Add changelog entry for mbedtls_ecdh_get_params robustness

This commit is contained in:
Gilles Peskine 2018-11-07 22:39:16 +01:00
parent 0b1b71d712
commit ccf8ba0e6d

View file

@ -2,6 +2,14 @@ mbed TLS ChangeLog (Sorted per branch, date)
= mbed TLS 2.x.x branch released xxxx-xx-xx = mbed TLS 2.x.x branch released xxxx-xx-xx
Security
* Make mbedtls_ecdh_get_params return an error if the second key
belongs to a different group from the first. Before, if an application
passed keys that belonged to different group, the first key's data was
interpreted according to the second group, which could lead to either
an error or a meaningless output from mbedtls_ecdh_get_params. In the
latter case, this could expose at most 5 bits of the private key.
Bugfix Bugfix
* Fix a compilation issue with mbedtls_ecp_restart_ctx not being defined * Fix a compilation issue with mbedtls_ecp_restart_ctx not being defined
when MBEDTLS_ECP_ALT is defined. Reported by jwhui. Fixes #2242. when MBEDTLS_ECP_ALT is defined. Reported by jwhui. Fixes #2242.