commit 39e2c0eeb6501980764793e8d54c49c0a42bde48
author Jaeden Amero <jaeden.amero@arm.com> Wed Jan 15 16:46:46 2020 +0000
committer Jaeden Amero <jaeden.amero@arm.com> Wed Jan 15 16:59:41 2020 +0000
tree eceb1af3f070dab74ae4df96fcfd91e4d0b6b409
parent 1dfc361a50657c3b598411c397dcbdf53631b02d
parent f02988e5779ee081f9fc85234a9f5b9ed2eaee8f

Merge remote-tracking branch 'origin/mbedtls-2.16' into mbedtls-2.16-restricted

* origin/mbedtls-2.16:
  Fix some pylint warnings
  Enable more test cases without MBEDTLS_MEMORY_DEBUG
  More accurate test case description
  Clarify that the "FATAL" message is expected
  Note that mbedtls_ctr_drbg_seed() must not be called twice
  Fix CTR_DRBG benchmark
  Changelog entry for xxx_drbg_set_entropy_len before xxx_drbg_seed
  CTR_DRBG: support set_entropy_len() before seed()
  CTR_DRBG: Don't use functions before they're defined
  HMAC_DRBG: support set_entropy_len() before seed()

ChangeLog

diff --git a/ChangeLog b/ChangeLog
index 8b8602f..b8dc65c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,6 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
-= mbed TLS 2.16.x branch released xxxx-xx-xx
+= mbed TLS 2.16.4 branch released 2020-01-15
 
 Security
    * Fix side channel vulnerability in ECDSA. Our bignum implementation is not
@@ -29,6 +29,10 @@
    * Remove redundant line for getting the bitlen of a bignum, since the variable
      holding the returned value is overwritten a line after.
      Found by irwir in #2377.
+   * Support mbedtls_hmac_drbg_set_entropy_len() and
+     mbedtls_ctr_drbg_set_entropy_len() before the DRBG is seeded. Before,
+     the initial seeding always reset the entropy length to the compile-time
+     default.
 
 Changes
    * Add unit tests for AES-GCM when called through mbedtls_cipher_auth_xxx()