Fix renegotiation at incorrect times in DTLS Fix an incorrect condition in ssl_check_ctr_renegotiate() that compared 64 bits of record counter instead of 48 bits as described in RFC 6347 Section 4.3.1. This would cause the function's return value to be occasionally incorrect and the renegotiation routines to be triggered at unexpected times.

commit: 18c5c59b5b99107889e57f989eb818f2df79c084 [log] [tgz]
author: Andres AG <andres.amayagarcia@arm.com> Thu Dec 15 17:01:16 2016 +0000
committer: Andres AG <andres.amayagarcia@arm.com> Thu Jan 19 16:30:15 2017 +0000
tree: 35f29b101570077ecfe63b0bfb9eb3b6a2858581
parent: 1808dc01bd2eb596bb234711a52af33fc19f9d9d [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index 0a857ba..43aa8bb 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -1,5 +1,14 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
+= mbed TLS x.x.x branch released xxxx-xx-xx
+
+Bugfix
+   * Fix incorrect renegotiation condition in ssl_check_ctr_renegotiate() that
+     would compare 64 bits of the record counter instead of 48 bits as indicated
+     in RFC 6347 Section 4.3.1. This could cause the execution of the
+     renegotiation routines at unexpected times when the protocol is DTLS. Found
+     by wariua. #687
+
 = mbed TLS 2.4.1 branch released 2016-12-13
 
 Changes
commit	18c5c59b5b99107889e57f989eb818f2df79c084	[log] [tgz]
author	Andres AG <andres.amayagarcia@arm.com>	Thu Dec 15 17:01:16 2016 +0000
committer	Andres AG <andres.amayagarcia@arm.com>	Thu Jan 19 16:30:15 2017 +0000
tree	35f29b101570077ecfe63b0bfb9eb3b6a2858581
parent	1808dc01bd2eb596bb234711a52af33fc19f9d9d [diff] [blame]