X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=1d27931d237d746585b83b7e777889b17fd23251;hp=0b58507f6dae95fa2f63edad40341bbac669b58e;hb=a8b94d64095204817c7c561d069322d4df12010e;hpb=21a85f1977adf092cb6c5862883fd32402791545 diff --git a/CHANGES b/CHANGES index 0b58507f6d..1d27931d23 100644 --- a/CHANGES +++ b/CHANGES @@ -12,6 +12,71 @@ *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7 +) applies to 0.9.7 only + +) default_algorithms option in ENGINE config module. This allows things + like: + default_algorithms = ALL + default_algorithms = RSA, DSA, RAND, CIPHERS, DIGESTS + [Steve Henson] + + +) Prelminary ENGINE config module. + [Steve Henson] + + *) The earlier bugfix for the SSL3_ST_SW_HELLO_REQ_C case of + ssl3_accept (ssl/s3_srvr.c) incorrectly used a local flag + variable as an indication that a ClientHello message has been + received. As the flag value will be lost between multiple + invocations of ssl3_accept when using non-blocking I/O, the + function may not be aware that a handshake has actually taken + place, thus preventing a new session from being added to the + session cache. + + To avoid this problem, we now set s->new_session to 2 instead of + using a local variable. + [Lutz Jaenicke, Bodo Moeller] + + *) Bugfix: Return -1 from ssl3_get_server_done (ssl3/s3_clnt.c) + if the SSL_R_LENGTH_MISMATCH error is detected. + [Geoff Thorpe, Bodo Moeller] + + +) New experimental application configuration code. + [Steve Henson] + + *) New 'shared_ldflag' column in Configure platform table. + [Richard Levitte] + + *) Fix EVP_CIPHER_mode macro. + ["Dan S. Camper" ] + + +) Change the AES code to follow the same name structure as all other + symmetric ciphers, and behave the same way. Move everything to + the directory crypto/aes, thereby obsoleting crypto/rijndael. + [Stephen Sprunk and Richard Levitte] + + *) Fix ssl3_read_bytes (ssl/s3_pkt.c): To ignore messages of unknown + type, we must throw them away by setting rr->length to 0. + [D P Chang ] + + -) OpenSSL 0.9.6c released [21 dec 2001] + + +) SECURITY: remove unsafe setjmp/signal interaction from ui_openssl.c. + [Ben Laurie and Theo de Raadt] + + *) Fix BN_rand_range bug pointed out by Dominikus Scherkl + . (The previous implementation + worked incorrectly for those cases where range = 10..._2 and + 3*range is two bits longer than range.) + [Bodo Moeller] + + *) Only add signing time to PKCS7 structures if it is not already + present. + [Steve Henson] + + *) Fix crypto/objects/objects.h: "ld-ce" should be "id-ce", + OBJ_ld_ce should be OBJ_id_ce. + Also some ip-pda OIDs in crypto/objects/objects.txt were + incorrect (cf. RFC 3039). + [Matt Cooper, Frederic Giudicelli, Bodo Moeller] + +) Add option to output public keys in req command. [Massimiliano Pala madwolf@openca.org] @@ -136,11 +201,16 @@ [Bodo Moeller] +) Change all functions with names starting with des_ to be starting - with DES_ instead. This because there are increasing clashes with - libdes and other des libraries that are currently used by other - projects. The old libdes interface is provided, as well as crypt(), - if openssl/des_old.h is included. Note that crypt() is no longer - declared in openssl/des.h. + with DES_ instead. Add wrappers that are compatible with libdes, + but are named _old_des_*. Finally, add macros that map the des_* + symbols to the corresponding _old_des_*. + + All this is done because there are increasing clashes with libdes + and other DES libraries that are currently used by other projects. + The old libdes interface (including crypt()) is provided if + is included. For now, this automatically + happens in unless OPENSSL_NO_OLD_DES_SUPPORT is + defined. Note that crypt() is no longer declared in . NOTE: This is a major break of an old API into a new one. Software authors are encouraged to switch to the DES_ style functions. Some @@ -322,7 +392,7 @@ *) BN_sqr() bug fix. [Ulf Möller, reported by Jim Ellis ] - *) Make it possible to unload ranges of ERR strings with a new + +) Make it possible to unload ranges of ERR strings with a new "ERR_unload_strings" function. [Geoff Thorpe] @@ -556,6 +626,16 @@ parameters (and 'speed' generating keys each time). [Geoff Thorpe] + *) Add support for shared libraries under Irix. + [Albert Chin-A-Young ] + + *) Add configuration option to build on Linux on both big-endian and + little-endian MIPS. + [Ralf Baechle ] + + *) Add the possibility to create shared libraries on HP-UX. + [Richard Levitte] + -) OpenSSL 0.9.6b released [9 July 2001] *) Change ssleay_rand_bytes (crypto/rand/md_rand.c) @@ -1935,17 +2015,10 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k identity, and test if they are actually available. [Richard Levitte] - *) Add support for shared libraries under Irix. - [Albert Chin-A-Young ] - +) Improve RPM specification file by forcing symbolic linking and making sure the installed documentation is also owned by root.root. [Damien Miller ] - *) Add configuration option to build on Linux on both big-endian and - little-endian MIPS. - [Ralf Baechle ] - +) Give the OpenSSL applications more possibilities to make use of keys (public as well as private) handled by engines. [Richard Levitte] @@ -1972,9 +2045,6 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k +) Support threads on FreeBSD-elf in Configure. [Richard Levitte] - *) Add the possibility to create shared libraries on HP-UX - [Richard Levitte] - +) Fix for SHA1 assembly problem with MASM: it produces warnings about corrupt line number information when assembling with debugging information. This is caused by the overlapping