X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=3581aa7ad68812ba3be11b4b32ccbbfc8db619ca;hp=c0390345baeee5e8dc1142151170c8eeb1891ebf;hb=c62da732a45d329d2f9d3a4bfa644f9b754dbee8;hpb=c458a3319687a15893bc8d14831a770a68062421

diff --git a/CHANGES b/CHANGES
index c0390345ba..3581aa7ad6 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,13 +4,80 @@
 
  Changes between 0.9.6 and 0.9.7  [xx XXX 2001]
 
-     Both OpenSSL 0.9.6a (bugfix release, 5 Apr 2001) and OpenSSL 0.9.7
-     are based on OpenSSL 0.9.6.  
+     OpenSSL 0.9.6a/0.9.6b (bugfix releases, 5 Apr 2001 and 9 July 2001)
+     and OpenSSL 0.9.7 were developped in parallel, based on OpenSSL 0.9.6.  
+
      Change log entries are tagged as follows:
-         -) applies to 0.9.6a (/0.9.6b) only
-         *) applies to 0.9.6a (/0.9.6b) and 0.9.7
+         -) applies to 0.9.6a/0.9.6b only
+         *) applies to 0.9.6a/0.9.6b and 0.9.7
          +) applies to 0.9.7 only
 
+  -) OpenSSL 0.9.6b released [9 July 2001]
+
+  *) Change ssleay_rand_bytes (crypto/rand/md_rand.c)
+     to avoid a SSLeay/OpenSSL PRNG weakness pointed out by
+     Markku-Juhani O. Saarinen <markku-juhani.saarinen@nokia.com>:
+     PRNG state recovery was possible based on the output of
+     one PRNG request appropriately sized to gain knowledge on
+     'md' followed by enough consecutive 1-byte PRNG requests
+     to traverse all of 'state'.
+
+     1. When updating 'md_local' (the current thread's copy of 'md')
+        during PRNG output generation, hash all of the previous
+        'md_local' value, not just the half used for PRNG output.
+
+     2. Make the number of bytes from 'state' included into the hash
+        independent from the number of PRNG bytes requested.
+
+     The first measure alone would be sufficient to avoid
+     Markku-Juhani's attack.  (Actually it had never occurred
+     to me that the half of 'md_local' used for chaining was the
+     half from which PRNG output bytes were taken -- I had always
+     assumed that the secret half would be used.)  The second
+     measure makes sure that additional data from 'state' is never
+     mixed into 'md_local' in small portions; this heuristically
+     further strengthens the PRNG.
+     [Bodo Moeller]
+  
+  +) Speed up EVP routines.
+     Before:
+encrypt
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+des-cbc           4408.85k     5560.51k     5778.46k     5862.20k     5825.16k
+des-cbc           4389.55k     5571.17k     5792.23k     5846.91k     5832.11k
+des-cbc           4394.32k     5575.92k     5807.44k     5848.37k     5841.30k
+decrypt
+des-cbc           3482.66k     5069.49k     5496.39k     5614.16k     5639.28k
+des-cbc           3480.74k     5068.76k     5510.34k     5609.87k     5635.52k
+des-cbc           3483.72k     5067.62k     5504.60k     5708.01k     5724.80k
+     After:
+encrypt
+des-cbc           4660.16k     5650.19k     5807.19k     5827.13k     5783.32k
+decrypt
+des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
+     [Ben Laurie]
+
+  *) Fix crypto/bn/asm/mips3.s.
+     [Andy Polyakov]
+
+  *) When only the key is given to "enc", the IV is undefined. Print out
+     an error message in this case.
+     [Lutz Jaenicke]
+
+  +) Added the OS2-EMX target.
+     ["Brian Havard" <brianh@kheldar.apana.org.au> and Richard Levitte]
+
+  +) Rewrite apps to use NCONF routines instead of the old CONF. New functions
+     to support NCONF routines in extension code. New function CONF_set_nconf()
+     to allow functions which take an NCONF to also handle the old LHASH
+     structure: this means that the old CONF compatible routines can be
+     retained (in particular wrt extensions) without having to duplicate the
+     code. New function X509V3_add_ext_nconf_sk to add extensions to a stack.
+     [Steve Henson]
+
+  *) Handle special case when X509_NAME is empty in X509 printing routines.
+     [Steve Henson]
+
   *) In dsa_do_verify (crypto/dsa/dsa_ossl.c), verify that r and s are
      positive and less than q.
      [Bodo Moeller]
@@ -19,7 +86,7 @@
      and with pssibilities to have yes/no kind of prompts.
      [Richard Levitte]
 
-  *) Change all calls to low level digest routines in the library and
+  +) Change all calls to low level digest routines in the library and
      applications to use EVP. Add missing calls to HMAC_cleanup() and
      don't assume HMAC_CTX can be copied using memcpy().
      [Verdon Walker <VWalker@novell.com>, Steve Henson]
@@ -155,6 +222,11 @@
      a window system and the like.
      [Richard Levitte]
 
+  *) Fix various bugs related to DSA S/MIME verification. Handle missing
+     parameters in DSA public key structures and return an error in the
+     DSA routines if parameters are absent.
+     [Steve Henson]
+
   *) In versions up to 0.9.6, RAND_file_name() resorted to file ".rnd"
      in the current directory if neither $RANDFILE nor $HOME was set.
      RAND_file_name() in 0.9.6a returned NULL in this case.  This has
@@ -180,11 +252,6 @@
      ENGINE structure.
      [Geoff]
 
-  *) Fix various bugs related to DSA S/MIME verification. Handle missing
-     parameters in DSA public key structures and return an error in the
-     DSA routines if parameters are absent.
-     [Steve Henson]
-
   +) Fix ASN1 decoder when decoding type ANY and V_ASN1_OTHER: since this
      needs to match any other type at all we need to manually clear the
      tag cache.
@@ -637,6 +704,7 @@
 
   *) Fix X509_NAME bug which produced incorrect encoding if X509_NAME
      was empty.
+     [Steve Henson]
      [This change does not apply to 0.9.7.]
 
   *) Use the cached encoding of an X509_NAME structure rather than