[thirdparty/openssl.git] / CHANGES

 OpenSSL CHANGES
 _______________

 Changes between 0.9.6 and 0.9.7  [xx XXX 2000]

  *) Store verify_result within SSL_SESSION also for client side to
     avoid potential security hole. (Re-used sessions on the client side
     always resulted in verify_result==X509_V_OK, not using the original
     result of the server certificate verification.)
     [Lutz Jaenicke]

  *) Make BN_mod_inverse faster by explicitly handling small quotients
     in the Euclid loop. (Speed gain about 20% for small moduli [256 or
     512 bits], about 30% for larger ones [1024 or 2048 bits].)
     [Bodo Moeller]

  *) Disable ssl2_peek and ssl3_peek (i.e., both implementations
     of SSL_peek) because they both are completely broken.
     They will be fixed RSN by adding an additional 'peek' parameter
     to the internal read functions.
     [Bodo Moeller]

  *) New function BN_kronecker.
     [Bodo Moeller]

  *) Fix BN_gcd so that it works on negative inputs; the result is
     positive unless both parameters are zero.
     Previously something reasonably close to an infinite loop was
     possible because numbers could be growing instead of shrinking
     in the implementation of Euclid's algorithm.
     [Bodo Moeller]

  *) Fix BN_is_word() and BN_is_one() macros to take into account the
     sign of the number in question.

     Fix BN_is_word(a,w) to work correctly for w == 0.

     The old BN_is_word(a,w) macro is now called BN_abs_is_word(a,w)
     because its test if the absolute value of 'a' equals 'w'.
     Note that BN_abs_is_word does *not* handle w == 0 reliably;
     it exists mostly for use in the implementations of BN_is_zero(),
     BN_is_one(), and BN_is_word().
     [Bodo Moeller]

  *) Initialise "ex_data" member of RSA/DSA/DH structures prior to calling
     the method-specific "init()" handler. Also clean up ex_data after
     calling the method-specific "finish()" handler. Previously, this was
     happening the other way round.
     [Geoff Thorpe]

  *) New function BN_swap.
     [Bodo Moeller]

  *) Use BN_nnmod instead of BN_mod in crypto/bn/bn_exp.c so that
     the exponentiation functions are more likely to produce reasonable
     results on negative inputs.
     [Bodo Moeller]

  *) Change BN_mod_mul so that the result is always non-negative.
     Previously, it could be negative if one of the factors was negative;
     I don't think anyone really wanted that behaviour.
     [Bodo Moeller]

  *) Move BN_mod_... functions into new file crypto/bn/bn_mod.c
     (except for exponentation, which stays in crypto/bn/bn_exp.c,
     and BN_mod_mul_reciprocal, which stays in crypto/bn/bn_recp.c)
     and add new functions:

          BN_nnmod
          BN_mod_sqr
          BN_mod_add
          BN_mod_add_quick
          BN_mod_sub
          BN_mod_sub_quick
          BN_mod_lshift1
          BN_mod_lshift1_quick
          BN_mod_lshift
          BN_mod_lshift_quick

     These functions always generate non-negative results.

     BN_nnmod otherwise is like BN_mod (if BN_mod computes a remainder  r
     such that  |m| < r < 0,  BN_nnmod will output  rem + |m|  instead).

     BN_mod_XXX_quick(r, a, [b,] m) generates the same result as
     BN_mod_XXX(r, a, [b,] m, ctx), but requires that  a  [and  b]
     be reduced modulo  m.
     [Lenka Fibikova <fibikova@exp-math.uni-essen.de>, Bodo Moeller]

  *) Remove a few calls to bn_wexpand() in BN_sqr() (the one in there
     was actually never needed) and in BN_mul().  The removal in BN_mul()
     required a small change in bn_mul_part_recursive() and the addition
     of the static functions bn_cmp_part_words(), bn_sub_part_words()
     and bn_add_part_words() which do the same thing as bn_cmp_words(),
     bn_sub_words() and bn_add_words() except they take arrays with
     differing sizes.
     [Richard Levitte]

  *) In 'openssl passwd', verify passwords read from the terminal
     unless the '-salt' option is used (which usually means that
     verification would just waste user's time since the resulting
     hash is going to be compared with some given password hash)
     or the new '-noverify' option is used.

