]>
Commit | Line | Data |
---|---|---|
f1c236f8 | 1 | OpenSSL CHANGES |
651d0aff RE |
2 | _______________ |
3 | ||
c5e8580e RL |
4 | Changes between 0.9.6 and 0.9.7 [xx XXX 2000] |
5 | ||
3880cd35 BM |
6 | *) Increase s2->wbuf allocation by one byte in ssl2_new (ssl/s2_lib.c). |
7 | Otherwise do_ssl_write (ssl/s2_pkt.c) will write beyond buffer limits | |
8 | when writing a 32767 byte record. | |
9 | [Bodo Moeller; problem reported by Eric Day <eday@concentric.net>] | |
10 | ||
f640ee90 BM |
11 | *) In RSA_eay_public_{en,ed}crypt and RSA_eay_mod_exp (rsa_eay.c), |
12 | obtain lock CRYPTO_LOCK_RSA before creating BN_MONT_CTX | |
13 | structures and setting rsa->_method_mod_{n,p,q}. | |
14 | ||
15 | (RSA objects have a reference count access to which is protected | |
16 | by CRYPTO_LOCK_RSA [see rsa_lib.c, s3_srvr.c, ssl_cert.c, ssl_rsa.c], | |
17 | so they are meant to be shared between threads.) | |
18 | [patch submitted by "Reddie, Steven" <Steven.Reddie@ca.com>] | |
19 | ||
9c67ab2f DSH |
20 | *) Make mkdef.pl parse some of the ASN1 macros and add apropriate |
21 | entries for variables. | |
22 | ||
3ac82faa BM |
23 | *) Add functionality to apps/openssl.c for detecting locking |
24 | problems: As the program is single-threaded, all we have | |
25 | to do is register a locking callback using an array for | |
26 | storing which locks are currently held by the program. | |
27 | ||
28 | Fix a deadlock in CRYPTO_mem_leaks() that was detected in | |
29 | apps/openssl.c. | |
30 | [Bodo Moeller] | |
31 | ||
32 | *) Use a lock around the call to CRYPTO_get_ex_new_index() in | |
33 | SSL_get_ex_data_X509_STORE_idx(), which is used in | |
34 | ssl_verify_cert_chain() and thus can be called at any time | |
35 | during TLS/SSL handshakes so that thread-safety is essential. | |
36 | Unfortunately, the ex_data design is not at all suited | |
37 | for multi-threaded use, so it probably should be abolished. | |
38 | [Bodo Moeller] | |
39 | ||
2a86064f GT |
40 | *) Added Broadcom "ubsec" ENGINE to OpenSSL. |
41 | [Broadcom, tweaked and integrated by Geoff Thorpe] | |
42 | ||
2c15d426 DSH |
43 | *) Move common extension printing code to new function |
44 | X509V3_print_extensions(). Reorganise OCSP print routines and | |
c08523d8 | 45 | implement some needed OCSP ASN1 functions. Add OCSP extensions. |
2c15d426 DSH |
46 | [Steve Henson] |
47 | ||
de487514 DSH |
48 | *) New function X509_signature_print() to remove duplication in some |
49 | print routines. | |
50 | [Steve Henson] | |
51 | ||
06db4253 DSH |
52 | *) Add a special meaning when SET OF and SEQUENCE OF flags are both |
53 | set (this was treated exactly the same as SET OF previously). This | |
54 | is used to reorder the STACK representing the structure to match the | |
55 | encoding. This will be used to get round a problem where a PKCS7 | |
56 | structure which was signed could not be verified because the STACK | |
57 | order did not reflect the encoded order. | |
58 | [Steve Henson] | |
59 | ||
36f554d4 DSH |
60 | *) Reimplement the OCSP ASN1 module using the new code. |
61 | [Steve Henson] | |
62 | ||
2aff7727 DSH |
63 | *) Update the X509V3 code to permit the use of an ASN1_ITEM structure |
64 | for its ASN1 operations. The old style function pointers still exist | |
65 | for now but they will eventually go away. | |
66 | [Steve Henson] | |
67 | ||
9d6b1ce6 DSH |
68 | *) Merge in replacement ASN1 code from the ASN1 branch. This almost |
69 | completely replaces the old ASN1 functionality. | |
70 | [Steve Henson] | |
71 | ||
8dea52fa BM |
72 | *) Change BN_mod_exp_recp so that negative moduli are tolerated |
73 | (the sign is ignored). Similarly, ignore the sign in BN_MONT_CTX_set | |
74 | so that BN_mod_exp_mont and BN_mod_exp_mont_word work | |
75 | for negative moduli. | |
76 | [Bodo Moeller] | |
77 | ||
78 | *) Fix BN_uadd and BN_usub: Always return non-negative results instead | |
79 | of not touching the result's sign bit. | |
80 | [Bodo Moeller] | |
81 | ||
80d89e6a BM |
82 | *) BN_div bugfix: If the result is 0, the sign (res->neg) must not be |
83 | set. | |
84 | [Bodo Moeller] | |
85 | ||
f1919c3d GT |
86 | *) Changed the LHASH code to use prototypes for callbacks, and created |
87 | macros to declare and implement thin (optionally static) functions | |
88 | that provide type-safety and avoid function pointer casting for the | |
89 | type-specific callbacks. | |
90 | [Geoff Thorpe] | |
91 | ||
1946cd8b UM |
92 | *) Use better test patterns in bntest. |
93 |