mbedtls/ChangeLog.d/fix-in-cid-buffer-size.txt

Bugfix
    * Fix potential buffer overflow in DTLS with MBEDTLS_SSL_DTLS_CONNECTION_ID
      enabled leading to context corruption.

Security
    * Fix potential memory probe through non-constant time memcmp() in DTLS
      with MBEDTLS_SSL_DTLS_CONNECTION_ID enabled. The memory probe is possible
      only under very specific and unlikely conditions:
      2 * MBEDTLS_SSL_CID_OUT_LEN_MAX < MBEDTLS_SSL_CID_IN_LEN_MAX if
      MBEDTLS_SSL_CONTEXT_SERIALIZATION is disabled,
      MBEDTLS_SERVER_HELLO_RANDOM_LEN + MBEDTLS_CLIENT_HELLO_RANDOM_LEN +
      2 * MBEDTLS_SSL_CID_OUT_LEN_MAX < MBEDTLS_SSL_CID_IN_LEN_MAX if
      MBEDTLS_SSL_CONTEXT_SERIALIZATION is enabled. Those conditions are not
      met with the default values of MBEDTLS_SSL_CID_IN_LEN_MAX and
      MBEDTLS_SSL_CID_OUT_LEN_MAX where the two maximum lengths are equal.