X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=b0359e5b4369bb58af2151668426f513f6198277;hp=cf5c17cfcaeb7a2bb726d7471a6ecd136f3a5f76;hb=adb92d56eb94e47069a94936fb9e2e2a18535985;hpb=8a2062fefedde7957f228e274d12155ca8660d4c diff --git a/CHANGES b/CHANGES index cf5c17cfca..b0359e5b43 100644 --- a/CHANGES +++ b/CHANGES @@ -4,7 +4,28 @@ Changes between 0.9.8g and 0.9.9 [xx XXX xxxx] - *) To support arbitrarily-typed thread IDs, deprecate the existing + *) Removed effectively defunct crypto/store from the build. + [Ben Laurie] + + *) Revamp of STACK to provide stronger type-checking. Still to come: + TXT_DB, bsearch(?), OBJ_bsearch, qsort, CRYPTO_EX_DATA, ASN1_VALUE, + ASN1_STRING, CONF_VALUE. + [Ben Laurie] + + *) Add a new SSL_MODE_RELEASE_BUFFERS mode flag to release unused buffer + RAM on SSL connections. This option can save about 34k per idle SSL. + [Nick Mathewson] + + *) Revamp of LHASH to provide stronger type-checking. Still to come: + STACK, TXT_DB, bsearch, qsort. + [Ben Laurie] + + *) Not all of this is true any longer. + Will have to be updated to reflect all subsequent changes to cryptlib.c. + --bodo + + + To support arbitrarily-typed thread IDs, deprecate the existing type-specific APIs for a general purpose CRYPTO_THREADID interface. Applications can choose the thread ID callback type it wishes to register, as before; @@ -679,7 +700,51 @@ *) Change 'Configure' script to enable Camellia by default. [NTT] - Changes between 0.9.8g and 0.9.8h [xx XXX xxxx] + Changes between 0.9.8h and 0.9.8i [xx XXX xxxx] + + *) Expand ENGINE to support engine supplied SSL client certificate functions. + + This work was sponsored by Logica. + [Steve Henson] + + *) Add CryptoAPI ENGINE to support use of RSA and DSA keys held in Windows keystores. Support for SSL/TLS client authentication too. + Not compiled unless enable-capieng specified to Configure. + + This work was sponsored by Logica. + [Steve Henson] + + Changes between 0.9.8g and 0.9.8h [28 May 2008] + + *) Fix flaw if 'Server Key exchange message' is omitted from a TLS + handshake which could lead to a cilent crash as found using the + Codenomicon TLS test suite (CVE-2008-1672) + [Steve Henson, Mark Cox] + + *) Fix double free in TLS server name extensions which could lead to + a remote crash found by Codenomicon TLS test suite (CVE-2008-0891) + [Joe Orton] + + *) Clear error queue in SSL_CTX_use_certificate_chain_file() + + Clear the error queue to ensure that error entries left from + older function calls do not interfere with the correct operation. + [Lutz Jaenicke, Erik de Castro Lopo] + + *) Remove root CA certificates of commercial CAs: + + The OpenSSL project does not recommend any specific CA and does not + have any policy with respect to including or excluding any CA. + Therefore it does not make any sense to ship an arbitrary selection + of root CA certificates with the OpenSSL software. + [Lutz Jaenicke] + + *) RSA OAEP patches to fix two separate invalid memory reads. + The first one involves inputs when 'lzero' is greater than + 'SHA_DIGEST_LENGTH' (it would read about SHA_DIGEST_LENGTH bytes + before the beginning of from). The second one involves inputs where + the 'db' section contains nothing but zeroes (there is a one-byte + invalid read after the end of 'db'). + [Ivan Nestlerode ] *) Add TLS session ticket callback. This allows an application to set TLS ticket cipher and HMAC keys rather than relying on hardcoded fixed