X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=61306507da17d3dc41f9c7a631a500352f92841e;hp=36792258f82cbfde095c304b2bd00e46b3cf2fd7;hb=d754b3850f0230c187236d89c42d1a971a97264d;hpb=cdd43b5ba565cdf6c86acec3fef0298c31e65f32

diff --git a/CHANGES b/CHANGES
index 36792258f8..61306507da 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,99 @@
 
  Changes between 0.9.4 and 0.9.5  [xx XXX 2000]
 
+  *) Change the 'other' type in certificate aux info to a STACK_OF
+     X509_ALGOR. Although not an AlgorithmIdentifier as such it has
+     the required ASN1 format: arbitrary types determined by an OID.
+     [Steve Henson]
+
+  *) Add some PEM_write_X509_REQ_NEW() functions and a command line
+     argument to 'req'. This is not because the function is newer or
+     better than others it just uses the work 'NEW' in the certificate
+     request header lines. Some software needs this.
+     [Steve Henson]
+
+  *) Reorganise password command line arguments: now passwords can be
+     obtained from various sources. Delete the PEM_cb function and make
+     it the default behaviour: i.e. if the callback is NULL and the
+     usrdata argument is not NULL interpret it as a null terminated pass
+     phrase. If usrdata and the callback are NULL then the pass phrase
+     is prompted for as usual.
+     [Steve Henson]
+
+  *) Add support for the Compaq Atalla crypto accelerator. If it is installed,
+     the support is automatically enabled. The resulting binaries will
+     autodetect the card and use it if present.
+     [Ben Laurie and Compaq Inc.]
+
+  *) Work around for Netscape hang bug. This sends certificate request
+     and server done in one record. Since this is perfectly legal in the
+     SSL/TLS protocol it isn't a "bug" option and is on by default. See
+     the bugs/SSLv3 entry for more info.
+     [Steve Henson]
+
+  *) HP-UX tune-up: new unified configs, HP C compiler bug workaround.
+     [Andy Polyakov]
+
+  *) Add -rand argument to smime and pkcs12 applications and read/write
+     of seed file.
+     [Steve Henson]
+
+  *) New 'passwd' tool for crypt(3) and apr1 password hashes.
+     [Bodo Moeller]
+
+  *) Add command line password options to the remaining applications.
+     [Steve Henson]
+
+  *) Bug fix for BN_div_recp() for numerators with an even number of
+     bits.
+     [Ulf Möller]
+
+  *) More tests in bntest.c, and changed test_bn output.
+     [Ulf Möller]
+
+  *) ./config recognizes MacOS X now.
+     [Andy Polyakov]
+
+  *) Bug fix for BN_div() when the first words of num and divsor are
+     equal (it gave wrong results if (rem=(n1-q*d0)&BN_MASK2) < d0).
+     [Ulf Möller]
+
+  *) Add support for various broken PKCS#8 formats, and command line
+     options to produce them.
+     [Steve Henson]
+
+  *) New functions BN_CTX_start(), BN_CTX_get() and BT_CTX_end() to
+     get temporary BIGNUMs from a BN_CTX.
+     [Ulf Möller]
+
+  *) Correct return values in BN_mod_exp_mont() and BN_mod_exp2_mont()
+     for p == 0.
+     [Ulf Möller]
+
+  *) Change the SSLeay_add_all_*() functions to OpenSSL_add_all_*() and
+     include a #define from the old name to the new. The original intent
+     was that statically linked binaries could for example just call
+     SSLeay_add_all_ciphers() to just add ciphers to the table and not
+     link with digests. This never worked becayse SSLeay_add_all_digests()
+     and SSLeay_add_all_ciphers() were in the same source file so calling
+     one would link with the other. They are now in separate source files.
+     [Steve Henson]
+
+  *) Add a new -notext option to 'ca' and a -pubkey option to 'spkac'.
+     [Steve Henson]
+
+  *) Use a less unusual form of the Miller-Rabin primality test (it used
+     a binary algorithm for exponentiation integrated into the Miller-Rabin
+     loop, our standard modexp algorithms are faster).
+     [Bodo Moeller]
+
+  *) Support for the EBCDIC character set completed.
+     [Martin Kraemer <Martin.Kraemer@Mch.SNI.De>]
+
+  *) Source code cleanups: use const where appropriate, eliminate casts,
+     use void * instead of char * in lhash.
+     [Ulf Möller] 
+
   *) Bugfix: ssl3_send_server_key_exchange was not restartable
      (the state was not changed to SSL3_ST_SW_KEY_EXCH_B, and because of
      this the server could overwrite ephemeral keys that the client
@@ -143,7 +236,9 @@
      has a return value which indicates the quality of the random data
      (1 = ok, 0 = not seeded).  Also an error is recorded on the thread's
      error queue. New function RAND_pseudo_bytes() generates output that is
-     guaranteed to be unique but not unpredictable.
+     guaranteed to be unique but not unpredictable. RAND_add is like
+     RAND_seed, but takes an extra argument for an entropy estimate
+     (RAND_seed always assumes full entropy).
      [Ulf Möller]
 
   *) Do more iterations of Rabin-Miller probable prime test (specifically,