NIST_KW in cipher: credit the reporter

This issue was found by Guido Vranken's Cryptofuzz running on the OSS-Fuzz platform. Fix #3665 Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 14:26:07 +01:00 · 2020-12-07 14:26:07 +01:00 · 22a191199d
commit 22a191199d
parent 3aae5d4ed7
1 changed files with 2 additions and 1 deletions
--- a/ChangeLog.d/cipher-auth-crypt-nist-kw.txt
+++ b/ChangeLog.d/cipher-auth-crypt-nist-kw.txt
@ -3,7 +3,8 @@ API changes
     mbedtls_cipher_auth_decrypt() no longer accept NIST_KW contexts,
     as they have no way to check if the output buffer is large enough.
     Please use mbedtls_cipher_auth_encrypt_ext() and
-     mbedtls_cipher_auth_decrypt_ext() instead.
+     mbedtls_cipher_auth_decrypt_ext() instead. Credit to OSS-Fuzz and
+     Cryptofuzz. Fixes #3665.

 Security
   * The functions mbedtls_cipher_auth_encrypt() and