From 01971d094e8c49e57a2ca8e90f4d7f3bf9761f2c Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 10 Aug 2017 10:48:01 +0100 Subject: [PATCH] Fix language in Changelog for clarity --- ChangeLog | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/ChangeLog b/ChangeLog index a696591b6..d3ad3b967 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,11 +3,11 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx Security - * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, + * Fix authentication bypass in SSL/TLS: when authmode is set to optional, mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA - (default: 8) intermediates, even when it was not trusted. Could be - triggered remotely on both sides. (With auth_mode set to 'required' + (default: 8) intermediates, even when it was not trusted. This could be + triggered remotely from either side. (With authmode set to 'required' (the default), the handshake was correctly aborted). * Reliably wipe sensitive data after use in the AES example applications programs/aes/aescrypt2 and programs/aes/crypt_and_hash. @@ -19,8 +19,8 @@ Features platform-specific setup and teardown operations. The macro MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT allows the functions to be overridden by the user in a platform_alt.h file. These new functions are required in - some embedded environments to provide a means to initialise underlying - hardware acceleration. + some embedded environments to provide a means of initialising underlying + cryptographic acceleration hardware. API Changes * Reverted API/ABI breaking changes introduced in mbed TLS 2.5.1, to make the @@ -31,19 +31,18 @@ API Changes * Certificate verification functions now set flags to -1 in case the full chain was not verified due to an internal error (including in the verify callback) or chain length limitations. - * With authmode set to optional, handshake is now aborted if the + * With authmode set to optional, the TLS handshake is now aborted if the verification of the peer's certificate failed due to an overlong chain or - a fatal error in the vrfy callback. + a fatal error in the verify callback. Bugfix - * Add a check if iv_len is zero, and return an error if it is zero. Reported - by roberto. #716 - * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) + * Add a check if iv_len is zero in GCM, and return an error if it is zero. + Reported by roberto. #716 + * Replace preprocessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will always be implemented by pthread support. #696 - * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. - In case of failure, when an error occures, goto cleanup. - Found by redplait. #590 + * Fix a resource leak on Windows platforms in mbedtls_x509_crt_parse_path(), + in the case of an error. Found by redplait. #590 * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. Reported and fix suggested by guidovranken. #740 * Fix conditional preprocessor directives in bignum.h to enable 64-bit