Make 'openssl req -x509' more equivalent to 'openssl req -new'

[openssl.git] / CHANGES

diff --git a/CHANGES b/CHANGES
index f83fc2d555d562e09e51315a92e65b9f5f995d43..32a7c7b46a167db0316d572bddb9b8a389331f01 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -200,19 +200,13 @@
      [Emilia Käsper]
 
   *) Add X25519 support.
-     Integrate support for X25519 into EC library. This includes support
+     Add ASN.1 and EVP_PKEY methods for X25519. This includes support
      for public and private key encoding using the format documented in
-     draft-josefsson-pkix-newcurves-01: specifically X25519 uses the
-     OID from that draft, encodes public keys using little endian
-     format in the ECPoint structure and private keys using
-     little endian form in the privateKey field of the ECPrivateKey
-     structure. TLS support complies with draft-ietf-tls-rfc4492bis-06
-     and uses X25519(29).
+     draft-ietf-curdle-pkix-02. The coresponding EVP_PKEY method supports
+     key generation and key derivation.
 
-     Note: the current version supports key generation, public and
-     private key encoding and ECDH key agreement using the EC API.
-     Low level point operations such as EC_POINT_add(), EC_POINT_mul()
-     are NOT supported.
+     TLS support complies with draft-ietf-tls-rfc4492bis-08 and uses
+     X25519(29).
      [Steve Henson]
 
   *) Deprecate SRP_VBASE_get_by_user.
@@ -2211,7 +2205,7 @@
   *) An attacker can force an error condition which causes openssl to crash
      whilst processing DTLS packets due to memory being freed twice. This
      can be exploited through a Denial of Service attack.
-     Thanks to Adam Langley and Wan-The Chang for discovering and researching
+     Thanks to Adam Langley and Wan-Teh Chang for discovering and researching
      this issue.
      (CVE-2014-3505)
      [Adam Langley]