Update ChangeLog

This commit is contained in:
Hanno Becker 2017-11-29 16:57:06 +00:00
parent 1df4923eb1
commit 004198adb3

View file

@ -9,14 +9,16 @@ Security
corrupt 6 bytes on the peer's heap, potentially leading to crash or corrupt 6 bytes on the peer's heap, potentially leading to crash or
remote code execution. This can be triggered remotely from either remote code execution. This can be triggered remotely from either
side in both TLS and DTLS. side in both TLS and DTLS.
* Fix implementation of truncated HMAC extension leading to
compatibility problems with non Mbed TLS peers and allowing
an offline 2^80 brute force attack on the HMAC key of a single,
uninterrupted (excluding session resumption) connection.
Found by Andreas Walz.
Features Features
* Allow comments in test data files. * Allow comments in test data files.
Bugfix Bugfix
* Fix wrong implementation of truncated HMAC extension leading to
compatibility problems with peers not running Mbed TLS. Found by
Andreas Walz.
* Fix ssl_parse_record_header() to silently discard invalid DTLS records * Fix ssl_parse_record_header() to silently discard invalid DTLS records
as recommended in RFC 6347 Section 4.1.2.7. as recommended in RFC 6347 Section 4.1.2.7.
* Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times. * Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times.