Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/dist/openssl OpenSSL 0.9.6a
details: https://anonhg.NetBSD.org/src/rev/f2c57854ff9d
branches: trunk
changeset: 508478:f2c57854ff9d
user: itojun <itojun%NetBSD.org@localhost>
date: Thu Apr 12 03:06:03 2001 +0000
description:
OpenSSL 0.9.6a
diffstat:
crypto/dist/openssl/CHANGES | 967 ++++++++++-
crypto/dist/openssl/Configure | 517 ++++-
crypto/dist/openssl/FAQ | 454 ++++-
crypto/dist/openssl/INSTALL | 37 +-
crypto/dist/openssl/INSTALL.VMS | 19 +-
crypto/dist/openssl/INSTALL.W32 | 79 +-
crypto/dist/openssl/LICENSE | 2 +-
crypto/dist/openssl/Makefile.org | 235 +-
crypto/dist/openssl/Makefile.ssl | 239 +-
crypto/dist/openssl/NEWS | 40 +
crypto/dist/openssl/README | 21 +-
crypto/dist/openssl/README.ENGINE | 63 +
crypto/dist/openssl/apps/CA.pl | 6 +
crypto/dist/openssl/apps/CA.pl.in | 6 +
crypto/dist/openssl/apps/Makefile.ssl | 926 ++++++----
crypto/dist/openssl/apps/app_rand.c | 6 +-
crypto/dist/openssl/apps/apps.c | 372 ++++-
crypto/dist/openssl/apps/apps.h | 15 +-
crypto/dist/openssl/apps/asn1pars.c | 27 +-
crypto/dist/openssl/apps/ca-cert.srl | 2 +-
crypto/dist/openssl/apps/ca.c | 135 +-
crypto/dist/openssl/apps/ciphers.c | 13 +-
crypto/dist/openssl/apps/crl.c | 49 +-
crypto/dist/openssl/apps/crl2p7.c | 20 +-
crypto/dist/openssl/apps/dgst.c | 204 ++-
crypto/dist/openssl/apps/dh.c | 16 +-
crypto/dist/openssl/apps/dh1024.pem | 11 +-
crypto/dist/openssl/apps/dh2048.pem | 12 +
crypto/dist/openssl/apps/dh4096.pem | 18 +
crypto/dist/openssl/apps/dh512.pem | 9 +
crypto/dist/openssl/apps/dhparam.c | 18 +-
crypto/dist/openssl/apps/dsa.c | 14 +-
crypto/dist/openssl/apps/dsaparam.c | 16 +-
crypto/dist/openssl/apps/enc.c | 22 +-
crypto/dist/openssl/apps/errstr.c | 13 +-
crypto/dist/openssl/apps/gendh.c | 10 +-
crypto/dist/openssl/apps/gendsa.c | 12 +-
crypto/dist/openssl/apps/genrsa.c | 14 +-
crypto/dist/openssl/apps/makeapps.com | 4 +-
crypto/dist/openssl/apps/nseq.c | 15 +-
crypto/dist/openssl/apps/openssl.c | 20 +-
crypto/dist/openssl/apps/passwd.c | 104 +-
crypto/dist/openssl/apps/pca-cert.srl | 2 +-
crypto/dist/openssl/apps/pkcs12.c | 258 ++-
crypto/dist/openssl/apps/pkcs7.c | 10 +-
crypto/dist/openssl/apps/pkcs8.c | 23 +-
crypto/dist/openssl/apps/progs.h | 5 +
crypto/dist/openssl/apps/progs.pl | 4 +-
crypto/dist/openssl/apps/rand.c | 10 +-
crypto/dist/openssl/apps/req.c | 78 +-
crypto/dist/openssl/apps/rsa.c | 31 +-
crypto/dist/openssl/apps/rsautl.c | 294 +++
crypto/dist/openssl/apps/s_client.c | 29 +-
crypto/dist/openssl/apps/s_server.c | 70 +-
crypto/dist/openssl/apps/s_socket.c | 8 +-
crypto/dist/openssl/apps/server.pem | 16 +-
crypto/dist/openssl/apps/sess_id.c | 10 +-
crypto/dist/openssl/apps/smime.c | 133 +-
crypto/dist/openssl/apps/speed.c | 512 ++++-
crypto/dist/openssl/apps/spkac.c | 26 +-
crypto/dist/openssl/apps/verify.c | 35 +-
crypto/dist/openssl/apps/x509.c | 373 +--
