Add security entry to ChangeLog for AES-NI Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>

commit: 9bf344fddd5434eda1c8499313ab8386a1a22e03 [log] [tgz]
author: Tom Cosgrove <tom.cosgrove@arm.com> Wed Mar 22 12:20:36 2023 +0000
committer: Paul Elliott <paul.elliott@arm.com> Thu Mar 23 11:14:27 2023 +0000
tree: 0285a59a40d3bf03ee02dffc6469a1970142cce6
parent: a183e1d53d08a31323c7bde2cb1a73e3e8320d96 [diff]
diff --git a/ChangeLog.d/aes-ni-security-notice.txt b/ChangeLog.d/aes-ni-security-notice.txt
new file mode 100644
index 0000000..ccf8c9a
--- /dev/null
+++ b/ChangeLog.d/aes-ni-security-notice.txt

@@ -0,0 +1,6 @@
+Security
+   * MBEDTLS_AESNI_C, which is enabled by default, was silently ignored on
+     builds that couldn't compile the GCC-style assembly implementation
+     (most notably builds with Visual Studio), leaving them vulnerable to
+     timing side-channel attacks. There is now an intrinsics-based AES-NI
+     implementation as a fallback for when the assembly one cannot be used.
commit	9bf344fddd5434eda1c8499313ab8386a1a22e03	[log] [tgz]
author	Tom Cosgrove <tom.cosgrove@arm.com>	Wed Mar 22 12:20:36 2023 +0000
committer	Paul Elliott <paul.elliott@arm.com>	Thu Mar 23 11:14:27 2023 +0000
tree	0285a59a40d3bf03ee02dffc6469a1970142cce6
parent	a183e1d53d08a31323c7bde2cb1a73e3e8320d96 [diff]