     This is an incompatible change, but it does not affect
     non-interactive use of 'openssl passwd' (passwords on the command
     line, '-stdin' option, '-in ...' option) and thus should not
     cause any problems.
     [Bodo Moeller]

  *) Remove all references to RSAref, since there's no more need for it.
     [Richard Levitte]

  *) Increase BN_CTX_NUM (the number of BIGNUMs in a BN_CTX) to 16.
     The previous value, 12, was not always sufficient for BN_mod_exp().
     [Bodo Moeller]

  *) Make DSO load along a path given through an environment variable
     (SHLIB_PATH) with shl_load().
     [Richard Levitte]

  *) Constify the ENGINE code as a result of BIGNUM constification.
     Also constify the RSA code and most things related to it.  In a
     few places, most notable in the depth of the ASN.1 code, ugly
     casts back to non-const were required (to be solved at a later
     time)
     [Richard Levitte]

  *) Make it so the openssl application has all engines loaded by default.
     [Richard Levitte]

  *) Constify the BIGNUM routines a little more.
     [Richard Levitte]

  *) Make sure that shared libraries get the internal name engine with
     the full version number and not just 0.  This should mark the
     shared libraries as not backward compatible.  Of course, this should
     be changed again when we can guarantee backward binary compatibility.
     [Richard Levitte]

  *) Add the following functions:

	ENGINE_load_cswift()
	ENGINE_load_chil()
	ENGINE_load_atalla()
	ENGINE_load_nuron()
	ENGINE_load_builtin_engines()

     That way, an application can itself choose if external engines that
     are built-in in OpenSSL shall ever be used or not.  The benefit is
     that applications won't have to be linked with libdl or other dso
     libraries unless it's really needed.

     Changed 'openssl engine' to load all engines on demand.
     Changed the engine header files to avoid the duplication of some
     declarations (they differed!).
     [Richard Levitte]

  *) 'openssl engine' can now list capabilities.
     [Richard Levitte]

  *) Better error reporting in 'openssl engine'.
     [Richard Levitte]

  *) Never call load_dh_param(NULL) in s_server.
     [Bodo Moeller]

  *) Add engine application.  It can currently list engines by name and
     identity, and test if they are actually available.
     [Richard Levitte]

  *) Add support for shared libraries under Irix.
     [Albert Chin-A-Young <china@thewrittenword.com>]

  *) Improve RPM specification file by forcing symbolic linking and making
     sure the installed documentation is also owned by root.root.
     [Damien Miller <djm@mindrot.org>]

  *) Add configuration option to build on Linux on both big-endian and
     little-endian MIPS.
     [Ralf Baechle <ralf@uni-koblenz.de>]

  *) Give the OpenSSL applications more possibilities to make use of
     keys (public as well as private) handled by engines.
     [Richard Levitte]

  *) Add OCSP code that comes from CertCo.
     [Richard Levitte]

  *) Add VMS support for the Rijndael code.
     [Richard Levitte]

  *) Added untested support for Nuron crypto accelerator.
     [Ben Laurie]

  *) Add support for external cryptographic devices.  This code was
     previously distributed separately as the "engine" branch.
     [Geoff Thorpe, Richard Levitte]

  *) Rework the filename-translation in the DSO code. It is now possible to
     have far greater control over how a "name" is turned into a filename
     depending on the operating environment and any oddities about the
     different shared library filenames on each system.
     [Geoff Thorpe]

  *) Support threads on FreeBSD-elf in Configure.
     [Richard Levitte]

  *) Add the possibility to create shared libraries on HP-UX
     [Richard Levitte]

  *) Fix for SHA1 assembly problem with MASM: it produces
     warnings about corrupt line number information when assembling
     with debugging information. This is caused by the overlapping
     of two sections.
     [Bernd Matthes <mainbug@celocom.de>, Steve Henson]

  *) NCONF changes.
     NCONF_get_number() has no error checking at all.  As a replacement,
     NCONF_get_number_e() is defined (_e for "error checking") and is
     promoted strongly.  The old NCONF_get_number is kept around for
     binary backward compatibility.
     Make it possible for methods to load from something other than a BIO,
     by providing a function pointer that is given a name instead of a BIO.
     For example, this could be used to load configuration data from an
     LDAP server.
     [Richard Levitte]

  *) Fix typo in get_cert_by_subject() in by_dir.c
     [Jean-Marc Desperrier <jean-marc.desperrier@certplus.com>]

  *) Rework the system to generate shared libraries:

     - Make note of the expected extension for the shared libraries and
       if there is a need for symbolic links from for example libcrypto.so.0
       to libcrypto.so.0.9.7.  There is extended info in Configure for
       that.

