Prepare 0.19.1 with backport

README.md

@@ -23,6 +23,10 @@ If you'd like to help out, please see [CONTRIBUTING.md](CONTRIBUTING.md).
 * Next release:
   - Planned: removal of unused signature verification schemes at link-time.
   - Planned: removal of PEM parsing to a separate crate.
+* 0.19.1 (2021-04-17):
+  - Backport: fix security issue: there was a reachable panic in servers if a client
+    sent an invalid `ClientECDiffieHellmanPublic` encoding, due to an errant `unwrap()`
+    when parsing the encoding.
 * 0.19.0 (2020-11-22):
   - Ensured that `get_peer_certificates` is both better documented, and works
     uniformly for both full-handshake and resumed sessions.

rustls/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "rustls"
-version = "0.19.0"
+version = "0.19.1"
 edition = "2018"
 authors = ["Joseph Birr-Pixton <jpixton@gmail.com>"]
 license = "Apache-2.0/ISC/MIT"

rustls/src/suites.rs

@@ -91,7 +91,7 @@ impl KeyExchange {
 
     fn decode_client_params(&self, kx_params: &[u8]) -> Option<ClientECDHParams> {
         let mut rd = Reader::init(kx_params);
-        let ecdh_params = ClientECDHParams::read(&mut rd).unwrap();
+        let ecdh_params = ClientECDHParams::read(&mut rd)?;
         if rd.any_left() {
             None
         } else {