X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=aae4a8ace27f129996915c8aa7727c09f77f5f26;hp=a87097eedf6230c31634c2ed0260092533e7b274;hb=b5348a095d8c68a1274751f058a2de0ad29a3c60;hpb=7d5b04db4e80f3d38dd4f1977c12d6fc592079eb

diff --git a/CHANGES b/CHANGES
index a87097eedf..aae4a8ace2 100644
--- a/CHANGES
+++ b/CHANGES
@@ -12,6 +12,108 @@
          *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7
          +) applies to 0.9.7 only
 
+  *) Fix BN_rand_range bug pointed out by Dominikus Scherkl
+     <Dominikus.Scherkl@biodata.com>.  (The previous implementation
+     worked incorrectly for those cases where  range = 10..._2  and
+     3*range  is two bits longer than  range.)
+     [Bodo Moeller]
+
+  *) Only add signing time to PKCS7 structures if it is not already
+     present.
+     [Steve Henson]
+
+  *) Fix crypto/objects/objects.h: "ld-ce" should be "id-ce",
+     OBJ_ld_ce should be OBJ_id_ce.
+     Also some ip-pda OIDs in crypto/objects/objects.txt were
+     incorrect (cf. RFC 3039).
+     [Matt Cooper, Frederic Giudicelli, Bodo Moeller]
+
+  +) Add option to output public keys in req command.
+     [Massimiliano Pala madwolf@openca.org]
+
+  *) Release CRYPTO_LOCK_DYNLOCK when CRYPTO_destroy_dynlockid()
+     returns early because it has nothing to do.
+     [Andy Schneider <andy.schneider@bjss.co.uk>]
+
+  *) [In 0.9.6c-engine and 0.9.7 release:]
+     Fix mutex callback return values in crypto/engine/hw_ncipher.c.
+     [Andy Schneider <andy.schneider@bjss.co.uk>]
+
+  -) [In 0.9.6c-engine release:]
+     Add support for Cryptographic Appliance's keyserver technology.
+     (Use engine 'keyclient')
+     [Cryptographic Appliances and Geoff Thorpe]
+
+  *) Add a configuration entry for OS/390 Unix.  The C compiler 'c89'
+     is called via tools/c89.sh because arguments have to be
+     rearranged (all '-L' options must appear before the first object
+     modules).
+     [Richard Shapiro <rshapiro@abinitio.com>]
+
+  +) Use wNAFs in EC_POINTs_mul() for improved efficiency
+     (up to about 10% better than before for P-192 and P-224).
+     [Bodo Moeller]
+
+  -) [In 0.9.6c-engine release:]
+     Add support for Broadcom crypto accelerator cards, backported
+     from 0.9.7.
+     [Broadcom, Nalin Dahyabhai <nalin@redhat.com>, Mark Cox]
+
+  -) [In 0.9.6c-engine release:]
+     Add support for SureWare crypto accelerator cards from 
+     Baltimore Technologies.  (Use engine 'sureware')
+     [Baltimore Technologies and Mark Cox]
+
+  -) [In 0.9.6c-engine release:]
+     Add support for crypto accelerator cards from Accelerated
+     Encryption Processing, www.aep.ie.  (Use engine 'aep')
+     [AEP Inc. and Mark Cox]
+
+  *) Add a configuration entry for gcc on UnixWare.
+     [Gary Benson <gbenson@redhat.com>]
+
+  +) New functions/macros
+
+          SSL_CTX_set_msg_callback(ctx, cb)
+          SSL_CTX_set_msg_callback_arg(ctx, arg)
+          SSL_set_msg_callback(ssl, cb)
+          SSL_set_msg_callback_arg(ssl, arg)
+
+     to request calling a callback function
+
+          void cb(int write_p, int version, int content_type,
+                  const void *buf, size_t len, SSL *ssl, void *arg)
+
+     whenever a protocol message has been completely received
+     (write_p == 0) or sent (write_p == 1).  Here 'version' is the
+     protocol version  according to which the SSL library interprets
+     the current protocol message (SSL2_VERSION, SSL3_VERSION, or
+     TLS1_VERSION).  'content_type' is 0 in the case of SSL 2.0, or
+     the content type as defined in the SSL 3.0/TLS 1.0 protocol
+     specification (change_cipher_spec(20), alert(21), handshake(22)).
+     'buf' and 'len' point to the actual message, 'ssl' to the
+     SSL object, and 'arg' is the application-defined value set by
+     SSL[_CTX]_set_msg_callback_arg().
+
+     'openssl s_client' and 'openssl s_server' have new '-msg' options
+     to enable a callback that displays all protocol messages.
+     [Bodo Moeller]
+
+  *) Change ssl/s2_clnt.c and ssl/s2_srvr.c so that received handshake
+     messages are stored in a single piece (fixed-length part and
+     variable-length part combined) and fix various bugs found on the way.
+     [Bodo Moeller]
+
+  +) Change the shared library support so shared libraries are built as
+     soon as the corresponding static library is finished, and thereby get
+     openssl and the test programs linked against the shared library.
+     This still only happens when the keyword "shard" has been given to
+     the configuration scripts.
+
+     NOTE: shared library support is still an experimental thing, and
+     backward binary compatibility is still not guaranteed.
+     ["Maciej W. Rozycki" <macro@ds2.pg.gda.pl> and Richard Levitte]
+
   +) Add support for Subject Information Access extension.
      [Peter Sylvester <Peter.Sylvester@EdelWeb.fr>]
 