     - Make as few rebuilds of the shared libraries as possible.

     - Still avoid linking the OpenSSL programs with the shared libraries.

     - When installing, install the shared libraries separately from the
       static ones.
     [Richard Levitte]

  *) Fix for non blocking accept BIOs. Added new I/O special reason
     BIO_RR_ACCEPT to cover this case. Previously use of accept BIOs
     with non blocking I/O was not possible because no retry code was
     implemented. Also added new SSL code SSL_WANT_ACCEPT to cover
     this case.
     [Steve Henson]

  *) Added the beginnings of Rijndael support.
     [Ben Laurie]

  *) Fix for bug in DirectoryString mask setting. Add support for
     X509_NAME_print_ex() in 'req' and X509_print_ex() function
     to allow certificate printing to more controllable, additional
     'certopt' option to 'x509' to allow new printing options to be
     set.
     [Steve Henson]

  *) Clean old EAY MD5 hack from e_os.h.
     [Richard Levitte]

  *) Fix SSL_CTX_set_read_ahead macro to actually use its argument.

     Copy SSL_CTX's read_ahead flag to SSL object directly in SSL_new
     and not in SSL_clear because the latter is also used by the
     accept/connect functions; previously, the settings made by
     SSL_set_read_ahead would be lost during the handshake.
     [Bodo Moeller; problems reported by Anders Gertz <gertz@epact.se>]     

  *) Correct util/mkdef.pl to be selective about disabled algorithms.
     Previously, it would create entries for disableed algorithms no
     matter what.
     [Richard Levitte]

 Changes between 0.9.5a and 0.9.6  [24 Sep 2000]

  *) In ssl23_get_client_hello, generate an error message when faced
     with an initial SSL 3.0/TLS record that is too small to contain the
     first two bytes of the ClientHello message, i.e. client_version.
     (Note that this is a pathologic case that probably has never happened
     in real life.)  The previous approach was to use the version number
     from the record header as a substitute; but our protocol choice
     should not depend on that one because it is not authenticated
     by the Finished messages.
     [Bodo Moeller]

  *) More robust randomness gathering functions for Windows.
     [Jeffrey Altman <jaltman@columbia.edu>]

  *) For compatibility reasons if the flag X509_V_FLAG_ISSUER_CHECK is
     not set then we don't setup the error code for issuer check errors
     to avoid possibly overwriting other errors which the callback does
     handle. If an application does set the flag then we assume it knows
     what it is doing and can handle the new informational codes
     appropriately.
     [Steve Henson]

  *) Fix for a nasty bug in ASN1_TYPE handling. ASN1_TYPE is used for
     a general "ANY" type, as such it should be able to decode anything
     including tagged types. However it didn't check the class so it would
     wrongly interpret tagged types in the same way as their universal
     counterpart and unknown types were just rejected. Changed so that the
     tagged and unknown types are handled in the same way as a SEQUENCE:
     that is the encoding is stored intact. There is also a new type
     "V_ASN1_OTHER" which is used when the class is not universal, in this
     case we have no idea what the actual type is so we just lump them all
     together.
     [Steve Henson]

  *) On VMS, stdout may very well lead to a file that is written to
     in a record-oriented fashion.  That means that every write() will
     write a separate record, which will be read separately by the
     programs trying to read from it.  This can be very confusing.

     The solution is to put a BIO filter in the way that will buffer
     text until a linefeed is reached, and then write everything a
     line at a time, so every record written will be an actual line,
     not chunks of lines and not (usually doesn't happen, but I've
     seen it once) several lines in one record.  BIO_f_linebuffer() is
     the answer.

