]>
Commit | Line | Data |
---|---|---|
81a6c781 | 1 | |
f1c236f8 | 2 | OpenSSL CHANGES |
651d0aff RE |
3 | _______________ |
4 | ||
beab098d | 5 | Changes between 0.9.7c and 0.9.8 [xx XXX xxxx] |
4d94ae00 | 6 | |
8dc344cc GT |
7 | *) Because of the callback-based approach for implementing LHASH as a |
8 | template type, lh_insert() adds opaque objects to hash-tables and | |
9 | lh_doall() or lh_doall_arg() are typically used with a destructor callback | |
10 | to clean up those corresponding objects before destroying the hash table | |
11 | (and losing the object pointers). So some over-zealous constifications in | |
12 | LHASH have been relaxed so that lh_insert() does not take (nor store) the | |
13 | objects as "const" and the lh_doall[_arg] callback wrappers are not | |
14 | prototyped to have "const" restrictions on the object pointers they are | |
15 | given (and so aren't required to cast them away any more). | |
16 | [Geoff Thorpe] | |
17 | ||
0991f070 GT |
18 | *) The tmdiff.h API was so ugly and minimal that our own timing utility |
19 | (speed) prefers to use its own implementation. The two implementations | |
20 | haven't been consolidated as yet (volunteers?) but the tmdiff API has had | |
21 | its object type properly exposed (MS_TM) instead of casting to/from "char | |
22 | *". This may still change yet if someone realises MS_TM and "ms_time_***" | |
23 | aren't necessarily the greatest nomenclatures - but this is what was used | |
24 | internally to the implementation so I've used that for now. | |
25 | [Geoff Thorpe] | |
26 | ||
9d473aa2 | 27 | *) Ensure that deprecated functions do not get compiled when |
2aaec9cc GT |
28 | OPENSSL_NO_DEPRECATED is defined. Some "openssl" subcommands and a few of |
29 | the self-tests were still using deprecated key-generation functions so | |
30 | these have been updated also. | |
9d473aa2 GT |
31 | [Geoff Thorpe] |
32 | ||
c5a55463 DSH |
33 | *) Reorganise PKCS#7 code to separate the digest location functionality |
34 | into PKCS7_find_digest(), digest addtion into PKCS7_bio_add_digest(). | |
35 | New function PKCS7_set_digest() to set the digest type for PKCS#7 | |
36 | digestedData type. Add additional code to correctly generate the | |
37 | digestedData type and add support for this type in PKCS7 initialization | |
38 | functions. | |
8d9086df DSH |
39 | [Steve Henson] |
40 | ||
c5a55463 DSH |
41 | *) New function PKCS7_set0_type_other() this initializes a PKCS7 |
42 | structure of type "other". | |
8d9086df DSH |
43 | [Steve Henson] |
44 | ||
6bd27f86 RE |
45 | *) Fix prime generation loop in crypto/bn/bn_prime.pl by making |
46 | sure the loop does correctly stop and breaking ("division by zero") | |
47 | modulus operations are not performed. The (pre-generated) prime | |
48 | table crypto/bn/bn_prime.h was already correct, but it could not be | |
49 | re-generated on some platforms because of the "division by zero" | |
50 | situation in the script. | |
51 | [Ralf S. Engelschall] | |
52 | ||
968766ca BM |
53 | *) Update support for ECC-based TLS ciphersuites according to |
54 | draft-ietf-tls-ecc-03.txt: the KDF1 key derivation function with | |
55 | SHA-1 now is only used for "small" curves (where the | |
56 | representation of a field element takes up to 24 bytes); for | |
57 | larger curves, the field element resulting from ECDH is directly | |
58 | used as premaster secret. | |
59 | [Douglas Stebila (Sun Microsystems Laboratories)] | |
60 | ||
652ae06b BM |
61 | *) Add code for kP+lQ timings to crypto/ec/ectest.c, and add SEC2 |
62 | curve secp160r1 to the tests. | |
63 | [Douglas Stebila (Sun Microsystems Laboratories)] | |
64 | ||
e666c459 RL |
65 | *) Add the possibility to load symbols globally with DSO. |
66 |