Commit graph

1 commit

Author SHA1 Message Date
Gilles Peskine 37e7736d8e Changelog for the fix to mbedtls_mpi_exp_mod(A=0)
In Mbed TLS 2.26.0, the bug was hard to trigger, since all methods for
parsing a bignum (mbedtls_mpi_read_xxx functions) constructed an mbedtls_mpi
object with at least one limb.

In the development branch, after the commit
"New internal function mbedtls_mpi_resize_clear", this bug could be
triggered by a TLS server, by passing invalid custom Diffie-Hellman
parameters with G=0 transmitted as a 0-length byte string.

Since the behavior change in mbedtls_mpi_read_binary and
mbedtls_mpi_read_binary_le (constructing 0 limbs instead of 1 when passed
empty input) turned out to have consequences despite being in principle an
internal detail, mention it in the changelog.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 12:39:17 +02:00