commit 49ac5d06ed6c4d24ea2fbe1ac890539045891c12
author Gilles Peskine <Gilles.Peskine@arm.com> Wed Feb 14 14:36:44 2018 +0100
committer Gilles Peskine <Gilles.Peskine@arm.com> Wed Feb 14 14:36:44 2018 +0100
tree 1866613d1e376d037ae18a09ab499062d65ff25e
parent 27b0754501b2a78964bdb1d1b1be90419590f9da
parent 5daa76537a848dea1b7771cde0bdd2fcbabaa2df

Merge branch 'pr_1365' into development-proposed

ChangeLog

diff --git a/ChangeLog b/ChangeLog
index c9075b7..90aee9a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,7 +2,13 @@
 
 = mbed TLS 2.7.x branch released 2018-xx-xx
 
+Bugfix
+   * Fix the name of a DHE parameter that was accidentally changed in 2.7.0.
+     Fixes #1358.
+
 Changes
+   * Fix tag lengths and value ranges in the documentation of CCM encryption.
+     Contributed by Mathieu Briand.
    * Fix typo in a comment ctr_drbg.c. Contributed by Paul Sokolovsky.
 
 = mbed TLS 2.7.0 branch released 2018-02-03

include/mbedtls/ccm.h

diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h
index 5a9ee4a..630b7fd 100644
--- a/include/mbedtls/ccm.h
+++ b/include/mbedtls/ccm.h
@@ -105,7 +105,7 @@
  *                  Must be at least \p length Bytes wide.
  * \param tag       The buffer holding the tag.
  * \param tag_len   The length of the tag to generate in Bytes:
- *                  4, 6, 8, 10, 14 or 16.
+ *                  4, 6, 8, 10, 12, 14 or 16.
  *
  * \note            The tag is written to a separate buffer. To concatenate
  *                  the \p tag with the \p output, as done in <em>RFC-3610:
@@ -131,10 +131,13 @@
  * \param iv_len    The length of the IV in Bytes: 7, 8, 9, 10, 11, 12, or 13.
  * \param add       The additional data field.
  * \param add_len   The length of additional data in Bytes.
+ *                  Must be less than 2^16 - 2^8.
  * \param input     The buffer holding the input data.
  * \param output    The buffer holding the output data.
+ *                  Must be at least \p length Bytes wide.
  * \param tag       The buffer holding the tag.
  * \param tag_len   The length of the tag in Bytes.
+ *                  4, 6, 8, 10, 12, 14 or 16.
  *
  * \return          0 if successful and authenticated, or
  *                  #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match.

include/mbedtls/dhm.h

diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h
index da2e66b..00fafd8 100644
--- a/include/mbedtls/dhm.h
+++ b/include/mbedtls/dhm.h
@@ -372,7 +372,7 @@
  * in <em>RFC-5114: Additional Diffie-Hellman Groups for Use with
  * IETF Standards</em>.
  */
-#define MBEDTLS_DHM_RFC5114_MODP_P                              \
+#define MBEDTLS_DHM_RFC5114_MODP_2048_P                         \
     MBEDTLS_DEPRECATED_STRING_CONSTANT(                         \
         "AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1"      \
         "B54B1597B61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15"      \