X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=6a42f9422483174e8895151e1c4b28805c359f1a;hp=dbd759d421c4feedf1b66efc6bc75e6ef5740975;hb=90644dd74d5c5262831bb0be73e1226778099924;hpb=cbfa4c32c011e3f5fe805416c413a5296461b44f

diff --git a/CHANGES b/CHANGES
index dbd759d421..6a42f94224 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,7 +2,119 @@
  OpenSSL CHANGES
  _______________
 
- Changes between 0.9.4 and 0.9.5  [xx XXX 1999]
+ Changes between 0.9.4 and 0.9.5  [xx XXX 2000]
+
+  *) New -pkcs12 option to CA.pl script to write out a PKCS#12 file.
+     [Steve Henson]
+
+  *) Use BN_prime_checks_size(BN_num_bits(w)) rounds of Miller-Rabin when
+     generating DSA primes.
+     [Ulf Möller]
+
+  *) New function BN_pseudo_rand().
+     [Ulf Möller]
+
+  *) Clean up BN_mod_mul_montgomery(): replace the broken (and unreadable)
+     bignum version of BN_from_montgomery() with the working code from
+     SSLeay 0.9.0 (the word based version is faster anyway), and clean up
+     the comments.
+     [Ulf Möller]
+
+  *) Avoid a race condition in s2_clnt.c (function get_server_hello) that
+     made it impossible to use the same SSL_SESSION data structure in
+     SSL2 clients in multiple threads.
+     [Bodo Moeller]
+
+  *) The return value of RAND_load_file() no longer counts bytes obtained
+     by stat().  RAND_load_file(..., -1) is new and uses the complete file
+     to seed the PRNG (previously an explicit byte count was required).
+     [Ulf Möller, Bodo Möller]
+
+  *) Clean up CRYPTO_EX_DATA functions, some of these didn't have prototypes
+     used (char *) instead of (void *) and had casts all over the place.
+     [Steve Henson]
+
+  *) Make BN_generate_prime() return NULL on error if ret!=NULL.
+     [Ulf Möller]
+
+  *) Retain source code compatibility for BN_prime_checks macro.
+     [Ulf Möller]
+
+  *) Diffie-Hellman uses "safe" primes: DH_check() return code renamed to
+     DH_CHECK_P_NOT_SAFE_PRIME.
+     (Check if this is true? OpenPGP calls them "strong".)
+     [Ulf Möller]
+
+  *) Merge the functionality of "dh" and "gendh" programs into a new program
+     "dhparam". The old programs are retained for now but will handle DH keys
+     (instead of parameters) in future.
+     [Steve Henson]
+
+  *) Make the ciphers, s_server and s_client programs check the return values
+     when a new cipher list is set.
+     [Steve Henson]
+
+  *) Enhance the SSL/TLS cipher mechanism to correctly handle the TLS 56bit
+     ciphers. Before when the 56bit ciphers were enabled the sorting was
+     wrong.
+
+     The syntax for the cipher sorting has been extended to support sorting by
+     cipher-strength (using the strength_bits hard coded in the tables).
+     The new command is "@STRENGTH" (see also doc/apps/ciphers.pod).
+
+     Fix a bug in the cipher-command parser: when supplying a cipher command
+     string with an "undefined" symbol (neither command nor alphanumeric
+     [A-Za-z0-9], ssl_set_cipher_list used to hang in an endless loop. Now
+     an error is flagged.
+
+     Due to the strength-sorting extension, the code of the
+     ssl_create_cipher_list() function was completely rearranged. I hope that
+     the readability was also increased :-)
+     [Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>]
+
+  *) Minor change to 'x509' utility. The -CAcreateserial option now uses 1
+     for the first serial number and places 2 in the serial number file. This
+     avoids problems when the root CA is created with serial number zero and
+     the first user certificate has the same issuer name and serial number
+     as the root CA.
+     [Steve Henson]
+
+  *) Fixes to X509_ATTRIBUTE utilities, change the 'req' program so it uses
+     the new code. Add documentation for this stuff.
+     [Steve Henson]
+
+  *) Changes to X509_ATTRIBUTE utilities. These have been renamed from
+     X509_*() to X509at_*() on the grounds that they don't handle X509
+     structures and behave in an analagous way to the X509v3 functions:
+     they shouldn't be called directly but wrapper functions should be used
+     instead.
+
+     So we also now have some wrapper functions that call the X509at functions
+     when passed certificate requests. (TO DO: similar things can be done with
+     PKCS#7 signed and unsigned attributes, PKCS#12 attributes and a few other
+     things. Some of these need some d2i or i2d and print functionality
+     because they handle more complex structures.)
+     [Steve Henson]
+
+  *) Add missing #ifndefs that caused missing symbols when building libssl
+     as a shared library without RSA.  Use #ifndef NO_SSL2 instead of
+     NO_RSA in ssl/s2*.c. 
+     [Kris Kennaway <kris@hub.freebsd.org>, modified by Ulf Möller]
+
+  *) Precautions against using the PRNG uninitialized: RAND_bytes() now
+     has a return value which indicates the quality of the random data
+     (1 = ok, 0 = not seeded).  Also an error is recorded on the thread's
+     error queue. New function RAND_pseudo_bytes() generates output that is
+     guaranteed to be unique but not unpredictable.
+     [Ulf Möller]
+
+  *) Do more iterations of Rabin-Miller probable prime test (specifically,
+     3 for 1024-bit primes, 6 for 512-bit primes, 12 for 256-bit primes
+     instead of only 2 for all lengths; see BN_prime_checks_size definition
+     in crypto/bn/bn_prime.c for the complete table).  This guarantees a
+     false-positive rate of at most 2^-80 (actually less because we are
+     additionally doing trial division) for random input.
+     [Bodo Moeller]
 
