[thirdparty/openssl.git] / CHANGES


 OpenSSL CHANGES
 _______________

 Changes between 0.9.5 and 0.9.5a  [XX XXX 2000]

  *) Add compatibility options to the purpose and trust code. The
     purpose X509_PURPOSE_ANY is "any purpose" which automatically
     accepts a certificate or CA, this was the previous behaviour,
     with all the associated security issues.

     X509_TRUST_COMPAT is the old trust behaviour: only and
     automatically trust self signed roots in certificate store. A
     new trust setting X509_TRUST_DEFAULT is used to specify that
     a purpose has no associated trust setting and it should instead
     use the value in the default purpose.
     [Steve Henson]

  *) Fix the PKCS#8 DSA private key code so it decodes keys again
     and fix a memory leak.
     [Steve Henson]

  *) In util/mkerr.pl (which implements 'make errors'), preserve
     reason strings from the previous version of the .c file, as
     the default to have only downcase letters (and digits) in
     automatically generated reasons codes is not always appropriate.
     [Bodo Moeller]

  *) In ERR_load_ERR_strings(), build an ERR_LIB_SYS error reason table
     using strerror.  Previously, ERR_reason_error_string() returned
     library names as reason strings for SYSerr; but SYSerr is a special
     case where small numbers are errno values, not library numbers.
     [Bodo Moeller]

  *) Add '-dsaparam' option to 'openssl dhparam' application.  This
     converts DSA parameters into DH parameters. (When creating parameters,
     DSA_generate_parameters is used.)
     [Bodo Moeller]

  *) Include 'length' (recommended exponent length) in C code generated
     by 'openssl dhparam -C'.
     [Bodo Moeller]

  *) The second argument to set_label in perlasm was already being used
     so couldn't be used as a "file scope" flag. Moved to third argument
     which was free.
     [Steve Henson]

  *) In PEM_ASN1_write_bio and some other functions, use RAND_pseudo_bytes
     instead of RAND_bytes for encryption IVs and salts.
     [Bodo Moeller]

  *) Include RAND_status() into RAND_METHOD instead of implementing
     it only for md_rand.c  Otherwise replacing the PRNG by calling
     RAND_set_rand_method would be impossible.
     [Bodo Moeller]

  *) Don't let DSA_generate_key() enter an infinite loop if the random
     number generation fails.
     [Bodo Moeller]

  *) New 'rand' application for creating pseudo-random output.
     [Bodo Moeller]

  *) Added configuration support for Linux/IA64
     [Rolf Haberrecker <rolf@suse.de>]

  *) Assembler module support for Mingw32.
Commit	Line	Data
651d0aff	1
f1c236f8	2	OpenSSL CHANGES
651d0aff RE	3	_______________
651d0aff RE	4
4c4d87f9	5	Changes between 0.9.5 and 0.9.5a [XX XXX 2000]
865874f2	6
daf4e53e	7	*) Add compatibility options to the purpose and trust code. The
068fdce8 DSH	8	purpose X509_PURPOSE_ANY is "any purpose" which automatically
	9	accepts a certificate or CA, this was the previous behaviour,
	10	with all the associated security issues.
	11
	12	X509_TRUST_COMPAT is the old trust behaviour: only and
	13	automatically trust self signed roots in certificate store. A
	14	new trust setting X509_TRUST_DEFAULT is used to specify that
	15	a purpose has no associated trust setting and it should instead
	16	use the value in the default purpose.
	17	[Steve Henson]
	18
48fe0eec DSH	19	*) Fix the PKCS#8 DSA private key code so it decodes keys again
	20	and fix a memory leak.
	21	[Steve Henson]
	22
59fc2b0f BM	23	*) In util/mkerr.pl (which implements 'make errors'), preserve
	24	reason strings from the previous version of the .c file, as
	25	the default to have only downcase letters (and digits) in
	26	automatically generated reasons codes is not always appropriate.
	27	[Bodo Moeller]
	28
0a150c5c BM	29	*) In ERR_load_ERR_strings(), build an ERR_LIB_SYS error reason table
	30	using strerror. Previously, ERR_reason_error_string() returned
	31	library names as reason strings for SYSerr; but SYSerr is a special
	32	case where small numbers are errno values, not library numbers.
	33	[Bodo Moeller]
	34
41918458 BM	35	*) Add '-dsaparam' option to 'openssl dhparam' application. This
	36	converts DSA parameters into DH parameters. (When creating parameters,
	37	DSA_generate_parameters is used.)
	38	[Bodo Moeller]
	39
	40	*) Include 'length' (recommended exponent length) in C code generated
	41	by 'openssl dhparam -C'.
	42	[Bodo Moeller]
	43
d9c88a39 DSH	44	*) The second argument to set_label in perlasm was already being used
	45	so couldn't be used as a "file scope" flag. Moved to third argument
	46	which was free.
	47	[Steve Henson]
	48
84d14408 BM	49	*) In PEM_ASN1_write_bio and some other functions, use RAND_pseudo_bytes
	50	instead of RAND_bytes for encryption IVs and salts.
	51	[Bodo Moeller]
	52
5eb8ca4d BM	53	*) Include RAND_status() into RAND_METHOD instead of implementing
	54	it only for md_rand.c Otherwise replacing the PRNG by calling
	55	RAND_set_rand_method would be impossible.
	56	[Bodo Moeller]
	57
7a2dfc2a UM	58	*) Don't let DSA_generate_key() enter an infinite loop if the random
	59	number generation fails.
	60	[Bodo Moeller]
	61
55f7d65d BM	62	*) New 'rand' application for creating pseudo-random output.
	63	[Bodo Moeller]
	64
010712ff RE	65	*) Added configuration support for Linux/IA64
	66	[Rolf Haberrecker <rolf@suse.de>]
	67
2da0c119 UM	68	*) Assembler module support for Mingw32.
	69