X-Git-Url: https://git.openssl.org/?a=blobdiff_plain;f=CHANGES;h=9dbb21213c5e5cb5bd8f2eccca01232ac0160090;hb=ba11121731cb1474479b655e47e15d40f80ebed6;hp=26c84b059622e47e227d2830a8529a86251afcfb;hpb=6fb60a84dd1ec81953917e0444dab50186617432;p=openssl.git

diff --git a/CHANGES b/CHANGES
index 26c84b0596..9dbb21213c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,23 @@
 
  Changes between 0.9.7 and 0.9.8  [xx XXX 2002]
 
+  *) Add support for ECC-based ciphersuites from draft-ietf-tls-ecc-01.txt.
+     As these are not official, they are not included in "ALL";
+     the "ECCdraft" ciphersuite group alias can be used to select them.
+     [Vipul Gupta and Sumit Gupta (Sun Microsystems Laboratories)]
+
+  *) Add ECDH engine support.
+     [Nils Gura and Douglas Stebila (Sun Microsystems Laboratories)]
+
+  *) Add ECDH in new directory crypto/ecdh/.
+TODO: more general interface (return  x  coordinate, not its hash)
+TODO: bug: pad  x  with leading zeros if necessary
+     [Douglas Stebila (Sun Microsystems Laboratories)]
+
+  *) Let BN_rand_range() abort with an error after 100 iterations
+     without success (which indicates a broken PRNG).
+     [Bodo Moeller]
+
   *) Change BN_mod_sqrt() so that it verifies that the input value
      is really the square of the return value.  (Previously,
      BN_mod_sqrt would show GIGO behaviour.)
@@ -116,9 +133,11 @@
 
      bntest.c has additional tests for binary polynomial arithmetic.
 
-     Two implementations for BN_GF2m_mod_div() are available (selected
-     at compile-time).  ...
-TBD ... OPENSSL_NO_SUN_DIV ...  --Bodo
+     Two implementations for BN_GF2m_mod_div() are available.
+     The default algorithm simply uses BN_GF2m_mod_inv() and
+     BN_GF2m_mod_mul().  The alternative algorithm is compiled in only
+     if OPENSSL_SUN_GF2M_DIV is defined (patent pending; read the
+     copyright notice in crypto/bn/bn_gf2m.c before enabling it).
 
      [Sheueling Chang Shantz and Douglas Stebila
      (Sun Microsystems Laboratories)]
@@ -208,21 +227,32 @@ TBD ... OPENSSL_NO_SUN_DIV ...  --Bodo
      - X509_PUBKEY_get (crypto/asn1/x_pubkey.c) and
        d2i_PublicKey (crypto/asn1/d2i_pu.c) have been modified to make
        them suitable for ECDSA where domain parameters must be
-       extracted before the specific public key.
+       extracted before the specific public key;
+     - ECDSA engine support has been added.
      [Nils Larsch <nla@trustcenter.de>]
 
   *) Include some named elliptic curves, and add OIDs from X9.62,
-     SECG, and WAP/WTLS.  The curves can be obtained from the new
-     functions
-          EC_GROUP_new_by_nid()
-          EC_GROUP_new_by_name()
+     SECG, and WAP/WTLS.  Each curve can be obtained from the new
+     function
+          EC_GROUP_new_by_nid(),
+     and the list of available named curves can be obtained with
+          EC_get_builtin_curves().
      Also add a 'curve_name' member to EC_GROUP objects, which can be
      accessed via
          EC_GROUP_set_nid()
          EC_GROUP_get_nid()
      [Nils Larsch <nla@trustcenter.de, Bodo Moeller]
  
- Changes between 0.9.6e and 0.9.7  [XX xxx 2002]
+ Changes between 0.9.6g and 0.9.7  [XX xxx 2002]
+
+  *) Make -nameopt work fully for req and add -reqopt switch.
+     [Michael Bell <michael.bell@rz.hu-berlin.de>, Steve Henson]
+
+  *) The "block size" for block ciphers in CFB and OFB mode should be 1.
+     [Steve Henson, reported by Yngve Nysaeter Pettersen <yngve@opera.com>]
+
+  *) The "block size" for block ciphers in CFB and OFB mode should be 1.
+     [Steve Henson]
 
   *) Make sure tests can be performed even if the corresponding algorithms
      have been removed entirely.  This was also the last step to make
@@ -1887,7 +1917,31 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
   *) Clean old EAY MD5 hack from e_os.h.
      [Richard Levitte]
 
- Changes between 0.9.6e and 0.9.6f  [XX xxx XXXX]
+ Changes between 0.9.6g and 0.9.6h  [xx XXX xxxx]
+
+  *) Reorder cleanup sequence in SSL_CTX_free(): only remove the ex_data after
+     the cached sessions are flushed, as the remove_cb() might use ex_data
+     contents. Bug found by Sam Varshavchik <mrsam@courier-mta.com>
+     (see [openssl.org #212]).
+     [Geoff Thorpe, Lutz Jaenicke]
+
+  *) Fix typo in OBJ_txt2obj which incorrectly passed the content
+     length, instead of the encoding length to d2i_ASN1_OBJECT.
+     [Steve Henson]
+
+ Changes between 0.9.6f and 0.9.6g  [9 Aug 2002]
+
+  *) [In 0.9.6g-engine release:]
+     Fix crypto/engine/vendor_defns/cswift.h for WIN32 (use '_stdcall').
+     [Lynn Gazis <lgazis@rainbow.com>]
+
+ Changes between 0.9.6e and 0.9.6f  [8 Aug 2002]
+
+  *) Fix ASN1 checks. Check for overflow by comparing with LONG_MAX
+     and get fix the header length calculation.
+     [Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>,
+	Alon Kantor <alonk@checkpoint.com> (and others),
+	Steve Henson]
 
   *) Use proper error handling instead of 'assertions' in buffer
      overflow checks added in 0.9.6e.  This prevents DoS (the