Add new APIs EC_curve_nist2nid and EC_curve_nid2nist which convert

[openssl.git] / CHANGES

diff --git a/CHANGES b/CHANGES
index d4163ca955b4a1be8616b987b570f723fabd2de1..5dbdfc50067d7253a9c47b87e2d2e48a91817c58 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,11 @@
 
  Changes between 1.0.1 and 1.1.0  [xx XXX xxxx]
 
+  *) Add new APIs EC_curve_nist2nid and EC_curve_nid2nist which convert
+     between NIDs and the more common NIST names such as "P-256". Enhance
+     ecparam utility and ECC method to recognise the NIST names for curves.
+     [Steve Henson]
+
   *) Enhance SSL/TLS certificate chain handling to support different
      chains for each certificate instead of one chain in the parent SSL_CTX.
      [Steve Henson]
@@ -274,6 +279,10 @@
      the correct format in RSA_verify so both forms transparently work.
      [Steve Henson]
 
+  *) Add compatibility with old MDC2 signatures which use an ASN1 OCTET
+     STRING form instead of a DigestInfo.
+     [Steve Henson]
+
   *) Some servers which support TLS 1.0 can choke if we initially indicate
      support for TLS 1.2 and later renegotiate using TLS 1.0 in the RSA
      encrypted premaster secret. As a workaround use the maximum pemitted
@@ -544,6 +553,13 @@
        Add command line options to s_client/s_server.
      [Steve Henson]
 
+ Changes between 1.0.0g and 1.0.0h [xx XXX xxxx]
+
+  *) Fix CVE-2011-4619: make sure we really are receiving a 
+     client hello before rejecting multiple SGC restarts. Thanks to
+     Ivan Nestlerode <inestlerode@us.ibm.com> for discovering this bug.
+     [Steve Henson]
+
  Changes between 1.0.0f and 1.0.0g [18 Jan 2012]
 
   *) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.