Improve mbedtls_pkcs5_pbes2_ext changelog description Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>

commit: dffb1e3d66e958bbf52a34d3c2035123826a2cf2 [log] [tgz]
author: Waleed Elmelegy <waleed.elmelegy@arm.com> Tue Aug 29 14:56:15 2023 +0100
committer: Waleed Elmelegy <waleed.elmelegy@arm.com> Mon Sep 04 17:57:23 2023 +0100
tree: 345305e9e57420a41c5d2cd1a45e84bd91a015ed
parent: dcad168acfe3ce9f5cde4914661f1db444ef1faf [diff]
diff --git a/ChangeLog.d/add-new-pkcs5-pbe2-ext-fun.txt b/ChangeLog.d/add-new-pkcs5-pbe2-ext-fun.txt
index 1ab8640..a1fded3 100644
--- a/ChangeLog.d/add-new-pkcs5-pbe2-ext-fun.txt
+++ b/ChangeLog.d/add-new-pkcs5-pbe2-ext-fun.txt

@@ -1,6 +1,6 @@
-Features
-   * Add new mbedtls_pkcs5_pbes2_ext function a more secure replacement to
-     mbedtls_pkcs5_pbes2 function because it reports the length of the output
-     bytes written to the output buffer and it requires a parameter containing
-     the output buffer size and validate if the output buffer is big enough
-     for output including padding.
+Security
+   * Developers using mbedtls_pkcs5_pbes2() should review the size of the output
+     buffer passed to this function, and note that the output after decryption
+     may include CBC padding. Consider moving to the new function
+     mbedtls_pkcs5_pbes2_ext() which checks for overflow of the output buffer
+     and reports the actual length of the output.
commit	dffb1e3d66e958bbf52a34d3c2035123826a2cf2	[log] [tgz]
author	Waleed Elmelegy <waleed.elmelegy@arm.com>	Tue Aug 29 14:56:15 2023 +0100
committer	Waleed Elmelegy <waleed.elmelegy@arm.com>	Mon Sep 04 17:57:23 2023 +0100
tree	345305e9e57420a41c5d2cd1a45e84bd91a015ed
parent	dcad168acfe3ce9f5cde4914661f1db444ef1faf [diff]