     Currently, it's a VMS-only method, because that's where it has
     been tested well enough.
     [Richard Levitte]

  *) Remove 'optimized' squaring variant in BN_mod_mul_montgomery,
     it can return incorrect results.
     (Note: The buggy variant was not enabled in OpenSSL 0.9.5a,
     but it was in 0.9.6-beta[12].)
     [Bodo Moeller]

  *) Disable the check for content being present when verifying detached
     signatures in pk7_smime.c. Some versions of Netscape (wrongly)
     include zero length content when signing messages.
     [Steve Henson]

  *) New BIO_shutdown_wr macro, which invokes the BIO_C_SHUTDOWN_WR
     BIO_ctrl (for BIO pairs).
Commit	Line	Data
f1c236f8	1	OpenSSL CHANGES
651d0aff RE	2	_______________
651d0aff RE	3
c5e8580e RL	4	Changes between 0.9.6 and 0.9.7 [xx XXX 2000]
c5e8580e RL	5
c6a926d9 LJ	6	*) Store verify_result within SSL_SESSION also for client side to
	7	avoid potential security hole. (Re-used sessions on the client side
	8	always resulted in verify_result==X509_V_OK, not using the original
	9	result of the server certificate verification.)
	10	[Lutz Jaenicke]
	11
499e167f	12	*) Make BN_mod_inverse faster by explicitly handling small quotients
bdec3c53 BM	13	in the Euclid loop. (Speed gain about 20% for small moduli [256 or
bdec3c53 BM	14	512 bits], about 30% for larger ones [1024 or 2048 bits].)
499e167f BM	15	[Bodo Moeller]
499e167f BM	16
000e2177 BM	17	*) Disable ssl2_peek and ssl3_peek (i.e., both implementations
	18	of SSL_peek) because they both are completely broken.
	19	They will be fixed RSN by adding an additional 'peek' parameter
	20	to the internal read functions.
	21	[Bodo Moeller]
	22
dcbd0d74 BM	23	*) New function BN_kronecker.
	24	[Bodo Moeller]
	25
	26	*) Fix BN_gcd so that it works on negative inputs; the result is
	27	positive unless both parameters are zero.
	28	Previously something reasonably close to an infinite loop was
	29	possible because numbers could be growing instead of shrinking
	30	in the implementation of Euclid's algorithm.
	31	[Bodo Moeller]
	32
	33	*) Fix BN_is_word() and BN_is_one() macros to take into account the
	34	sign of the number in question.
	35
	36	Fix BN_is_word(a,w) to work correctly for w == 0.
	37
	38	The old BN_is_word(a,w) macro is now called BN_abs_is_word(a,w)
	39	because its test if the absolute value of 'a' equals 'w'.
	40	Note that BN_abs_is_word does not handle w == 0 reliably;
	41	it exists mostly for use in the implementations of BN_is_zero(),
	42	BN_is_one(), and BN_is_word().
	43	[Bodo Moeller]
	44
ef8b6017 GT	45	*) Initialise "ex_data" member of RSA/DSA/DH structures prior to calling
	46	the method-specific "init()" handler. Also clean up ex_data after
	47	calling the method-specific "finish()" handler. Previously, this was
	48	happening the other way round.
0ac87024 GT	49	[Geoff Thorpe]
0ac87024 GT	50
78a0c1f1 BM	51	*) New function BN_swap.
	52	[Bodo Moeller]
	53
	54	*) Use BN_nnmod instead of BN_mod in crypto/bn/bn_exp.c so that
	55	the exponentiation functions are more likely to produce reasonable
	56	results on negative inputs.
	57	[Bodo Moeller]
	58
	59	*) Change BN_mod_mul so that the result is always non-negative.
	60	Previously, it could be negative if one of the factors was negative;
	61	I don't think anyone really wanted that behaviour.
	62	[Bodo Moeller]
	63
	64	*) Move BN_mod_... functions into new file crypto/bn/bn_mod.c
	65	(except for exponentation, which stays in crypto/bn/bn_exp.c,
	66	and BN_mod_mul_reciprocal, which stays in crypto/bn/bn_recp.c)
	67	and add new functions:
5acaa495	68
78a0c1f1 BM	69	BN_nnmod
	70	BN_mod_sqr
	71	BN_mod_add
5acaa495	72	BN_mod_add_quick
78a0c1f1	73	BN_mod_sub
5acaa495 BM	74	BN_mod_sub_quick
	75	BN_mod_lshift1
	76	BN_mod_lshift1_quick
	77	BN_mod_lshift
	78	BN_mod_lshift_quick
	79
78a0c1f1	80	These functions always generate non-negative results.
5acaa495	81
78a0c1f1 BM	82	BN_nnmod otherwise is like BN_mod (if BN_mod computes a remainder r