@@ -76,35 +178,6 @@
      particular extension is supported.
      [Steve Henson]
 
-  +) New functions/macros
-
-          SSL_CTX_set_msg_callback(ctx, cb)
-          SSL_CTX_set_msg_callback_arg(ctx, arg)
-          SSL_set_msg_callback(ssl, cb)
-          SSL_set_msg_callback_arg(ssl, arg)
-
-     to request calling a callback function
-
-          void cb(int write_p, int version, int content_type,
-                  const void *buf, size_t len, SSL *ssl, void *arg)
-
-     whenever a protocol message has been completely received
-     (write_p == 0) or sent (write_p == 1).  Here 'version' is the
-     protocol version  according to which the SSL library interprets
-     the current protocol message (SSL2_VERSION, SSL3_VERSION, or
-     TLS1_VERSION).  'content_type' is 0 in the case of SSL 2.0, or
-     the content type as defined in the SSL 3.0/TLS 1.0 protocol
-     specification (change_cipher_spec(20), alert(21), handshake(22)).
-     'buf' and 'len' point to the actual message, 'ssl' to the
-     SSL object, and 'arg' is the application-defined value set by
-     SSL[_CTX]_set_msg_callback_arg().
-
-     'openssl s_client' and 'openssl s_server' have new '-msg' options
-     to enable a callback that displays all protocol messages.
-
-     TODO: SSL 2.0, doc/ssl/, doc/apps/
-     [Bodo Moeller]
-
   *) In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert
      (sent using the client's version number) if client_version is
      smaller than the protocol version in use.  Also change
@@ -223,8 +296,12 @@
      "Douglas E. Engert" <deengert@anl.gov>.
      [Lutz Jaenicke]
 
-  +) Add support for shared libraries for Unixware-7 and support including
-     shared libraries for OpenUNIX-8 (Boyd Lynn Gerber <gerberb@zenez.com>).
+  +) Add support for shared libraries for Unixware-7
+     (Boyd Lynn Gerber <gerberb@zenez.com>).
+     [Lutz Jaenicke]
+
+  *) Add OpenUNIX-8 support including shared libraries
+     (Boyd Lynn Gerber <gerberb@zenez.com>).
      [Lutz Jaenicke]
 
   *) Improve RSA_padding_check_PKCS1_OAEP() check again to avoid
@@ -261,7 +338,7 @@
   *) BN_sqr() bug fix.
      [Ulf Möller, reported by Jim Ellis <jim.ellis@cavium.com>]
 
-  *) Make it possible to unload ranges of ERR strings with a new
+  +) Make it possible to unload ranges of ERR strings with a new
      "ERR_unload_strings" function.
      [Geoff Thorpe]
 
@@ -391,7 +468,7 @@
      anyway).
      [Ben Laurie]
 
-  +) Enhanced support for IA-64 Unix platforms (well, Linux and HP-UX).
+  *) Enhanced support for IA-64 Unix platforms (well, Linux and HP-UX).
      [Andy Polyakov]
 
   *) Modified SSL library such that the verify_callback that has been set
@@ -495,6 +572,16 @@
      parameters (and 'speed' generating keys each time).
      [Geoff Thorpe]
 
+  *) Add support for shared libraries under Irix.
+     [Albert Chin-A-Young <china@thewrittenword.com>]
+
+  *) Add configuration option to build on Linux on both big-endian and
+     little-endian MIPS.
+     [Ralf Baechle <ralf@uni-koblenz.de>]
+
+  *) Add the possibility to create shared libraries on HP-UX.
+     [Richard Levitte]
+
   -) OpenSSL 0.9.6b released [9 July 2001]
 
   *) Change ssleay_rand_bytes (crypto/rand/md_rand.c)
@@ -908,9 +995,12 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
      don't write to the wrong index in ERR_set_error_data.
      [Bodo Moeller]
 
-  +) Function EC_POINTs_mul for simultaneous scalar multiplication
-     of an arbitrary number of elliptic curve points, optionally
-     including the generator defined for the EC_GROUP.
+  +) Function EC_POINTs_mul for multiple scalar multiplication
+     of an arbitrary number of elliptic curve points
+          \sum scalars[i]*points[i],
+     optionally including the generator defined for the EC_GROUP:
+          scalar*generator +  \sum scalars[i]*points[i].
+
      EC_POINT_mul is a simple wrapper function for the typical case
      that the point list has just one item (besides the optional
      generator).
@@ -1871,17 +1961,10 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
      identity, and test if they are actually available.
      [Richard Levitte]
 
-  +) Add support for shared libraries under Irix.
-     [Albert Chin-A-Young <china@thewrittenword.com>]
-
   +) Improve RPM specification file by forcing symbolic linking and making
      sure the installed documentation is also owned by root.root.
      [Damien Miller <djm@mindrot.org>]
 
-  +) Add configuration option to build on Linux on both big-endian and
-     little-endian MIPS.
-     [Ralf Baechle <ralf@uni-koblenz.de>]
-
   +) Give the OpenSSL applications more possibilities to make use of
      keys (public as well as private) handled by engines.
      [Richard Levitte]
@@ -1908,9 +1991,6 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
   +) Support threads on FreeBSD-elf in Configure.
      [Richard Levitte]
 
-  +) Add the possibility to create shared libraries on HP-UX
-     [Richard Levitte]
-
   +) Fix for SHA1 assembly problem with MASM: it produces
      warnings about corrupt line number information when assembling
      with debugging information. This is caused by the overlapping