| Security | |
| * Fix issue in Lucky 13 counter-measure that could make it ineffective when | |
| hardware accelerators were used (using one of the MBEDTLS_SHAxxx_ALT | |
| macros). This would cause the original Lucky 13 attack to be possible in | |
| those configurations, allowing an active network attacker to recover | |
| plaintext after repeated timing measurements under some conditions. | |
| Reported and fix suggested by Luc Perneel in #3246. |