projects / thirdparty / openssl.git / blame
| Commit | Line | Data |
|---|---|---|
| 651d0aff | 1 | |
| f1c236f8 | 2 | OpenSSL CHANGES |
| 651d0aff RE |
3 | _______________ |
| 4 | ||
| c90341a1 RL |
5 | Changes between 0.9.5a and 0.9.6 [xx XXX 2000] |
| 6 | ||
| 947b3b8b BM |
7 | *) Rename memory handling macros to avoid conflicts with other |
| 8 | software: | |
| 9 | Malloc => OPENSSL_malloc | |
| 10 | Malloc_locked => OPENSSL_malloc_locked | |
| 11 | Realloc => OPENSSL_realloc | |
| 12 | Free => OPENSSL_free | |
| 13 | [Richard Levitte] | |
| 14 | ||
| f8989a21 BM |
15 | *) New function BN_mod_exp_mont_word for small bases (roughly 15-20% |
| 16 | faster than BN_mod_exp_mont). | |
| 6dad7bd6 BM |
17 | [Bodo Moeller] |
| 18 | ||
| be5d92e0 UM |
19 | *) CygWin32 support. |
| 20 | [John Jarvie <jjarvie@newsguy.com>] | |
| 21 | ||
| e41c8d6a GT |
22 | *) The type-safe stack code has been rejigged. It is now only compiled |
| 23 | in when OpenSSL is configured with the DEBUG_SAFESTACK option and | |
| 24 | by default all type-specific stack functions are "#define"d back to | |
| 25 | standard stack functions. This results in more streamlined output | |
| 26 | but retains the type-safety checking possibilities of the original | |
| 27 | approach. | |
| 28 | [Geoff Thorpe] | |
| 29 | ||
| ccd86b68 GT |
30 | *) The STACK code has been cleaned up, and certain type declarations |
| 31 | that didn't make a lot of sense have been brought in line. This has | |
| 32 | also involved a cleanup of sorts in safestack.h to more correctly | |
| 33 | map type-safe stack functions onto their plain stack counterparts. | |
| 34 | This work has also resulted in a variety of "const"ifications of | |
| 35 | lots of the code, especially "_cmp" operations which should normally | |
| 36 | be prototyped with "const" parameters anyway. | |
| 37 | [Geoff Thorpe] | |
| 38 | ||
| 361ee973 BM |
39 | *) When generating bytes for the first time in md_rand.c, 'stir the pool' |
| 40 | by seeding with STATE_SIZE dummy bytes (with zero entropy count). | |
| 41 | (The PRNG state consists of two parts, the large pool 'state' and 'md', | |
| 42 | where all of 'md' is used each time the PRNG is used, but 'state' | |
| 43 | is used only indexed by a cyclic counter. As entropy may not be | |
| 44 | well distributed from the beginning, 'md' is important as a | |
| 45 | chaining variable. However, the output function chains only half | |
| 46 | of 'md', i.e. 80 bits. ssleay_rand_add, on the other hand, chains | |
| 47 | all of 'md', and seeding with STATE_SIZE dummy bytes will result | |
| 48 | in all of 'state' being rewritten, with the new values depending | |
| 49 | on virtually all of 'md'. This overcomes the 80 bit limitation.) | |
| 50 | [Bodo Moeller] | |
| 51 | ||
| 49528751 DSH |
52 | *) In ssl/s2_clnt.c and ssl/s3_clnt.c, call ERR_clear_error() when |
| 53 | the handshake is continued after ssl_verify_cert_chain(); | |
| 54 | otherwise, if SSL_VERIFY_NONE is set, remaining error codes | |
| 55 | can lead to 'unexplainable' connection aborts later. | |
| 56 | [Bodo Moeller; problem tracked down by Lutz Jaenicke] | |
| 57 | ||
| 58 | *) Major EVP API cipher revision. | |
| 59 | Add hooks for extra EVP features. This allows various cipher | |
| 60 | parameters to be set in the EVP interface. Support added for variable | |
| 61 | key length ciphers via the EVP_CIPHER_CTX_set_key_length() function and | |
| 62 | setting of RC2 and RC5 parameters. | |
| 63 | ||
| 64 | Modify EVP_OpenInit() and EVP_SealInit() to cope with variable key length | |
| 65 | ciphers. | |
| 66 | ||
| 67 | Remove lots of duplicated code from the EVP library. For example *every* | |
| 360370d9 DSH |
68 | cipher init() function handles the 'iv' in the same way according to the |
| 69 | cipher mode. They also all do nothing if the 'key' parameter is NULL and | |
| 70 | for CFB and OFB modes they zero ctx->num. | |
| 71 | ||
| 49528751 DSH |
72 | New functionality allows removal of S/MIME code RC2 hack. |
| 73 | ||
| 57ae2e24 DSH |
74 | Most of the routines have the same form and so can be declared in terms |
| 75 | of macros. | |
| 76 | ||
| 360370d9 DSH |
77 | By shifting this to the top level EVP_CipherInit() it can be removed from |
| 78 | all individual ciphers. If the cipher wants to handle IVs or keys | |
| 79 | differently it can set the EVP_CIPH_CUSTOM_IV or EVP_CIPH_ALWAYS_CALL_INIT | |
| 80 | flags. | |
| be06a934 DSH |
81 | |
| 82 | Change lots of functions like EVP_EncryptUpdate() to now return a | |
| 83 | value: although software versions of the algorithms cannot fail | |
| 84 | any installed hardware versions can. | |
| 7f060601 DSH |
85 | [Steve Henson] |
| 86 | ||
| 2c05c494 BM |
87 | *) Implement SSL_OP_TLS_ROLLBACK_BUG: In ssl3_get_client_key_exchange, if |
| 88 | this option is set, tolerate broken clients that send the negotiated | |
| 89 | protocol version number instead of the requested protocol version | |
| 90 | number. | |
| 91 | [Bodo Moeller] | |
| 92 | ||
| 93 | *) Call dh_tmp_cb (set by ..._TMP_DH_CB) with correct 'is_export' flag; | |
| 94 | i.e. non-zero for export ciphersuites, zero otherwise. | |
| 95 | Previous versions had this flag inverted, inconsistent with | |
| 96 | rsa_tmp_cb (..._TMP_RSA_CB). | |
| 97 | [Bodo Moeller; problem reported by Amit Chopra] | |
| 98 | ||
| b4b41f48 DSH |
99 | *) Add missing DSA library text string. Work around for some IIS |
| 100 | key files with invalid SEQUENCE encoding. | |
| 101 | [Steve Henson] | |
| 102 | ||
| 6d7cce48 RL |
103 | *) Add a document (doc/standards.txt) that list all kinds of standards |
| 104 | and so on that are implemented in OpenSSL. | |
| 105 | [Richard Levitte] | |
| 106 | ||
| 439df508 DSH |
107 | *) Enhance c_rehash script. Old version would mishandle certificates |
| 108 | with the same subject name hash and wouldn't handle CRLs at all. | |
| 109 | Added -fingerprint option to crl utility, to support new c_rehash | |
| 110 | features. | |
| 111 | [Steve Henson] | |
| 112 | ||
| 0e1c0612 | 113 | *) Eliminate non-ANSI declarations in crypto.h and stack.h. |
| 2c05c494 | 114 |