DHM: Fix dhm_check_range() always returning 0 Although the variable ret was initialised to an error, the MBEDTLS_MPI_CHK macro was overwriting it. Therefore it ended up being 0 whenewer the bignum computation was successfull and stayed 0 independently of the actual check.

commit: aa325d7b7f5656edfb2b61cbab2189fd01818975 [log] [tgz]
author: Janos Follath <janos.follath@arm.com> Wed Sep 20 15:33:24 2017 +0100
committer: Janos Follath <janos.follath@arm.com> Thu Sep 21 12:04:41 2017 +0100
tree: db0a2110439eff9945e9967e9366e5ab51941ff1
parent: 4b151fabb7b65a774f5fb5cbcb061314e54564c9 [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index e199682..ce0e831 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -1,6 +1,10 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
-= mbed TLS x.x.x released xxxx-xx-xx
+= mbed TLS x.x.x branch released xxxx-xx-xx
+
+Security
+   * Fix dhm_check_range() failing to detect trivial subgroups and essentially
+     always returning 0. Reported by prashantkspatil.
 
 Bugfix
    * Fix ssl_parse_record_header() to silently discard invalid DTLS records
commit	aa325d7b7f5656edfb2b61cbab2189fd01818975	[log] [tgz]
author	Janos Follath <janos.follath@arm.com>	Wed Sep 20 15:33:24 2017 +0100
committer	Janos Follath <janos.follath@arm.com>	Thu Sep 21 12:04:41 2017 +0100
tree	db0a2110439eff9945e9967e9366e5ab51941ff1
parent	4b151fabb7b65a774f5fb5cbcb061314e54564c9 [diff] [blame]