CHANGES: mention blinding reverting in ECDSA.

Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6796)
author: Andy Polyakov <appro@openssl.org> 2018-07-26 14:38:53 +0200
committer: Andy Polyakov <appro@openssl.org> 2018-07-27 14:50:35 +0200
commit: 9da6f31c7e61b484dda6c0a59d46c76410981e13 (patch)
tree: 47c361082a7abfd3ce705d02da56f4b6e06dfae9
parent: ed04bcf67426888e8f8556b9eb37e9e2cf4eb04b (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 148960a36e..277654dc7e 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,10 @@
 
  Changes between 1.1.0h and 1.1.0i [xx XXX xxxx]
 
+  *) Revert blinding in ECDSA sign and instead make problematic addition
+     length-invariant. Switch even to fixed-length Montgomery multiplication.
+     [Andy Polyakov]
+
   *) Change generating and checking of primes so that the error rate of not
      being prime depends on the intended use based on the size of the input.
      For larger primes this will result in more rounds of Miller-Rabin.
author	Andy Polyakov <appro@openssl.org>	2018-07-26 14:38:53 +0200
committer	Andy Polyakov <appro@openssl.org>	2018-07-27 14:50:35 +0200
commit	9da6f31c7e61b484dda6c0a59d46c76410981e13 (patch)
tree	47c361082a7abfd3ce705d02da56f4b6e06dfae9
parent	ed04bcf67426888e8f8556b9eb37e9e2cf4eb04b (diff)