[thirdparty/openssl.git] / CHANGES


 OpenSSL CHANGES
 _______________

 Changes between 0.9.3a and 0.9.4

  *) Fix a bug in i2d_DSAPublicKey() which meant it returned the wrong value
     for the encoded length.
     [Jeon KyoungHo <khjeon@sds.samsung.co.kr>]

  *) Add initial documentation of the X509V3 functions.
     [Steve Henson]

  *) Add a new pair of functions PEM_write_PKCS8PrivateKey() and 
     PEM_write_bio_PKCS8PrivateKey() that are equivalent to
     PEM_write_PrivateKey() and PEM_write_bio_PrivateKey() but use the more
     secure PKCS#8 private key format with a high iteration count.
     [Steve Henson]

  *) Fix determination of Perl interpreter: A perl or perl5
     _directory_ in $PATH was also accepted as the interpreter.
     [Ralf S. Engelschall]

  *) Fix demos/sign/sign.c: well there wasn't anything strictly speaking
     wrong with it but it was very old and did things like calling
     PEM_ASN1_read() directly and used MD5 for the hash not to mention some
     unusual formatting.
     [Steve Henson]

  *) Fix demos/selfsign.c: it used obsolete and deleted functions, changed
     to use the new extension code.
     [Steve Henson]

  *) Implement the PEM_read/PEM_write functions in crypto/pem/pem_all.c
     with macros. This should make it easier to change their form, add extra
     arguments etc. Fix a few PEM prototypes which didn't have cipher as a
     constant.
     [Steve Henson]

  *) Add to configuration table a new entry that can specify an alternative
     name for unistd.h (for pre-POSIX systems); we need this for NeXTstep,
     according to Mark Crispin <MRC@Panda.COM>.
     [Bodo Moeller]

#if 0
  *) DES CBC did not update the IV. Weird.
     [Ben Laurie]
#else
     des_cbc_encrypt does not update the IV, but des_ncbc_encrypt does.
     Changing the behaviour of the former might break existing programs --
     where IV updating is needed, des_ncbc_encrypt can be used.
#endif

  *) When bntest is run from "make test" it drives bc to check its
     calculations, as well as internally checking them. If an internal check
     fails, it needs to cause bc to give a non-zero result or make test carries
     on without noticing the failure. Fixed.
     [Ben Laurie]

  *) DES library cleanups.
Commit	Line	Data
651d0aff	1
f1c236f8	2	OpenSSL CHANGES
651d0aff RE	3	_______________
651d0aff RE	4
0cceb1c7 BM	5	Changes between 0.9.3a and 0.9.4
0cceb1c7 BM	6
9bce3070 DSH	7	*) Fix a bug in i2d_DSAPublicKey() which meant it returned the wrong value
	8	for the encoded length.
	9	[Jeon KyoungHo <khjeon@sds.samsung.co.kr>]
	10
565d1065 DSH	11	*) Add initial documentation of the X509V3 functions.
	12	[Steve Henson]
	13
b7d135b3 DSH	14	*) Add a new pair of functions PEM_write_PKCS8PrivateKey() and
	15	PEM_write_bio_PKCS8PrivateKey() that are equivalent to
	16	PEM_write_PrivateKey() and PEM_write_bio_PrivateKey() but use the more
	17	secure PKCS#8 private key format with a high iteration count.
	18	[Steve Henson]
	19
9d9b559e RE	20	*) Fix determination of Perl interpreter: A perl or perl5
	21	_directory_ in $PATH was also accepted as the interpreter.
	22	[Ralf S. Engelschall]
	23
5f6d0ea2 DSH	24	*) Fix demos/sign/sign.c: well there wasn't anything strictly speaking
	25	wrong with it but it was very old and did things like calling
	26	PEM_ASN1_read() directly and used MD5 for the hash not to mention some
	27	unusual formatting.
	28	[Steve Henson]
	29
f62676b9 DSH	30	*) Fix demos/selfsign.c: it used obsolete and deleted functions, changed
	31	to use the new extension code.
	32	[Steve Henson]
	33
	34	*) Implement the PEM_read/PEM_write functions in crypto/pem/pem_all.c
	35	with macros. This should make it easier to change their form, add extra
	36	arguments etc. Fix a few PEM prototypes which didn't have cipher as a
	37	constant.
	38	[Steve Henson]
	39
8151f52a BM	40	*) Add to configuration table a new entry that can specify an alternative
	41	name for unistd.h (for pre-POSIX systems); we need this for NeXTstep,
	42	according to Mark Crispin <MRC@Panda.COM>.
	43	[Bodo Moeller]
	44
c77f47ab	45	#if 0
05861c77 BL	46	*) DES CBC did not update the IV. Weird.
05861c77 BL	47	[Ben Laurie]
c77f47ab	48	#else
a7bd0396 BM	49	des_cbc_encrypt does not update the IV, but des_ncbc_encrypt does.
	50	Changing the behaviour of the former might break existing programs --
	51	where IV updating is needed, des_ncbc_encrypt can be used.
c77f47ab	52	#endif
05861c77	53
233bf734 BL	54	*) When bntest is run from "make test" it drives bc to check its
	55	calculations, as well as internally checking them. If an internal check
	56	fails, it needs to cause bc to give a non-zero result or make test carries
	57	on without noticing the failure. Fixed.
	58	[Ben Laurie]
	59
908eb7b8 UM	60	*) DES library cleanups.
	61