From 20c1f03dd51ea619ee43420b913c21071e91b08b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 29 Nov 2022 22:39:44 +0100 Subject: [PATCH] Improve wording, punctuation, etc. Signed-off-by: Gilles Peskine --- ChangeLog.d/dtls-connection-id.txt | 15 ++++++++------- ...tend-query_compile_time_config-to-psa_want.txt | 2 +- ...build_error_for_mbedtls_deprecated_removed.txt | 4 ++-- ...x_build_tls1_2_with_single_encryption_type.txt | 5 ++--- ChangeLog.d/fix_cmake_using_iar_toolchain.txt | 2 +- ...mption_fail_when_hostname_is_not_localhost.txt | 6 +++--- ChangeLog.d/fix_zeroization.txt | 4 ++-- ChangeLog.d/mbedtls_asn1_type_free.txt | 4 ++-- ChangeLog.d/tls13-misc.txt | 11 +++++------ 9 files changed, 26 insertions(+), 27 deletions(-) diff --git a/ChangeLog.d/dtls-connection-id.txt b/ChangeLog.d/dtls-connection-id.txt index eb9e216c4..0d0a71f29 100644 --- a/ChangeLog.d/dtls-connection-id.txt +++ b/ChangeLog.d/dtls-connection-id.txt @@ -5,12 +5,13 @@ Features Changes * Previously the macro MBEDTLS_SSL_DTLS_CONNECTION_ID implemented version 05 - of the draft, and was marked experimental and disabled by default. It is - now no longer experimental, and implements the final version from RFC 9146, - which is not interoperable with the draft-05 version. If you need to - communicate with peers that use earlier versions of Mbed TLS, you - need to define MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT to 1, but then you - won't be able to communicate with peers that use the standard (non-draft) - version. If you need to interoperate with both classes of peers with the + of the IETF draft, and was marked experimental and disabled by default. + It is now no longer experimental, and implements the final version from + RFC 9146, which is not interoperable with the draft-05 version. + If you need to communicate with peers that use earlier versions of + Mbed TLS, you need to define MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT to 1, + but then you won't be able to communicate with peers that use the standard + (non-draft) version. + If you need to interoperate with both classes of peers with the same build of Mbed TLS, please let us know about your situation on the mailing list or GitHub. diff --git a/ChangeLog.d/extend-query_compile_time_config-to-psa_want.txt b/ChangeLog.d/extend-query_compile_time_config-to-psa_want.txt index b268fd4f0..99b2ec4ee 100644 --- a/ChangeLog.d/extend-query_compile_time_config-to-psa_want.txt +++ b/ChangeLog.d/extend-query_compile_time_config-to-psa_want.txt @@ -1,2 +1,2 @@ Changes - * Add the ability to query PSA_WANT_xxx macros to query_compile_time_config + * Add the ability to query PSA_WANT_xxx macros to query_compile_time_config. diff --git a/ChangeLog.d/fix_build_error_for_mbedtls_deprecated_removed.txt b/ChangeLog.d/fix_build_error_for_mbedtls_deprecated_removed.txt index a70521a00..f0fa00046 100644 --- a/ChangeLog.d/fix_build_error_for_mbedtls_deprecated_removed.txt +++ b/ChangeLog.d/fix_build_error_for_mbedtls_deprecated_removed.txt @@ -1,3 +1,3 @@ Bugfix - * Fix build error due to missing prototype - warning when MBEDTLS_DEPRECATED_REMOVED is enabled + * Fix a build error due to a missing prototype warning when + MBEDTLS_DEPRECATED_REMOVED is enabled. diff --git a/ChangeLog.d/fix_build_tls1_2_with_single_encryption_type.txt b/ChangeLog.d/fix_build_tls1_2_with_single_encryption_type.txt index bac491026..c7d269142 100644 --- a/ChangeLog.d/fix_build_tls1_2_with_single_encryption_type.txt +++ b/ChangeLog.d/fix_build_tls1_2_with_single_encryption_type.txt @@ -1,4 +1,3 @@ Bugfix - * Fix bugs and missing dependencies when - building and testing configurations with - only one encryption type enabled in TLS 1.2. + * Fix bugs and missing dependencies when building and testing + configurations with only one encryption type enabled in TLS 1.2. diff --git a/ChangeLog.d/fix_cmake_using_iar_toolchain.txt b/ChangeLog.d/fix_cmake_using_iar_toolchain.txt index ecc09c241..9ec6e0d6b 100644 --- a/ChangeLog.d/fix_cmake_using_iar_toolchain.txt +++ b/ChangeLog.d/fix_cmake_using_iar_toolchain.txt @@ -1,3 +1,3 @@ Bugfix - * Fixed an issue that cause compile error using CMake IAR toolchain. + * Fix a compilation error when using CMake with an IAR toolchain. Fixes #5964. diff --git a/ChangeLog.d/fix_tls13_session_resumption_fail_when_hostname_is_not_localhost.txt b/ChangeLog.d/fix_tls13_session_resumption_fail_when_hostname_is_not_localhost.txt index 5797f48e8..9f5c6499d 100644 --- a/ChangeLog.d/fix_tls13_session_resumption_fail_when_hostname_is_not_localhost.txt +++ b/ChangeLog.d/fix_tls13_session_resumption_fail_when_hostname_is_not_localhost.txt @@ -1,4 +1,4 @@ Bugfix - * Fix TLS 1.3 session resumption fail. Fixes #6488. - * Add configuration check to exclude TLS 1.3 optional authentication of - client. + * Fix TLS 1.3 session resumption. Fixes #6488. + * Add a configuration check to exclude optional client authentication + in TLS 1.3 (where it is forbidden). diff --git a/ChangeLog.d/fix_zeroization.txt b/ChangeLog.d/fix_zeroization.txt index ad74d9c59..8b00dcc98 100644 --- a/ChangeLog.d/fix_zeroization.txt +++ b/ChangeLog.d/fix_zeroization.txt @@ -1,3 +1,3 @@ Bugfix - * Fix possible crash in TLS PRF code, if a failure to allocate memory occurs. - Reported by Michael Madsen in #6516. + * Fix a possible null pointer dereference if a memory allocation fails + in TLS PRF code. Reported by Michael Madsen in #6516. diff --git a/ChangeLog.d/mbedtls_asn1_type_free.txt b/ChangeLog.d/mbedtls_asn1_type_free.txt index 81f3a2007..a6792afa1 100644 --- a/ChangeLog.d/mbedtls_asn1_type_free.txt +++ b/ChangeLog.d/mbedtls_asn1_type_free.txt @@ -1,6 +1,6 @@ Features - * Shared code to free x509 structs like mbedtls_x509_named_data + * Shared code to free x509 structs like mbedtls_x509_named_data. New deprecations * Deprecate mbedtls_asn1_free_named_data(). Use mbedtls_asn1_free_named_data_list() - or mbedtls_asn1_free_named_data_list_shallow() + or mbedtls_asn1_free_named_data_list_shallow(). diff --git a/ChangeLog.d/tls13-misc.txt b/ChangeLog.d/tls13-misc.txt index 497ed38d2..b76bb9171 100644 --- a/ChangeLog.d/tls13-misc.txt +++ b/ChangeLog.d/tls13-misc.txt @@ -1,9 +1,8 @@ Features - * Mbed TLS supports TLS 1.3 key establishment via pre-shared keys, + * Mbed TLS now supports TLS 1.3 key establishment via pre-shared keys, pre-shared keys provisioned externally or via the ticket mechanism (session resumption). - The MBEDTLS_SSL_SESSION_TICKETS configuration option controls the support - for the ticket mechanism. - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_xxx_ENABLED configuration options - have been introduced to control the support for the three possible - TLS 1.3 key exchange modes. + The ticket mechanism is supported when the configuration option + MBEDTLS_SSL_SESSION_TICKETS is enabled. + New options MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_xxx_ENABLED + control the support for the three possible TLS 1.3 key exchange modes.