Fix incrementing pointer instead of value This was introduced by a hasty search-and-replace that didn't account for C's operator precedence when changing those variables to pointer types.

commit: aa377cf11131f6a546c43e58726600de034e031b [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Fri Jan 24 12:11:56 2020 +0100
committer: Simon Butcher <simon.butcher@arm.com> Fri Mar 13 15:37:54 2020 +0000
tree: efcd9dec256c08f13d229f401600cc24f9ce6116
parent: c0213a91abe4419743cd81bac4bd9a4d5bd03608 [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index 79f596d..60018b55 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -63,7 +63,15 @@
    * Reduce RAM consumption during session renegotiation by not storing
      the peer CRT chain and session ticket twice.
 
-= mbed TLS 2.16.x branch released xxxx-xx-xx
+= mbed TLS 2.16.5 branch released xxxx-xx-xx
+
+Security
+   * Fix potential memory overread when performing an ECDSA signature
+     operation. The overread only happens with cryptographically low
+     probability (of the order of 2^-n where n is the bitsize of the curve)
+     unless the RNG is broken, and could result in information disclosure or
+     denial of service (application crash or extra resource consumption).
+     Reported by Peter and Auke (found using static analysis).
 
 Bugfix
    * Fix an unchecked call to mbedtls_md() in the x509write module.
commit	aa377cf11131f6a546c43e58726600de034e031b	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Fri Jan 24 12:11:56 2020 +0100
committer	Simon Butcher <simon.butcher@arm.com>	Fri Mar 13 15:37:54 2020 +0000
tree	efcd9dec256c08f13d229f401600cc24f9ce6116
parent	c0213a91abe4419743cd81bac4bd9a4d5bd03608 [diff] [blame]