| Gilles Peskine | d61551c | 2021-12-13 12:43:11 +0100 | [diff] [blame^] | 1 | Security |
| 2 | * Zeroize several intermediate variables used to calculate the expected | ||||
| 3 | value when verifying a MAC or AEAD tag. This hardens the library in | ||||
| 4 | case the value leaks through a memory disclosure vulnerability. For | ||||
| 5 | example, a memory disclosure vulnerability could have allowed a | ||||
| 6 | man-in-the-middle to inject fake ciphertext into a DTLS connection. | ||||