X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=5102203a88651eaef5b4514b1d989da14ab8c3f5;hp=836740afd08055ffa8cebd48a90a7cb1e1424796;hb=673b3fde824b8cafe33d1c908e890e42645a0ade;hpb=bf0d176e48c6dd44c6cb3250d1e56d9d098f815a

diff --git a/CHANGES b/CHANGES
index 836740afd0..5102203a88 100644
--- a/CHANGES
+++ b/CHANGES
@@ -3,6 +3,96 @@
 
  Changes between 0.9.6 and 0.9.7  [xx XXX 2000]
 
+  *) New SSLeay_version code SSLEAY_DIR to determine the compiled-in
+     value of OPENSSLDIR.  This is available via the new '-d' option
+     to 'openssl version', and is also included in 'openssl version -a'.
+     [Bodo Moeller]
+
+  *) Fix C code generated by 'openssl dsaparam -C': If a BN_bin2bn
+     call failed, free the DSA structure.
+     [Bodo Moeller]
+
+  *) Add another call level for memory allocation routines, thereby
+     allowing memory allocation callbacks that can be given file
+     name and line number information.  The basic functionality
+     remains, as well as the original possibility to just replace
+     malloc(), realloc() and free().  The new functions that can be
+     registered help users provide variants of malloc(), realloc()
+     and free() that take two extra arguments, a const char* and an
+     int.  To register and find out the current settings for those
+     hooks, the following functions are provided:
+
+	CRYPTO_set_mem_ex_functions
+	CRYPTO_set_locked_mem_ex_functions
+	CRYPTO_get_mem_ex_functions
+	CRYPTO_get_locked_mem_ex_functions
+
+     They work the same way as the corresponding CRYPTO_set_mem_functions
+     and friends with one exception: giving NULL as arguments will restore
+     the internal hooks to internal routines and will still make the above
+     functions return 1 and not 0.
+
+     This functionality was created as a direct request to add the
+     possibility to interface with the Windows debugging routines
+     _malloc_dbg, _realloc_dbg and _free_dbg.
+     [Richard Levitte]
+
+  *) Fix to uni2asc() to cope with zero length Unicode strings.
+     These are present in some PKCS#12 files.
+     [Steve Henson]
+
+  *) Finish off removing the remaining LHASH function pointer casts.
+     There should no longer be any prototype-casting required when using
+     the LHASH abstraction, and any casts that remain are "bugs". See
+     the callback types and macros at the head of lhash.h for details
+     (and "OBJ_cleanup" in crypto/objects/obj_dat.c as an example).
+     [Geoff Thorpe]
+
+  *) Add automatic query of EGD sockets in RAND_poll() for the unix variant.
+     If an EGD or PRNGD is running and enough entropy is returned, automatic
+     seeding like with /dev/[u]random will be performed.
+     Positions tried are: /etc/entropy, /var/run/egd-pool.
+     [Lutz Jaenicke]
+
+  *) Change the Unix RAND_poll() variant to be able to poll several
+     random devices and only read data for a small fragment of time
+     to avoid hangs.  Also separate out the Unix variant to it's own
+     file, rand_unix.c.  For VMS, there's a currently-empty rand_vms.c.
+     [Richard Levitte]
+
+  *) Move OCSP client related routines to ocsp_cl.c. These
+     provide utility functions which an application needing
+     to issue a request to an OCSP responder and analyse the
+     response will typically need: as opposed to those which an
+     OCSP responder itself would need which will be added later.
+
+     OCSP_request_sign() signs an OCSP request with an API similar
+     to PKCS7_sign(). OCSP_response_status() returns status of OCSP
+     response. OCSP_response_get1_basic() extracts basic response
+     from response. OCSP_resp_find_status(): finds and extracts status
+     information from an OCSP_CERTID structure (which will be created
+     when the request structure is built). These are built from lower
+     level functions which work on OCSP_SINGLERESP structures but
+     wont normally be used unless the application wishes to examine
+     extensions in the OCSP response for example.
+
+     Replace nonce routines with a pair of functions.
+     OCSP_request_add1_nonce() adds a nonce value and optionally
+     generates a random value. OCSP_check_nonce() checks the
+     validity of the nonce in an OCSP response.
+     [Steve Henson]
+
+  *) Change function OCSP_request_add() to OCSP_request_add0_id().
+     This doesn't copy the supplied OCSP_CERTID and avoids the
+     need to free up the newly created id. Change return type
+     to OCSP_ONEREQ to return the internal OCSP_ONEREQ structure.
+     This can then be used to add extensions to the request.
+     Deleted OCSP_request_new(), since most of its functionality
+     is now in OCSP_REQUEST_new() (and the case insensitive name
+     clash) apart from the ability to set the request name which
+     will be added elsewhere.
+     [Steve Henson]
+
   *) Update OCSP API. Remove obsolete extensions argument from
      various functions. Extensions are now handled using the new
      OCSP extension code. New simple OCSP HTTP function which