X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=a3a8f2823badcf0f7d7f0988479f9429bc7292b6;hp=33130ff46243760f2456219d76b4729bad29752e;hb=7b65c3298f8bb8ff0f5b2a1a8260358039ccad83;hpb=87c49f622e7fe9d93b3ab87b1edd5faa32fa6e74

diff --git a/CHANGES b/CHANGES
index 33130ff462..a3a8f2823b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,10 +4,60 @@
 
  Changes between 0.9.4 and 0.9.5  [xx XXX 1999]
 
+  *) Fix a horrible bug in enc_read() in crypto/evp/bio_enc.c: if the first data
+     read consists of only the final block it would not decrypted because
+     EVP_CipherUpdate() would correctly report zero bytes had been decrypted.
+     A misplaced 'break' also meant the decrypted final block might not be
+     copied until the next read.
+     [Steve Henson]
+
+  *) Initial support for DH_METHOD. Again based on RSA_METHOD. Also added
+     a few extra parameters to the DH structure: these will be useful if
+     for example we want the value of 'q' or implement X9.42 DH.
+     [Steve Henson]
+
+  *) Initial support for DSA_METHOD. This is based on the RSA_METHOD and
+     provides hooks that allow the default DSA functions or functions on a
+     "per key" basis to be replaced. This allows hardware acceleration and
+     hardware key storage to be handled without major modification to the
+     library. Also added low level modexp hooks and CRYPTO_EX structure and 
+     associated functions.
+     [Steve Henson]
+
+  *) Add a new flag to memory BIOs, BIO_FLAG_MEM_RDONLY. This marks the BIO
+     as "read only": it can't be written to and the buffer it points to will
+     not be freed. Reading from a read only BIO is much more efficient than
+     a normal memory BIO. This was added because there are several times when
+     an area of memory needs to be read from a BIO. The previous method was
+     to create a memory BIO and write the data to it, this results in two
+     copies of the data and an O(n^2) reading algorithm. There is a new
+     function BIO_new_mem_buf() which creates a read only memory BIO from
+     an area of memory. Also modified the PKCS#7 routines to use read only
+     memory BIOSs.
+     [Steve Henson]
+
+  *) Bugfix: ssl23_get_client_hello did not work properly when called in
+     state SSL23_ST_SR_CLNT_HELLO_B, i.e. when the first 7 bytes of
+     a SSLv2-compatible client hello for SSLv3 or TLSv1 could be read,
+     but a retry condition occured while trying to read the rest.
+     [Bodo Moeller]
+
+  *) The PKCS7_ENC_CONTENT_new() function was setting the content type as
+     NID_pkcs7_encrypted by default: this was wrong since this should almost
+     always be NID_pkcs7_data. Also modified the PKCS7_set_type() to handle
+     the encrypted data type: this is a more sensible place to put it and it
+     allows the PKCS#12 code to be tidied up that duplicated this
+     functionality.
+     [Steve Henson]
+
+  *) Changed obj_dat.pl script so it takes its input and output files on
+     the command line. This should avoid shell escape redirection problems
+     under Win32.
+     [Steve Henson]
+
   *) Initial support for certificate extension requests, these are included
-     in things like Xenroll certificate requests. They will later be used to
-     allow PKCS#10 requests to include a list of "requested extensions" which
-     can be added.
+     in things like Xenroll certificate requests. Included functions to allow
+     extensions to be obtained and added.
      [Steve Henson]
 
   *) -crlf option to s_client and s_server for sending newlines as