X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=0d767703cd39faf430622a15e2ebebd8194e226a;hp=719a7ff22b88ea97d8a56288398b32c85f8a3058;hb=e6526fbf4dc894d71ae3517a1ba484475b79b402;hpb=520b76ffd95cb27839471055fa4950ff9bf50be2

diff --git a/CHANGES b/CHANGES
index 719a7ff22b..0d767703cd 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,23 @@
 
  Changes between 0.9.7a and 0.9.8  [xx XXX xxxx]
 
+  *) Add functionality to check the public key of a certificate request
+     against a given private.  This is useful to check that a certificate
+     request can be signed by that key (self-signing).
+     [Richard Levitte]
+
+  *) Make it possible to have multiple active certificates with the same
+     subject in the CA index file.  This is done only if the keyword
+     'unique_subject' is set to 'no' in the main CA section (default
+     if 'CA_default') of the configuration file.  The value is saved
+     with the database itself in a separate index attribute file,
+     named like the index file with '.attr' appended to the name.
+     [Richard Levitte]
+
+  *) Generate muti valued AVAs using '+' notation in config files for
+     req and dirName.
+     [Steve Henson]
+
   *) Support for nameConstraints certificate extension.
      [Steve Henson]
 
@@ -479,12 +496,17 @@
      to avoid a timing attack. Applications that don't want it can call
      RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING.
      They would be ill-advised to do so in most cases.
-     [Ben Laurie, Steve Henson, Geoff Thorpe]
+     [Ben Laurie, Steve Henson, Geoff Thorpe, Bodo Moeller]
 
   *) Change RSA blinding code so that it works when the PRNG is not
      seeded (in this case, the secret RSA exponent is abused as
      an unpredictable seed -- if it is not unpredictable, there
-     is no point in blinding anyway).
+     is no point in blinding anyway).  Make RSA blinding thread-safe
+     by remembering the creator's thread ID in rsa->blinding and
+     having all other threads use local one-time blinding factors
+     (this requires more computation than sharing rsa->blinding, but
+     avoids excessive locking; and if an RSA object is not shared
+     between threads, blinding will still be very fast).
      [Bodo Moeller]
 
 yet to be integrated into this CVS branch: