Workaround for libsafe "error".

[oweals/openssl.git] / CHANGES

diff --git a/CHANGES b/CHANGES
index 0a35672434785f383658320359efdc47d4a1d421..3030c8cf873f2be95ed42b48b9494a31965bbff4 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,15 @@
 
  Changes between 0.9.6 and 0.9.6a  [xx XXX 2001]
 
+  *) Use the cached encoding of an X509_NAME structure rather than
+     copying it. This is apparently the reason for the libsafe "errors"
+     but the code is actually correct.
+     [Steve Henson]
+
+  *) Add new function BN_rand_range(), and fix DSA_sign_setup() to prevent
+     Bleichenbacher's DSA attack.
+     [Ulf Moeller]
+
   *) In the NCONF_...-based implementations for CONF_... queries
      (crypto/conf/conf_lib.c), if the input LHASH is NULL, avoid using
      a temporary CONF structure with the data component set to NULL
@@ -13,6 +22,9 @@
      return NULL from CONF_get_section.
      [Bodo Moeller]
 
+  *) Fix potential buffer overrun for EBCDIC.
+     [Ulf Moeller]
+
   *) Tolerate nonRepudiation as being valid for S/MIME signing and certSign
      keyUsage if basicConstraints absent for a CA.
      [Steve Henson]