Add Changelog entry for RSA exponent blinding

commit: 45182a0065fc5d712a2434cd025ae81720c334e4 [log] [tgz]
author: Janos Follath <janos.follath@arm.com> Thu Mar 23 10:41:56 2017 +0000
committer: Simon Butcher <simon.butcher@arm.com> Tue May 16 10:22:37 2017 +0100
tree: b31fb971d285ecaee9d2e8266de43532c0f7f9cc
parent: f9203b413904dcd00f7721a32f8613c4ea369f88 [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index 7117d40..9cc5683 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -2,6 +2,13 @@
 
 = mbed TLS 2.x.x branch released xxxx-xx-xx
 
+Security
+   * Add exponent blinding to RSA private operations as a countermeasure
+     against side-channel attacks like the cache attack described in
+     https://arxiv.org/abs/1702.08719v2.
+     Found and fix proposed by Michael Schwarz, Samuel Weiser, Daniel Gruss,
+     Clémentine Maurice and Stefan Mangard.
+
 Feature
    * Add a new configuration option to 'mbedtls_ssl_config' to enable
      suppressing the CA list in Certificate Request messages. The default
commit	45182a0065fc5d712a2434cd025ae81720c334e4	[log] [tgz]
author	Janos Follath <janos.follath@arm.com>	Thu Mar 23 10:41:56 2017 +0000
committer	Simon Butcher <simon.butcher@arm.com>	Tue May 16 10:22:37 2017 +0100
tree	b31fb971d285ecaee9d2e8266de43532c0f7f9cc
parent	f9203b413904dcd00f7721a32f8613c4ea369f88 [diff] [blame]