From 5c6da52ac161a9412f061b770a5842affd4547e5 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Mon, 17 Aug 2020 09:20:53 -0700
Subject: [PATCH] Update release notes.

---
 ChangeLog.md | 20 +++++++++++++++-----
 README       | 20 +++++++++++++++-----
 README.md    | 15 ++++++++++-----
 3 files changed, 40 insertions(+), 15 deletions(-)

diff --git a/ChangeLog.md b/ChangeLog.md
index 61d726767..576c26c9d 100644
--- a/ChangeLog.md
+++ b/ChangeLog.md
@@ -1,4 +1,4 @@
-# wolfSSL Release 4.5.0 (August 13, 2020)
+# wolfSSL Release 4.5.0 (August 18, 2020)
 
 If you have questions about this release, feel free to contact us on our
 info@ address.
@@ -50,6 +50,12 @@ Release 4.5.0 of wolfSSL embedded TLS has bug fixes and new features including:
   rshb range
 * Fix for sanity check on padding with DES3 conversion of PEM to DER
 * Sanity check for potential out of bounds read with fp_read_radix_16
+* Additional checking of ECC scalars.
+* Fixing the FIPS Ready build w.r.t. ecc.c.
+* When processing certificate names with OpenSSL compatibility layer
+  enabled, unknown name item types were getting handled as having NID 0,
+  and failing. Added a couple more items to what is handled correctly,
+  and ignoring anything that is an unknown type.
 
 ## Improvements/Optimizations
 
@@ -73,11 +79,11 @@ Release 4.5.0 of wolfSSL embedded TLS has bug fixes and new features including:
 * Changed the configure option for FIPS Ready builds to be
   `--enable-fips=ready`.
 
-## This release of wolfSSL includes fixes for 5 security vulnerabilities.
+## This release of wolfSSL includes fixes for 6 security vulnerabilities.
 
-wolfSSL version 4.5.0 contains 5 vulnerability fixes: 2 fixes for TLS 1.3,
-2 side channel attack mitigations, and 1 fix for a potential private key
-leak in a specific use case.
+wolfSSL version 4.5.0 contains 6 vulnerability fixes: 2 fixes for TLS 1.3,
+2 side channel attack mitigations, 1 fix for a potential private key leak
+in a specific use case, 1 fix for DTLS.
 
 * In earlier versions of wolfSSL there exists a potential man in the middle
   attack on TLS 1.3 clients. Malicious attackers with a privileged network
@@ -120,6 +126,10 @@ leak in a specific use case.
   PEM certificates with PEM private keys in the same file when loading up the
   certificate file, then we recommend updating wolfSSL for this use case and
   also recommend regenerating any private keys in the file.
+* During the handshake, clear application_data messages in epoch 0 are
+  processed and returned to the application. Fixed by dropping received
+  application_data messages in epoch 0. Thank you to Paul Fiterau of Uppsala
+  University and Robert Merget of Ruhr-University Bochum for the report.
 
 For additional vulnerability information visit the vulnerability page at
 https://www.wolfssl.com/docs/security-vulnerabilities/
diff --git a/README b/README
index c4e60dc66..d6405d227 100644
--- a/README
+++ b/README
@@ -73,7 +73,7 @@ should be used for the enum name.
 *** end Notes ***
 
 
-# wolfSSL Release 4.5.0 (August 13, 2020)
+# wolfSSL Release 4.5.0 (August 18, 2020)
 
 If you have questions about this release, feel free to contact us on our
 info@ address.
@@ -125,6 +125,12 @@ Release 4.5.0 of wolfSSL embedded TLS has bug fixes and new features including:
   rshb range
 * Fix for sanity check on padding with DES3 conversion of PEM to DER
 * Sanity check for potential out of bounds read with fp_read_radix_16
+* Additional checking of ECC scalars.
+* Fixing the FIPS Ready build w.r.t. ecc.c.
+* When processing certificate names with OpenSSL compatibility layer
+  enabled, unknown name item types were getting handled as having NID 0,
+  and failing. Added a couple more items to what is handled correctly,
+  and ignoring anything that is an unknown type.
 
