X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=0d47c6044ecc54330cac30c9c2a083f5705a69dc;hp=63fa6aa972ff9b837eff771cdb44032c7a146f92;hb=c79c5a256be9d8a279c873c37903f9eead71f355;hpb=3c1d6bbc9242900af0e5db927fdcda38539bd54a

diff --git a/CHANGES b/CHANGES
index 63fa6aa972..0d47c6044e 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,68 +2,23 @@
  OpenSSL CHANGES
  _______________
 
- Changes between 0.9.8g and 0.9.9  [xx XXX xxxx]
+ Changes between 0.9.8i and 0.9.9  [xx XXX xxxx]
 
-  *) Revamp of LHASH to provide stronger type-checking. Still to come:
-     STACK, TXT_DB, bsearch, qsort.
+  *) Removed effectively defunct crypto/store from the build.
      [Ben Laurie]
 
-  *) Not all of this is true any longer.
-     Will have to be updated to reflect all subsequent changes to cryptlib.c.
-                                                                       --bodo
-
-
-     To support arbitrarily-typed thread IDs, deprecate the existing
-     type-specific APIs for a general purpose CRYPTO_THREADID
-     interface. Applications can choose the thread ID
-     callback type it wishes to register, as before;
-
-        void CRYPTO_set_id_callback(unsigned long (*func)(void));
-        void CRYPTO_set_idptr_callback(void *(*func)(void));
-
-     but retrieval, copies, and comparisons of thread IDs are via
-     type-independent interfaces;
-
-        void CRYPTO_THREADID_set(CRYPTO_THREADID *id);
-        void CRYPTO_THREADID_cmp(const CRYPTO_THREADID *id1,
-                                 const CRYPTO_THREADID *id2);
-        void CRYPTO_THREADID_cpy(CRYPTO_THREADID *dst,
-                                 const CRYPTO_THREADID *src);
-
-     Also, for code that needs a thread ID "value" for use in
-     hash-tables or logging, a "hash" is available by;
-
-        unsigned long CRYPTO_THREADID_hash(const CRYPTO_THREADID *id);
-
-     This hash value is likely to be the thread ID anyway, but
-     otherwise it will be unique if possible or as collision-free as
-     possible if uniqueness can't be guaranteed on the target
-     architecture.
-
-     The following functions are deprecated;
-        unsigned long (*CRYPTO_get_id_callback(void))(void);
-        unsigned long CRYPTO_thread_id(void);
-
-     As a consequence of the above, there are similar deprecations of
-     BN_BLINDING functions in favour of CRYPTO_THREADID-based
-     alternatives;
-
-        #ifndef OPENSSL_NO_DEPRECATED
-        unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *);
-        void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long);
-        #endif
-        void BN_BLINDING_set_thread(BN_BLINDING *);
-        int BN_BLINDING_cmp_thread(const BN_BLINDING *, const
-                                   CRYPTO_THREADID *);
-
-     Also, the ERR_remove_state(int pid) API has been deprecated;
+  *) Revamp of STACK to provide stronger type-checking. Still to come:
+     TXT_DB, bsearch(?), OBJ_bsearch, qsort, CRYPTO_EX_DATA, ASN1_VALUE,
+     ASN1_STRING, CONF_VALUE.
+     [Ben Laurie]
 
-        #ifndef OPENSSL_NO_DEPRECATED
-        void ERR_remove_state(unsigned long pid)
-        #endif
-        void ERR_remove_thread_state(CRYPTO_THREADID *tid);
+  *) Add a new SSL_MODE_RELEASE_BUFFERS mode flag to release unused buffer
+     RAM on SSL connections.  This option can save about 34k per idle SSL.
+     [Nick Mathewson]
 
-     [Geoff Thorpe]
+  *) Revamp of LHASH to provide stronger type-checking. Still to come:
+     STACK, TXT_DB, bsearch, qsort.
+     [Ben Laurie]
 
   *) Initial support for Cryptographic Message Syntax (aka CMS) based
      on RFC3850, RFC3851 and RFC3852. New cms directory and cms utility,
@@ -371,14 +326,6 @@
      callback is &errno.
      [Bodo Moeller]
 
-     -- NOTE -- this change has been reverted and replaced with a
-     type-independent wrapper (ie. applications do not have to check
-     two type-specific thread ID representations as implied in this
-     change note). However, the "idptr" callback form described here
-     can still be registered. Please see the more recent CHANGES note
-     regarding CRYPTO_THREADID. [Geoff Thorpe]
-     -- NOTE --
-
   *) Change the array representation of binary polynomials: the list
      of degrees of non-zero coefficients is now terminated with -1.
      Previously it was terminated with 0, which was also part of the
@@ -688,7 +635,36 @@
   *) Change 'Configure' script to enable Camellia by default.
      [NTT]
 
- Changes between 0.9.8g and 0.9.8h  [xx XXX xxxx]
+ Changes between 0.9.8h and 0.9.8i  [xx XXX xxxx]
+
+  *) Add support for Local Machine Keyset attribute in PKCS#12 files.
+     [Steve Henson]
+
+  *) Fix BN_GF2m_mod_arr() top-bit cleanup code.
+     [Huang Ying]
+
+  *) Expand ENGINE to support engine supplied SSL client certificate functions.
+
+     This work was sponsored by Logica.
+     [Steve Henson]
+
+  *) Add CryptoAPI ENGINE to support use of RSA and DSA keys held in Windows
+     keystores. Support for SSL/TLS client authentication too.
+     Not compiled unless enable-capieng specified to Configure.
+
+     This work was sponsored by Logica.
+     [Steve Henson]
+
+ Changes between 0.9.8g and 0.9.8h  [28 May 2008]
+
+  *) Fix flaw if 'Server Key exchange message' is omitted from a TLS
+     handshake which could lead to a cilent crash as found using the
+     Codenomicon TLS test suite (CVE-2008-1672) 
+     [Steve Henson, Mark Cox]
+
+  *) Fix double free in TLS server name extensions which could lead to
+     a remote crash found by Codenomicon TLS test suite (CVE-2008-0891) 
+     [Joe Orton]
 
   *) Clear error queue in SSL_CTX_use_certificate_chain_file()