78a0c1f1 BM	83	such that \|m\| < r < 0, BN_nnmod will output rem + \|m\| instead).
5acaa495 BM	84
	85	BN_mod_XXX_quick(r, a, [b,] m) generates the same result as
	86	BN_mod_XXX(r, a, [b,] m, ctx), but requires that a [and b]
	87	be reduced modulo m.
78a0c1f1 BM	88	[Lenka Fibikova <fibikova@exp-math.uni-essen.de>, Bodo Moeller]
78a0c1f1 BM	89
baa257f1 RL	90	*) Remove a few calls to bn_wexpand() in BN_sqr() (the one in there
	91	was actually never needed) and in BN_mul(). The removal in BN_mul()
	92	required a small change in bn_mul_part_recursive() and the addition
	93	of the static functions bn_cmp_part_words(), bn_sub_part_words()
	94	and bn_add_part_words() which do the same thing as bn_cmp_words(),
	95	bn_sub_words() and bn_add_words() except they take arrays with
	96	differing sizes.
	97	[Richard Levitte]
	98
db70a3fd BM	99	*) In 'openssl passwd', verify passwords read from the terminal
	100	unless the '-salt' option is used (which usually means that
	101	verification would just waste user's time since the resulting
	102	hash is going to be compared with some given password hash)
	103	or the new '-noverify' option is used.
	104
	105	This is an incompatible change, but it does not affect
	106	non-interactive use of 'openssl passwd' (passwords on the command
	107	line, '-stdin' option, '-in ...' option) and thus should not
	108	cause any problems.
	109	[Bodo Moeller]
	110
ccb9643f RL	111	*) Remove all references to RSAref, since there's no more need for it.
	112	[Richard Levitte]
	113
7f7b8d68 BM	114	*) Increase BN_CTX_NUM (the number of BIGNUMs in a BN_CTX) to 16.
	115	The previous value, 12, was not always sufficient for BN_mod_exp().
	116	[Bodo Moeller]
	117
e06433d9 RL	118	*) Make DSO load along a path given through an environment variable
	119	(SHLIB_PATH) with shl_load().
	120	[Richard Levitte]
	121
10e473e9	122	*) Constify the ENGINE code as a result of BIGNUM constification.
55b3c877 RL	123	Also constify the RSA code and most things related to it. In a
	124	few places, most notable in the depth of the ASN.1 code, ugly
	125	casts back to non-const were required (to be solved at a later
	126	time)
10e473e9 RL	127	[Richard Levitte]
10e473e9 RL	128
e7ef1a56 RL	129	*) Make it so the openssl application has all engines loaded by default.
	130	[Richard Levitte]
	131
020fc820 RL	132	*) Constify the BIGNUM routines a little more.
	133	[Richard Levitte]
	134
6b77e6d7 RL	135	*) Make sure that shared libraries get the internal name engine with
	136	the full version number and not just 0. This should mark the
	137	shared libraries as not backward compatible. Of course, this should
	138	be changed again when we can guarantee backward binary compatibility.
	139	[Richard Levitte]
	140
11c0f120 RL	141	*) Add the following functions:
	142
	143	ENGINE_load_cswift()
	144	ENGINE_load_chil()
	145	ENGINE_load_atalla()
	146	ENGINE_load_nuron()
	147	ENGINE_load_builtin_engines()
	148
	149	That way, an application can itself choose if external engines that
	150	are built-in in OpenSSL shall ever be used or not. The benefit is
	151	that applications won't have to be linked with libdl or other dso
	152	libraries unless it's really needed.
	153
	154	Changed 'openssl engine' to load all engines on demand.
	155	Changed the engine header files to avoid the duplication of some
	156	declarations (they differed!).
	157	[Richard Levitte]
	158
69e7805f RL	159	*) 'openssl engine' can now list capabilities.
	160	[Richard Levitte]
	161
e264cfe1 RL	162	*) Better error reporting in 'openssl engine'.
	163	[Richard Levitte]
	164
15d52ddb BM	165	*) Never call load_dh_param(NULL) in s_server.
	166	[Bodo Moeller]
	167
14c6d27d RL	168	*) Add engine application. It can currently list engines by name and
	169	identity, and test if they are actually available.
	170	[Richard Levitte]
	171
dcea8e12 RL	172	*) Add support for shared libraries under Irix.
	173	[Albert Chin-A-Young <china@thewrittenword.com>]
