X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=67aa57833b3c2e90e3f0f72dcc0a2fb01c14675c;hp=761cd4596c5ece294d9baca39396b84172809b55;hb=82652aaf17819c6c1ecfc50602b4b54a19c566fb;hpb=0dc092334bc785b6fb0c8b568acba3db665b7e22

diff --git a/CHANGES b/CHANGES
index 761cd4596c..67aa57833b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,7 +4,12 @@
 
  Changes between 0.9.7 and 0.9.8  [xx XXX 2002]
 
-  *) Add OIDs from X9.62 and SECG.
+  *) Add a function EC_GROUP_check_discriminant() (defined via
+     EC_METHOD) that verifies that the curve discriminant is non-zero.
+
+     Add a function EC_GROUP_check() that makes some sanity tests
+     on a EC_GROUP, its generator and order.  This includes
+     EC_GROUP_check_discriminant().
      [Nils Larsch <nla@trustcenter.de>]
 
   *) Add ECDSA in new directory crypto/ecdsa/.
@@ -22,8 +27,9 @@
        extracted before the specific public key.
      [Nils Larsch <nla@trustcenter.de>]
 
-  *) Include some named elliptic curves.  These can be obtained from
-     the new functions
+  *) Include some named elliptic curves, and add OIDs from X9.62,
+     SECG, and WAP/WTLS.  The curves can be obtained from the new
+     functions
           EC_GROUP_new_by_nid()
           EC_GROUP_new_by_name()
      Also add a 'nid' field to EC_GROUP objects, which can be accessed
@@ -43,6 +49,29 @@
          *) applies to 0.9.6a ... 0.9.6d and 0.9.7
          +) applies to 0.9.7 only
 
+  *) Fix DH_generate_parameters() so that it works for 'non-standard'
+     generators, i.e. generators other than 2 and 5.  (Previously, the
+     code did not properly initialise the 'add' and 'rem' values to
+     BN_generate_prime().)
+
+     In the new general case, we do not insist that 'generator' is
+     actually a primitive root: This requirement is rather pointless;
+     a generator of the order-q subgroup is just as good, if not
+     better.
+     [Bodo Moeller]
+
+  *) Map new X509 verification errors to alerts. Discovered and submitted by
+     Tom Wu <tom@arcot.com>.
+     [Lutz Jaenicke]
+
+  *) Fix ssl3_pending() (ssl/s3_lib.c) to prevent SSL_pending() from
+     returning non-zero before the data has been completely received
+     when using non-blocking I/O.
+     [Bodo Moeller; problem pointed out by John Hughes]
+
+  *) Some of the ciphers missed the strength entry (SSL_LOW etc).
+     [Ben Laurie, Lutz Jaenicke]
+
   +) Add an "init" command to the ENGINE config module and auto initialize
      ENGINEs. Without any "init" command the ENGINE will be initialized 
      after all ctrl commands have been executed on it. If init=1 the