]>
Commit | Line | Data |
---|---|---|
651d0aff | 1 | |
f1c236f8 | 2 | OpenSSL CHANGES |
651d0aff RE |
3 | _______________ |
4 | ||
0cceb1c7 BM |
5 | Changes between 0.9.3a and 0.9.4 |
6 | ||
9c729e0a BM |
7 | *) Fix memory leaks in DSA_do_sign and DSA_is_prime. |
8 | Also really enable memory leak checks in openssl.c and in some | |
9 | test programs. | |
10 | [Chad C. Mulligan, Bodo Moeller] | |
11 | ||
034292ad DSH |
12 | *) Fix a bug in d2i_ASN1_INTEGER() and i2d_ASN1_INTEGER() which can mess |
13 | up the length of negative integers. This has now been simplified to just | |
14 | store the length when it is first determined and use it later, rather | |
15 | than trying to keep track of where data is copied and updating it to | |
16 | point to the end. | |
17 | [Steve Henson, reported by Brien Wheeler | |
18 | <bwheeler@authentica-security.com>] | |
19 | ||
170afce5 DSH |
20 | *) Add a new function PKCS7_signatureVerify. This allows the verification |
21 | of a PKCS#7 signature but with the signing certificate passed to the | |
22 | function itself. This contrasts with PKCS7_dataVerify which assumes the | |
23 | certificate is present in the PKCS#7 structure. This isn't always the | |
24 | case: certificates can be omitted from a PKCS#7 structure and be | |
25 | distributed by "out of band" means (such as a certificate database). | |
26 | [Steve Henson] | |
27 | ||
dbd665c2 DSH |
28 | *) Complete the PEM_* macros with DECLARE_PEM versions to replace the |
29 | function prototypes in pem.h, also change util/mkdef.pl to add the | |
30 | necessary function names. | |
31 | [Steve Henson] | |
32 | ||
f76a8084 BM |
33 | *) mk1mf.pl (used by Windows builds) did not properly read the |
34 | options set by Configure in the top level Makefile; typo fixed, | |
35 | now "no-idea" etc. works as intended. | |
36 | [Bodo Moeller] | |
37 | ||
8623f693 DSH |
38 | *) New functions CONF_load_bio() and CONF_load_fp() to allow a config |
39 | file to be loaded from a BIO or FILE pointer. The BIO version will | |
40 | for example allow memory BIOs to contain config info. | |
41 | [Steve Henson] | |
42 | ||
a111306b BM |
43 | *) New function "CRYPTO_num_locks" that returns CRYPTO_NUM_LOCKS. |
44 | Whoever hopes to achieve shared-library compatibility across versions | |
45 | must use this, not the compile-time macro. | |
11af1a27 BM |
46 | (Exercise 0.9.4: Which is the minimum library version required by |
47 | such programs?) | |
48 | Note: All this applies only to multi-threaded programs, others don't | |
49 | need locks. | |
a111306b BM |
50 | [Bodo Moeller] |
51 | ||
95d29597 BM |
52 | *) Add missing case to s3_clnt.c state machine -- one of the new SSL tests |
53 | through a BIO pair triggered the default case, i.e. | |
54 | SSLerr(...,SSL_R_UNKNOWN_STATE). | |
55 | [Bodo Moeller] | |
56 | ||
57 | *) New "BIO pair" concept (crypto/bio/bss_bio.c) so that applications | |
58 | can use the SSL library even if none of the specific BIOs is | |
59 | appropriate. | |
60 | [Bodo Moeller] | |
61 | ||
9bce3070 DSH |
62 | *) Fix a bug in i2d_DSAPublicKey() which meant it returned the wrong value |
63 | for the encoded length. | |
64 | [Jeon KyoungHo <khjeon@sds.samsung.co.kr>] | |
65 | ||
565d1065 DSH |
66 | *) Add initial documentation of the X509V3 functions. |
67 | [Steve Henson] | |
68 | ||
b7d135b3 DSH |
69 | *) Add a new pair of functions PEM_write_PKCS8PrivateKey() and |
70 | PEM_write_bio_PKCS8PrivateKey() that are equivalent to | |
71 | PEM_write_PrivateKey() and PEM_write_bio_PrivateKey() but use the more | |
72 | secure PKCS#8 private key format with a high iteration count. | |
73 | [Steve Henson] | |
74 | ||
9d9b559e RE |
75 | *) Fix determination of Perl interpreter: A perl or perl5 |
76 | _directory_ in $PATH was also accepted as the interpreter. | |
77 | [Ralf S. Engelschall] | |
78 | ||
5f6d0ea2 DSH |
79 | *) Fix demos/sign/sign.c: well there wasn't anything strictly speaking |
80 | wrong with it but it was very old and did things like calling | |
81 | PEM_ASN1_read() directly and used MD5 for the hash not to mention some | |
82 | unusual formatting. | |
83 | [Steve Henson] | |
84 | ||
f62676b9 DSH |
85 | *) Fix demos/selfsign.c: it used obsolete and deleted functions, changed |
86 | to use the new extension code. | |
87 | [Steve Henson] | |
88 | ||
89 | *) Implement the PEM_read/PEM_write functions in crypto/pem/pem_all.c | |
90 | with macros. This should make it easier to change their form, add extra | |
91 | arguments etc. Fix a few PEM prototypes which didn't have cipher as a | |
92 | constant. | |
93 | [Steve Henson] | |
94 | ||
8151f52a BM |
95 | *) Add to configuration table a new entry that can specify an alternative |
96 | name for unistd.h (for pre-POSIX systems); we need this for NeXTstep, | |
97 | according to Mark Crispin <MRC@Panda.COM>. | |
98 | [Bodo Moeller] | |
99 | ||
c77f47ab | 100 | #if 0 |
05861c77 BL |
101 | *) DES CBC did not update the IV. Weird. |
102 | [Ben Laurie] | |
c77f47ab | 103 | #else |
a7bd0396 BM |
104 | des_cbc_encrypt does not update the IV, but des_ncbc_encrypt does. |
105 | Changing the behaviour of the former might break existing programs -- | |
106 | where IV updating is needed, des_ncbc_encrypt can be used. | |
c77f47ab | 107 | #endif |
05861c77 | 108 | |
233bf734 BL |
109 | *) When bntest is run from "make test" it drives bc to check its |
110 | calculations, as well as internally checking them. If an internal check | |
111 | fails, it needs to cause bc to give a non-zero result or make test carries | |
112 | on without noticing the failure. Fixed. | |
113 | [Ben Laurie] | |
114 | ||
908eb7b8 UM |
115 | *) DES library cleanups. |
116 |