Fix style and missing item in ChangeLog
diff --git a/ChangeLog b/ChangeLog
index 0b92f2a..7e00019 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,9 +7,9 @@
mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's
X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA
(default: 8) intermediates, even when it was not trusted. Could be
- triggered remotely on both sides. (With auth_mode set to required
- (default), the handshake was correctly aborted.)
- * Reliably zeroize sensitive data after use in AES example applications
+ triggered remotely on both sides. (With auth_mode set to 'required'
+ (the default), the handshake was correctly aborted).
+ * Reliably wipe sensitive data after use in the AES example applications
programs/aes/aescrypt2 and programs/aes/crypt_and_hash.
Found by Laurent Simon.
@@ -18,15 +18,16 @@
and the context struct mbedtls_platform_context to perform
platform-specific setup and teardown operations. The macro
MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT allows the functions to be overridden
- by the user in a platform_alt.h file. This new APIs are required in some
- embedded environments that have hardware acceleration support.
+ by the user in a platform_alt.h file. These new functions are required in
+ some embedded environments to provide a means to initialise underlying
+ hardware acceleration.
API Changes
* Reverted API/ABI breaking changes introduced in mbed TLS 2.5.1, to make the
API consistent with mbed TLS 2.5.0. Specifically removed the inline
qualifier from the functions mbedtls_aes_decrypt, mbedtls_aes_encrypt,
- mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. #978
- Found by James Cowgill.
+ mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. Found
+ by James Cowgill. #978
* Certificate verification functions now set flags to -1 in case the full
chain was not verified due to an internal error (including in the verify
callback) or chain length limitations.
@@ -35,40 +36,45 @@
a fatal error in the vrfy callback.
Bugfix
- * Add a check if iv_len is zero, and return an error if it is zero. reported
+ * Add a check if iv_len is zero, and return an error if it is zero. Reported
by roberto. #716
* Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD)
to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will
- always be implemented by pthread support. Fix for #696
+ always be implemented by pthread support. #696
* Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path.
In case of failure, when an error occures, goto cleanup.
- Found by redplait #590
+ Found by redplait. #590
* Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random.
- Reported and fix suggested by guidovranken in #740
+ Reported and fix suggested by guidovranken. #740
* Fix conditional preprocessor directives in bignum.h to enable 64-bit
compilation when using ARM Compiler 6.
* Fix a potential integer overflow in the version verification for DER
- encoded X509 CRLs. The overflow would enable maliciously constructed CRLs
+ encoded X.509 CRLs. The overflow could enable maliciously constructed CRLs
to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin,
KNOX Security, Samsung Research America
* Fix potential integer overflow in the version verification for DER
- encoded X509 CSRs. The overflow would enable maliciously constructed CSRs
+ encoded X.509 CSRs. The overflow could enable maliciously constructed CSRs
to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin,
KNOX Security, Samsung Research America
* Fix a potential integer overflow in the version verification for DER
- encoded X509 certificates. The overflow would enable maliciously
+ encoded X.509 certificates. The overflow could enable maliciously
constructed certificates to bypass the certificate verification check.
* Fix a call to the libc function time() to call the platform abstraction
- function mbedtls_time() instead. Found by wairua. Fix for #666
+ function mbedtls_time() instead. Found by wairua. #666
+ * Avoid shadowing of time and index functions through mbed TLS function
+ arguments. Found by inestlerode. #557.
Changes
* Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of
- 64-bit division. #708
+ 64-bit division. This is useful on embedded platforms where 64-bit division
+ created a dependency on external libraries. #708
* Removed mutexes from ECP hardware accelerator code. Now all hardware
accelerator code in the library leaves concurrency handling to the
platform. Reported by Steven Cooreman. #863
* Define the macro MBEDTLS_AES_ROM_TABLES in the configuration file
config-no-entropy.h to reduce the RAM footprint.
+ * Added a test script that can be hooked into git that verifies commits
+ before they are pushed.
= mbed TLS 2.5.1 released 2017-06-21
@@ -158,8 +164,6 @@
The PK and RSA modules use different types for passing hash length and
without these checks the type cast could lead to data loss. Found by Guido
Vranken.
- * Avoid shadowing of time and index functions through mbed TLS function
- arguments. Found by inestlerode. Fixes #557.
= mbed TLS 2.4.2 branch released 2017-03-08
@@ -228,9 +232,6 @@
digits. Found and fixed by Guido Vranken.
* Fix unlisted DES configuration dependency in some pkparse test cases. Found
by inestlerode. #555
- * Fix a potential integer overflow in the version verification for DER
- encoded X509 certificates. The overflow would enable maliciously
- constructed certificates to bypass the certificate verification check.
= mbed TLS 2.4.1 branch released 2016-12-13
