X-Git-Url: https://git.openssl.org/?a=blobdiff_plain;f=CHANGES;h=53e4c9321989aaf184ebbd134cac449c1f053076;hb=8652d1c22ef0be8afde17d44495901ac513063a1;hp=f706c101110f1b1ac4be004f7071144df685297b;hpb=7865b871c0307ad2d71a8f3dc066b7cfd0d99c4a;p=openssl.git diff --git a/CHANGES b/CHANGES index f706c10111..53e4c93219 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,46 @@ Changes between 0.9.4 and 0.9.5 [xx XXX 2000] + *) Bug fix for BN_div() when the first words of num and divsor are + equal (it gave wrong results if (rem=(n1-q*d0)&BN_MASK2) < d0). + [Ulf Möller] + + *) Add support for various broken PKCS#8 formats, and command line + options to produce them. + [Steve Henson] + + *) New functions BN_CTX_start(), BN_CTX_get() and BT_CTX_end() to + get temporary BIGNUMs from a BN_CTX. + [Ulf Möller] + + *) Correct return values in BN_mod_exp_mont() and BN_mod_exp2_mont() + for p == 0. + [Ulf Möller] + + *) Change the SSLeay_add_all_*() functions to OpenSSL_add_all_*() and + include a #define from the old name to the new. The original intent + was that statically linked binaries could for example just call + SSLeay_add_all_ciphers() to just add ciphers to the table and not + link with digests. This never worked becayse SSLeay_add_all_digests() + and SSLeay_add_all_ciphers() were in the same source file so calling + one would link with the other. They are now in separate source files. + [Steve Henson] + + *) Add a new -notext option to 'ca' and a -pubkey option to 'spkac'. + [Steve Henson] + + *) Use a less unusual form of the Miller-Rabin primality test (it used + a binary algorithm for exponentiation integrated into the Miller-Rabin + loop, our standard modexp algorithms are faster). + [Bodo Moeller] + + *) Support for the EBCDIC character set completed. + [Martin Kraemer ] + + *) Source code cleanups: use const where appropriate, eliminate casts, + use void * instead of char * in lhash. + [Ulf Möller] + *) Bugfix: ssl3_send_server_key_exchange was not restartable (the state was not changed to SSL3_ST_SW_KEY_EXCH_B, and because of this the server could overwrite ephemeral keys that the client @@ -20,18 +60,24 @@ generation becomes much faster. This implies a change for the callback functions in DSA_is_prime - and DSA_generate_parameters: They are now called once for each - positive witness in the Rabin-Miller test, not just occasionally - in the inner loop; and the parameters to the callback function now - provide an iteration count for the outer loop rather than for the - current invocation of the inner loop. + and DSA_generate_parameters: The callback function is called once + for each positive witness in the Rabin-Miller test, not just + occasionally in the inner loop; and the parameters to the + callback function now provide an iteration count for the outer + loop rather than for the current invocation of the inner loop. + DSA_generate_parameters additionally can call the callback + function with an 'iteration count' of -1, meaning that a + candidate has passed the trial division test (when q is generated + from an application-provided seed, trial division is skipped). [Bodo Moeller] *) New function BN_is_prime_fasttest that optionally does trial division before starting the Rabin-Miller test and has an additional BN_CTX * argument (whereas BN_is_prime always has to allocate at least one BN_CTX). - [Bodo Moeller] + 'callback(1, -1, cb_arg)' is called when a number has passed the + trial division stage. + [Bodo Moeller] *) Fix for bug in CRL encoding. The validity dates weren't being handled as ASN1_TIME.