printf compiler warning flags to builds.
-Requirement changes
-   * The library now uses the %zu format specifier with the printf() family of
-     functions, so requires a toolchain that supports it. This change does not
-     affect the maintained LTS branches, so when contributing changes please
-     bear this in mind and do not add them to backported code.

ChangeLog.d/fix-rsa-leak.txt

@@ -1,6 +0,0 @@
-Security
-   * An adversary with access to precise enough information about memory
-     accesses (typically, an untrusted operating system attacking a secure
-     enclave) could recover an RSA private key after observing the victim
-     performing a single private-key operation. Found and reported by
-     Zili KOU, Wenjian HE, Sharad Sinha, and Wei ZHANG.

ChangeLog.d/fix-ssl-cf-hmac-alt.txt

@@ -1,5 +0,0 @@
-Bugfix
-   * Fix a regression introduced in 2.24.0 which broke (D)TLS CBC ciphersuites
-     (when the encrypt-then-MAC extension is not in use) with some ALT
-     implementations of the underlying hash (SHA-1, SHA-256, SHA-384), causing
-     the affected side to wrongly reject valid messages. Fixes #4118.

ChangeLog.d/fix_memsan_build_clang11.txt

@@ -1,2 +0,0 @@
-Changes
-   * Fix memsan build false positive in x509_crt.c with clang 11

ChangeLog.d/fix_return_type_for_invalid_crypto_key.txt

@@ -1,4 +0,0 @@
-Bugfix
-   * PSA functions other than psa_open_key now return PSA_ERROR_INVALID_HANDLE
-     rather than PSA_ERROR_DOES_NOT_EXIST for an invalid handle, bringing them
-     in line with version 1.0.0 of the specification. Fix #4162.

ChangeLog.d/fix_tls_alert_codes.txt

@@ -1,5 +0,0 @@
-Bugfix
-   * Fix which alert is sent in some cases to conform to the
-     applicable RFC: on an invalid Finished message value, an
-     invalid max_fragment_length extension, or an
-     unsupported extension used by the server.

ChangeLog.d/host_test-int32.txt

@@ -1,3 +0,0 @@
-Bugfix
-   * Fix test suite code on platforms where int32_t is not int, such as
-     Arm Cortex-M. Fixes #4530.

ChangeLog.d/implicit_key_usage_policy.txt

@@ -1,5 +0,0 @@
-Changes
-   * Implicitly add PSA_KEY_USAGE_SIGN_MESSAGE key usage policy flag when
-     PSA_KEY_USAGE_SIGN_HASH flag is set and PSA_KEY_USAGE_VERIFY_MESSAGE flag
-     when PSA_KEY_USAGE_VERIFY_HASH flag is set. This usage flag extension
-     is also applied when loading a key from storage.

ChangeLog.d/issue1792.txt

@@ -1,3 +0,0 @@
-Bugfix
-   * Fix a bug in ECDSA that would cause it to fail when the hash is all-bits
-     zero. Fixes #1792

ChangeLog.d/issue4176.txt

@@ -1,3 +0,0 @@
-Bugfix
-   * Fix a resource leak in a test suite with an alternative AES
-     implementation. Fixes #4176.

ChangeLog.d/make-generate-tests-python.txt

@@ -1,3 +0,0 @@
-Changes
-   * When building the test suites with GNU make, invoke python3 or python, not
-     python2, which is no longer supported upstream.

ChangeLog.d/mbed-can-do-timing.txt

@@ -1,3 +0,0 @@
-Bugfix
-   * Remove outdated check-config.h check that prevented implementing the
-     timing module on Mbed OS. Fixes #4633.

ChangeLog.d/mbedtls_debug_print_mpi.txt

@@ -1,5 +0,0 @@
-Bugfix
-   * Fix a crash in mbedtls_mpi_debug_mpi on a bignum having 0 limbs. This
-     could notably be triggered by setting the TLS debug level to 3 or above
-     and using a Montgomery curve for the key exchange. Reported by lhuang04
-     in #4578. Fixes #4608.

ChangeLog.d/mpi_exp_mod-zero.txt

@@ -1,7 +0,0 @@
-Bugfix
-   * Fix a null pointer dereference when mbedtls_mpi_exp_mod() was called with
-     A=0 represented with 0 limbs. Up to and including Mbed TLS 2.26, this bug
-     could not be triggered by code that constructed A with one of the
-     mbedtls_mpi_read_xxx functions (including in particular TLS code) since
-     those always built an mpi object with at least one limb.
-     Credit to OSS-Fuzz. Fixes #4641.

ChangeLog.d/mpi_gcd-0.txt

@@ -1,4 +0,0 @@
-Bugfix
-   * Fix mbedtls_mpi_gcd(G,A,B) when the value of B is zero. This had no
-     effect on Mbed TLS's internal use of mbedtls_mpi_gcd(), but may affect
-     applications that call mbedtls_mpi_gcd() directly. Fixes #4642.

ChangeLog.d/mpi_random.txt

@@ -1,3 +0,0 @@
-Features
-   * The new function mbedtls_mpi_random() generates a random value in a
-     given range uniformly.

ChangeLog.d/mpi_read_negative_zero.txt

@@ -1,7 +0,0 @@
-Bugfix
-   * Fix some cases in the bignum module where the library constructed an
-     unintended representation of the value 0 which was not processed
-     correctly by some bignum operations. This could happen when
-     mbedtls_mpi_read_string() was called on "-0", or when
-     mbedtls_mpi_mul_mpi() and mbedtls_mpi_mul_int() was called with one of
-     the arguments being negative and the other being 0. Fixes #4643.