diff --git a/ChangeLog b/ChangeLog index a3171d7eb..360a72db8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,16 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS 1.3.22 branch released xxxx-xx-xx + +Security + * Make mpi_read_binary constant-time with respect to + the input data. Previously, trailing zero bytes were detected + and omitted for the sake of saving memory, but potentially + leading to slight timing differences. + Reported by Marco Macchetti, Kudelski Group. + * Wipe stack buffer temporarily holding EC private exponent + after keypair generation. + = mbed TLS 1.3.21 branch released 2017-08-10 Security