diff options
Diffstat (limited to 'ChangeLog.d/mac-zeroize.txt')
| -rw-r--r-- | ChangeLog.d/mac-zeroize.txt | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/ChangeLog.d/mac-zeroize.txt b/ChangeLog.d/mac-zeroize.txt new file mode 100644 index 0000000..a43e34f --- /dev/null +++ b/ChangeLog.d/mac-zeroize.txt @@ -0,0 +1,6 @@ +Security + * Zeroize several intermediate variables used to calculate the expected + value when verifying a MAC or AEAD tag. This hardens the library in + case the value leaks through a memory disclosure vulnerability. For + example, a memory disclosure vulnerability could have allowed a + man-in-the-middle to inject fake ciphertext into a DTLS connection. |