From 25a5c09fbb50bf186cabffebf9b75cc1aff07ab3 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 11 Feb 2020 19:12:49 +0100
Subject: [PATCH] Update ChangeLog for crypto changes from
 799ae77f90584f39c2fbdae7e117ff5742774d77

Add ChangeLog entries for changes brought by the submodule update in
the previous commit.
---
 ChangeLog | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index b05b522d9..4bbf8f16f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -17,6 +17,11 @@ Security
      unless the RNG is broken, and could result in information disclosure or
      denial of service (application crash or extra resource consumption).
      Found by Auke Zeilstra and Peter Schwabe, using static analysis.
+   * To avoid a side channel vulnerability when parsing an RSA private key,
+     read all the CRT parameters from the DER structure rather than
+     reconstructing them. Found by Alejandro Cabrera Aldaya and Billy Bob
+     Brumley. Reported and fix contributed by Jack Lloyd.
+     ARMmbed/mbed-crypto#352
 
 Features
    * The new build option MBEDTLS_SHA512_NO_SHA384 allows building SHA-512
@@ -37,6 +42,8 @@ Bugfix
      Jack Lloyd in #2859. Fix submitted by jiblime in #2963.
    * Fix some false-positive uninitialized variable warnings in X.509. Fix
      contributed by apple-ihack-geek in #2663.
+   * Fix a possible error code mangling in psa_mac_verify_finish() when
+     a cryptographic accelerator fails. ARMmbed/mbed-crypto#345
 
 = mbed TLS 2.20.0 branch released 2020-01-15