Add ChangeLog message for EC private exponent information leak

2026-04-05 12:06:26 +02:00 · 2017-10-19 10:10:18 +01:00
parent cf873f74d4
commit 25e39d38bd
1 changed files with 2 additions and 0 deletions
--- a/2
+++ b/2
@@ -8,6 +8,8 @@ Security
     and omitted for the sake of saving memory, but potentially
     leading to slight timing differences.
     Reported by Marco Macchetti, Kudelski Group.
+   * Wipe stack buffer temporarily holding EC private exponent
+     after keypair generation.

 Bugfix
   * Fix ssl_parse_record_header() to silently discard invalid DTLS records