Changes between 0.9.3a and 0.9.4
+ *) More DES library cleanups: remove references to srand/rand and
+ delete an unused file.
+ [Ulf Möller]
+
+ *) Add support for the the free Netwide assembler (NASM) under Win32,
+ since not many people have MASM (ml) and it can be hard to obtain.
+ This is currently experimental but it seems to work OK and pass all
+ the tests. Check out INSTALL.W32 for info.
+ [Steve Henson]
+
+ *) Fix memory leaks in s3_clnt.c: All non-anonymous SSL3/TLS1 connections
+ without temporary keys kept an extra copy of the server key,
+ and connections with temporary keys did not free everything in case
+ of an error.
+ [Bodo Moeller]
+
+ *) New function RSA_check_key and new openssl rsa option -check
+ for verifying the consistency of RSA keys.
+ [Ulf Moeller, Bodo Moeller]
+
+ *) Various changes to make Win32 compile work:
+ 1. Casts to avoid "loss of data" warnings in p5_crpt2.c
+ 2. Change unsigned int to int in b_dump.c to avoid "signed/unsigned
+ comparison" warnings.
+ 3. Add sk_<TYPE>_sort to DEF file generator and do make update.
+ [Steve Henson]
+
+ *) Add a debugging option to PKCS#5 v2 key generation function: when
+ you #define DEBUG_PKCS5V2 passwords, salts, iteration counts and
+ derived keys are printed to stderr.
+ [Steve Henson]
+
+ *) Copy the flags in ASN1_STRING_dup().
+ [Roman E. Pavlov <pre@mo.msk.ru>]
+
+ *) The x509 application mishandled signing requests containing DSA
+ keys when the signing key was also DSA and the parameters didn't match.
+
+ It was supposed to omit the parameters when they matched the signing key:
+ the verifying software was then supposed to automatically use the CA's
+ parameters if they were absent from the end user certificate.
+
+ Omitting parameters is no longer recommended. The test was also
+ the wrong way round! This was probably due to unusual behaviour in
+ EVP_cmp_parameters() which returns 1 if the parameters match.
+ This meant that parameters were omitted when they *didn't* match and
+ the certificate was useless. Certificates signed with 'ca' didn't have
+ this bug.
+ [Steve Henson, reported by Doug Erickson <Doug.Erickson@Part.NET>]
+
+ *) Memory leak checking (-DCRYPTO_MDEBUG) had some problems.
+ The interface is as follows:
+ Applications can use
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) aka MemCheck_start(),
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF) aka MemCheck_stop();
+ "off" is now the default.
+ The library internally uses
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE) aka MemCheck_off(),
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE) aka MemCheck_on()
+ to disable memory-checking temporarily.
+
+ Some inconsistent states that previously were possible (and were
+ even the default) are now avoided.
+
+ -DCRYPTO_MDEBUG_TIME is new and additionally stores the current time
+ with each memory chunk allocated; this is occasionally more helpful
+ than just having a counter.
+ [Bodo Moeller]
+
*) Introduce "mode" for SSL structures (with defaults in SSL_CTX),
which largely parallels "options", but is for changing API behaviour,
whereas "options" are about protocol behaviour.
*) mk1mf.pl (used by Windows builds) did not properly read the
options set by Configure in the top level Makefile, and Configure
- did not was not even able to write more than one option correctly.
+ was not even able to write more than one option correctly.
Fixed, now "no-idea no-rc5 -DCRYPTO_MDEBUG" etc. works as intended.
[Bodo Moeller]