From c0088b993711a37516060abd42243feaf27c65b0 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Mon, 17 Jun 2024 12:35:39 +0200
Subject: [PATCH] Add CHANGES.md entry for the EC/DSA nonce generation fixes

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/24660)

(cherry picked from commit 72bff68f6acc4f420e283bcc77db76eb1917d7bf)
---
 CHANGES.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/CHANGES.md b/CHANGES.md
index 9918e10c972..9eed55ab762 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -145,6 +145,14 @@ OpenSSL 3.3
 
    *Tomáš Mráz*
 
+ * Improved EC/DSA nonce generation routines to avoid bias and timing
+   side channel leaks.
+
+   Thanks to Florian Sieck from Universität zu Lübeck and George Pantelakis
+   and Hubert Kario from Red Hat for reporting the issues.
+
+   *Tomáš Mráz and Paul Dale*
+
 ### Changes between 3.2 and 3.3.0 [9 Apr 2024]
 
  * The `-verify` option to the `openssl crl` and `openssl req` will make
-- 
2.47.2