Add a ChangeLog entry for MBEDTLS_CHECK_PARAMS
diff --git a/ChangeLog b/ChangeLog
index 43dfb99..9d51378 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -22,15 +22,11 @@
* Wipe sensitive buffers on the stack in the CTR_DRBG and HMAC_DRBG
modules.
-API Changes
- * The following functions in the random generator modules have been
- deprecated and replaced as shown below. The new functions change
- the return type from void to int to allow returning error codes when
- using MBEDTLS_<MODULE>_ALT for the underlying AES or message digest
- primitive. Fixes #1798.
- mbedtls_ctr_drbg_update() -> mbedtls_ctr_drbg_update_ret()
- mbedtls_hmac_drbg_update() -> mbedtls_hmac_drbg_update_ret()
- * Extend ECDH interface to enable alternative implementations.
+Features
+ * Add new config.h flag MBEDTLS_CHECK_PARAMS that enables validation of
+ more of the parameters by public API functions (see its documentation for
+ details). Disabled by default - requires users to provide an
+ implementation of the callback function or macro.
New deprecations
* Deprecate mbedtls_ctr_drbg_update and mbedtls_hmac_drbg_update
@@ -52,6 +48,16 @@
* Fix double initialization of ECC hardware that made some accelerators
hang.
+API Changes
+ * The following functions in the random generator modules have been
+ deprecated and replaced as shown below. The new functions change
+ the return type from void to int to allow returning error codes when
+ using MBEDTLS_<MODULE>_ALT for the underlying AES or message digest
+ primitive. Fixes #1798.
+ mbedtls_ctr_drbg_update() -> mbedtls_ctr_drbg_update_ret()
+ mbedtls_hmac_drbg_update() -> mbedtls_hmac_drbg_update_ret()
+ * Extend ECDH interface to enable alternative implementations.
+
= mbed TLS 2.14.0 branch released 2018-11-19
Security
