From 004198adb348f1c0de079065096267d95b833f95 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 29 Nov 2017 16:57:06 +0000 Subject: [PATCH] Update ChangeLog --- ChangeLog | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index fcf101956..1ea2a2ba2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,14 +9,16 @@ Security corrupt 6 bytes on the peer's heap, potentially leading to crash or remote code execution. This can be triggered remotely from either side in both TLS and DTLS. + * Fix implementation of truncated HMAC extension leading to + compatibility problems with non Mbed TLS peers and allowing + an offline 2^80 brute force attack on the HMAC key of a single, + uninterrupted (excluding session resumption) connection. + Found by Andreas Walz. Features * Allow comments in test data files. Bugfix - * Fix wrong implementation of truncated HMAC extension leading to - compatibility problems with peers not running Mbed TLS. Found by - Andreas Walz. * Fix ssl_parse_record_header() to silently discard invalid DTLS records as recommended in RFC 6347 Section 4.1.2.7. * Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times.