crypto/dist/openssl/certs/expired/rsa-ssca.pem | 19 +
crypto/dist/openssl/config | 100 +-
crypto/dist/openssl/crypto/Makefile.save | 38 +-
crypto/dist/openssl/crypto/Makefile.ssl | 46 +-
crypto/dist/openssl/crypto/asn1/Makefile.save | 989 ++++++----
crypto/dist/openssl/crypto/asn1/Makefile.ssl | 992 ++++++----
crypto/dist/openssl/crypto/asn1/a_bitstr.c | 74 +-
crypto/dist/openssl/crypto/asn1/a_bytes.c | 14 +-
crypto/dist/openssl/crypto/asn1/a_digest.c | 4 +-
crypto/dist/openssl/crypto/asn1/a_dup.c | 4 +-
crypto/dist/openssl/crypto/asn1/a_enum.c | 165 +-
crypto/dist/openssl/crypto/asn1/a_gentm.c | 4 +-
crypto/dist/openssl/crypto/asn1/a_hdr.c | 2 +-
crypto/dist/openssl/crypto/asn1/a_i2d_fp.c | 4 +-
crypto/dist/openssl/crypto/asn1/a_int.c | 110 +-
crypto/dist/openssl/crypto/asn1/a_mbstr.c | 20 +-
crypto/dist/openssl/crypto/asn1/a_object.c | 62 +-
crypto/dist/openssl/crypto/asn1/a_set.c | 12 +-
crypto/dist/openssl/crypto/asn1/a_sign.c | 10 +-
crypto/dist/openssl/crypto/asn1/a_strex.c | 533 ++++++
crypto/dist/openssl/crypto/asn1/a_strnid.c | 21 +-
crypto/dist/openssl/crypto/asn1/a_time.c | 4 +-
crypto/dist/openssl/crypto/asn1/a_type.c | 18 +-
crypto/dist/openssl/crypto/asn1/a_utctm.c | 90 +-
crypto/dist/openssl/crypto/asn1/a_utf8.c | 16 +-
crypto/dist/openssl/crypto/asn1/a_verify.c | 4 +-
crypto/dist/openssl/crypto/asn1/asn1.h | 162 +-
crypto/dist/openssl/crypto/asn1/asn1_lib.c | 25 +-
crypto/dist/openssl/crypto/asn1/asn1_mac.h | 29 +-
crypto/dist/openssl/crypto/asn1/asn1_par.c | 48 +-
crypto/dist/openssl/crypto/asn1/asn_pack.c | 8 +-
crypto/dist/openssl/crypto/asn1/charmap.h | 15 +
crypto/dist/openssl/crypto/asn1/charmap.pl | 80 +
crypto/dist/openssl/crypto/asn1/d2i_dsap.c | 2 +-
crypto/dist/openssl/crypto/asn1/d2i_r_pu.c | 2 +-
crypto/dist/openssl/crypto/asn1/d2i_s_pr.c | 1 +
crypto/dist/openssl/crypto/asn1/d2i_s_pu.c | 2 +-
crypto/dist/openssl/crypto/asn1/f_enum.c | 6 +-
crypto/dist/openssl/crypto/asn1/f_int.c | 6 +-
crypto/dist/openssl/crypto/asn1/f_string.c | 6 +-
crypto/dist/openssl/crypto/asn1/i2d_dhp.c | 4 +-
crypto/dist/openssl/crypto/asn1/i2d_dsap.c | 4 +-
crypto/dist/openssl/crypto/asn1/i2d_r_pr.c | 4 +-
crypto/dist/openssl/crypto/asn1/i2d_r_pu.c | 4 +-
crypto/dist/openssl/crypto/asn1/i2d_s_pr.c | 4 +-
crypto/dist/openssl/crypto/asn1/i2d_s_pu.c | 4 +-
crypto/dist/openssl/crypto/asn1/n_pkey.c | 62 +-
crypto/dist/openssl/crypto/asn1/nsseq.c | 2 +-
crypto/dist/openssl/crypto/asn1/p5_pbe.c | 4 +-
crypto/dist/openssl/crypto/asn1/p5_pbev2.c | 6 +-
crypto/dist/openssl/crypto/asn1/p7_dgst.c | 2 +-
crypto/dist/openssl/crypto/asn1/p7_enc.c | 2 +-
crypto/dist/openssl/crypto/asn1/p7_enc_c.c | 2 +-
crypto/dist/openssl/crypto/asn1/p7_evp.c | 2 +-
crypto/dist/openssl/crypto/asn1/p7_i_s.c | 2 +-
crypto/dist/openssl/crypto/asn1/p7_lib.c | 114 +-
crypto/dist/openssl/crypto/asn1/p7_recip.c | 2 +-
crypto/dist/openssl/crypto/asn1/p7_s_e.c | 2 +-
