Fix style and missing item in ChangeLog

2017-08-01 18:06:12 +01:00 · 2017-08-01 18:06:12 +01:00 · 3f2557e6f1
commit 3f2557e6f1
parent a418e82a35
1 changed files with 22 additions and 21 deletions
--- a/43
+++ b/43
@ -7,9 +7,9 @@ Security
     mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's
     X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA
     (default: 8) intermediates, even when it was not trusted. Could be
-     triggered remotely on both sides. (With auth_mode set to required
-     (default), the handshake was correctly aborted.)
-   * Reliably zeroize sensitive data after use in AES example applications
+     triggered remotely on both sides. (With auth_mode set to 'required'
+     (the default), the handshake was correctly aborted).
+   * Reliably wipe sensitive data after use in the AES example applications
     programs/aes/aescrypt2 and programs/aes/crypt_and_hash.
     Found by Laurent Simon.

@ -18,15 +18,16 @@ Features
     and the context struct mbedtls_platform_context to perform
     platform-specific setup and teardown operations. The macro
     MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT allows the functions to be overridden
-     by the user in a platform_alt.h file. This new APIs are required in some
-     embedded environments that have hardware acceleration support.
+     by the user in a platform_alt.h file. These new functions are required in
+     some embedded environments to provide a means to initialise underlying
+     hardware acceleration.

 API Changes
   * Reverted API/ABI breaking changes introduced in mbed TLS 2.5.1, to make the
     API consistent with mbed TLS 2.5.0. Specifically removed the inline
     qualifier from the functions mbedtls_aes_decrypt, mbedtls_aes_encrypt,
-     mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. #978
-     Found by James Cowgill.
+     mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. Found
+     by James Cowgill. #978
   * Certificate verification functions now set flags to -1 in case the full
     chain was not verified due to an internal error (including in the verify
     callback) or chain length limitations.
@ -35,40 +36,45 @@ API Changes
     a fatal error in the vrfy callback.

 Bugfix
-   * Add a check if iv_len is zero, and return an error if it is zero. reported
+   * Add a check if iv_len is zero, and return an error if it is zero. Reported
     by roberto. #716
   * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD)
     to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will
-     always be implemented by pthread support. Fix for #696
+     always be implemented by pthread support. #696
   * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path.
     In case of failure, when an error occures, goto cleanup.
-     Found by redplait #590
+     Found by redplait. #590
   * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random.
-     Reported and fix suggested by guidovranken in #740
+     Reported and fix suggested by guidovranken. #740
   * Fix conditional preprocessor directives in bignum.h to enable 64-bit
     compilation when using ARM Compiler 6.
   * Fix a potential integer overflow in the version verification for DER
-     encoded X509 CRLs. The overflow would enable maliciously constructed CRLs
+     encoded X.509 CRLs. The overflow could enable maliciously constructed CRLs
     to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin,
     KNOX Security, Samsung Research America
   * Fix potential integer overflow in the version verification for DER
-     encoded X509 CSRs. The overflow would enable maliciously constructed CSRs
+     encoded X.509 CSRs. The overflow could enable maliciously constructed CSRs
     to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin,
     KNOX Security, Samsung Research America
   * Fix a potential integer overflow in the version verification for DER
-     encoded X509 certificates. The overflow would enable maliciously
+     encoded X.509 certificates. The overflow could enable maliciously
     constructed certificates to bypass the certificate verification check.
   * Fix a call to the libc function time() to call the platform abstraction
-     function mbedtls_time() instead. Found by wairua. Fix for #666
+     function mbedtls_time() instead. Found by wairua. #666
+   * Avoid shadowing of time and index functions through mbed TLS function
+     arguments. Found by inestlerode. #557.

 Changes
   * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of
-     64-bit division. #708
+     64-bit division. This is useful on embedded platforms where 64-bit division
+     created a dependency on external libraries. #708
   * Removed mutexes from ECP hardware accelerator code. Now all hardware
     accelerator code in the library leaves concurrency handling to the
     platform. Reported by Steven Cooreman. #863
   * Define the macro MBEDTLS_AES_ROM_TABLES in the configuration file
     config-no-entropy.h to reduce the RAM footprint.
+   * Added a test script that can be hooked into git that verifies commits
+     before they are pushed.

 = mbed TLS 2.5.1 released 2017-06-21

@ -158,8 +164,6 @@ Bugfix
     The PK and RSA modules use different types for passing hash length and
     without these checks the type cast could lead to data loss. Found by Guido
     Vranken.
-   * Avoid shadowing of time and index functions through mbed TLS function
-     arguments. Found by inestlerode. Fixes #557.

 = mbed TLS 2.4.2 branch released 2017-03-08

@ -228,9 +232,6 @@ Bugfix
     digits. Found and fixed by Guido Vranken.
   * Fix unlisted DES configuration dependency in some pkparse test cases. Found
     by inestlerode. #555
-   * Fix a potential integer overflow in the version verification for DER
-     encoded X509 certificates. The overflow would enable maliciously
-     constructed certificates to bypass the certificate verification check.

 = mbed TLS 2.4.1 branch released 2016-12-13