From eb490aabf6a9f47c074ec476d0d4997c2362cdbc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=90=B4=E6=95=AC=E8=BE=89?= <11137405@vivo.com> Date: Mon, 29 Nov 2021 10:46:35 +0800 Subject: [PATCH 1/9] [session] fix a session copy bug fix a possible double reference on 'ticket' when peer_cert/peer_cert_digest calloc failed. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 吴敬辉 <11137405@vivo.com> --- library/ssl_tls.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 3c1e917598..962d625435 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -301,6 +301,10 @@ static int ssl_session_copy( mbedtls_ssl_session *dst, const mbedtls_ssl_session mbedtls_ssl_session_free( dst ); memcpy( dst, src, sizeof( mbedtls_ssl_session ) ); +#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) + dst->ticket = NULL; +#endif + #if defined(MBEDTLS_X509_CRT_PARSE_C) if( src->peer_cert != NULL ) { From 18504f4b206d6c6d197ffec398bdd60a76b811c7 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 8 Dec 2021 13:28:12 +0000 Subject: [PATCH 2/9] Add changelog entry for session copy bugfix Signed-off-by: David Horstmann --- ChangeLog.d/fix-session-copy-bug.txt | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 ChangeLog.d/fix-session-copy-bug.txt diff --git a/ChangeLog.d/fix-session-copy-bug.txt b/ChangeLog.d/fix-session-copy-bug.txt new file mode 100644 index 0000000000..46e3d8ef61 --- /dev/null +++ b/ChangeLog.d/fix-session-copy-bug.txt @@ -0,0 +1,6 @@ +Bugfix + * Fix a double-free that happened after mbedtls_ssl_set_session() or + mbedtls_ssl_get_session() failed with MBEDTLS_ERR_SSL_ALLOC_FAILED + (out of memory). After that, calling mbedtls_ssl_session_free() + and mbedtls_ssl_free() would cause an internal session buffer to + be free()'d twice. From 1f65e31e730e00c5342981f603cb0928eddab2fe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 14 Dec 2021 09:49:32 +0100 Subject: [PATCH 3/9] Double-free goes under security, not bugfix. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- ChangeLog.d/fix-session-copy-bug.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/fix-session-copy-bug.txt b/ChangeLog.d/fix-session-copy-bug.txt index 46e3d8ef61..6286fa8f9f 100644 --- a/ChangeLog.d/fix-session-copy-bug.txt +++ b/ChangeLog.d/fix-session-copy-bug.txt @@ -1,4 +1,4 @@ -Bugfix +Security * Fix a double-free that happened after mbedtls_ssl_set_session() or mbedtls_ssl_get_session() failed with MBEDTLS_ERR_SSL_ALLOC_FAILED (out of memory). After that, calling mbedtls_ssl_session_free() From b0c54a7d4685c60ad53b40fe4fbe34cebf855178 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 14 Dec 2021 09:55:10 +0100 Subject: [PATCH 4/9] Fix misleading ChangeLog entry formatting. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- ChangeLog.d/bugfix-for-gcm-long-iv-size.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/bugfix-for-gcm-long-iv-size.txt b/ChangeLog.d/bugfix-for-gcm-long-iv-size.txt index 0e46ad3780..4287ea747a 100644 --- a/ChangeLog.d/bugfix-for-gcm-long-iv-size.txt +++ b/ChangeLog.d/bugfix-for-gcm-long-iv-size.txt @@ -1,3 +1,3 @@ Bugfix * Fix a bug in mbedtls_gcm_starts() when bits of iv are longer than 2^32. - * Fix #4884. + Fixes #4884. From 652e035ea10740362e657cb7b822bbd46bdc3990 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 14 Dec 2021 11:08:55 +0100 Subject: [PATCH 5/9] Assemble ChangeLog MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- ChangeLog | 55 +++++++++++++++++++++ ChangeLog.d/base64-ranges.txt | 4 -- ChangeLog.d/bugfix-for-gcm-long-iv-size.txt | 3 -- ChangeLog.d/build-without-sha.txt | 3 -- ChangeLog.d/check-return.txt | 10 ---- ChangeLog.d/fix-pkcs12-null-password.txt | 5 -- ChangeLog.d/fix-session-copy-bug.txt | 6 --- ChangeLog.d/issue4630.txt | 2 - ChangeLog.d/issue4870.txt | 10 ---- ChangeLog.d/mac-zeroize.txt | 6 --- ChangeLog.d/makefile-python-windows.txt | 4 -- ChangeLog.d/muladdc-amd64-memory.txt | 4 -- ChangeLog.d/no-strerror.txt | 3 -- 13 files changed, 55 insertions(+), 60 