commit d8180f8d84123704d04bb9d6fea7b36facdf7f00
author Jaeden Amero <jaeden.amero@arm.com> Wed Jan 15 16:59:10 2020 +0000
committer Jaeden Amero <jaeden.amero@arm.com> Wed Jan 15 16:59:10 2020 +0000
tree 431b003f8e02f7b701f370cb3bf800d6ce729f98
parent 373a7097eb59f44de79335396bd0e7a3e41bceb4
parent db649896e69b8b8901059dc769f83e90696ffad1

Merge remote-tracking branch 'origin/mbedtls-2.7' into mbedtls-2.7-restricted

* origin/mbedtls-2.7:
  Enable more test cases without MBEDTLS_MEMORY_DEBUG
  More accurate test case description
  Clarify that the "FATAL" message is expected
  Note that mbedtls_ctr_drbg_seed() must not be called twice
  Fix CTR_DRBG benchmark
  Changelog entry for xxx_drbg_set_entropy_len before xxx_drbg_seed
  CTR_DRBG: support set_entropy_len() before seed()
  CTR_DRBG: Don't use functions before they're defined
  HMAC_DRBG: support set_entropy_len() before seed()

ChangeLog

diff --git a/ChangeLog b/ChangeLog
index 0de4fa0..c6ec52e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,6 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
-= mbed TLS 2.7.x branch released xxxx-xx-xx
+= mbed TLS 2.7.13 branch released 2020-01-15
 
 Security
    * Fix side channel vulnerability in ECDSA. Our bignum implementation is not
@@ -25,6 +25,12 @@
      reported and fix proposed by Johan Uppman Bruce and Christoffer Lauri,
      Sectra.
 
+Bugfix
+   * Support mbedtls_hmac_drbg_set_entropy_len() and
+     mbedtls_ctr_drbg_set_entropy_len() before the DRBG is seeded. Before,
+     the initial seeding always reset the entropy length to the compile-time
+     default.
+
 Changes
    * Add unit tests for AES-GCM when called through mbedtls_cipher_auth_xxx()
      from the cipher abstraction layer. Fixes #2198.