Changes between 0.9.5a and 0.9.6 [xx XXX 2000]
+ *) New function BN_mod_exp_mont_word for small bases (roughly 20%
+ faster than BN_mod_exp_mont even though it does not use
+ windowing).
+ [Bodo Moeller]
+
+ *) CygWin32 support.
+ [John Jarvie <jjarvie@newsguy.com>]
+
+ *) The type-safe stack code has been rejigged. It is now only compiled
+ in when OpenSSL is configured with the DEBUG_SAFESTACK option and
+ by default all type-specific stack functions are "#define"d back to
+ standard stack functions. This results in more streamlined output
+ but retains the type-safety checking possibilities of the original
+ approach.
+ [Geoff Thorpe]
+
+ *) The STACK code has been cleaned up, and certain type declarations
+ that didn't make a lot of sense have been brought in line. This has
+ also involved a cleanup of sorts in safestack.h to more correctly
+ map type-safe stack functions onto their plain stack counterparts.
+ This work has also resulted in a variety of "const"ifications of
+ lots of the code, especially "_cmp" operations which should normally
+ be prototyped with "const" parameters anyway.
+ [Geoff Thorpe]
+
+ *) When generating bytes for the first time in md_rand.c, 'stir the pool'
+ by seeding with STATE_SIZE dummy bytes (with zero entropy count).
+ (The PRNG state consists of two parts, the large pool 'state' and 'md',
+ where all of 'md' is used each time the PRNG is used, but 'state'
+ is used only indexed by a cyclic counter. As entropy may not be
+ well distributed from the beginning, 'md' is important as a
+ chaining variable. However, the output function chains only half
+ of 'md', i.e. 80 bits. ssleay_rand_add, on the other hand, chains
+ all of 'md', and seeding with STATE_SIZE dummy bytes will result
+ in all of 'state' being rewritten, with the new values depending
+ on virtually all of 'md'. This overcomes the 80 bit limitation.)
+ [Bodo Moeller]
+
+ *) In ssl/s2_clnt.c and ssl/s3_clnt.c, call ERR_clear_error() when
+ the handshake is continued after ssl_verify_cert_chain();
+ otherwise, if SSL_VERIFY_NONE is set, remaining error codes
+ can lead to 'unexplainable' connection aborts later.
+ [Bodo Moeller; problem tracked down by Lutz Jaenicke]
+
+ *) Major EVP API cipher revision.
+ Add hooks for extra EVP features. This allows various cipher
+ parameters to be set in the EVP interface. Support added for variable
+ key length ciphers via the EVP_CIPHER_CTX_set_key_length() function and
+ setting of RC2 and RC5 parameters.
+
+ Modify EVP_OpenInit() and EVP_SealInit() to cope with variable key length
+ ciphers.
+
+ Remove lots of duplicated code from the EVP library. For example *every*
+ cipher init() function handles the 'iv' in the same way according to the
+ cipher mode. They also all do nothing if the 'key' parameter is NULL and
+ for CFB and OFB modes they zero ctx->num.
+
+ New functionality allows removal of S/MIME code RC2 hack.
+
+ Most of the routines have the same form and so can be declared in terms
+ of macros.
+
+ By shifting this to the top level EVP_CipherInit() it can be removed from
+ all individual ciphers. If the cipher wants to handle IVs or keys
+ differently it can set the EVP_CIPH_CUSTOM_IV or EVP_CIPH_ALWAYS_CALL_INIT
+ flags.
+
+ Change lots of functions like EVP_EncryptUpdate() to now return a
+ value: although software versions of the algorithms cannot fail
+ any installed hardware versions can.
+ [Steve Henson]
+
+ *) Implement SSL_OP_TLS_ROLLBACK_BUG: In ssl3_get_client_key_exchange, if
+ this option is set, tolerate broken clients that send the negotiated
+ protocol version number instead of the requested protocol version
+ number.
+ [Bodo Moeller]
+
+ *) Call dh_tmp_cb (set by ..._TMP_DH_CB) with correct 'is_export' flag;
+ i.e. non-zero for export ciphersuites, zero otherwise.
+ Previous versions had this flag inverted, inconsistent with
+ rsa_tmp_cb (..._TMP_RSA_CB).
+ [Bodo Moeller; problem reported by Amit Chopra]
+
+ *) Add missing DSA library text string. Work around for some IIS
+ key files with invalid SEQUENCE encoding.
+ [Steve Henson]
+
+ *) Add a document (doc/standards.txt) that list all kinds of standards
+ and so on that are implemented in OpenSSL.
+ [Richard Levitte]
+
+ *) Enhance c_rehash script. Old version would mishandle certificates
+ with the same subject name hash and wouldn't handle CRLs at all.
+ Added -fingerprint option to crl utility, to support new c_rehash
+ features.
+ [Steve Henson]
+
+ *) Eliminate non-ANSI declarations in crypto.h and stack.h.
+ [Ulf Möller]
+
+ *) Fix for SSL server purpose checking. Server checking was
+ rejecting certificates which had extended key usage present
+ but no ssl client purpose.
+ [Steve Henson, reported by Rene Grosser <grosser@hisolutions.com>]
+
+ *) Make PKCS#12 code work with no password. The PKCS#12 spec
+ is a little unclear about how a blank password is handled.
+ Since the password in encoded as a BMPString with terminating
+ double NULL a zero length password would end up as just the
+ double NULL. However no password at all is different and is
+ handled differently in the PKCS#12 key generation code. NS
+ treats a blank password as zero length. MSIE treats it as no
+ password on export: but it will try both on import. We now do
+ the same: PKCS12_parse() tries zero length and no password if
+ the password is set to "" or NULL (NULL is now a valid password:
+ it wasn't before) as does the pkcs12 application.
+ [Steve Henson]
+
+ *) Bugfixes in apps/x509.c: Avoid a memory leak; and don't use
+ perror when PEM_read_bio_X509_REQ fails, the error message must
+ be obtained from the error queue.
+ [Bodo Moeller]
+
*) Avoid 'thread_hash' memory leak in crypto/err/err.c by freeing
it in ERR_remove_state if appropriate, and change ERR_get_state
accordingly to avoid race conditions (this is necessary because
The new configuration file reading functions are:
- NCONF_new, NCONF_free, NCONF_load, NCONF_load_fp, NCONF_load_bio,
- NCONF_get_section, NCONF_get_string, NCONF_get_numbre
+ NCONF_new, NCONF_free, NCONF_load, NCONF_load_fp, NCONF_load_bio,
+ NCONF_get_section, NCONF_get_string, NCONF_get_numbre
- NCONF_default, NCONF_WIN32
+ NCONF_default, NCONF_WIN32
- NCONF_dump_fp, NCONF_dump_bio
+ NCONF_dump_fp, NCONF_dump_bio
NCONF_default and NCONF_WIN32 are method (or "class") choosers,
NCONF_new creates a new CONF object. This works in the same way
With these changes, a new set of functions and macros have appeared:
- CRYPTO_set_mem_debug_functions() [F]
- CRYPTO_get_mem_debug_functions() [F]
- CRYPTO_dbg_set_options() [F]
- CRYPTO_dbg_get_options() [F]
- CRYPTO_malloc_debug_init() [M]
+ CRYPTO_set_mem_debug_functions() [F]
+ CRYPTO_get_mem_debug_functions() [F]
+ CRYPTO_dbg_set_options() [F]
+ CRYPTO_dbg_get_options() [F]
+ CRYPTO_malloc_debug_init() [M]
The memory debug functions are NULL by default, unless the library
is compiled with CRYPTO_MDEBUG or friends is defined. If someone