Add ChangeLog entry

commit: 5f72119116680f78f854f19fcef59a4a0ed0ad8c [log] [tgz]
author: Janos Follath <janos.follath@arm.com> Wed Jan 16 14:41:00 2019 +0000
committer: Janos Follath <janos.follath@arm.com> Wed Mar 06 16:51:22 2019 +0000
tree: 6a3c4b14a35a7421785995cf04ac525f2d61a1a4
parent: d73f61332e4fdcb534e2fa493913990e417eabc4 [diff]
diff --git a/ChangeLog b/ChangeLog
index afbe2f6..0bc75ba 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -2,6 +2,13 @@
 
 = mbed TLS 2.x.x branch released xxxx-xx-xx
 
+Security
+   * The deterministic ECDSA calculation reused the scheme's HMAC-DRBG to
+     implement blinding. Because of this for the same key and message the same
+     blinding value was generated. This reduced the effectiveness of the
+     countermeasure and leaked information about the private key through side
+     channels. Reported by Jack Lloyd.
+
 Features
    * Add MBEDTLS_REMOVE_3DES_CIPHERSUITES to allow removing 3DES ciphersuites
      from the default list (enabled by default). See
commit	5f72119116680f78f854f19fcef59a4a0ed0ad8c	[log] [tgz]
author	Janos Follath <janos.follath@arm.com>	Wed Jan 16 14:41:00 2019 +0000
committer	Janos Follath <janos.follath@arm.com>	Wed Mar 06 16:51:22 2019 +0000
tree	6a3c4b14a35a7421785995cf04ac525f2d61a1a4
parent	d73f61332e4fdcb534e2fa493913990e417eabc4 [diff]