Changes between 0.9.8b and 0.9.9 [xx XXX xxxx]
+ *) Allow digests to supply their own micalg string for S/MIME type using
+ the ctrl EVP_MD_CTRL_MICALG.
+ [Steve Henson]
+
+ *) During PKCS7 signing pass the PKCS7 SignerInfo structure to the
+ EVP_PKEY_METHOD before and after signing via the EVP_PKEY_CTRL_PKCS7_SIGN
+ ctrl. It can then customise the structure before and/or after signing
+ if necessary.
+ [Steve Henson]
+
+ *) New function OBJ_add_sigid() to allow application defined signature OIDs
+ to be added to OpenSSLs internal tables. New function OBJ_sigid_free()
+ to free up any added signature OIDs.
+ [Steve Henson]
+
+ *) New functions EVP_CIPHER_do_all(), EVP_CIPHER_do_all_sorted(),
+ EVP_MD_do_all() and EVP_MD_do_all_sorted() to enumerate internal
+ digest and cipher tables. New options added to openssl utility:
+ list-message-digest-algorithms and list-cipher-algorithms.
+ [Steve Henson]
+
+ *) In addition to the numerical (unsigned long) thread ID, provide
+ for a pointer (void *) thread ID. This helps accomodate systems
+ that do not provide an unsigned long thread ID. OpenSSL assumes
+ it is in the same thread iff both the numerical and the pointer
+ thread ID agree; so applications are just required to define one
+ of them appropriately (e.g., by using a pointer to a per-thread
+ memory object malloc()ed by the application for the pointer-type
+ thread ID). Exactly analoguous to the existing functions
+
+ void CRYPTO_set_id_callback(unsigned long (*func)(void));
+ unsigned long (*CRYPTO_get_id_callback(void))(void);
+ unsigned long CRYPTO_thread_id(void);
+
+ we now have additional functions
+
+ void CRYPTO_set_idptr_callback(void *(*func)(void));
+ void *(*CRYPTO_get_idptr_callback(void))(void);
+ void *CRYPTO_thread_idptr(void);
+
+ also in <openssl/crypto.h>. The default value for
+ CRYPTO_thread_idptr() if the application has not provided its own
+ callback is &errno.
+ [Bodo Moeller]
+
+ *) Change the array representation of binary polynomials: the list
+ of degrees of non-zero coefficients is now terminated with -1.
+ Previously it was terminated with 0, which was also part of the
+ value; thus, the array representation was not applicable to
+ polynomials where t^0 has coefficient zero. This change makes
+ the array representation useful in a more general context.
+ [Douglas Stebila]
+
*) Various modifications and fixes to SSL/TLS cipher string
handling. For ECC, the code now distinguishes between fixed ECDH
with RSA certificates on the one hand and with ECDSA certificates
Changes between 0.9.8b and 0.9.8c [xx XXX xxxx]
+ *) Change the Unix randomness entropy gathering to use poll() when
+ possible instead of select(), since the latter has some
+ undesirable limitations.
+ [Darryl Miles via Richard Levitte and Bodo Moeller]
+
+ *) Disable "ECCdraft" ciphersuites more thoroughly. Now special
+ treatment in ssl/ssl_ciph.s makes sure that these ciphersuites
+ cannot be implicitly activated as part of, e.g., the "AES" alias.
+ However, please upgrade to OpenSSL 0.9.9[-dev] for
+ non-experimental use of the ECC ciphersuites to get TLS extension
+ support, which is required for curve and point format negotiation
+ to avoid potential handshake problems.
+ [Bodo Moeller]
+
*) Disable rogue ciphersuites:
- SSLv2 0x08 0x00 0x80 ("RC4-64-MD5")
Changes between 0.9.7j and 0.9.7k [xx XXX xxxx]
+ *) Change the Unix randomness entropy gathering to use poll() when
+ possible instead of select(), since the latter has some
+ undesirable limitations.
+ [Darryl Miles via Richard Levitte and Bodo Moeller]
+
*) Disable rogue ciphersuites:
- SSLv2 0x08 0x00 0x80 ("RC4-64-MD5")