X-Git-Url: https://git.openssl.org/?a=blobdiff_plain;f=CHANGES;h=25d0b81ea820f28ca9f363b8ba7372dd7d248810;hb=4c02cf8ecc4b4cedeb6b6c11185f5d3e49c3cd4a;hp=f1d22a7090efff4bd35c33c098984f42144e37d9;hpb=05c9e3aea584c4d618dc32a4825287f06828a537;p=openssl.git

diff --git a/CHANGES b/CHANGES
index f1d22a7090..25d0b81ea8 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,7 +2,65 @@
  OpenSSL CHANGES
  _______________
 
- Changes between 1.0.0e and 1.0.1  [xx XXX xxxx]
+ Changes between 1.0.0f and 1.0.1  [xx XXX xxxx]
+
+  *) Add optional 64-bit optimized implementations of elliptic curves NIST-P224,
+     NIST-P256, NIST-P521, with constant-time single point multiplication on
+     typical inputs. Compiler support for the nonstandard type __uint128_t is
+     required to use this (present in gcc 4.4 and later, for 64-bit builds).
+     Code made available under Apache License version 2.0.
+
+     Specify "enable-ec_nistp_64_gcc_128" on the Configure (or config) command
+     line to include this in your build of OpenSSL, and run "make depend" (or
+     "make update"). This enables the following EC_METHODs:
+
+         EC_GFp_nistp224_method()
+         EC_GFp_nistp256_method()
+         EC_GFp_nistp521_method()
+
+     EC_GROUP_new_by_curve_name() will automatically use these (while
+     EC_GROUP_new_curve_GFp() currently prefers the more flexible
+     implementations).
+     [Emilia Käsper, Adam Langley, Bodo Moeller (Google)]
+
+  *) Use type ossl_ssize_t instad of ssize_t which isn't available on
+     all platforms. Move ssize_t definition from e_os.h to the public
+     header file e_os2.h as it now appears in public header file cms.h
+     [Steve Henson]
+
+  *) New -sigopt option to the ca, req and x509 utilities. Additional
+     signature parameters can be passed using this option and in
+     particular PSS. 
+     [Steve Henson]
+
+  *) Add RSA PSS signing function. This will generate and set the
+     appropriate AlgorithmIdentifiers for PSS based on those in the
+     corresponding EVP_MD_CTX structure. No application support yet.
+     [Steve Henson]
+
+  *) Support for companion algorithm specific ASN1 signing routines.
+     New function ASN1_item_sign_ctx() signs a pre-initialised
+     EVP_MD_CTX structure and sets AlgorithmIdentifiers based on
+     the appropriate parameters.
+     [Steve Henson]
+
+  *) Add new algorithm specific ASN1 verification initialisation function
+     to EVP_PKEY_ASN1_METHOD: this is not in EVP_PKEY_METHOD since the ASN1
+     handling will be the same no matter what EVP_PKEY_METHOD is used.
+     Add a PSS handler to support verification of PSS signatures: checked
+     against a number of sample certificates.
+     [Steve Henson]
+
+  *) Add signature printing for PSS. Add PSS OIDs.
+     [Steve Henson, Martin Kaiser <lists@kaiser.cx>]
+
+  *) Add algorithm specific signature printing. An individual ASN1 method
+     can now print out signatures instead of the standard hex dump. 
+
+     More complex signatures (e.g. PSS) can print out more meaningful
+     information. Include DSA version that prints out the signature
+     parameters r, s.
+     [Steve Henson]
 
   *) Password based recipient info support for CMS library: implementing
      RFC3211.
@@ -151,18 +209,6 @@
   *) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id.
      [Steve Henson]
 
-  *) Add EC_GFp_nistp224_method(), a 64-bit optimized implementation for
-     elliptic curve NIST-P224 with constant-time single point multiplication on
-     typical inputs.  EC_GROUP_new_by_curve_name() will automatically use this
-     (while EC_GROUP_new_curve_GFp() currently won't and prefers the more
-     flexible implementations).
-
-     The implementation requires support for the nonstandard type __uint128_t,
-     and so is disabled by default.  To include this in your build of OpenSSL,
-     use -DEC_NISTP224_64_GCC_128 on the Configure (or config) command line,
-     and run "make depend" (or "make update").
-     [Emilia Käsper <emilia.kasper@esat.kuleuven.be> (Google)]
-
   *) Permit abbreviated handshakes when renegotiating using the function
      SSL_renegotiate_abbreviated().
      [Robin Seggelmann <seggelmann@fh-muenster.de>]
@@ -185,7 +231,22 @@
        Add command line options to s_client/s_server.
      [Steve Henson]
 
- Changes between 1.0.0d and 1.0.0e [xx XXX xxxx]
+ Changes between 1.0.0e and 1.0.0f [xx XXX xxxx]
+
+  *) Fix handling of BN_BLINDING: now BN_BLINDING_invert_ex (rather than
+     BN_BLINDING_invert_ex) calls BN_BLINDING_update, ensuring that concurrent
+     threads won't reuse the same blinding coefficients.
+
+     This also avoids the need to obtain the CRYPTO_LOCK_RSA_BLINDING
+     lock to call BN_BLINDING_invert_ex, and avoids one use of
+     BN_BLINDING_update for each BN_BLINDING structure (previously,
+     the last update always remained unused).
+     [Emilia Käsper (Google)]
+
+  *) In ssl3_clear, preserve s3->init_extra along with s3->rbuf.
+     [Bob Buckholz (Google)]
+
+ Changes between 1.0.0d and 1.0.0e [6 Sep 2011]
 
   *) Fix bug where CRLs with nextUpdate in the past are sometimes accepted
      by initialising X509_STORE_CTX properly. (CVE-2011-3207)
@@ -1092,6 +1153,16 @@
   
  Changes between 0.9.8r and 0.9.8s [xx XXX xxxx]
 
+  *) Fix handling of BN_BLINDING: now BN_BLINDING_invert_ex (rather than
+     BN_BLINDING_invert_ex) calls BN_BLINDING_update, ensuring that concurrent
+     threads won't reuse the same blinding coefficients.
+
+     This also avoids the need to obtain the CRYPTO_LOCK_RSA_BLINDING
+     lock to call BN_BLINDING_invert_ex, and avoids one use of
+     BN_BLINDING_update for each BN_BLINDING structure (previously,
+     the last update always remained unused).
+     [Emilia Käsper (Google)]
+
   *) Fix SSL memory handling for (EC)DH ciphersuites, in particular
      for multi-threaded use of ECDH.
      [Adam Langley (Google)]