Merge remote-tracking branch 'upstream-restricted/pr/503' into development-restricted-proposed
diff --git a/ChangeLog b/ChangeLog
index 37373a2..5032be6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,13 @@
= mbed TLS x.x.x branch released xxxx-xx-xx
+Security
+ * When writing a private EC key, use a constant size for the private
+ value, as specified in RFC 5915. Previously, the value was written
+ as an ASN.1 INTEGER, which caused the size of the key to leak
+ about 1 bit of information on average and could cause the value to be
+ 1 byte too large for the output buffer.
+
Features
* Add the Any Policy certificate policy oid, as defined in
rfc 5280 section 4.2.1.4.
@@ -32,6 +39,15 @@
MBEDTLS_SSL_DTLS_CONNECTION_ID (disabled by default), and at run-time
through the new APIs mbedtls_ssl_conf_cid() and mbedtls_ssl_set_cid().
+API Changes
+ * Extend the MBEDTLS_SSL_EXPORT_KEYS to export the handshake randbytes,
+ and the used tls-prf.
+ * Add public API for tls-prf function, according to requested enum.
+ * Add DER-encoded test CRTs to library/certs.c, allowing
+ the example programs ssl_server2 and ssl_client2 to be run
+ if MBEDTLS_FS_IO and MBEDTLS_PEM_PARSE_C are unset. Fixes #2254.
+ * The HAVEGE state type now uses uint32_t elements instead of int.
+
Bugfix
* Fix private key DER output in the key_app_writer example. File contents
were shifted by one byte, creating an invalid ASN.1 tag. Fixed by
@@ -80,15 +96,6 @@
in mbedtls_x509write_crt_der() to 2Kb. Reported by soccerGB in #2631.
* Fix partial zeroing in x509_get_other_name. Found and fixed by ekse, #2716.
-API Changes
- * Extend the MBEDTLS_SSL_EXPORT_KEYS to export the handshake randbytes,
- and the used tls-prf.
- * Add public API for tls-prf function, according to requested enum.
- * Add DER-encoded test CRTs to library/certs.c, allowing
- the example programs ssl_server2 and ssl_client2 to be run
- if MBEDTLS_FS_IO and MBEDTLS_PEM_PARSE_C are unset. Fixes #2254.
- * The HAVEGE state type now uses uint32_t elements instead of int.
-
Changes
* Server's RSA certificate in certs.c was SHA-1 signed. In the default
mbedTLS configuration only SHA-2 signed certificates are accepted.