Add change log Signed-off-by: Ronald Cron <ronald.cron@arm.com>

commit: 6fd156aa6bd97ac4daf555243f9334398327058b [log] [tgz]
author: Ronald Cron <ronald.cron@arm.com> Thu Dec 02 11:26:07 2021 +0100
committer: Ronald Cron <ronald.cron@arm.com> Tue Dec 07 09:21:38 2021 +0100
tree: de3daedc957632a9e7fbf7241d2ee4fc35d36b45
parent: c6e6f50d4783a12957f904a5d127897b05bcf706 [diff]
diff --git a/ChangeLog.d/fix-cipher-iv.txt b/ChangeLog.d/fix-cipher-iv.txt
new file mode 100644
index 0000000..e7af641
--- /dev/null
+++ b/ChangeLog.d/fix-cipher-iv.txt

@@ -0,0 +1,5 @@
+Security
+   * In psa_cipher_generate_iv() and psa_cipher_encrypt(), do not read back
+     from the output buffer. This fixes a potential policy bypass or decryption
+     oracle vulnerability if the output buffer is in memory that is shared with
+     an untrusted application.
commit	6fd156aa6bd97ac4daf555243f9334398327058b	[log] [tgz]
author	Ronald Cron <ronald.cron@arm.com>	Thu Dec 02 11:26:07 2021 +0100
committer	Ronald Cron <ronald.cron@arm.com>	Tue Dec 07 09:21:38 2021 +0100
tree	de3daedc957632a9e7fbf7241d2ee4fc35d36b45
parent	c6e6f50d4783a12957f904a5d127897b05bcf706 [diff]