]>
Commit | Line | Data |
---|---|---|
651d0aff | 1 | |
f1c236f8 | 2 | OpenSSL CHANGES |
651d0aff RE |
3 | _______________ |
4 | ||
41a6fdea | 5 | Changes between 0.9.3a and 0.9.4 [xx Aug 1999] |
74678cc2 | 6 | |
48c843c3 BM |
7 | *) New function DSA_dup_DH, which duplicates DSA parameters/keys as |
8 | DH parameters/keys (q is lost during that conversion, but the resulting | |
9 | DH parameters contain its length). | |
10 | ||
11 | For 1024-bit p, DSA_generate_parameters followed by DSA_dup_DH is | |
12 | much faster than DH_generate_parameters (which creates parameters | |
13 | where p = 2*q + 1), and also the smaller q makes DH computations | |
14 | much more efficient (160-bit exponentiation instead of 1024-bit | |
15 | exponentiation); so this provides a convenient way to support DHE | |
16 | ciphersuites in SSL/TLS servers (see ssl/ssltest.c). It is of | |
17 | utter importance to use | |
18 | SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE); | |
19 | or | |
20 | SSL_set_options(s_ctx, SSL_OP_SINGLE_DH_USE); | |
21 | when such DH parameters are used, because otherwise small subgroup | |
22 | attacks may become possible! | |
23 | [Bodo Moeller] | |
24 | ||
25 | *) Avoid memory leak in i2d_DHparams. | |
26 | [Bodo Moeller] | |
27 | ||
922180d7 DSH |
28 | *) Allow the -k option to be used more than once in the enc program: |
29 | this allows the same encrypted message to be read by multiple recipients. | |
30 | [Steve Henson] | |
31 | ||
3e3d2ea2 DSH |
32 | *) New function OBJ_obj2txt(buf, buf_len, a, no_name), this converts |
33 | an ASN1_OBJECT to a text string. If the "no_name" parameter is set then | |
34 | it will always use the numerical form of the OID, even if it has a short | |
35 | or long name. | |
36 | [Steve Henson] | |
37 | ||
770d19b8 DSH |
38 | *) Added an extra RSA flag: RSA_FLAG_EXT_PKEY. Previously the rsa_mod_exp |
39 | method only got called if p,q,dmp1,dmq1,iqmp components were present, | |
40 | otherwise bn_mod_exp was called. In the case of hardware keys for example | |
41 | no private key components need be present and it might store extra data | |
42 | in the RSA structure, which cannot be accessed from bn_mod_exp. By setting | |
43 | RSA_FLAG_EXT_PKEY rsa_mod_exp will always be called for private key | |
44 | operations. | |
45 | [Steve Henson] | |
46 | ||
a0618e3e AP |
47 | *) Added support for SPARC Linux. |
48 | [Andy Polyakov] | |
49 | ||
74678cc2 BM |
50 | *) pem_password_cb function type incompatibly changed from |
51 | typedef int pem_password_cb(char *buf, int size, int rwflag); | |
52 | to | |
53 | ....(char *buf, int size, int rwflag, void *userdata); | |
54 | so that applications can pass data to their callbacks: | |
55 | The PEM[_ASN1]_{read,write}... functions and macros now take an | |
56 | additional void * argument, which is just handed through whenever | |
57 | the password callback is called. | |
58 | [Damien Miller <dmiller@ilogic.com.au>, with tiny changes by Bodo Moeller] | |
59 | ||
60 | New function SSL_CTX_set_default_passwd_cb_userdata. | |
61 | ||
62 | Compatibility note: As many C implementations push function arguments | |
63 | onto the stack in reverse order, the new library version is likely to | |
64 | interoperate with programs that have been compiled with the old | |
65 | pem_password_cb definition (PEM_whatever takes some data that | |
66 | happens to be on the stack as its last argument, and the callback | |
67 | just ignores this garbage); but there is no guarantee whatsoever that | |
68 | this will work. | |
0cceb1c7 | 69 | |
664b9985 BM |
70 | *) The -DPLATFORM="\"$(PLATFORM)\"" definition and the similar -DCFLAGS=... |
71 | (both in crypto/Makefile.ssl for use by crypto/cversion.c) caused | |
72 | problems not only on Windows, but also on some Unix platforms. | |
2e0fc875 | 73 | To avoid problematic command lines, these definitions are now in an |
57119943 BM |
74 | auto-generated file crypto/buildinf.h (created by crypto/Makefile.ssl |
75 | for standard "make" builds, by util/mk1mf.pl for "mk1mf" builds). | |
664b9985 BM |
76 | [Bodo Moeller] |
77 | ||
7363455f AP |
78 | *) MIPS III/IV assembler module is reimplemented. |
79 | [Andy Polyakov] | |
80 | ||
6434450c UM |
81 | *) More DES library cleanups: remove references to srand/rand and |
82 | delete an unused file. | |
83 |