X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=f706c101110f1b1ac4be004f7071144df685297b;hp=48053f22012dce13ad6eae4c5d2868a800460302;hb=7865b871c0307ad2d71a8f3dc066b7cfd0d99c4a;hpb=a873356c0007c93de86b4e1360d4a9e7af151b22

diff --git a/CHANGES b/CHANGES
index 48053f2201..f706c10111 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,19 +2,149 @@
  OpenSSL CHANGES
  _______________
 
- Changes between 0.9.4 and 0.9.5  [xx XXX 1999]
+ Changes between 0.9.4 and 0.9.5  [xx XXX 2000]
+
+  *) Bugfix: ssl3_send_server_key_exchange was not restartable
+     (the state was not changed to SSL3_ST_SW_KEY_EXCH_B, and because of
+     this the server could overwrite ephemeral keys that the client
+     has already seen).
+     [Bodo Moeller]
+
+  *) Turn DSA_is_prime into a macro that calls BN_is_prime,
+     using 50 iterations of the Rabin-Miller test.
+
+     DSA_generate_parameters now uses BN_is_prime_fasttest (with 50
+     iterations of the Rabin-Miller test as required by the appendix
+     to FIPS PUB 186[-1]) instead of DSA_is_prime.
+     As BN_is_prime_fasttest includes trial division, DSA parameter
+     generation becomes much faster.
+
+     This implies a change for the callback functions in DSA_is_prime
+     and DSA_generate_parameters: They are now called once for each
+     positive witness in the Rabin-Miller test, not just occasionally
+     in the inner loop; and the parameters to the callback function now
+     provide an iteration count for the outer loop rather than for the
+     current invocation of the inner loop.
+     [Bodo Moeller]
+
+  *) New function BN_is_prime_fasttest that optionally does trial
+     division before starting the Rabin-Miller test and has
+     an additional BN_CTX * argument (whereas BN_is_prime always
+     has to allocate at least one BN_CTX).
+     [Bodo Moeller]    
+
+  *) Fix for bug in CRL encoding. The validity dates weren't being handled
+     as ASN1_TIME.
+     [Steve Henson]
+
+  *) New -pkcs12 option to CA.pl script to write out a PKCS#12 file.
+     [Steve Henson]
+
+  *) New function BN_pseudo_rand().
+     [Ulf Möller]
+
+  *) Clean up BN_mod_mul_montgomery(): replace the broken (and unreadable)
+     bignum version of BN_from_montgomery() with the working code from
+     SSLeay 0.9.0 (the word based version is faster anyway), and clean up
+     the comments.
+     [Ulf Möller]
+
+  *) Avoid a race condition in s2_clnt.c (function get_server_hello) that
+     made it impossible to use the same SSL_SESSION data structure in
+     SSL2 clients in multiple threads.
+     [Bodo Moeller]
+
+  *) The return value of RAND_load_file() no longer counts bytes obtained
+     by stat().  RAND_load_file(..., -1) is new and uses the complete file
+     to seed the PRNG (previously an explicit byte count was required).
+     [Ulf Möller, Bodo Möller]
+
+  *) Clean up CRYPTO_EX_DATA functions, some of these didn't have prototypes
+     used (char *) instead of (void *) and had casts all over the place.
+     [Steve Henson]
+
+  *) Make BN_generate_prime() return NULL on error if ret!=NULL.
+     [Ulf Möller]
+
+  *) Retain source code compatibility for BN_prime_checks macro:
+     BN_is_prime(..., BN_prime_checks, ...) now uses
+     BN_prime_checks_for_size to determine the appropriate number of
+     Rabin-Miller iterations.
+     [Ulf Möller]
+
+  *) Diffie-Hellman uses "safe" primes: DH_check() return code renamed to
+     DH_CHECK_P_NOT_SAFE_PRIME.
+     (Check if this is true? OpenPGP calls them "strong".)
+     [Ulf Möller]
+
+  *) Merge the functionality of "dh" and "gendh" programs into a new program
+     "dhparam". The old programs are retained for now but will handle DH keys
+     (instead of parameters) in future.
+     [Steve Henson]
+
+  *) Make the ciphers, s_server and s_client programs check the return values
+     when a new cipher list is set.
+     [Steve Henson]
+
+  *) Enhance the SSL/TLS cipher mechanism to correctly handle the TLS 56bit
+     ciphers. Before when the 56bit ciphers were enabled the sorting was
+     wrong.
+
+     The syntax for the cipher sorting has been extended to support sorting by
+     cipher-strength (using the strength_bits hard coded in the tables).
+     The new command is "@STRENGTH" (see also doc/apps/ciphers.pod).
+
+     Fix a bug in the cipher-command parser: when supplying a cipher command
+     string with an "undefined" symbol (neither command nor alphanumeric
+     [A-Za-z0-9], ssl_set_cipher_list used to hang in an endless loop. Now
+     an error is flagged.
+
+     Due to the strength-sorting extension, the code of the
+     ssl_create_cipher_list() function was completely rearranged. I hope that
+     the readability was also increased :-)
+     [Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>]
+
+  *) Minor change to 'x509' utility. The -CAcreateserial option now uses 1
+     for the first serial number and places 2 in the serial number file. This
+     avoids problems when the root CA is created with serial number zero and
+     the first user certificate has the same issuer name and serial number
+     as the root CA.
+     [Steve Henson]
+
+  *) Fixes to X509_ATTRIBUTE utilities, change the 'req' program so it uses
+     the new code. Add documentation for this stuff.
+     [Steve Henson]
+
+  *) Changes to X509_ATTRIBUTE utilities. These have been renamed from
+     X509_*() to X509at_*() on the grounds that they don't handle X509
+     structures and behave in an analagous way to the X509v3 functions:
+     they shouldn't be called directly but wrapper functions should be used
+     instead.
+
+     So we also now have some wrapper functions that call the X509at functions
+     when passed certificate requests. (TO DO: similar things can be done with
+     PKCS#7 signed and unsigned attributes, PKCS#12 attributes and a few other
+     things. Some of these need some d2i or i2d and print functionality
+     because they handle more complex structures.)
+     [Steve Henson]
+
+  *) Add missing #ifndefs that caused missing symbols when building libssl
+     as a shared library without RSA.  Use #ifndef NO_SSL2 instead of
+     NO_RSA in ssl/s2*.c. 
+     [Kris Kennaway <kris@hub.freebsd.org>, modified by Ulf Möller]
 
