From 06900034cb832ef7b2fcdcc772a83d08308043c7 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 9 Jun 2022 18:38:35 +0200 Subject: [PATCH] Changelog: remove bugfix entry that's actually a robustness improvement If the key agreement or the public key export in ssl_write_client_key_exchange() fails, the handshake enters a failed state. The only valid thing you can do in a failed handshake is to abort it, which calls mbedtls_ssl_handshake_free(), which destroys ecdh_psa_privey. While it's good hygiene to destroy the key in the function that creates it, it would have been cleaned up a little later in the normal course of things anyway, so there wasn't an actual bug. Signed-off-by: Gilles Peskine --- ChangeLog.d/raw-agreement-destroy-missing.txt | 3 --- 1 file changed, 3 deletions(-) delete mode 100644 ChangeLog.d/raw-agreement-destroy-missing.txt diff --git a/ChangeLog.d/raw-agreement-destroy-missing.txt b/ChangeLog.d/raw-agreement-destroy-missing.txt deleted file mode 100644 index 7342b8cfa..000000000 --- a/ChangeLog.d/raw-agreement-destroy-missing.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Add missing key slot destruction calls when a raw key agreement or - a public key export fails in ssl_write_client_key_exchange.