Merge pull request #1279 from gilles-peskine-arm/memory_allocation_cleanup_psa_crypto_rsa-changelog-3.6

Backport 3.6: Changelog entry for the RSA memory leak (+ extra changelog fixes)

ChangeLog.d/fix_reporting_of_key_usage_issues.txt

@@ -1,9 +1,9 @@
 Security
    * With TLS 1.3, when a server enables optional authentication of the
      client, if the client-provided certificate does not have appropriate values
-     in if keyUsage or extKeyUsage extensions, then the return value of
+     in keyUsage or extKeyUsage extensions, then the return value of
      mbedtls_ssl_get_verify_result() would incorrectly have the
-     MBEDTLS_X509_BADCERT_KEY_USAGE and MBEDTLS_X509_BADCERT_KEY_USAGE bits
+     MBEDTLS_X509_BADCERT_KEY_USAGE and MBEDTLS_X509_BADCERT_EXT_KEY_USAGE bits
      clear. As a result, an attacker that had a certificate valid for uses other
      than TLS client authentication could be able to use it for TLS client
      authentication anyway. Only TLS 1.3 servers were affected, and only with

ChangeLog.d/mbedtls_psa_rsa_load_representation-memory_leak.txt

@@ -0,0 +1,3 @@
+Bugfix
+   * Fix a memory leak that could occur when failing to process an RSA
+     key through some PSA functions due to low memory conditions.