Check GOST parameters are not NULL (CVE-2012-0027)

[openssl.git] / CHANGES

diff --git a/CHANGES b/CHANGES
index 86f9e346632eb828a0e1183073e986c5754e95e6..338e49d95ccddca1ae48252014ef76302a275d69 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,34 @@
 
  Changes between 1.0.0f and 1.0.1  [xx XXX xxxx]
 
+  *) Add support for TLS/DTLS heartbeats.
+     [Robin Seggelmann <seggelmann@fh-muenster.de>]
+
+  *) Add support for SCTP.
+     [Robin Seggelmann <seggelmann@fh-muenster.de>]
+
+  *) Check parameters are not NULL in GOST ENGINE. (CVE-2012-0027)
+     [Andrey Kulikov <amdeich@gmail.com>]
+
+  *) Prevent malformed RFC3779 data triggering an assertion failure.
+     Thanks to Andrew Chi, BBN Technologies, for discovering the flaw
+     and Rob Austein <sra@hactrn.net> for fixing it. (CVE-2011-4577)
+     [Rob Austein <sra@hactrn.net>]
+
+  *) Improved PRNG seeding for VOS.
+     [Paul Green <Paul.Green@stratus.com>]
+
+  *) Extensive assembler packs updates, most notably:
+
+       - x86[_64]:     AES-NI, PCLMULQDQ, RDRAND support;
+       - x86[_64]:     SSSE3 support (SHA1, vector-permutation AES);
+       - x86_64:       bit-sliced AES implementation;
+       - ARM:          NEON support, contemporary platforms optimizations;
+       - s390x:        z196 support;
+       - *:            GHASH and GF(2^m) multiplication implementations;
+
+     [Andy Polyakov]
+
   *) Make TLS-SRP code conformant with RFC 5054 API cleanup
      (removal of unnecessary code)
      [Peter Sylvester <peter.sylvester@edelweb.fr>]