From 0684965f5aad346ee50ec28bd48f7e2bdd7a1896 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 13 Sep 2023 13:35:16 +0100 Subject: [PATCH] Modify changelog entry to add pkcs12 pbe functions Signed-off-by: Waleed Elmelegy --- ChangeLog.d/add-new-pkcs5-pbe2-ext-fun.txt | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/ChangeLog.d/add-new-pkcs5-pbe2-ext-fun.txt b/ChangeLog.d/add-new-pkcs5-pbe2-ext-fun.txt index a1fded3aa5..e8509c6627 100644 --- a/ChangeLog.d/add-new-pkcs5-pbe2-ext-fun.txt +++ b/ChangeLog.d/add-new-pkcs5-pbe2-ext-fun.txt @@ -1,6 +1,7 @@ Security - * Developers using mbedtls_pkcs5_pbes2() should review the size of the output - buffer passed to this function, and note that the output after decryption - may include CBC padding. Consider moving to the new function - mbedtls_pkcs5_pbes2_ext() which checks for overflow of the output buffer - and reports the actual length of the output. + * Developers using mbedtls_pkcs5_pbes2() or mbedtls_pkcs12_pbe() should review + the size of the output buffer passed to this function, and note that the + output after decryption may include CBC padding. Consider moving to the + new functions mbedtls_pkcs5_pbes2_ext() or mbedtls_pkcs12_pbe_ext() which + checks for overflow of the output buffer and reports the actual length + of the output.