From bcb814951059a425f86f173a766cd0b504450be9 Mon Sep 17 00:00:00 2001 From: Krzysztof Stachowiak Date: Wed, 14 Mar 2018 11:23:34 +0100 Subject: [PATCH] Update change log --- ChangeLog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ChangeLog b/ChangeLog index 8db021591..725a6b1a4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -46,6 +46,8 @@ Security * Change default choice of DHE parameters from untrustworthy RFC 5114 to RFC 3526 containing parameters generated in a nothing-up-my-sleeve manner. + * Fix a buffer overread in ssl_parse_server_psk_hint() that could cause a + crash on invalid input. Features * Allow comments in test data files. @@ -180,6 +182,8 @@ Bugfix * In mbedtls_entropy_free(), properly free the message digest context. * Fix status handshake status message in programs/ssl/dtls_client.c. Found and fixed by muddog. + * Fix a possible arithmetic overflow in ssl_parse_server_psk_hint() that + could cause a key exchange to fail on valid data. Changes * Extend cert_write example program by options to set the certificate version