[thirdparty/openssl.git] / CHANGES


 OpenSSL CHANGES
 _______________

 Changes between 0.9.3a and 0.9.4

  *) Complete the PEM_* macros with DECLARE_PEM versions to replace the
     function prototypes in pem.h, also change util/mkdef.pl to add the
     necessary function names. 
     [Steve Henson]

  *) mk1mf.pl (used by Windows builds) did not properly read the
     options set by Configure in the top level Makefile; typo fixed,
     now "no-idea" etc. works as intended.
     [Bodo Moeller]

  *) New functions CONF_load_bio() and CONF_load_fp() to allow a config
     file to be loaded from a BIO or FILE pointer. The BIO version will
     for example allow memory BIOs to contain config info.
     [Steve Henson]

  *) New function "CRYPTO_num_locks" that returns CRYPTO_NUM_LOCKS.
     Whoever hopes to achieve shared-library compatibility across versions
     must use this, not the compile-time macro.
     (Exercise 0.9.4: Which is the minimum library version required by
     such programs?)
     Note: All this applies only to multi-threaded programs, others don't
     need locks.
     [Bodo Moeller]

  *) Add missing case to s3_clnt.c state machine -- one of the new SSL tests
     through a BIO pair triggered the default case, i.e.
     SSLerr(...,SSL_R_UNKNOWN_STATE).
     [Bodo Moeller]

  *) New "BIO pair" concept (crypto/bio/bss_bio.c) so that applications
     can use the SSL library even if none of the specific BIOs is
     appropriate.
     [Bodo Moeller]

  *) Fix a bug in i2d_DSAPublicKey() which meant it returned the wrong value
     for the encoded length.
     [Jeon KyoungHo <khjeon@sds.samsung.co.kr>]

  *) Add initial documentation of the X509V3 functions.
     [Steve Henson]

  *) Add a new pair of functions PEM_write_PKCS8PrivateKey() and 
     PEM_write_bio_PKCS8PrivateKey() that are equivalent to
     PEM_write_PrivateKey() and PEM_write_bio_PrivateKey() but use the more
     secure PKCS#8 private key format with a high iteration count.
     [Steve Henson]

  *) Fix determination of Perl interpreter: A perl or perl5
     _directory_ in $PATH was also accepted as the interpreter.
     [Ralf S. Engelschall]

  *) Fix demos/sign/sign.c: well there wasn't anything strictly speaking
     wrong with it but it was very old and did things like calling
     PEM_ASN1_read() directly and used MD5 for the hash not to mention some
     unusual formatting.
     [Steve Henson]

  *) Fix demos/selfsign.c: it used obsolete and deleted functions, changed
     to use the new extension code.
     [Steve Henson]

  *) Implement the PEM_read/PEM_write functions in crypto/pem/pem_all.c
     with macros. This should make it easier to change their form, add extra
     arguments etc. Fix a few PEM prototypes which didn't have cipher as a
     constant.
     [Steve Henson]

  *) Add to configuration table a new entry that can specify an alternative
     name for unistd.h (for pre-POSIX systems); we need this for NeXTstep,
     according to Mark Crispin <MRC@Panda.COM>.
     [Bodo Moeller]

#if 0
  *) DES CBC did not update the IV. Weird.
     [Ben Laurie]
#else
     des_cbc_encrypt does not update the IV, but des_ncbc_encrypt does.
     Changing the behaviour of the former might break existing programs --
     where IV updating is needed, des_ncbc_encrypt can be used.
#endif

  *) When bntest is run from "make test" it drives bc to check its
     calculations, as well as internally checking them. If an internal check
     fails, it needs to cause bc to give a non-zero result or make test carries
     on without noticing the failure. Fixed.
     [Ben Laurie]