	174
501ebf16 RL	175	*) Improve RPM specification file by forcing symbolic linking and making
	176	sure the installed documentation is also owned by root.root.
	177	[Damien Miller <djm@mindrot.org>]
	178
815c83f7 RL	179	*) Add configuration option to build on Linux on both big-endian and
	180	little-endian MIPS.
	181	[Ralf Baechle <ralf@uni-koblenz.de>]
	182
3aba98e7 RL	183	*) Give the OpenSSL applications more possibilities to make use of
	184	keys (public as well as private) handled by engines.
	185	[Richard Levitte]
	186
7c155330 RL	187	*) Add OCSP code that comes from CertCo.
	188	[Richard Levitte]
	189
34a14882	190	*) Add VMS support for the Rijndael code.
5270e702 RL	191	[Richard Levitte]
	192
	193	*) Added untested support for Nuron crypto accelerator.
	194	[Ben Laurie]
	195
	196	*) Add support for external cryptographic devices. This code was
	197	previously distributed separately as the "engine" branch.
	198	[Geoff Thorpe, Richard Levitte]
	199
1df586be GT	200	*) Rework the filename-translation in the DSO code. It is now possible to
	201	have far greater control over how a "name" is turned into a filename
	202	depending on the operating environment and any oddities about the
	203	different shared library filenames on each system.
	204	[Geoff Thorpe]
	205
53400da7 RL	206	*) Support threads on FreeBSD-elf in Configure.
	207	[Richard Levitte]
	208
0fd44e2d RL	209	*) Add the possibility to create shared libraries on HP-UX
	210	[Richard Levitte]
	211
627ec355 DSH	212	*) Fix for SHA1 assembly problem with MASM: it produces
	213	warnings about corrupt line number information when assembling
	214	with debugging information. This is caused by the overlapping
	215	of two sections.
	216	[Bernd Matthes <mainbug@celocom.de>, Steve Henson]
	217
567f17cf RL	218	*) NCONF changes.
	219	NCONF_get_number() has no error checking at all. As a replacement,
	220	NCONF_get_number_e() is defined (_e for "error checking") and is
	221	promoted strongly. The old NCONF_get_number is kept around for
	222	binary backward compatibility.
	223	Make it possible for methods to load from something other than a BIO,
	224	by providing a function pointer that is given a name instead of a BIO.
	225	For example, this could be used to load configuration data from an
	226	LDAP server.
	227	[Richard Levitte]
	228
71d525c9 DSH	229	*) Fix typo in get_cert_by_subject() in by_dir.c
	230	[Jean-Marc Desperrier <jean-marc.desperrier@certplus.com>]
	231
a22fb399 RL	232	*) Rework the system to generate shared libraries:
	233
	234	- Make note of the expected extension for the shared libraries and
	235	if there is a need for symbolic links from for example libcrypto.so.0
	236	to libcrypto.so.0.9.7. There is extended info in Configure for
	237	that.
	238
	239	- Make as few rebuilds of the shared libraries as possible.
	240
	241	- Still avoid linking the OpenSSL programs with the shared libraries.
	242
	243	- When installing, install the shared libraries separately from the
	244	static ones.
	245	[Richard Levitte]
	246
924046ce DSH	247	*) Fix for non blocking accept BIOs. Added new I/O special reason
	248	BIO_RR_ACCEPT to cover this case. Previously use of accept BIOs
	249	with non blocking I/O was not possible because no retry code was
	250	implemented. Also added new SSL code SSL_WANT_ACCEPT to cover
	251	this case.
	252	[Steve Henson]
	253
3ab56511 RL	254	*) Added the beginnings of Rijndael support.
	255	[Ben Laurie]
	256
d0c98589	257	*) Fix for bug in DirectoryString mask setting. Add support for
8ca533e3 DSH	258	X509_NAME_print_ex() in 'req' and X509_print_ex() function
	259	to allow certificate printing to more controllable, additional
	260	'certopt' option to 'x509' to allow new printing options to be
	261	set.
d0c98589 DSH	262	[Steve Henson]
d0c98589 DSH	263
ef71cb6d RL	264	*) Clean old EAY MD5 hack from e_os.h.
	265	[Richard Levitte]
	266
3a0afe1e BM	267	*) Fix SSL_CTX_set_read_ahead macro to actually use its argument.
