X-Git-Url: https://git.openssl.org/?a=blobdiff_plain;f=CHANGES;h=34ad6c80b887e7929cd81e04439a37e0297b698e;hb=fbecbc8cfbece8e59b55dc8746320cade112a38a;hp=b1b2850c1aeb90f6b9e8e5c6129aa607c2d8d88f;hpb=6d7cce481e639ed4f9b72be5619c3d00ef065427;p=openssl.git diff --git a/CHANGES b/CHANGES index b1b2850c1a..34ad6c80b8 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,57 @@ Changes between 0.9.5a and 0.9.6 [xx XXX 2000] + *) Remove lots of duplicated code from the EVP library. For example *every* + cipher init() function handles the 'iv' in the same way according to the + cipher mode. They also all do nothing if the 'key' parameter is NULL and + for CFB and OFB modes they zero ctx->num. + + Most of the routines have the same form and so can be declared in terms + of macros. + + By shifting this to the top level EVP_CipherInit() it can be removed from + all individual ciphers. If the cipher wants to handle IVs or keys + differently it can set the EVP_CIPH_CUSTOM_IV or EVP_CIPH_ALWAYS_CALL_INIT + flags. + [Steve Henson] + + *) In ssl/s2_clnt.c and ssl/s3_clnt.c, call ERR_clear_error() when + the handshake is continued after ssl_verify_cert_chain(); + otherwise, if SSL_VERIFY_NONE is set, remaining error codes + can lead to 'unexplainable' connection aborts later. + [Bodo Moeller; problem tracked down by Lutz Jaenicke] + + *) EVP cipher enhancement. Add hooks for extra EVP features. This will allow + various cipher parameters to be set in the EVP interface. Initially + support added for variable key length ciphers via the + EVP_CIPHER_CTX_set_key_length() function. Other cipher specific + parameters will be added later via the new catchall 'ctrl' function. + New functionality allows removal of S/MIME code RC2 hack. + + Still needs support in other library functions, and allow parameter + setting for algorithms like RC2, RC5. + + Change lots of functions like EVP_EncryptUpdate() to now return a + value: although software versions of the algorithms cannot fail + any installed hardware versions can. + [Steve Henson] + + *) Implement SSL_OP_TLS_ROLLBACK_BUG: In ssl3_get_client_key_exchange, if + this option is set, tolerate broken clients that send the negotiated + protocol version number instead of the requested protocol version + number. + [Bodo Moeller] + + *) Call dh_tmp_cb (set by ..._TMP_DH_CB) with correct 'is_export' flag; + i.e. non-zero for export ciphersuites, zero otherwise. + Previous versions had this flag inverted, inconsistent with + rsa_tmp_cb (..._TMP_RSA_CB). + [Bodo Moeller; problem reported by Amit Chopra] + + *) Add missing DSA library text string. Work around for some IIS + key files with invalid SEQUENCE encoding. + [Steve Henson] + *) Add a document (doc/standards.txt) that list all kinds of standards and so on that are implemented in OpenSSL. [Richard Levitte] @@ -15,7 +66,7 @@ [Steve Henson] *) Eliminate non-ANSI declarations in crypto.h and stack.h. - [Ulf Möller] + [Ulf Möller] *) Fix for SSL server purpose checking. Server checking was rejecting certificates which had extended key usage present @@ -82,12 +133,12 @@ The new configuration file reading functions are: - NCONF_new, NCONF_free, NCONF_load, NCONF_load_fp, NCONF_load_bio, - NCONF_get_section, NCONF_get_string, NCONF_get_numbre + NCONF_new, NCONF_free, NCONF_load, NCONF_load_fp, NCONF_load_bio, + NCONF_get_section, NCONF_get_string, NCONF_get_numbre - NCONF_default, NCONF_WIN32 + NCONF_default, NCONF_WIN32 - NCONF_dump_fp, NCONF_dump_bio + NCONF_dump_fp, NCONF_dump_bio NCONF_default and NCONF_WIN32 are method (or "class") choosers, NCONF_new creates a new CONF object. This works in the same way @@ -753,11 +804,11 @@ With these changes, a new set of functions and macros have appeared: - CRYPTO_set_mem_debug_functions() [F] - CRYPTO_get_mem_debug_functions() [F] - CRYPTO_dbg_set_options() [F] - CRYPTO_dbg_get_options() [F] - CRYPTO_malloc_debug_init() [M] + CRYPTO_set_mem_debug_functions() [F] + CRYPTO_get_mem_debug_functions() [F] + CRYPTO_dbg_set_options() [F] + CRYPTO_dbg_get_options() [F] + CRYPTO_malloc_debug_init() [M] The memory debug functions are NULL by default, unless the library is compiled with CRYPTO_MDEBUG or friends is defined. If someone