X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=f7f2258bbf306fe5829a0944dbfde99231418a93;hp=c516fe70873743d0ab90e21ac7daa8e671e7cf4f;hb=c9fd9152bd35ff48f1858eb1a4195ca02866ca9c;hpb=6f8f4431705bb3f8f58f86f9b9f54daa0d42667d diff --git a/CHANGES b/CHANGES index c516fe7087..f7f2258bbf 100644 --- a/CHANGES +++ b/CHANGES @@ -1,10 +1,63 @@ + OpenSSL CHANGES _______________ Changes between 0.9.6 and 0.9.7 [xx XXX 2000] + *) Change bctest to avoid here-documents inside command substitution + (workaround for FreeBSD /bin/sh bug). + [Bodo Moeller] + + *) Rename 'des_encrypt' to 'des_encrypt1'. This avoids the clashes + with des_encrypt() defined on some operating systems, like Solaris + and UnixWare. + [Richard Levitte] + + *) Check the result of RSA-CRT (see D. Boneh, R. DeMillo, R. Lipton: + On the Importance of Eliminating Errors in Cryptographic + Computations, J. Cryptology 14 (2001) 2, 101-119, + http://theory.stanford.edu/~dabo/papers/faults.ps.gz). + [Ulf Moeller] + + *) MIPS assembler BIGNUM division bug fix. + [Andy Polyakov] + + *) Disabled incorrect Alpha assembler code. + [Richard Levitte] + + *) Fix bug in PKCS#12 key generation routines. This was triggered + if a 3DES key was generated with a 0 initial byte. Include + PKCS12_BROKEN_KEYGEN compilation option to retain the old + (but broken) behaviour. + [Steve Henson] + + *) Enhance bctest to search for a working bc along $PATH and print + it when found. + [Tim Rice via Richard Levitte] + + *) Add a 'copy_extensions' option to the 'ca' utility. This copies + extensions from a certificate request to the certificate. + [Steve Henson] + + *) Allow multiple 'certopt' and 'nameopt' options to be separated + by commas. Add 'namopt' and 'certopt' options to the 'ca' config + file: this allows the display of the certificate about to be + signed to be customised, to allow certain fields to be included + or excluded and extension details. The old system didn't display + multicharacter strings properly, omitted fields not in the policy + and couldn't display additional details such as extensions. + [Steve Henson] + + *) Fix memory leaks in err.c: free err_data string if necessary; + don't write to the wrong index in ERR_set_error_data. + [Bodo Moeller] + *) Function EC_POINTs_mul for simultaneous scalar multiplication - of an arbitrary number of elliptic curve points. + of an arbitrary number of elliptic curve points, optionally + including the generator defined for the EC_GROUP. + EC_POINT_mul is a simple wrapper function for the typical case + that the point list has just one item (besides the optional + generator). [Bodo Moeller] *) First EC_METHODs for curves over GF(p): @@ -393,16 +446,16 @@ Fix leaks in PKCS12 and PKCS7 routines. [Steve Henson] - *) Fix for Irix with NO_ASM. - ["Bruce W. Forsberg" ] - *) Add some EVP_add_digest_alias registrations (as found in - OpenSSL_add_all_digests()), to SSL_library_init() + OpenSSL_add_all_digests()) to SSL_library_init() aka OpenSSL_add_ssl_algorithms(). This provides improved compatibility with peers using X.509 certificates with unconventional AlgorithmIdentifier OIDs. [Bodo Moeller] + *) Fix for Irix with NO_ASM. + ["Bruce W. Forsberg" ] + *) ./config script fixes. [Ulf Moeller, Richard Levitte] @@ -767,6 +820,10 @@ be handled deterministically). [Lenka Fibikova , Bodo Moeller] + *) Add a 'bctest' script that checks for some known 'bc' bugs + so that 'make test' does not abort just because 'bc' is broken. + [Bodo Moeller] + *) Store verify_result within SSL_SESSION also for client side to avoid potential security hole. (Re-used sessions on the client side always resulted in verify_result==X509_V_OK, not using the original @@ -1051,6 +1108,9 @@ matter what. [Richard Levitte] + *) Added several new manual pages for SSL_* function. + [Lutz Jaenicke] + Changes between 0.9.5a and 0.9.6 [24 Sep 2000] *) In ssl23_get_client_hello, generate an error message when faced