crypto/dist/openssl/crypto/asn1/p7_signd.c | 2 +-
crypto/dist/openssl/crypto/asn1/p7_signi.c | 2 +-
crypto/dist/openssl/crypto/asn1/p8_key.c | 4 +-
crypto/dist/openssl/crypto/asn1/p8_pkey.c | 2 +-
crypto/dist/openssl/crypto/asn1/t_pkey.c | 16 +-
crypto/dist/openssl/crypto/asn1/t_x509.c | 2 +-
crypto/dist/openssl/crypto/asn1/t_x509a.c | 8 +
crypto/dist/openssl/crypto/asn1/x_algor.c | 2 +-
crypto/dist/openssl/crypto/asn1/x_attrib.c | 2 +-
crypto/dist/openssl/crypto/asn1/x_cinf.c | 2 +-
crypto/dist/openssl/crypto/asn1/x_crl.c | 31 +-
crypto/dist/openssl/crypto/asn1/x_exten.c | 2 +-
crypto/dist/openssl/crypto/asn1/x_info.c | 6 +-
crypto/dist/openssl/crypto/asn1/x_name.c | 12 +-
crypto/dist/openssl/crypto/asn1/x_pkey.c | 4 +-
crypto/dist/openssl/crypto/asn1/x_pubkey.c | 10 +-
crypto/dist/openssl/crypto/asn1/x_req.c | 25 +-
crypto/dist/openssl/crypto/asn1/x_sig.c | 2 +-
crypto/dist/openssl/crypto/asn1/x_spki.c | 4 +-
crypto/dist/openssl/crypto/asn1/x_val.c | 2 +-
crypto/dist/openssl/crypto/asn1/x_x509.c | 18 +-
crypto/dist/openssl/crypto/asn1/x_x509a.c | 10 +-
crypto/dist/openssl/crypto/bf/Makefile.save | 4 +-
crypto/dist/openssl/crypto/bf/Makefile.ssl | 7 +-
crypto/dist/openssl/crypto/bf/bftest.c | 3 +-
crypto/dist/openssl/crypto/bio/Makefile.save | 125 +-
crypto/dist/openssl/crypto/bio/Makefile.ssl | 130 +-
crypto/dist/openssl/crypto/bio/b_dump.c | 122 +-
crypto/dist/openssl/crypto/bio/b_print.c | 350 +--
crypto/dist/openssl/crypto/bio/b_sock.c | 51 +-
crypto/dist/openssl/crypto/bio/bf_buff.c | 52 +-
crypto/dist/openssl/crypto/bio/bf_lbuf.c | 397 ++++
crypto/dist/openssl/crypto/bio/bf_nbio.c | 20 +-
crypto/dist/openssl/crypto/bio/bf_null.c | 20 +-
crypto/dist/openssl/crypto/bio/bio_err.c | 7 +-
crypto/dist/openssl/crypto/bio/bio_lib.c | 30 +-
crypto/dist/openssl/crypto/bio/bss_acpt.c | 24 +-
crypto/dist/openssl/crypto/bio/bss_bio.c | 20 +-
crypto/dist/openssl/crypto/bio/bss_conn.c | 47 +-
crypto/dist/openssl/crypto/bio/bss_file.c | 16 +-
crypto/dist/openssl/crypto/bio/bss_mem.c | 33 +-
crypto/dist/openssl/crypto/bio/bss_null.c | 16 +-
crypto/dist/openssl/crypto/bio/bss_rtcp.c | 16 +-
crypto/dist/openssl/crypto/bio/bss_sock.c | 28 +-
crypto/dist/openssl/crypto/bn/Makefile.save | 136 +-
crypto/dist/openssl/crypto/bn/Makefile.ssl | 138 +-
crypto/dist/openssl/crypto/bn/asm/README | 12 +-
crypto/dist/openssl/crypto/bn/asm/mips3.s | 8 +-
crypto/dist/openssl/crypto/bn/asm/pa-risc2.s | 2018 ++++++++++++++++++----
crypto/dist/openssl/crypto/bn/asm/pa-risc2W.s | 1605 ++++++++++++++++++
crypto/dist/openssl/crypto/bn/bn_asm.c | 11 +-
crypto/dist/openssl/crypto/bn/bn_blind.c | 4 +-
crypto/dist/openssl/crypto/bn/bn_ctx.c | 4 +-
crypto/dist/openssl/crypto/bn/bn_div.c | 9 +-
crypto/dist/openssl/crypto/bn/bn_err.c | 5 +
crypto/dist/openssl/crypto/bn/bn_exp.c | 348 ++-
crypto/dist/openssl/crypto/bn/bn_exp2.c | 363 ++-
