CHANGES: mention blinding reverting in ECDSA.

Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6810)
author: Andy Polyakov <appro@openssl.org> 2018-07-30 12:39:08 +0200
committer: Andy Polyakov <appro@openssl.org> 2018-08-01 16:33:51 +0200
commit: 29d8bda90ce824263317eae5354388f79844dd51 (patch)
tree: 17ae031ceef0e1afda88493539baad0b0ffd7525
parent: 983e1ad235caa45d710eaa5f0d2de504d782a348 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 1bf0f0b2a0..b8e2f862d5 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,10 @@
 
  Changes between 1.0.2o and 1.0.2p [xx XXX xxxx]
 
+  *) Revert blinding in ECDSA sign and instead make problematic addition
+     length-invariant. Switch even to fixed-length Montgomery multiplication.
+     [Andy Polyakov]
+
   *) Change generating and checking of primes so that the error rate of not
      being prime depends on the intended use based on the size of the input.
      For larger primes this will result in more rounds of Miller-Rabin.
author	Andy Polyakov <appro@openssl.org>	2018-07-30 12:39:08 +0200
committer	Andy Polyakov <appro@openssl.org>	2018-08-01 16:33:51 +0200
commit	29d8bda90ce824263317eae5354388f79844dd51 (patch)
tree	17ae031ceef0e1afda88493539baad0b0ffd7525
parent	983e1ad235caa45d710eaa5f0d2de504d782a348 (diff)