Change c_zlib further to allow loading a shared zlib on all operating

[openssl.git] / CHANGES

diff --git a/CHANGES b/CHANGES
index 998ea1639cf9628384dd3166621572fe99067ee1..f7d3caef5b715b80ca53a94317de1978797eec17 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -3,6 +3,25 @@
 
  Changes between 0.9.6 and 0.9.7  [xx XXX 2000]
 
+  *) Have the zlib compression code load ZLIB.DLL dynamically under
+     Windows.
+     [Richard Levitte]
+
+  *) New function BN_mod_sqrt for computing square roots modulo a prime
+     (Tonelli-Shanks algorithm).
+     [Lenka Fibikova <fibikova@exp-math.uni-essen.de>, Bodo Moeller]
+
+  *) Store verify_result within SSL_SESSION also for client side to
+     avoid potential security hole. (Re-used sessions on the client side
+     always resulted in verify_result==X509_V_OK, not using the original
+     result of the server certificate verification.)
+     [Lutz Jaenicke]
+
+  *) Make BN_mod_inverse faster by explicitly handling small quotients
+     in the Euclid loop. (Speed gain about 20% for small moduli [256 or
+     512 bits], about 30% for larger ones [1024 or 2048 bits].)
+     [Bodo Moeller]
+
   *) Disable ssl2_peek and ssl3_peek (i.e., both implementations
      of SSL_peek) because they both are completely broken.
      They will be fixed RSN by adding an additional 'peek' parameter
@@ -31,10 +50,10 @@
      BN_is_one(), and BN_is_word().
      [Bodo Moeller]
 
-  *) Initialise "ex_data" member of an RSA structure prior to calling the
-     method-specific "init()" handler, and clean up ex_data after calling
-     the method-specific "finish()" handler. Previously, this was happening
-     the other way round.
+  *) Initialise "ex_data" member of RSA/DSA/DH structures prior to calling
+     the method-specific "init()" handler. Also clean up ex_data after
+     calling the method-specific "finish()" handler. Previously, this was
+     happening the other way round.
      [Geoff Thorpe]
 
   *) New function BN_swap.