X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=20c88a49b17387da00eb2a5c6d0c9687e65a4564;hp=1e13733070574ecfb12b500f1b1ab483accd07bf;hb=07481951f9fa7cd8bdd5ee81c7bb1f6bca73d0d1;hpb=12bdb643756d829569bb903e5b806613ff975ccb diff --git a/CHANGES b/CHANGES index 1e13733070..20c88a49b1 100644 --- a/CHANGES +++ b/CHANGES @@ -2,7 +2,30 @@ OpenSSL CHANGES _______________ - Changes between 0.9.7f and 0.9.8 [xx XXX xxxx] + Changes between 0.9.7g and 0.9.8 [xx XXX xxxx] + + *) Add new functionality to the bn blinding code: + - automatic re-creation of the BN_BLINDING parameters after + a fixed number of uses (currently 32) + - add new function for parameter creation + - introduce flags to control the update behaviour of the + BN_BLINDING parameters + - hide BN_BLINDING structure + Add a second BN_BLINDING slot to the RSA structure to improve + performance when a single RSA object is shared among several + threads. + [Nils Larsch] + + *) Add support for DTLS. + [Nagendra Modadugu and Ben Laurie] + + *) Add support for DER encoded private keys (SSL_FILETYPE_ASN1) + to SSL_CTX_use_PrivateKey_file() and SSL_use_PrivateKey_file() + [Walter Goulet] + + *) Remove buggy and incompletet DH cert support from + ssl/ssl_rsa.c and ssl/s3_both.c + [Nils Larsch] *) Use SHA-1 instead of MD5 as the default digest algorithm for the apps/openssl applications. @@ -454,14 +477,13 @@ Makefile.shared, for Cygwin's sake. [Richard Levitte] - *) Extend the BIGNUM API by creating new macros that behave like - functions - - void BN_set_sign(BIGNUM *a, int neg); - int BN_get_sign(const BIGNUM *a); + *) Extend the BIGNUM API by creating a function + void BN_set_negative(BIGNUM *a, int neg); + and a macro that behave like + int BN_is_negative(const BIGNUM *a); - and avoid the need to access 'a->neg' directly in applications. - [Nils Larsch ] + to avoid the need to access 'a->neg' directly in applications. + [Nils Larsch] *) Implement fast modular reduction for pseudo-Mersenne primes used in NIST curves (crypto/bn/bn_nist.c, crypto/ec/ecp_nist.c). @@ -770,11 +792,41 @@ differing sizes. [Richard Levitte] - Changes between 0.9.7f and 0.9.7g [XX xxx xxxx] + Changes between 0.9.7g and 0.9.7h [XX xxx XXXX] + + *) Add support for smime-type MIME parameter in S/MIME messages which some + clients need. + [Steve Henson] + + *) New function BN_MONT_CTX_set_locked() to set montgomery parameters in + a threadsafe manner. Modify rsa code to use new function and add calls + to dsa and dh code (which had race conditions before). + [Steve Henson] + + *) Include the fixed error library code in the C error file definitions + instead of fixing them up at runtime. This keeps the error code + structures constant. + [Steve Henson] + + Changes between 0.9.7f and 0.9.7g [11 Apr 2005] + + *) Fixes for newer kerberos headers. NB: the casts are needed because + the 'length' field is signed on one version and unsigned on another + with no (?) obvious way to tell the difference, without these VC++ + complains. Also the "definition" of FAR (blank) is no longer included + nor is the error ENOMEM. KRB5_PRIVATE has to be set to 1 to pick up + some needed definitions. + [Steve Henson] *) Undo Cygwin change. [Ulf Möller] + *) Added support for proxy certificates according to RFC 3820. + Because they may be a security thread to unaware applications, + they must be explicitely allowed in run-time. See + docs/HOWTO/proxy_certificates.txt for further information. + [Richard Levitte] + Changes between 0.9.7e and 0.9.7f [22 Mar 2005] *) Use (SSL_RANDOM_VALUE - 4) bytes of pseudo random data when generating