  *) DES library cleanups.
Commit	Line	Data
651d0aff	1
f1c236f8	2	OpenSSL CHANGES
651d0aff RE	3	_______________
651d0aff RE	4
0cceb1c7 BM	5	Changes between 0.9.3a and 0.9.4
0cceb1c7 BM	6
dbd665c2 DSH	7	) Complete the PEM_ macros with DECLARE_PEM versions to replace the
	8	function prototypes in pem.h, also change util/mkdef.pl to add the
	9	necessary function names.
	10	[Steve Henson]
	11
f76a8084 BM	12	*) mk1mf.pl (used by Windows builds) did not properly read the
	13	options set by Configure in the top level Makefile; typo fixed,
	14	now "no-idea" etc. works as intended.
	15	[Bodo Moeller]
	16
8623f693 DSH	17	*) New functions CONF_load_bio() and CONF_load_fp() to allow a config
	18	file to be loaded from a BIO or FILE pointer. The BIO version will
	19	for example allow memory BIOs to contain config info.
	20	[Steve Henson]
	21
a111306b BM	22	*) New function "CRYPTO_num_locks" that returns CRYPTO_NUM_LOCKS.
	23	Whoever hopes to achieve shared-library compatibility across versions
	24	must use this, not the compile-time macro.
11af1a27 BM	25	(Exercise 0.9.4: Which is the minimum library version required by
	26	such programs?)
	27	Note: All this applies only to multi-threaded programs, others don't
	28	need locks.
a111306b BM	29	[Bodo Moeller]
a111306b BM	30
95d29597 BM	31	*) Add missing case to s3_clnt.c state machine -- one of the new SSL tests
	32	through a BIO pair triggered the default case, i.e.
	33	SSLerr(...,SSL_R_UNKNOWN_STATE).
	34	[Bodo Moeller]
	35
	36	*) New "BIO pair" concept (crypto/bio/bss_bio.c) so that applications
	37	can use the SSL library even if none of the specific BIOs is
	38	appropriate.
	39	[Bodo Moeller]
	40
9bce3070 DSH	41	*) Fix a bug in i2d_DSAPublicKey() which meant it returned the wrong value
	42	for the encoded length.
	43	[Jeon KyoungHo <khjeon@sds.samsung.co.kr>]
	44
565d1065 DSH	45	*) Add initial documentation of the X509V3 functions.
	46	[Steve Henson]
	47
b7d135b3 DSH	48	*) Add a new pair of functions PEM_write_PKCS8PrivateKey() and
	49	PEM_write_bio_PKCS8PrivateKey() that are equivalent to
	50	PEM_write_PrivateKey() and PEM_write_bio_PrivateKey() but use the more
	51	secure PKCS#8 private key format with a high iteration count.
	52	[Steve Henson]
	53
9d9b559e RE	54	*) Fix determination of Perl interpreter: A perl or perl5
	55	_directory_ in $PATH was also accepted as the interpreter.
	56	[Ralf S. Engelschall]
	57
5f6d0ea2 DSH	58	*) Fix demos/sign/sign.c: well there wasn't anything strictly speaking
	59	wrong with it but it was very old and did things like calling
	60	PEM_ASN1_read() directly and used MD5 for the hash not to mention some
	61	unusual formatting.
	62	[Steve Henson]
	63
f62676b9 DSH	64	*) Fix demos/selfsign.c: it used obsolete and deleted functions, changed
	65	to use the new extension code.
	66	[Steve Henson]
	67
	68	*) Implement the PEM_read/PEM_write functions in crypto/pem/pem_all.c
	69	with macros. This should make it easier to change their form, add extra
	70	arguments etc. Fix a few PEM prototypes which didn't have cipher as a
	71	constant.
	72	[Steve Henson]
	73
8151f52a BM	74	*) Add to configuration table a new entry that can specify an alternative
	75	name for unistd.h (for pre-POSIX systems); we need this for NeXTstep,
	76	according to Mark Crispin <MRC@Panda.COM>.
	77	[Bodo Moeller]
	78
c77f47ab	79	#if 0
05861c77 BL	80	*) DES CBC did not update the IV. Weird.
05861c77 BL	81	[Ben Laurie]
c77f47ab	82	#else
a7bd0396 BM	83	des_cbc_encrypt does not update the IV, but des_ncbc_encrypt does.
	84	Changing the behaviour of the former might break existing programs --
	85	where IV updating is needed, des_ncbc_encrypt can be used.
c77f47ab	86	#endif
05861c77	87
233bf734 BL	88	*) When bntest is run from "make test" it drives bc to check its
	89	calculations, as well as internally checking them. If an internal check
	90	fails, it needs to cause bc to give a non-zero result or make test carries
	91	on without noticing the failure. Fixed.
	92	[Ben Laurie]
	93
908eb7b8 UM	94	*) DES library cleanups.
	95