From e8358d400fde5cb13d5dd05ade132dfc1b48b177 Mon Sep 17 00:00:00 2001
From: Dave Rodgman <dave.rodgman@arm.com>
Date: Mon, 25 Sep 2023 11:34:35 +0100
Subject: [PATCH] Add Changelog for CT fixes

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
---
 ChangeLog.d/padding-ct-changelog.txt | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100644 ChangeLog.d/padding-ct-changelog.txt

diff --git a/ChangeLog.d/padding-ct-changelog.txt b/ChangeLog.d/padding-ct-changelog.txt
new file mode 100644
index 000000000..e3d3424a9
--- /dev/null
+++ b/ChangeLog.d/padding-ct-changelog.txt
@@ -0,0 +1,6 @@
+Security
+   * Improve padding calculations in CBC decryption, NIST key unwrapping and
+     RSA OAEP decryption. With the previous implementation, some compilers
+     (notably recent versions of Clang) could produce non-constant time code,
+     which could allow a padding oracle attack if the attacker has access to
+     precise timing measurements.