From 681edee803e9429716e579f6fa2225f354244a80 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 7 Nov 2018 16:25:38 +0000 Subject: [PATCH] Fix language and formatting in ChangeLog Changed the formatting and language in the ChangeLog to the house-style. --- ChangeLog | 43 +++++++++++++++++++++---------------------- 1 file changed, 21 insertions(+), 22 deletions(-) diff --git a/ChangeLog b/ChangeLog index fee12dc63..9f7a6fd5f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,13 +3,12 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx Security - * Fix overly strict DN comparison when looking for CRLs - belonging to a particular CA. This previously lead to - ignoring CRLs when the CRL's issuer name and the CA's - subject name differed in their string encoding (e.g., - one using PrintableString and the other UTF8String) or - in the choice of upper and lower case. Reported by - HenrikRosenquistAndersson in #1784. + * Fix overly strict DN comparison when looking for CRLs belonging to a + particular CA. This previously lead to ignoring CRLs when the CRL's issuer + name and the CA's subject name differed in their string encoding (e.g., + one using PrintableString and the other UTF8String) or in the choice of + upper and lower case. Reported by Henrik Andersson of Bosch GmbH in issue + #1784. * Fix a flawed bounds check in server PSK hint parsing. In case the incoming message buffer was placed within the first 64KB of address space and a PSK-(EC)DHE ciphersuite was used, this allowed an attacker @@ -19,8 +18,8 @@ Security previous settings for the number of rounds made it practical for an adversary to construct non-primes that would be erroneously accepted as primes with high probability. This does not have an impact on the - security of TLS, but can matter in other contexts with potentially - adversarially-chosen numbers that should be prime and can be validated. + security of TLS, but can matter in other contexts with numbers chosen + potentially by an adversary that should be prime and can be validated. For example, the number of rounds was enough to securely generate RSA key pairs or Diffie-Hellman parameters, but was insufficient to validate Diffie-Hellman parameters properly. @@ -62,7 +61,7 @@ New deprecations MBEDTLS_ERR_XXX_FEATURE_UNAVAILABLE that indicate a feature is not supported are deprecated and are now replaced by the new equivalent platform error. - * All module specific generic hardware accelaration errors following the + * All module specific generic hardware acceleration errors following the form MBEDTLS_ERR_XXX_HW_ACCEL_FAILED that are deprecated and are replaced by the equivalent plaform error. * Deprecate the function mbedtls_mpi_is_prime() in favor of @@ -83,8 +82,8 @@ Bugfix padded records in case of CBC ciphersuites using Encrypt-then-MAC. * Fix memory leak and freeing without initialization in the example program programs/x509/cert_write. Fixes #1422. - * Ignore IV in mbedtls_cipher_set_iv() when the cipher mode is MBEDTLS_MODE_ECB - Fix for #1091 raised by ezdevelop + * Ignore IV in mbedtls_cipher_set_iv() when the cipher mode is + MBEDTLS_MODE_ECB. Found by ezdevelop. Fixes #1091. * Zeroize memory used for buffering or reassembling handshake messages after use. * Use `mbedtls_platform_zeroize()` instead of `memset()` for zeroization @@ -92,8 +91,8 @@ Bugfix * Change the default string format used for various X.509 DN attributes to UTF8String. Previously, the use of the PrintableString format led to wildcards and non-ASCII characters being unusable in some DN attributes. - Reported by raprepo in #1860 and by kevinpt in #468. - Fix contributed by Thomas-Dee in #1641. + Reported by raprepo in #1860 and by kevinpt in #468. Fix contributed by + Thomas-Dee. * Fix compilation failure for configurations which use compile time replacements of standard calloc/free functions through the macros MBEDTLS_PLATFORM_CALLOC_MACRO and MBEDTLS_PLATFORM_FREE_MACRO. @@ -110,14 +109,14 @@ Changes * Change the use of Windows threading to use Microsoft Visual C++ runtime calls, rather than Win32 API calls directly. This is necessary to avoid conflict with C runtime usage. Found and fixed by irwir. - * Remember the string format of X.509 DN attributes when replicating X.509 DNs. - Previously, DN attributes were always written in their default string format - (mostly PrintableString), which could lead to CRTs being created which used - PrintableStrings in the issuer field even though the signing CA used - UTF8Strings in its subject field; while X.509 compliant, such CRTs were - rejected in some applications, e.g. some versions of Firefox, curl - and GnuTLS. Reported in #1033 by Moschn. Fix contributed by - Thomas-Dee in #1641. + * Remember the string format of X.509 DN attributes when replicating + X.509 DNs. Previously, DN attributes were always written in their default + string format (mostly PrintableString), which could lead to CRTs being + created which used PrintableStrings in the issuer field even though the + signing CA used UTF8Strings in its subject field; while X.509 compliant, + such CRTs were rejected in some applications, e.g. some versions of + Firefox, curl and GnuTLS. Reported in #1033 by Moschn. Fix contributed by + Thomas-Dee. * Improve documentation of mbedtls_ssl_get_verify_result(). Fixes #517 reported by github-monoculture. * Add MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR flag to mbedtls_mpi_gen_prime() and