deletions(-) delete mode 100644 ChangeLog.d/base64-ranges.txt delete mode 100644 ChangeLog.d/bugfix-for-gcm-long-iv-size.txt delete mode 100644 ChangeLog.d/build-without-sha.txt delete mode 100644 ChangeLog.d/check-return.txt delete mode 100644 ChangeLog.d/fix-pkcs12-null-password.txt delete mode 100644 ChangeLog.d/fix-session-copy-bug.txt delete mode 100644 ChangeLog.d/issue4630.txt delete mode 100644 ChangeLog.d/issue4870.txt delete mode 100644 ChangeLog.d/mac-zeroize.txt delete mode 100644 ChangeLog.d/makefile-python-windows.txt delete mode 100644 ChangeLog.d/muladdc-amd64-memory.txt delete mode 100644 ChangeLog.d/no-strerror.txt diff --git a/ChangeLog b/ChangeLog index 47e2b5a243..7cf1bfe9c6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,60 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +Security + * Zeroize several intermediate variables used to calculate the expected + value when verifying a MAC or AEAD tag. This hardens the library in + case the value leaks through a memory disclosure vulnerability. For + example, a memory disclosure vulnerability could have allowed a + man-in-the-middle to inject fake ciphertext into a DTLS connection. + * Fix a double-free that happened after mbedtls_ssl_set_session() or + mbedtls_ssl_get_session() failed with MBEDTLS_ERR_SSL_ALLOC_FAILED + (out of memory). After that, calling mbedtls_ssl_session_free() + and mbedtls_ssl_free() would cause an internal session buffer to + be free()'d twice. + +Bugfix + * Stop using reserved identifiers as local variables. Fixes #4630. + * The GNU makefiles invoke python3 in preference to python except on Windows. + The check was accidentally not performed when cross-compiling for Windows + on Linux. Fix this. Fixes #4774. + * Mark basic constraints critical as appropriate. Note that the previous + entry for this fix in the 2.16.10 changelog was in error, and it was not + included in the 2.16.10 release as was stated. + Make 'mbedtls_x509write_crt_set_basic_constraints' consistent with RFC + 5280 4.2.1.9 which says: "Conforming CAs MUST include this extension in + all CA certificates that contain public keys used to validate digital + signatures on certificates and MUST mark the extension as critical in + such certificates." Previous to this change, the extension was always + marked as non-critical. This was fixed by #4044. + * Fix missing constraints on x86_64 assembly code for bignum multiplication + that broke some bignum operations with (at least) Clang 12. + Fixes #4116, #4786, #4917. + * Failures of alternative implementations of AES or DES single-block + functions enabled with MBEDTLS_AES_ENCRYPT_ALT, MBEDTLS_AES_DECRYPT_ALT, + MBEDTLS_DES_CRYPT_ECB_ALT or MBEDTLS_DES3_CRYPT_ECB_ALT were ignored. + This does not concern the implementation provided with Mbed TLS, + where this function cannot fail, or full-module replacements with + MBEDTLS_AES_ALT or MBEDTLS_DES_ALT. Reported by Armelle Duboc in #1092. + * Some failures of HMAC operations were ignored. These failures could only + happen with an alternative implementation of the underlying hash module. + * Fix the build of sample programs when neither MBEDTLS_ERROR_C nor + MBEDTLS_ERROR_STRERROR_DUMMY is enabled. + * Fix a bug in mbedtls_gcm_starts() when bits of iv are longer than 2^32. + Fixes #4884. + * Fix the build when no SHA2 module is included. Fixes #4930. + * Fix the build when only the bignum module is included. Fixes #4929. + * Fix a potential invalid pointer dereference and infinite loop bugs in + pkcs12 functions when the password is empty. Fix the documentation to + better describe the inputs to these functions and their possible values. + Fixes #5136. + +Changes + * Improve the performance of base64 constant-flow code. The result is still + slower than the original non-constant-flow implementation, but much faster + than the previous constant-flow implementation. Fixes #4814. + = mbed TLS 2.16.11 branch released 2021-07-07 Security diff --git