	268
	269	Copy SSL_CTX's read_ahead flag to SSL object directly in SSL_new
	270	and not in SSL_clear because the latter is also used by the
	271	accept/connect functions; previously, the settings made by
	272	SSL_set_read_ahead would be lost during the handshake.
	273	[Bodo Moeller; problems reported by Anders Gertz <gertz@epact.se>]
	274
88aeb646 RL	275	*) Correct util/mkdef.pl to be selective about disabled algorithms.
	276	Previously, it would create entries for disableed algorithms no
	277	matter what.
	278	[Richard Levitte]
c5e8580e	279
0e8f2fdf	280	Changes between 0.9.5a and 0.9.6 [24 Sep 2000]
bbb72003	281
f1192b7f BM	282	*) In ssl23_get_client_hello, generate an error message when faced
	283	with an initial SSL 3.0/TLS record that is too small to contain the
	284	first two bytes of the ClientHello message, i.e. client_version.
	285	(Note that this is a pathologic case that probably has never happened
	286	in real life.) The previous approach was to use the version number
5a5accdd	287	from the record header as a substitute; but our protocol choice
f1192b7f BM	288	should not depend on that one because it is not authenticated
	289	by the Finished messages.
	290	[Bodo Moeller]
	291
d49da3aa UM	292	*) More robust randomness gathering functions for Windows.
	293	[Jeffrey Altman <jaltman@columbia.edu>]
	294
dbba890c DSH	295	*) For compatibility reasons if the flag X509_V_FLAG_ISSUER_CHECK is
	296	not set then we don't setup the error code for issuer check errors
	297	to avoid possibly overwriting other errors which the callback does
	298	handle. If an application does set the flag then we assume it knows
	299	what it is doing and can handle the new informational codes
	300	appropriately.
	301	[Steve Henson]
	302
6cffb201 DSH	303	*) Fix for a nasty bug in ASN1_TYPE handling. ASN1_TYPE is used for
	304	a general "ANY" type, as such it should be able to decode anything
	305	including tagged types. However it didn't check the class so it would
	306	wrongly interpret tagged types in the same way as their universal
	307	counterpart and unknown types were just rejected. Changed so that the
	308	tagged and unknown types are handled in the same way as a SEQUENCE:
	309	that is the encoding is stored intact. There is also a new type
	310	"V_ASN1_OTHER" which is used when the class is not universal, in this
	311	case we have no idea what the actual type is so we just lump them all
	312	together.
	313	[Steve Henson]
	314
645749ef RL	315	*) On VMS, stdout may very well lead to a file that is written to
	316	in a record-oriented fashion. That means that every write() will
	317	write a separate record, which will be read separately by the
	318	programs trying to read from it. This can be very confusing.
	319
	320	The solution is to put a BIO filter in the way that will buffer
	321	text until a linefeed is reached, and then write everything a
	322	line at a time, so every record written will be an actual line,
	323	not chunks of lines and not (usually doesn't happen, but I've
	324	seen it once) several lines in one record. BIO_f_linebuffer() is
	325	the answer.
	326
	327	Currently, it's a VMS-only method, because that's where it has
	328	been tested well enough.
	329	[Richard Levitte]
	330
fe035197	331	*) Remove 'optimized' squaring variant in BN_mod_mul_montgomery,
a45bd295	332	it can return incorrect results.
cb1fbf8e BM	333	(Note: The buggy variant was not enabled in OpenSSL 0.9.5a,
cb1fbf8e BM	334	but it was in 0.9.6-beta[12].)
a45bd295 BM	335	[Bodo Moeller]
a45bd295 BM	336
730e37ed DSH	337	*) Disable the check for content being present when verifying detached
	338	signatures in pk7_smime.c. Some versions of Netscape (wrongly)
	339	include zero length content when signing messages.
	340	[Steve Henson]
	341
07fcf422 BM	342	*) New BIO_shutdown_wr macro, which invokes the BIO_C_SHUTDOWN_WR
07fcf422 BM	343	BIO_ctrl (for BIO pairs).
d49da3aa	344