Add ChangeLog message for EC private exponent information leak

2024-11-26 15:25:43 +01:00 · 2017-10-19 10:10:18 +01:00 · 2017-10-19 10:10:18 +01:00 · 25e39d38bd
commit 25e39d38bd
parent cf873f74d4
1 changed files with 2 additions and 0 deletions
--- a/2
+++ b/2
@ -8,6 +8,8 @@ Security
     and omitted for the sake of saving memory, but potentially
     leading to slight timing differences.
     Reported by Marco Macchetti, Kudelski Group.
+   * Wipe stack buffer temporarily holding EC private exponent
+     after keypair generation.

 Bugfix
   * Fix ssl_parse_record_header() to silently discard invalid DTLS records