]>
Commit | Line | Data |
---|---|---|
651d0aff | 1 | |
f1c236f8 | 2 | OpenSSL CHANGES |
651d0aff RE |
3 | _______________ |
4 | ||
0cceb1c7 BM |
5 | Changes between 0.9.3a and 0.9.4 |
6 | ||
170afce5 DSH |
7 | *) Add a new function PKCS7_signatureVerify. This allows the verification |
8 | of a PKCS#7 signature but with the signing certificate passed to the | |
9 | function itself. This contrasts with PKCS7_dataVerify which assumes the | |
10 | certificate is present in the PKCS#7 structure. This isn't always the | |
11 | case: certificates can be omitted from a PKCS#7 structure and be | |
12 | distributed by "out of band" means (such as a certificate database). | |
13 | [Steve Henson] | |
14 | ||
dbd665c2 DSH |
15 | *) Complete the PEM_* macros with DECLARE_PEM versions to replace the |
16 | function prototypes in pem.h, also change util/mkdef.pl to add the | |
17 | necessary function names. | |
18 | [Steve Henson] | |
19 | ||
f76a8084 BM |
20 | *) mk1mf.pl (used by Windows builds) did not properly read the |
21 | options set by Configure in the top level Makefile; typo fixed, | |
22 | now "no-idea" etc. works as intended. | |
23 | [Bodo Moeller] | |
24 | ||
8623f693 DSH |
25 | *) New functions CONF_load_bio() and CONF_load_fp() to allow a config |
26 | file to be loaded from a BIO or FILE pointer. The BIO version will | |
27 | for example allow memory BIOs to contain config info. | |
28 | [Steve Henson] | |
29 | ||
a111306b BM |
30 | *) New function "CRYPTO_num_locks" that returns CRYPTO_NUM_LOCKS. |
31 | Whoever hopes to achieve shared-library compatibility across versions | |
32 | must use this, not the compile-time macro. | |
11af1a27 BM |
33 | (Exercise 0.9.4: Which is the minimum library version required by |
34 | such programs?) | |
35 | Note: All this applies only to multi-threaded programs, others don't | |
36 | need locks. | |
a111306b BM |
37 | [Bodo Moeller] |
38 | ||
95d29597 BM |
39 | *) Add missing case to s3_clnt.c state machine -- one of the new SSL tests |
40 | through a BIO pair triggered the default case, i.e. | |
41 | SSLerr(...,SSL_R_UNKNOWN_STATE). | |
42 | [Bodo Moeller] | |
43 | ||
44 | *) New "BIO pair" concept (crypto/bio/bss_bio.c) so that applications | |
45 | can use the SSL library even if none of the specific BIOs is | |
46 | appropriate. | |
47 | [Bodo Moeller] | |
48 | ||
9bce3070 DSH |
49 | *) Fix a bug in i2d_DSAPublicKey() which meant it returned the wrong value |
50 | for the encoded length. | |
51 | [Jeon KyoungHo <khjeon@sds.samsung.co.kr>] | |
52 | ||
565d1065 DSH |
53 | *) Add initial documentation of the X509V3 functions. |
54 | [Steve Henson] | |
55 | ||
b7d135b3 DSH |
56 | *) Add a new pair of functions PEM_write_PKCS8PrivateKey() and |
57 | PEM_write_bio_PKCS8PrivateKey() that are equivalent to | |
58 | PEM_write_PrivateKey() and PEM_write_bio_PrivateKey() but use the more | |
59 | secure PKCS#8 private key format with a high iteration count. | |
60 | [Steve Henson] | |
61 | ||
9d9b559e RE |
62 | *) Fix determination of Perl interpreter: A perl or perl5 |
63 | _directory_ in $PATH was also accepted as the interpreter. | |
64 | [Ralf S. Engelschall] | |
65 | ||
5f6d0ea2 DSH |
66 | *) Fix demos/sign/sign.c: well there wasn't anything strictly speaking |
67 | wrong with it but it was very old and did things like calling | |
68 | PEM_ASN1_read() directly and used MD5 for the hash not to mention some | |
69 | unusual formatting. | |
70 | [Steve Henson] | |
71 | ||
f62676b9 DSH |
72 | *) Fix demos/selfsign.c: it used obsolete and deleted functions, changed |
73 | to use the new extension code. | |
74 | [Steve Henson] | |
75 | ||
76 | *) Implement the PEM_read/PEM_write functions in crypto/pem/pem_all.c | |
77 | with macros. This should make it easier to change their form, add extra | |
78 | arguments etc. Fix a few PEM prototypes which didn't have cipher as a | |
79 | constant. | |
80 | [Steve Henson] | |
81 | ||
8151f52a BM |
82 | *) Add to configuration table a new entry that can specify an alternative |
83 | name for unistd.h (for pre-POSIX systems); we need this for NeXTstep, | |
84 | according to Mark Crispin <MRC@Panda.COM>. | |
85 | [Bodo Moeller] | |
86 | ||
c77f47ab | 87 | #if 0 |
05861c77 BL |
88 | *) DES CBC did not update the IV. Weird. |
89 | [Ben Laurie] | |
c77f47ab | 90 | #else |
a7bd0396 BM |
91 | des_cbc_encrypt does not update the IV, but des_ncbc_encrypt does. |
92 | Changing the behaviour of the former might break existing programs -- | |
93 | where IV updating is needed, des_ncbc_encrypt can be used. | |
c77f47ab | 94 | #endif |
05861c77 | 95 | |
233bf734 BL |
96 | *) When bntest is run from "make test" it drives bc to check its |
97 | calculations, as well as internally checking them. If an internal check | |
98 | fails, it needs to cause bc to give a non-zero result or make test carries | |
99 | on without noticing the failure. Fixed. | |
100 | [Ben Laurie] | |
101 | ||
908eb7b8 UM |
102 | *) DES library cleanups. |
103 |