2.0.4 changelog

author Loup Vaillant <loup@loup-vaillant.fr>

Sun, 24 Jun 2018 14:03:35 +0000 (16:03 +0200)

committer Loup Vaillant <loup@loup-vaillant.fr>

Sun, 24 Jun 2018 14:03:35 +0000 (16:03 +0200)
author Loup Vaillant <loup@loup-vaillant.fr>
Sun, 24 Jun 2018 14:03:35 +0000 (16:03 +0200)
committer Loup Vaillant <loup@loup-vaillant.fr>
Sun, 24 Jun 2018 14:03:35 +0000 (16:03 +0200)
diff --git a/CHANGELOG.md b/CHANGELOG.md

index a503c3b24cf6aadf84ed533a0a3e0542c2e38ff8..3b30771d8101eee4c50fb8a3201f3b29a22ceb0e 100644 (file)
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,13 @@
+2.0.4
+-----
+2018/06/24
+
+- Corrected a critical vulnerability in EdDSA, where crypto_check() was
+  accepting invalid signatures.  (Found by Mike Pechkin.)  The current
+  fix removes a buggy optimisation, effectively halving the performance
+  of EdDSA.
+- The test suite no longer tries to allocate zero bytes (some platforms
+  fail such an allocation).
  
  2.0.3
  -----
author	Loup Vaillant <loup@loup-vaillant.fr>
	Sun, 24 Jun 2018 14:03:35 +0000 (16:03 +0200)
committer	Loup Vaillant <loup@loup-vaillant.fr>
	Sun, 24 Jun 2018 14:03:35 +0000 (16:03 +0200)