Changes between 0.9.8g and 0.9.9 [xx XXX xxxx]
+ *) To support arbitrarily-typed thread IDs, deprecate the existing
+ type-specific APIs for a general purpose CRYPTO_THREADID
+ interface. Applications can choose the thread ID
+ callback type it wishes to register, as before;
+
+ void CRYPTO_set_id_callback(unsigned long (*func)(void));
+ void CRYPTO_set_idptr_callback(void *(*func)(void));
+
+ but retrieval, copies, and comparisons of thread IDs are via
+ type-independent interfaces;
+
+ void CRYPTO_THREADID_set(CRYPTO_THREADID *id);
+ void CRYPTO_THREADID_cmp(const CRYPTO_THREADID *id1,
+ const CRYPTO_THREADID *id2);
+ void CRYPTO_THREADID_cpy(CRYPTO_THREADID *dst,
+ const CRYPTO_THREADID *src);
+
+ Also, for code that needs a thread ID "value" for use in
+ hash-tables or logging, a "hash" is available by;
+
+ unsigned long CRYPTO_THREADID_hash(const CRYPTO_THREADID *id);
+
+ This hash value is likely to be the thread ID anyway, but
+ otherwise it will be unique if possible or as collision-free as
+ possible if uniqueness can't be guaranteed on the target
+ architecture.
+
+ The following functions are deprecated;
+ unsigned long (*CRYPTO_get_id_callback(void))(void);
+ unsigned long CRYPTO_thread_id(void);
+
+ As a consequence of the above, there are similar deprecations of
+ BN_BLINDING functions in favour of CRYPTO_THREADID-based
+ alternatives;
+
+ #ifndef OPENSSL_NO_DEPRECATED
+ unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *);
+ void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long);
+ #endif
+ void BN_BLINDING_set_thread(BN_BLINDING *);
+ int BN_BLINDING_cmp_thread(const BN_BLINDING *, const
+ CRYPTO_THREADID *);
+
+ Also, the ERR_remove_state(int pid) API has been deprecated;
+
+ #ifndef OPENSSL_NO_DEPRECATED
+ void ERR_remove_state(unsigned long pid)
+ #endif
+ void ERR_remove_thread_state(CRYPTO_THREADID *tid);
+
+ [Geoff Thorpe]
+
+ *) Initial support for Cryptographic Message Syntax (aka CMS) based
+ on RFC3850, RFC3851 and RFC3852. New cms directory and cms utility,
+ support for data, signedData, compressedData, digestedData and
+ encryptedData, envelopedData types included. Scripts to check against
+ RFC4134 examples draft and interop and consistency checks of many
+ content types and variants.
+ [Steve Henson]
+
+ *) Add options to enc utility to support use of zlib compression BIO.
+ [Steve Henson]
+
*) Extend mk1mf to support importing of options and assembly language
files from Configure script, currently only included in VC-WIN32.
The assembly language rules can now optionally generate the source
callback is &errno.
[Bodo Moeller]
+ -- NOTE -- this change has been reverted and replaced with a
+ type-independent wrapper (ie. applications do not have to check
+ two type-specific thread ID representations as implied in this
+ change note). However, the "idptr" callback form described here
+ can still be registered. Please see the more recent CHANGES note
+ regarding CRYPTO_THREADID. [Geoff Thorpe]
+ -- NOTE --
+
*) Change the array representation of binary polynomials: the list
of degrees of non-zero coefficients is now terminated with -1.
Previously it was terminated with 0, which was also part of the
Changes between 0.9.8g and 0.9.8h [xx XXX xxxx]
+ *) Zlib compression BIO. This is a filter BIO which compressed and
+ uncompresses any data passed through it.
+ [Steve Henson]
+
+ *) Add AES_wrap_key() and AES_unwrap_key() functions to implement
+ RFC3394 compatible AES key wrapping.
+ [Steve Henson]
+
+ *) Add utility functions to handle ASN1 structures. ASN1_STRING_set0():
+ sets string data without copying. X509_ALGOR_set0() and
+ X509_ALGOR_get0(): set and retrieve X509_ALGOR (AlgorithmIdentifier)
+ data. Attribute function X509at_get0_data_by_OBJ(): retrieves data
+ from an X509_ATTRIBUTE structure optionally checking it occurs only
+ once. ASN1_TYPE_set1(): set and ASN1_TYPE structure copying supplied
+ data.
+ [Steve Henson]
+
+ *) Fix BN flag handling in RSA_eay_mod_exp() and BN_MONT_CTX_set()
+ to get the expected BN_FLG_CONSTTIME behavior.
+ [Bodo Moeller (Google)]
+
*) Netware support:
- fixed wrong usage of ioctlsocket() when build for LIBC BSD sockets