Merge memory leak fix into branch 'mbedtls-1.3' Merge of fix for memory leak in RSA-SSA signing - #372

commit: 14400c8fb04e406a042695f28762b40cc7b2aa7b [log] [tgz]
author: Simon Butcher <simon.butcher@arm.com> Sat Jan 02 00:08:13 2016 +0000
committer: Simon Butcher <simon.butcher@arm.com> Sat Jan 02 00:28:19 2016 +0000
tree: 4ebf4a052aa76542b3fbd9421acdabd2638073fb
parent: 7d3f3a8ac80adefa6c70ef76a47273735dcc4d71 [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index 2a81894..20af9bc 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -2,6 +2,12 @@
 
 = mbed TLS 1.3.16 released 2015-12-xx
 
+Security
+   * Fix potential double free when mbedtls_asn1_store_named_data() fails to
+     allocate memory. Only used for certificate generation, not triggerable
+     remotely in SSL/TLS. Found by Rafał Przywara. #367
+   * Disable MD5 handshake signatures in TLS 1.2 by default
+
 Bugfix
    * Fix over-restricive length limit in GCM. Found by Andreas-N. #362
    * Fix bug in certificate validation that caused valid chains to be rejected
@@ -10,6 +16,10 @@
    * Removed potential leak in mbedtls_rsa_rsassa_pkcs1_v15_sign(), found by
      JayaraghavendranK. #372
 
+Changes
+   * Add config.h option POLARSSL_SSL_ENABLE_MD5_SIGNATURES controlling
+     use of MD5-based signatures for TLS 1.2 handshake (disabled by default).
+
 = mbed TLS 1.3.15 released 2015-11-04
 
 Security
commit	14400c8fb04e406a042695f28762b40cc7b2aa7b	[log] [tgz]
author	Simon Butcher <simon.butcher@arm.com>	Sat Jan 02 00:08:13 2016 +0000
committer	Simon Butcher <simon.butcher@arm.com>	Sat Jan 02 00:28:19 2016 +0000
tree	4ebf4a052aa76542b3fbd9421acdabd2638073fb
parent	7d3f3a8ac80adefa6c70ef76a47273735dcc4d71 [diff] [blame]