Fix language and formatting in ChangeLog

Changed the formatting and language in the ChangeLog to the house-style.
2025-01-07 06:35:27 +00:00 · 2018-11-08 13:47:40 +00:00 · 2018-11-08 13:47:40 +00:00 · a2c8691c0d
parent 3bc2b8be36
commit a2c8691c0d
1 changed files with 19 additions and 23 deletions
--- a/42
+++ b/42
@ -3,13 +3,23 @@ mbed TLS ChangeLog (Sorted per branch, date)
 = mbed TLS x.x.x branch released xxxx-xx-xx
 Security
-   * Fix overly strict DN comparison when looking for CRLs
+   * Fix overly strict DN comparison when looking for CRLs belonging to a
-     belonging to a particular CA. This previously lead to
+     particular CA. This previously lead to ignoring CRLs when the CRL's issuer
-     ignoring CRLs when the CRL's issuer name and the CA's
+     name and the CA's subject name differed in their string encoding (e.g.,
-     subject name differed in their string encoding (e.g.,
+     one using PrintableString and the other UTF8String) or in the choice of
-     one using PrintableString and the other UTF8String) or
+     upper and lower case. Reported by Henrik Andersson of Bosch GmbH in issue
-     in the choice of upper and lower case. Reported by
+     #1784.
-     HenrikRosenquistAndersson in #1784.
+   * Fix mbedtls_mpi_is_prime() to use more rounds of probabilistic testing. The
     previous settings for the number of rounds made it practical for an
     adversary to construct non-primes that would be erroneously accepted as
     primes with high probability. This does not have an impact on the
     security of TLS, but can matter in other contexts with potentially
     adversarially-chosen numbers that should be prime and can be validated.
     For example, the number of rounds was enough to securely generate RSA key
     pairs or Diffie-Hellman parameters, but was insufficient to validate
     Diffie-Hellman parameters properly.
     See "Prime and Prejudice" by by Martin R. Albrecht and Jake Massimo and
     Kenneth G. Paterson and Juraj Somorovsky.
   * Fix a flawed bounds check in server PSK hint parsing. In case the
     incoming message buffer was placed within the first 64KB of address
     space and a PSK-(EC)DHE ciphersuite was used, this allowed an attacker
@ -32,8 +42,8 @@ Bugfix
     Fixes #2069.
   * Fix memory leak and freeing without initialization in the example
     program programs/x509/cert_write. Fixes #1422.
-   * Ignore iv in mbedtls_cipher_set_iv() when the cipher mode is MBEDTLS_MODE_ECB
+   * Ignore IV in mbedtls_cipher_set_iv() when the cipher mode is
-     Fix for #1091 raised by ezdevelop
+     MBEDTLS_MODE_ECB. Found by ezdevelop, Fixes #1091.
   * Fix failure in hmac_drbg in the benchmark sample application, when
     MBEDTLS_THREADING_C is defined. Found by TrinityTonic, #1095
   * Fix a bug in the update function for SSL ticket keys which previously
@ -65,20 +75,6 @@ Changes
   * Improve documentation of mbedtls_ssl_get_verify_result().
     Fixes #517 reported by github-monoculture.
 Security
   * Fix mbedtls_mpi_is_prime() to use more rounds of probabilistic testing. The
     previous settings for the number of rounds made it practical for an
     adversary to construct non-primes that would be erroneously accepted as
     primes with high probability. This does not have an impact on the
     security of TLS, but can matter in other contexts with potentially
     adversarially-chosen numbers that should be prime and can be validated.
     For example, the number of rounds was enough to securely generate RSA key
     pairs or Diffie-Hellman parameters, but was insufficient to validate
     Diffie-Hellman parameters properly.
     See "Prime and Prejudice" by by Martin R. Albrecht and Jake Massimo and
     Kenneth G. Paterson and Juraj Somorovsky.
 = mbed TLS 2.1.15 branch released 2018-08-31
 Security