From f72a51059068a97c9a95e8b6cab522fdd549f8d3 Mon Sep 17 00:00:00 2001
From: Elena Uziunaite <elena.uziunaite@arm.com>
Date: Tue, 20 Aug 2024 12:11:57 +0100
Subject: [PATCH] Edit ChangeLog entry

Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
---
 ChangeLog.d/fix_reporting_of_key_usage_issues.txt | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/ChangeLog.d/fix_reporting_of_key_usage_issues.txt b/ChangeLog.d/fix_reporting_of_key_usage_issues.txt
index 12f1bb3799..75fbb6cc15 100644
--- a/ChangeLog.d/fix_reporting_of_key_usage_issues.txt
+++ b/ChangeLog.d/fix_reporting_of_key_usage_issues.txt
@@ -1,4 +1,11 @@
-Bugfix
-   * Fix the failure to correctly update verification flags when
-   checking the (ext)KeyUsage extension.
-   Resolves #1260
+Security
+   * With TLS 1.3, when a server enables optional authentication of the
+     client, if the client-provided certificate does not have appropriate values
+     in if keyUsage or extKeyUsage extensions, then the return value of
+     mbedtls_ssl_get_verify_result() would incorrectly have the
+     MBEDTLS_X509_BADCERT_KEY_USAGE and MBEDTLS_X509_BADCERT_KEY_USAGE bits
+     clear. As a result, an attacker that had a certificate valid for uses other
+     than TLS client authentication could be able to use it for TLS client
+     authentication anyway. Only TLS 1.3 servers were affected, and only with
+     optional authentication (required would abort the handshake with a fatal
+     alert).