a/ChangeLog.d/base64-ranges.txt b/ChangeLog.d/base64-ranges.txt deleted file mode 100644 index e3f3862bfb..0000000000 --- a/ChangeLog.d/base64-ranges.txt +++ /dev/null @@ -1,4 +0,0 @@ -Changes - * Improve the performance of base64 constant-flow code. The result is still - slower than the original non-constant-flow implementation, but much faster - than the previous constant-flow implementation. Fixes #4814. diff --git a/ChangeLog.d/bugfix-for-gcm-long-iv-size.txt b/ChangeLog.d/bugfix-for-gcm-long-iv-size.txt deleted file mode 100644 index 4287ea747a..0000000000 --- a/ChangeLog.d/bugfix-for-gcm-long-iv-size.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix a bug in mbedtls_gcm_starts() when bits of iv are longer than 2^32. - Fixes #4884. diff --git a/ChangeLog.d/build-without-sha.txt b/ChangeLog.d/build-without-sha.txt deleted file mode 100644 index 78ba27694a..0000000000 --- a/ChangeLog.d/build-without-sha.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix the build when no SHA2 module is included. Fixes #4930. - * Fix the build when only the bignum module is included. Fixes #4929. diff --git a/ChangeLog.d/check-return.txt b/ChangeLog.d/check-return.txt deleted file mode 100644 index 6eb1629f75..0000000000 --- a/ChangeLog.d/check-return.txt +++ /dev/null @@ -1,10 +0,0 @@ -Bugfix - * Failures of alternative implementations of AES or DES single-block - functions enabled with MBEDTLS_AES_ENCRYPT_ALT, MBEDTLS_AES_DECRYPT_ALT, - MBEDTLS_DES_CRYPT_ECB_ALT or MBEDTLS_DES3_CRYPT_ECB_ALT were ignored. - This does not concern the implementation provided with Mbed TLS, - where this function cannot fail, or full-module replacements with - MBEDTLS_AES_ALT or MBEDTLS_DES_ALT. Reported by Armelle Duboc in #1092. - * Some failures of HMAC operations were ignored. These failures could only - happen with an alternative implementation of the underlying hash module. - diff --git a/ChangeLog.d/fix-pkcs12-null-password.txt b/ChangeLog.d/fix-pkcs12-null-password.txt deleted file mode 100644 index fae8195535..0000000000 --- a/ChangeLog.d/fix-pkcs12-null-password.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * Fix a potential invalid pointer dereference and infinite loop bugs in - pkcs12 functions when the password is empty. Fix the documentation to - better describe the inputs to these functions and their possible values. - Fixes #5136. diff --git a/ChangeLog.d/fix-session-copy-bug.txt b/ChangeLog.d/fix-session-copy-bug.txt deleted file mode 100644 index 6286fa8f9f..0000000000 --- a/ChangeLog.d/fix-session-copy-bug.txt +++ /dev/null @@ -1,6 +0,0 @@ -Security - * Fix a double-free that happened after mbedtls_ssl_set_session() or - mbedtls_ssl_get_session() failed with MBEDTLS_ERR_SSL_ALLOC_FAILED - (out of memory). After that, calling mbedtls_ssl_session_free() - and mbedtls_ssl_free() would cause an internal session buffer to - be free()'d twice. diff --git a/ChangeLog.d/issue4630.txt b/ChangeLog.d/issue4630.txt deleted file mode 100644 index 0bc4b99e59..0000000000 --- a/ChangeLog.d/issue4630.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bugfix - * Stop using reserved identifiers as local variables. Fixes #4630. diff --git a/ChangeLog.d/issue4870.txt b/ChangeLog.d/issue4870.txt deleted file mode 100644 index 213a824835..0000000000 --- a/ChangeLog.d/issue4870.txt +++ /dev/null @@ -1,10 +0,0 @@ -Bugfix - * Mark basic constraints critical as appropriate. Note that the previous - entry for this fix in the 2.16.10 changelog was in error, and it was not - included in the 2.16.10 release as was stated. - Make 'mbedtls_x509write_crt_set_basic_constraints' consistent with RFC - 5280 4.2.1.9 which says: "Conforming CAs MUST include this extension in - all CA certificates that contain public keys used to validate digital - signatures on certificates and MUST mark the extension as critical in - such certificates." Previous to this change, the extension was always - marked as non-critical. This was fixed by #4044. diff --git a/ChangeLog.d/mac-zeroize.txt