   *) Precautions against using the PRNG uninitialized: RAND_bytes() now
-     has a return value which indicated the quality of the random data
-     (1 = ok, 0 = not seeded).
+     has a return value which indicates the quality of the random data
+     (1 = ok, 0 = not seeded).  Also an error is recorded on the thread's
+     error queue. New function RAND_pseudo_bytes() generates output that is
+     guaranteed to be unique but not unpredictable.
      [Ulf Möller]
 
   *) Do more iterations of Rabin-Miller probable prime test (specifically,
      3 for 1024-bit primes, 6 for 512-bit primes, 12 for 256-bit primes
-     instead of only 2 for all lengths; see BN_prime_checks definition
-     in crypto/bn/bn.h for the complete table).  This guarantees a
-     false-positive rate of at most 2^-80 (actually less because we are
-     additionally doing trial division) for random input.
+     instead of only 2 for all lengths; see BN_prime_checks_for_size definition
+     in crypto/bn/bn_prime.c for the complete table).  This guarantees a
+     false-positive rate of at most 2^-80 for random input.
      [Bodo Moeller]
 
   *) Rewrite ssl3_read_n (ssl/s3_pkt.c) avoiding a couple of bugs.
@@ -421,8 +551,8 @@
      code.
      [Steve Henson]
 
-  *) Correctly increment the reference count in the SSL_SESSION pointer 
-     returned from SSL_get_session().
+  *) SSL_get1_session() is like SSL_get_session(), but increments
+     the reference count in the SSL_SESSION returned.
      [Geoff Thorpe <geoff@eu.c2.net>]
 
   *) Fix for 'req': it was adding a null to request attributes.