crypto/dist/openssl/crypto/bn/bn_lcl.h | 100 +-
crypto/dist/openssl/crypto/bn/bn_lib.c | 49 +-
crypto/dist/openssl/crypto/bn/bn_mont.c | 31 +-
crypto/dist/openssl/crypto/bn/bn_mul.c | 2 +-
crypto/dist/openssl/crypto/bn/bn_print.c | 12 +-
crypto/dist/openssl/crypto/bn/bn_rand.c | 117 +-
crypto/dist/openssl/crypto/bn/bn_recp.c | 4 +-
crypto/dist/openssl/crypto/bn/bn_shift.c | 7 +-
crypto/dist/openssl/crypto/bn/bn_sqr.c | 2 +-
crypto/dist/openssl/crypto/bn/bn_word.c | 17 +-
crypto/dist/openssl/crypto/bn/bntest.c | 64 +-
crypto/dist/openssl/crypto/bn/vms-helper.c | 2 +
crypto/dist/openssl/crypto/buffer/Makefile.save | 11 +-
crypto/dist/openssl/crypto/buffer/Makefile.ssl | 14 +-
crypto/dist/openssl/crypto/buffer/buffer.c | 12 +-
crypto/dist/openssl/crypto/cast/Makefile.ssl | 3 +-
crypto/dist/openssl/crypto/cast/c_skey.c | 2 +-
crypto/dist/openssl/crypto/comp/Makefile.ssl | 23 +-
crypto/dist/openssl/crypto/comp/comp.h | 4 +-
crypto/dist/openssl/crypto/comp/comp_lib.c | 6 +-
crypto/dist/openssl/crypto/conf/Makefile.ssl | 47 +-
crypto/dist/openssl/crypto/conf/conf.h | 71 +-
crypto/dist/openssl/crypto/conf/conf_api.c | 289 +++
crypto/dist/openssl/crypto/conf/conf_api.h | 87 +
crypto/dist/openssl/crypto/conf/conf_def.c | 703 ++++++++
crypto/dist/openssl/crypto/conf/conf_def.h | 145 +
crypto/dist/openssl/crypto/conf/conf_err.c | 11 +
crypto/dist/openssl/crypto/conf/conf_lib.c | 392 ++++
crypto/dist/openssl/crypto/conf/keysets.pl | 156 +-
crypto/dist/openssl/crypto/conf/test.c | 8 +-
crypto/dist/openssl/crypto/cpt_err.c | 2 +
crypto/dist/openssl/crypto/cryptlib.c | 200 ++-
crypto/dist/openssl/crypto/cryptlib.h | 8 +-
crypto/dist/openssl/crypto/crypto-lib.com | 53 +-
crypto/dist/openssl/crypto/crypto.h | 87 +-
crypto/dist/openssl/crypto/des/Makefile.save | 19 +-
crypto/dist/openssl/crypto/des/Makefile.ssl | 20 +-
crypto/dist/openssl/crypto/des/asm/des-586.pl | 4 +-
crypto/dist/openssl/crypto/des/asm/des686.pl | 2 +-
crypto/dist/openssl/crypto/des/asm/readme | 2 +-
crypto/dist/openssl/crypto/des/cbc_cksm.c | 2 +-
crypto/dist/openssl/crypto/des/cfb64enc.c | 4 +-
crypto/dist/openssl/crypto/des/cfb_enc.c | 4 +-
crypto/dist/openssl/crypto/des/des.c | 4 +-
crypto/dist/openssl/crypto/des/des_enc.c | 2 +-
crypto/dist/openssl/crypto/des/dess.cpp | 18 +-
crypto/dist/openssl/crypto/des/ecb_enc.c | 2 +-
crypto/dist/openssl/crypto/des/ede_cbcm_enc.c | 16 +-
crypto/dist/openssl/crypto/des/enc_read.c | 6 +-
crypto/dist/openssl/crypto/des/enc_writ.c | 2 +-
crypto/dist/openssl/crypto/des/ncbc_enc.c | 8 +-
crypto/dist/openssl/crypto/des/ofb64enc.c | 2 +-
crypto/dist/openssl/crypto/des/ofb_enc.c | 2 +-
crypto/dist/openssl/crypto/des/pcbc_enc.c | 4 +-
crypto/dist/openssl/crypto/des/qud_cksm.c | 12 +-
crypto/dist/openssl/crypto/des/read_pwd.c | 20 +-
crypto/dist/openssl/crypto/des/speed.c | 4 +-
crypto/dist/openssl/crypto/des/xcbc_enc.c | 8 +-
