Add ChangeLog entry for unused bits in bitstrings

2018-09-26 10:59:20 +01:00 · 2018-09-26 10:59:20 +01:00 · 8761d929da
commit 8761d929da
parent 88bf1b3dd5
1 changed files with 8 additions and 0 deletions
--- a/8
+++ b/8
@ -11,6 +11,12 @@ Bugfix
     previously lead to a stack overflow on constrained targets.
   * Add `MBEDTLS_SELF_TEST` for the mbedtls_self_test functions
     in the header files, which missed the precompilation check. #971
+   * Ensure that unused bits are zero when writing ASN.1 bitstrings when using
+     mbedtls_asn1_write_bitstring().
+   * Fix issue when writing the named bitstrings in KeyUsage and NsCertType
+     extensions in CSRs and CRTs that caused these bitstrings to not be encoded
+     correctly as trailing zeroes were not accounted for as unused bits in the
+     leading content octet. Fixes #1610.

 = mbed TLS 2.16.0 branch released 2018-12-21

@ -23,6 +29,8 @@ Features
     function to see for which parameter values it is defined. This feature is
     disabled by default. See its API documentation in config.h for additional
     steps you have to take when enabling it.
+   * Add a new function mbedtls_asn1_write_named_bitstring() to write ASN.1
+     named bitstring in DER as required by RFC 5280 Appendix B.

 API Changes
   * The following functions in the random generator modules have been