b/ChangeLog.d/mac-zeroize.txt deleted file mode 100644 index a43e34f845..0000000000 --- a/ChangeLog.d/mac-zeroize.txt +++ /dev/null @@ -1,6 +0,0 @@ -Security - * Zeroize several intermediate variables used to calculate the expected - value when verifying a MAC or AEAD tag. This hardens the library in - case the value leaks through a memory disclosure vulnerability. For - example, a memory disclosure vulnerability could have allowed a - man-in-the-middle to inject fake ciphertext into a DTLS connection. diff --git a/ChangeLog.d/makefile-python-windows.txt b/ChangeLog.d/makefile-python-windows.txt deleted file mode 100644 index 57ccc1a39a..0000000000 --- a/ChangeLog.d/makefile-python-windows.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * The GNU makefiles invoke python3 in preference to python except on Windows. - The check was accidentally not performed when cross-compiling for Windows - on Linux. Fix this. Fixes #4774. diff --git a/ChangeLog.d/muladdc-amd64-memory.txt b/ChangeLog.d/muladdc-amd64-memory.txt deleted file mode 100644 index b834331671..0000000000 --- a/ChangeLog.d/muladdc-amd64-memory.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Fix missing constraints on x86_64 assembly code for bignum multiplication - that broke some bignum operations with (at least) Clang 12. - Fixes #4116, #4786, #4917. diff --git a/ChangeLog.d/no-strerror.txt b/ChangeLog.d/no-strerror.txt deleted file mode 100644 index 69743a8715..0000000000 --- a/ChangeLog.d/no-strerror.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix the build of sample programs when neither MBEDTLS_ERROR_C nor - MBEDTLS_ERROR_STRERROR_DUMMY is enabled. From b0bb3c8b7d1d1e941a67e134b0bc5b0a14342780 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 14 Dec 2021 11:12:26 +0100 Subject: [PATCH 6/9] Bump version to 2.16.12 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit scripts/bump_version.sh --version 2.16.12 Signed-off-by: Manuel Pégourié-Gonnard --- doxygen/input/doc_mainpage.h | 2 +- doxygen/mbedtls.doxyfile | 2 +- include/mbedtls/version.h | 8 ++++---- library/CMakeLists.txt | 6 +++--- tests/suites/test_suite_version.data | 4 ++-- 5 files changed, 11 insertions(+), 11 deletions(-) diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h index ff3af467ad..4ada8c973a 100644 --- a/doxygen/input/doc_mainpage.h +++ b/doxygen/input/doc_mainpage.h @@ -49,7 +49,7 @@ */ /** - * @mainpage mbed TLS v2.16.11 source code documentation + * @mainpage mbed TLS v2.16.12 source code documentation * * This documentation describes the internal structure of mbed TLS. It was * automatically generated from specially formatted comment blocks in diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 43b9b7b802..eb20774380 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -28,7 +28,7 @@ DOXYFILE_ENCODING = UTF-8 # identify the project. Note that if you do not use Doxywizard you need # to put quotes around the project name if it contains spaces. -PROJECT_NAME = "mbed TLS v2.16.11" +PROJECT_NAME = "mbed TLS v2.16.12" # The PROJECT_NUMBER tag can be used to enter a project or revision number. # This could be handy for archiving the generated documentation or diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h index 49cbeb003a..35955a61d3 100644 --- a/include/mbedtls/version.h +++ b/include/mbedtls/version.h @@ -65,16 +65,16 @@ */ #define MBEDTLS_VERSION_MAJOR 2 #define MBEDTLS_VERSION_MINOR 16 -#define MBEDTLS_VERSION_PATCH 11 +#define MBEDTLS_VERSION_PATCH 12 /** * The single version number has the following structure: * MMNNPP00 * Major version | Minor version | Patch version */ -#define MBEDTLS_VERSION_NUMBER 0x02100B00 -#define MBEDTLS_VERSION_STRING "2.16.11" -#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.16.11" +#define MBEDTLS_VERSION_NUMBER 0x02100C00 +#define MBEDTLS_VERSION_STRING "2.16.12" +#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.16.12" #if defined(MBEDTLS_VERSION_C) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 