crypto/dist/openssl/crypto/dh/Makefile.save | 28 +-
crypto/dist/openssl/crypto/dh/Makefile.ssl | 31 +-
crypto/dist/openssl/crypto/dh/dh_key.c | 32 +-
crypto/dist/openssl/crypto/dh/dh_lib.c | 19 +-
crypto/dist/openssl/crypto/dh/dhtest.c | 8 +-
crypto/dist/openssl/crypto/dsa/Makefile.save | 53 +-
crypto/dist/openssl/crypto/dsa/Makefile.ssl | 56 +-
crypto/dist/openssl/crypto/dsa/dsa_asn1.c | 14 +-
crypto/dist/openssl/crypto/dsa/dsa_key.c | 13 +-
crypto/dist/openssl/crypto/dsa/dsa_lib.c | 17 +-
crypto/dist/openssl/crypto/dsa/dsa_ossl.c | 10 +-
crypto/dist/openssl/crypto/dso/Makefile.ssl | 141 +
crypto/dist/openssl/crypto/dso/README | 24 +
crypto/dist/openssl/crypto/dso/dso.h | 250 ++
crypto/dist/openssl/crypto/dso/dso_dl.c | 256 ++
crypto/dist/openssl/crypto/dso/dso_dlfcn.c | 276 +++
crypto/dist/openssl/crypto/dso/dso_err.c | 128 +
crypto/dist/openssl/crypto/dso/dso_lib.c | 306 +++
crypto/dist/openssl/crypto/dso/dso_null.c | 86 +
crypto/dist/openssl/crypto/dso/dso_openssl.c | 81 +
crypto/dist/openssl/crypto/dso/dso_vms.c | 371 ++++
crypto/dist/openssl/crypto/dso/dso_win32.c | 273 +++
crypto/dist/openssl/crypto/ebcdic.c | 2 +-
crypto/dist/openssl/crypto/err/Makefile.save | 18 +-
crypto/dist/openssl/crypto/err/Makefile.ssl | 21 +-
crypto/dist/openssl/crypto/err/err.c | 174 +-
crypto/dist/openssl/crypto/err/err_all.c | 2 +
crypto/dist/openssl/crypto/err/err_prn.c | 6 +-
crypto/dist/openssl/crypto/err/openssl.ec | 1 +
crypto/dist/openssl/crypto/evp/bio_b64.c | 37 +-
crypto/dist/openssl/crypto/evp/bio_enc.c | 22 +-
crypto/dist/openssl/crypto/evp/bio_md.c | 22 +-
crypto/dist/openssl/crypto/ex_data.c | 6 +-
crypto/dist/openssl/crypto/install.com | 15 +-
crypto/dist/openssl/crypto/mem.c | 51 +-
crypto/dist/openssl/crypto/mem_dbg.c | 164 +-
crypto/dist/openssl/crypto/opensslv.h | 57 +-
crypto/dist/openssl/crypto/symhacks.h | 154 +
crypto/dist/openssl/crypto/tmdiff.c | 4 +-
crypto/dist/openssl/crypto/uid.c | 88 +
crypto/dist/openssl/e_os2.h | 4 +-
crypto/dist/openssl/makevms.com | 26 +-
crypto/dist/openssl/openssl.spec | 212 ++
278 files changed, 18545 insertions(+), 4951 deletions(-)
diffs (truncated from 35511 to 300 lines):
diff -r b043c0d2b059 -r f2c57854ff9d crypto/dist/openssl/CHANGES
--- a/crypto/dist/openssl/CHANGES Thu Apr 12 02:51:14 2001 +0000
+++ b/crypto/dist/openssl/CHANGES Thu Apr 12 03:06:03 2001 +0000
@@ -2,6 +2,963 @@
OpenSSL CHANGES
_______________
+ Changes between 0.9.6 and 0.9.6a [5 Apr 2001]
+
+ *) Fix a couple of memory leaks in PKCS7_dataDecode()
+ [Steve Henson, reported by Heyun Zheng <hzheng%atdsprint.com@localhost>]
+
+ *) Change Configure and Makefiles to provide EXE_EXT, which will contain
+ the default extension for executables, if any. Also, make the perl
+ scripts that use symlink() to test if it really exists and use "cp"
+ if it doesn't. All this made OpenSSL compilable and installable in
+ CygWin.
