Merge branch 'mbedtls-2.7-proposed' into mbedtls-2.7-restricted-proposed
diff --git a/ChangeLog b/ChangeLog
index 2e8f16c..e2357ae 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,11 +5,17 @@
Security
* Verify results of RSA private key operations to defend
against Bellcore glitch attack.
+ * Fix a buffer overread in ssl_parse_server_key_exchange() that could cause
+ a crash on invalid input.
+ * Fix a buffer overread in ssl_parse_server_psk_hint() that could cause a
+ crash on invalid input.
Features
* Extend PKCS#8 interface by introducing support for the entire SHA
algorithms family when encrypting private keys using PKCS#5 v2.0.
- Submitted by Antonio Quartulli, OpenVPN Inc.
+ This allows reading encrypted PEM files produced by software that
+ uses PBKDF2-SHA2, such as OpenSSL 1.1. Submitted by Antonio Quartulli,
+ OpenVPN Inc. Fixes #1339
Bugfix
* Fix setting version TLSv1 as minimal version, even if TLS 1
@@ -25,6 +31,12 @@
by Guido Vranken. #639
* Fix X509 CRT parsing that would potentially accept an invalid tag when
parsing the subject alternative names.
+ * Fix a possible arithmetic overflow in ssl_parse_server_key_exchange()
+ that could cause a key exchange to fail on valid data.
+ * Fix a possible arithmetic overflow in ssl_parse_server_psk_hint() that
+ could cause a key exchange to fail on valid data.
+ * Don't define mbedtls_aes_decrypt and mbedtls_aes_encrypt under
+ MBEDTLS_DEPRECATED_REMOVED. #1388
Changes
* Clarify the documentation of mbedtls_ssl_setup.