0afdde732c..e147776ca1 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -165,15 +165,15 @@ endif(USE_STATIC_MBEDTLS_LIBRARY) if(USE_SHARED_MBEDTLS_LIBRARY) add_library(mbedcrypto SHARED ${src_crypto}) - set_target_properties(mbedcrypto PROPERTIES VERSION 2.16.11 SOVERSION 3) + set_target_properties(mbedcrypto PROPERTIES VERSION 2.16.12 SOVERSION 3) target_link_libraries(mbedcrypto ${libs}) add_library(mbedx509 SHARED ${src_x509}) - set_target_properties(mbedx509 PROPERTIES VERSION 2.16.11 SOVERSION 0) + set_target_properties(mbedx509 PROPERTIES VERSION 2.16.12 SOVERSION 0) target_link_libraries(mbedx509 ${libs} mbedcrypto) add_library(mbedtls SHARED ${src_tls}) - set_target_properties(mbedtls PROPERTIES VERSION 2.16.11 SOVERSION 12) + set_target_properties(mbedtls PROPERTIES VERSION 2.16.12 SOVERSION 12) target_link_libraries(mbedtls ${libs} mbedx509) install(TARGETS mbedtls mbedx509 mbedcrypto diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data index 3aa2523f99..a8a997b449 100644 --- a/tests/suites/test_suite_version.data +++ b/tests/suites/test_suite_version.data @@ -1,8 +1,8 @@ Check compiletime library version -check_compiletime_version:"2.16.11" +check_compiletime_version:"2.16.12" Check runtime library version -check_runtime_version:"2.16.11" +check_runtime_version:"2.16.12" Check for MBEDTLS_VERSION_C check_feature:"MBEDTLS_VERSION_C":0 From 6fc3aa004c83b81f87b6495a63e688b208e6797b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 14 Dec 2021 11:13:29 +0100 Subject: [PATCH 7/9] Update version header in ChangeLog MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 7cf1bfe9c6..26d9891cbf 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,6 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS x.x.x branch released xxxx-xx-xx += mbed TLS 2.16.12 branch released 2021-12-17 Security * Zeroize several intermediate variables used to calculate the expected From fb4e9be5dbba13daf0c052bcee791f1c2e164501 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 14 Dec 2021 11:23:36 +0100 Subject: [PATCH 8/9] Remove some bashisms from all.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Other branches use bash for all.sh, but we're still using plain sh. Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 9d7e74db12..ccd6193029 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1725,12 +1725,12 @@ support_test_cmake_out_of_source () { # Attempt to parse lsb-release to find out distribution and version. If not # found this should fail safe (test is supported). - if [[ -f /etc/lsb-release ]]; then + if [ -f /etc/lsb-release ]; then while read -r lsb_line; do case "$lsb_line" in - "DISTRIB_ID"*) distrib_id=${lsb_line/#DISTRIB_ID=};; - "DISTRIB_RELEASE"*) distrib_ver=${lsb_line/#DISTRIB_RELEASE=};; + "DISTRIB_ID"*) distrib_id=${lsb_line#DISTRIB_ID=};; + "DISTRIB_RELEASE"*) distrib_ver=${lsb_line#DISTRIB_RELEASE=};; esac done < /etc/lsb-release From b9f4568ec08f94696ba5df8ab2c8a3770f0e4551 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 15 Dec 2021 10:22:51 +0100 Subject: [PATCH 9/9] Improve wording of a ChangeLog entry MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Keeps the entry aligned with other branches too. Signed-off-by: Manuel Pégourié-Gonnard --- ChangeLog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 26d9891cbf..9a21e90482 100644 --- a/ChangeLog +++ b/ChangeLog @@ -41,8 +41,8 @@ Bugfix happen with an alternative implementation of the underlying hash module. * Fix the build of sample programs when neither MBEDTLS_ERROR_C nor MBEDTLS_ERROR_STRERROR_DUMMY is enabled. - * Fix a bug in mbedtls_gcm_starts() when bits of iv are longer than 2^32. - Fixes #4884. + * Fix a bug in mbedtls_gcm_starts() when the bit length of the iv + exceeds 2^32. Fixes #4884. * Fix the build when no SHA2 module is included. Fixes #4930. * Fix the build when only the bignum module is included. Fixes #4929. * Fix a potential invalid pointer dereference and infinite loop bugs in