From 8761d929da786ff3e6c6f85603b114a786d9bd5d Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <andres.amayagarcia@arm.com>
Date: Wed, 26 Sep 2018 10:59:20 +0100
Subject: [PATCH] Add ChangeLog entry for unused bits in bitstrings

---
 ChangeLog | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index b39b95391..0b20bffe2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -11,6 +11,12 @@ Bugfix
      previously lead to a stack overflow on constrained targets.
    * Add `MBEDTLS_SELF_TEST` for the mbedtls_self_test functions
      in the header files, which missed the precompilation check. #971
+   * Ensure that unused bits are zero when writing ASN.1 bitstrings when using
+     mbedtls_asn1_write_bitstring().
+   * Fix issue when writing the named bitstrings in KeyUsage and NsCertType
+     extensions in CSRs and CRTs that caused these bitstrings to not be encoded
+     correctly as trailing zeroes were not accounted for as unused bits in the
+     leading content octet. Fixes #1610.
 
 = mbed TLS 2.16.0 branch released 2018-12-21
 
@@ -23,6 +29,8 @@ Features
      function to see for which parameter values it is defined. This feature is
      disabled by default. See its API documentation in config.h for additional
      steps you have to take when enabling it.
+   * Add a new function mbedtls_asn1_write_named_bitstring() to write ASN.1
+     named bitstring in DER as required by RFC 5280 Appendix B.
 
 API Changes
    * The following functions in the random generator modules have been