   *) Rewrite ssl3_read_n (ssl/s3_pkt.c) avoiding a couple of bugs.
      [Bodo Moeller]
@@ -174,10 +286,10 @@
      deallocation routines to be used by OpenSSL, for example memory
      pool implementations, or something else, which was previously hard
      since Malloc(), Realloc() and Free() were defined as macros having
-     the values malloc, realloc and free, respectively.  Also, The same
-     is provided for memory debugging code.  OpenSSL already comes with
-     functionality to find memory leaks, but this gives people a chance
-     to debug other memory problems.
+     the values malloc, realloc and free, respectively (except for Win32
+     compilations).  The same is provided for memory debugging code.
+     OpenSSL already comes with functionality to find memory leaks, but
+     this gives people a chance to debug other memory problems.
 
      With these changes, a new set of functions and macros have appeared:
 
@@ -423,8 +535,11 @@
 
   *) Add the possibility to add extra information to the memory leak
      detecting output, to form tracebacks, showing from where each
-     allocation was originated.  Also updated sid code to be multi-
-     thread-safe.
+     allocation was originated: CRYPTO_push_info("constant string") adds
+     the string plus current file name and line number to a per-thread
+     stack, CRYPTO_pop_info() does the obvious, CRYPTO_remove_all_info()
+     is like calling CYRPTO_pop_info() until the stack is empty.
+     Also updated memory leak detection code to be multi-thread-safe.
      [Richard Levitte]
 
   *) Add options -text and -noout to pkcs7 utility and delete the
@@ -460,11 +575,11 @@
      for all purposes.
      [Steve Henson]
 
-  *) Fix assembler for Alpha (tested only on DEC OSF not Linux or *BSD).  The
-     problem was that one of the replacement routines had not been working since
-     SSLeay releases.  For now the offending routine has been replaced with
-     non-optimised assembler.  Even so, this now gives around 95% performance
-     improvement for 1024 bit RSA signs.
+  *) Fix assembler for Alpha (tested only on DEC OSF not Linux or *BSD).
+     The problem was that one of the replacement routines had not been working
+     since SSLeay releases.  For now the offending routine has been replaced
+     with non-optimised assembler.  Even so, this now gives around 95%
+     performance improvement for 1024 bit RSA signs.
      [Mark Cox]
 
   *) Hack to fix PKCS#7 decryption when used with some unorthodox RC2