New functions to support opaque EVP_CIPHER_CTX handling.

[openssl.git] / CHANGES

diff --git a/CHANGES b/CHANGES
index 3de0267cb6cbde9f595599e38a0ef5bcacb8b96e..67cd88c1d898dac7ed24ce8975927ff098467c39 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,26 @@
 
  Changes between 0.9.8a and 0.9.9  [xx XXX xxxx]
 
+  *) Disable rogue ciphersuites:
+
+      - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5")
+      - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5")
+      - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5")
+
+     The latter two were purportedly from
+     draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really
+     appear there.
+
+     Other ciphersuites from draft-ietf-tls-56-bit-ciphersuites-01.txt
+     remain enabled for now, but are just as unofficial, and the ID
+     has long expired; these will probably disappear soon.
+     [Bodo Moeller]
+
+  *) Move code previously exiled into file crypto/ec/ec2_smpt.c
+     to ec2_smpl.c, and no longer require the OPENSSL_EC_BIN_PT_COMP
+     macro.
+     [Bodo Moeller]
+
   *) New candidate for BIGNUM assembler implementation, bn_mul_mont,
      dedicated Montgomery multiplication procedure, is introduced.
      BN_MONT_CTX is modified to allow bn_mul_mont to reach for higher
@@ -53,6 +73,16 @@
 
  Changes between 0.9.8a and 0.9.8b  [XX xxx XXXX]
 
+  *) New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free() to support
+     opaque EVP_CIPHER_CTX handling.
+     [Steve Henson]
+
+  *) Several fixes and enhancements to the OID generation code. The old code
+     sometimes allowed invalid OIDs (1.X for X >= 40 for example), couldn't
+     handle numbers larger than ULONG_MAX, truncated printing and had a
+     non standard OBJ_obj2txt() behaviour.
+     [Steve Henson]
+
   *) Add support for building of engines under engine/ as shared libraries
      under VC++ build system.
      [Steve Henson]