 ## Improvements/Optimizations
 
@@ -148,11 +154,11 @@ Release 4.5.0 of wolfSSL embedded TLS has bug fixes and new features including:
 * Changed the configure option for FIPS Ready builds to be
   `--enable-fips=ready`.
 
-## This release of wolfSSL includes fixes for 5 security vulnerabilities.
+## This release of wolfSSL includes fixes for 6 security vulnerabilities.
 
-wolfSSL version 4.5.0 contains 5 vulnerability fixes: 2 fixes for TLS 1.3,
-2 side channel attack mitigations, and 1 fix for a potential private key
-leak in a specific use case.
+wolfSSL version 4.5.0 contains 6 vulnerability fixes: 2 fixes for TLS 1.3,
+2 side channel attack mitigations, 1 fix for a potential private key leak
+in a specific use case, 1 fix for DTLS.
 
 * In earlier versions of wolfSSL there exists a potential man in the middle
   attack on TLS 1.3 clients. Malicious attackers with a privileged network
@@ -195,6 +201,10 @@ leak in a specific use case.
   PEM certificates with PEM private keys in the same file when loading up the
   certificate file, then we recommend updating wolfSSL for this use case and
   also recommend regenerating any private keys in the file.
+* During the handshake, clear application_data messages in epoch 0 are
+  processed and returned to the application. Fixed by dropping received
+  application_data messages in epoch 0. Thank you to Paul Fiterau of Uppsala
+  University and Robert Merget of Ruhr-University Bochum for the report.
 
 For additional vulnerability information visit the vulnerability page at
 https://www.wolfssl.com/docs/security-vulnerabilities/
diff --git a/README.md b/README.md
index c4e60dc66..7187f3539 100644
--- a/README.md
+++ b/README.md
@@ -73,7 +73,7 @@ should be used for the enum name.
 *** end Notes ***
 
 
-# wolfSSL Release 4.5.0 (August 13, 2020)
+# wolfSSL Release 4.5.0 (August 18, 2020)
 
 If you have questions about this release, feel free to contact us on our
 info@ address.
@@ -125,6 +125,7 @@ Release 4.5.0 of wolfSSL embedded TLS has bug fixes and new features including:
   rshb range
 * Fix for sanity check on padding with DES3 conversion of PEM to DER
 * Sanity check for potential out of bounds read with fp_read_radix_16
+* Additional checking of ECC scalars.
 
 ## Improvements/Optimizations
 
@@ -148,11 +149,11 @@ Release 4.5.0 of wolfSSL embedded TLS has bug fixes and new features including:
 * Changed the configure option for FIPS Ready builds to be
   `--enable-fips=ready`.
 
-## This release of wolfSSL includes fixes for 5 security vulnerabilities.
+## This release of wolfSSL includes fixes for 6 security vulnerabilities.
 
-wolfSSL version 4.5.0 contains 5 vulnerability fixes: 2 fixes for TLS 1.3,
-2 side channel attack mitigations, and 1 fix for a potential private key
-leak in a specific use case.
+wolfSSL version 4.5.0 contains 6 vulnerability fixes: 2 fixes for TLS 1.3,
+2 side channel attack mitigations, 1 fix for a potential private key leak
+in a specific use case, 1 fix for DTLS.
 
 * In earlier versions of wolfSSL there exists a potential man in the middle
   attack on TLS 1.3 clients. Malicious attackers with a privileged network
@@ -195,6 +196,10 @@ leak in a specific use case.
   PEM certificates with PEM private keys in the same file when loading up the
   certificate file, then we recommend updating wolfSSL for this use case and
   also recommend regenerating any private keys in the file.
+* During the handshake, clear application_data messages in epoch 0 are
+  processed and returned to the application. Fixed by dropping received
+  application_data messages in epoch 0. Thank you to Paul Fiterau of Uppsala
+  University and Robert Merget of Ruhr-University Bochum for the report.
 
 For additional vulnerability information visit the vulnerability page at
 https://www.wolfssl.com/docs/security-vulnerabilities/