mbedtls/ChangeLog.d/use-psa-ecdhe-curve.txt

Bugfix
   * Fix a bug in (D)TLS curve negotiation: when MBEDTLS_USE_PSA_CRYPTO was
     enabled and an ECDHE-ECDSA or ECDHE-RSA key exchange was used, the
     client would fail to check that the curve selected by the server for
     ECDHE was indeed one that was offered. As a result, the client would
     accept any curve that it supported, even if that curve was not allowed
     according to its configuration. Fixes #5291.
Fix missing check on server-chosen curve We had this check in the non-PSA case, but it was missing in the PSA case. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 2022-01-25 11:46:19 +01:00			`Bugfix`
			`* Fix a bug in (D)TLS curve negotiation: when MBEDTLS_USE_PSA_CRYPTO was`
			`enabled and an ECDHE-ECDSA or ECDHE-RSA key exchange was used, the`
			`client would fail to check that the curve selected by the server for`
			`ECDHE was indeed one that was offered. As a result, the client would`
			`accept any curve that it supported, even if that curve was not allowed`
Changelog: mention bug id in bugfix entry Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com> 2022-06-09 18:44:51 +02:00			`according to its configuration. Fixes #5291.`