Changes between 0.9.4 and 0.9.5 [xx XXX 1999]
+ *) Add d2i,i2d bio/fp functions for PrivateKey: these convert the
+ traditional format into an EVP_PKEY structure.
+ [Steve Henson]
+
+ *) Add a password callback function PEM_cb() which either prompts for
+ a password if usr_data is NULL or otherwise assumes it is a null
+ terminated password. Allow passwords to be passed on command line
+ environment or config files in a few more utilities.
+ [Steve Henson]
+
+ *) Add a bunch of DER and PEM functions to handle PKCS#8 format private
+ keys. Add some short names for PKCS#8 PBE algorithms and allow them
+ to be specified on the command line for the pkcs8 and pkcs12 utilities.
+ Update documentation.
+ [Steve Henson]
+
+ *) Support for ASN1 "NULL" type. This could be handled before by using
+ ASN1_TYPE but there wasn't any function that would try to read a NULL
+ and produce an error if it couldn't. For compatibility we also have
+ ASN1_NULL_new() and ASN1_NULL_free() functions but these are faked and
+ don't allocate anything because they don't need to.
+ [Steve Henson]
+
+ *) Initial support for MacOS is now provided. Examine INSTALL.MacOS
+ for details.
+ [Andy Polyakov, Roy Woods <roy@centicsystems.ca>]
+
*) Rebuild of the memory allocation routines used by OpenSSL code and
possibly others as well. The purpose is to make an interface that
provide hooks so anyone can build a separate set of allocation and
memory leaks, but this gives people a chance to debug other memory
problems.
- This change means that a call `CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON)'
- is no longer dependent on if the macro CRYPTO_MDEBUG or friends were
- used when the OpenSSL libcrypto was built. This is under debate and
- may change back, but with another option to still get debugging even
- if the library wasn't compiled that way.
+ With these changes, a new set of functions and macros have appeared:
+
+ CRYPTO_set_mem_debug_functions() [F]
+ CRYPTO_get_mem_debug_functions() [F]
+ CRYPTO_dbg_set_options() [F]
+ CRYPTO_dbg_get_options() [F]
+ CRYPTO_melloc_debug_init() [M]
+
+ The memory debug functions are NULL by default, unless the library
+ is compiled with CRYPTO_MDEBUG or friends is defined. If someone
+ wants to debug memory anyway, CRYPTO_malloc_debug_init() or
+ CRYPTO_set_mem_debug_functions() must be used.
+
+ Also, things like CRYPTO_set_mem_functions will always give the
+ expected result (the new set of functions is used for allocation
+ and deallocation) at all times, regardless of platform and compiler
+ options.
+
+ To finish it up, some functions that were never use in any other
+ way than through macros have a new API and new semantic:
+
+ CRYPTO_dbg_malloc()
+ CRYPTO_dbg_realloc()
+ CRYPTO_dbg_free()
+
+ All macros of value have retained their old syntax.
[Richard Levitte]
*) Some S/MIME fixes. The OID for SMIMECapabilities was wrong, the
public keys in a format compatible with certificate
SubjectPublicKeyInfo structures. Unfortunately there were already
functions called *_PublicKey_* which used various odd formats so
- these are retained for compatability: however the DSA variants were
+ these are retained for compatibility: however the DSA variants were
never in a public release so they have been deleted. Changed dsa/rsa
utilities to handle the new format: note no releases ever handled public
keys so we should be OK.
require various evil hacks to allow partial transparent handling and
even then it doesn't work with DER formats. Given the option anything
other than PKCS#8 should be dumped: but the other formats have to
- stay in the name of compatability.
+ stay in the name of compatibility.
With public keys and the benefit of hindsight one standard format
is used which works with EVP_PKEY, RSA or DSA structures: though
functions. An X509_AUX function such as PEM_read_X509_AUX()
can still read in a certificate file in the usual way but it
will also read in any additional "auxiliary information". By
- doing things this way a fair degree of compatability can be
+ doing things this way a fair degree of compatibility can be
retained: existing certificates can have this information added
using the new 'x509' options.
Use the random seed file in some applications that previously did not:
ca,
- dsaparam -genkey (which also ignored its `-rand' option),
+ dsaparam -genkey (which also ignored its '-rand' option),
s_client,
s_server,
x509 (when signing).
for RSA signatures we could do without one.
gendh and gendsa (unlike genrsa) used to read only the first byte
- of each file listed in the `-rand' option. The function as previously
+ of each file listed in the '-rand' option. The function as previously
found in genrsa is now in app_rand.c and is used by all programs
- that support `-rand'.
+ that support '-rand'.
[Bodo Moeller]
*) In RAND_write_file, use mode 0600 for creating files;
projects / openssl.git / blobdiff