X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=18eb27eebe819e8569cdd47ca672b93dede35713;hp=21ec6437c58311bbff8eda2b1808c935d6927c97;hb=29a1bb07e52e17a0521d33056a2ee5823f951f84;hpb=e34aa5a3b353e72ace92d0f2a0868de59acf9321

diff --git a/CHANGES b/CHANGES
index 21ec6437c5..18eb27eebe 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,7 +2,47 @@
  OpenSSL CHANGES
  _______________
 
- Changes between 0.9.8b and 0.9.9  [xx XXX xxxx]
+ Changes between 0.9.8c and 0.9.9  [xx XXX xxxx]
+
+  *) Allow multiple CRLs to exist in an X509_STORE with matching issuer names.
+     Modify get_crl() to find a valid (unexpired) CRL if possible.
+     [Steve Henson]
+
+  *) New function X509_CRL_match() to check if two CRLs are identical. Normally
+     this would be called X509_CRL_cmp() but that name is already used by
+     a function that just compares CRL issuer names. Cache several CRL 
+     extensions in X509_CRL structure and cache CRLDP in X509.
+     [Steve Henson]
+
+  *) Store a "canonical" representation of X509_NAME structure (ASN1 Name)
+     this maps equivalent X509_NAME structures into a consistent structure.
+     Name comparison can then be performed rapidly using memcmp().
+     [Steve Henson]
+
+  *) Non-blocking OCSP request processing. Add -timeout option to ocsp 
+     utility.
+     [Steve Henson]
+
+  *) Allow digests to supply their own micalg string for S/MIME type using
+     the ctrl EVP_MD_CTRL_MICALG.
+     [Steve Henson]
+
+  *) During PKCS7 signing pass the PKCS7 SignerInfo structure to the
+     EVP_PKEY_METHOD before and after signing via the EVP_PKEY_CTRL_PKCS7_SIGN
+     ctrl. It can then customise the structure before and/or after signing
+     if necessary.
+     [Steve Henson]
+
+  *) New function OBJ_add_sigid() to allow application defined signature OIDs
+     to be added to OpenSSLs internal tables. New function OBJ_sigid_free()
+     to free up any added signature OIDs.
+     [Steve Henson]
+
+  *) New functions EVP_CIPHER_do_all(), EVP_CIPHER_do_all_sorted(),
+     EVP_MD_do_all() and EVP_MD_do_all_sorted() to enumerate internal
+     digest and cipher tables. New options added to openssl utility:
+     list-message-digest-algorithms and list-cipher-algorithms.
+     [Steve Henson]
 
   *) In addition to the numerical (unsigned long) thread ID, provide
      for a pointer (void *) thread ID.  This helps accomodate systems
@@ -337,7 +377,15 @@
   *) Change 'Configure' script to enable Camellia by default.
      [NTT]
 
- Changes between 0.9.8b and 0.9.8c  [xx XXX xxxx]
+ Changes between 0.9.8c and 0.9.8d  [xx XXX xxxx]
+
+ Changes between 0.9.8b and 0.9.8c  [05 Sep 2006]
+
+  *) Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
+     (CVE-2006-4339)  [Ben Laurie and Google Security Team]
+
+  *) Add AES IGE and biIGE modes.
+     [Ben Laurie]
 
   *) Change the Unix randomness entropy gathering to use poll() when
      possible instead of select(), since the latter has some
@@ -1292,7 +1340,10 @@
      differing sizes.
      [Richard Levitte]
 
- Changes between 0.9.7j and 0.9.7k  [xx XXX xxxx]
+ Changes between 0.9.7j and 0.9.7k  [05 Sep 2006]
+
+  *) Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
+     (CVE-2006-4339)  [Ben Laurie and Google Security Team]
 
   *) Change the Unix randomness entropy gathering to use poll() when
      possible instead of select(), since the latter has some