Align ChangeLog entry with 2.7

2024-11-22 22:55:39 +01:00 · 2018-03-12 23:50:18 +01:00 · 2018-03-12 23:50:18 +01:00 · 681f5aacfe
commit 681f5aacfe
parent 31b37f6edd
1 changed files with 5 additions and 5 deletions
--- a/10
+++ b/10
@ -20,11 +20,6 @@ Features
     heavily-loaded machine.

 Bugfix
-   * Properly initialize and free SHA-256 / SHA-512 context in entropy module
-     instead of performing zeroization only. This could lead to failure for
-     alternative implementations of SHA-256 / SHA-512 for which zeroization
-     of contexts is not a proper way of initialization.
-     Found and fix suggested by ccli8.
   * Fix ssl_parse_record_header() to silently discard invalid DTLS records
     as recommended in RFC 6347 Section 4.1.2.7.
   * Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times.
@ -67,6 +62,11 @@ Bugfix
   * Fix issue in RSA key generation program programs/x509/rsa_genkey
     where the failure of CTR DRBG initialization lead to freeing an
     RSA context without proper initialization beforehand.
+   * Fix the entropy.c module to ensure that mbedtls_sha256_init() or
+     mbedtls_sha512_init() is called before operating on the relevant context
+     structure. Do not assume that zeroizing a context is a correct way to
+     reset it. Found independently by ccli8 on Github.
+   * In mbedtls_entropy_free(), properly free the message digest context.

 Changes
   * Extend cert_write example program by options to set the CRT version