cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-09-08 06:40:16 -04:00
Code Issues Packages Projects Releases Wiki Activity

Changelog: remove bugfix entry that's actually a robustness improvement

Browse Source 
If the key agreement or the public key export in
ssl_write_client_key_exchange() fails, the handshake enters a failed state.
The only valid thing you can do in a failed handshake is to abort it, which
calls mbedtls_ssl_handshake_free(), which destroys ecdh_psa_privey. While
it's good hygiene to destroy the key in the function that creates it, it
would have been cleaned up a little later in the normal course of things
anyway, so there wasn't an actual bug.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2022-06-09 18:38:35 +02:00
parent 4118092105
commit 06900034cb
1 changed files with 0 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ChangeLog.d/raw-agreement-destroy-missing.txt
View File

@ -1,3 +0,0 @@
Bugfix
* Add missing key slot destruction calls when a raw key agreement or
a public key export fails in ssl_write_client_key_exchange.