Add ChangeLog entry for buffer overflow fix Signed-off-by: David Horstmann <david.horstmann@arm.com>

commit: 019074fad6a8f14ab2a51e6f4b18d9d21ee3c1c2 [log] [tgz]
author: David Horstmann <david.horstmann@arm.com> Fri Oct 11 17:17:21 2024 +0100
committer: David Horstmann <david.horstmann@arm.com> Fri Oct 11 19:40:42 2024 +0100
tree: 75c69ae7a9f20ec6d2407377c8461fbf2229e92e
parent: 31881780957737bd670a91ea7eda383d5ea71373 [diff]
diff --git a/ChangeLog.d/fix-pkwrite-buffer-overrun.txt b/ChangeLog.d/fix-pkwrite-buffer-overrun.txt
new file mode 100644
index 0000000..716b11e
--- /dev/null
+++ b/ChangeLog.d/fix-pkwrite-buffer-overrun.txt

@@ -0,0 +1,9 @@
+Security
+   * Fix a buffer overflow in mbedtls_pk_write_pubkey(),
+     mbedtls_pk_write_pubkey_der() and mbedtls_pk_write_key_der().
+     With MBEDTLS_USE_PSA_CRYPTO turned on, these functions would
+     write to a location before the start of the output buffer if it was less
+     than the size of the key being written and also less than
+     PK_MAX_EC_PUBLIC_KEY_SIZE (for EC public keys) and
+     PSA_EXPORT_KEY_PAIR_MAX_SIZE (for RSA private keys).
+     This buffer overflow only occurs for keys with the type MBEDTLS_PK_OPAQUE.
commit	019074fad6a8f14ab2a51e6f4b18d9d21ee3c1c2	[log] [tgz]
author	David Horstmann <david.horstmann@arm.com>	Fri Oct 11 17:17:21 2024 +0100
committer	David Horstmann <david.horstmann@arm.com>	Fri Oct 11 19:40:42 2024 +0100
tree	75c69ae7a9f20ec6d2407377c8461fbf2229e92e
parent	31881780957737bd670a91ea7eda383d5ea71373 [diff]