Generalize MAC zeroization changelog entry

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-13 12:43:11 +01:00 · 2021-12-13 12:43:11 +01:00 · 36d33f37b6
commit 36d33f37b6
parent 14d5fef6b7
2 changed files with 6 additions and 5 deletions
--- a/ChangeLog.d/mac-zeroize.txt
+++ b/ChangeLog.d/mac-zeroize.txt
@ -0,0 +1,6 @@
+Security
+   * Zeroize several intermediate variables used to calculate the expected
+     value when verifying a MAC or AEAD tag. This hardens the library in
+     case the value leaks through a memory disclosure vulnerability. For
+     example, a memory disclosure vulnerability could have allowed a
+     man-in-the-middle to inject fake ciphertext into a DTLS connection.
--- a/ChangeLog.d/ssl-mac-zeroize.txt
+++ b/ChangeLog.d/ssl-mac-zeroize.txt
@ -1,5 +0,0 @@
-Security
-   * Zeroize intermediate variables used to calculate the MAC in CBC cipher
-     suites. This hardens the library in case stack memory leaks through a
-     memory disclosure vulnerabilty, which could formerly have allowed a
-     man-in-the-middle to inject fake ciphertext into a DTLS connection.