+ [Richard Levitte]
+
+ *) Fix for asn1_GetSequence() for indefinite length constructed data.
+ If SEQUENCE is length is indefinite just set c->slen to the total
+ amount of data available.
+ [Steve Henson, reported by shige%FreeBSD.org@localhost]
+ [This change does not apply to 0.9.7.]
+
+ *) Change bctest to avoid here-documents inside command substitution
+ (workaround for FreeBSD /bin/sh bug).
+ For compatibility with Ultrix, avoid shell functions (introduced
+ in the bctest version that searches along $PATH).
+ [Bodo Moeller]
+
+ *) Rename 'des_encrypt' to 'des_encrypt1'. This avoids the clashes
+ with des_encrypt() defined on some operating systems, like Solaris
+ and UnixWare.
+ [Richard Levitte]
+
+ *) Check the result of RSA-CRT (see D. Boneh, R. DeMillo, R. Lipton:
+ On the Importance of Eliminating Errors in Cryptographic
+ Computations, J. Cryptology 14 (2001) 2, 101-119,
+ http://theory.stanford.edu/~dabo/papers/faults.ps.gz).
+ [Ulf Moeller]
+
+ *) MIPS assembler BIGNUM division bug fix.
+ [Andy Polyakov]
+
+ *) Disabled incorrect Alpha assembler code.
+ [Richard Levitte]
+
+ *) Fix PKCS#7 decode routines so they correctly update the length
+ after reading an EOC for the EXPLICIT tag.
+ [Steve Henson]
+ [This change does not apply to 0.9.7.]
+
+ *) Fix bug in PKCS#12 key generation routines. This was triggered
+ if a 3DES key was generated with a 0 initial byte. Include
+ PKCS12_BROKEN_KEYGEN compilation option to retain the old
+ (but broken) behaviour.
+ [Steve Henson]
+
+ *) Enhance bctest to search for a working bc along $PATH and print
+ it when found.
+ [Tim Rice <tim%multitalents.net@localhost> via Richard Levitte]
+
+ *) Fix memory leaks in err.c: free err_data string if necessary;
+ don't write to the wrong index in ERR_set_error_data.
+ [Bodo Moeller]
+
+ *) Implement ssl23_peek (analogous to ssl23_read), which previously
+ did not exist.
+ [Bodo Moeller]
+
+ *) Replace rdtsc with _emit statements for VC++ version 5.
+ [Jeremy Cooper <jeremy%baymoo.org@localhost>]
+
+ *) Make it possible to reuse SSLv2 sessions.
+ [Richard Levitte]
+
+ *) In copy_email() check for >= 0 as a return value for
+ X509_NAME_get_index_by_NID() since 0 is a valid index.
+ [Steve Henson reported by Massimiliano Pala <madwolf%opensca.org@localhost>]
+
+ *) Avoid coredump with unsupported or invalid public keys by checking if
+ X509_get_pubkey() fails in PKCS7_verify(). Fix memory leak when
+ PKCS7_verify() fails with non detached data.
+ [Steve Henson]
+
+ *) Don't use getenv in library functions when run as setuid/setgid.
+ New function OPENSSL_issetugid().
+ [Ulf Moeller]
+
+ *) Avoid false positives in memory leak detection code (crypto/mem_dbg.c)
+ due to incorrect handling of multi-threading:
+
+ 1. Fix timing glitch in the MemCheck_off() portion of CRYPTO_mem_ctrl().
+
+ 2. Fix logical glitch in is_MemCheck_on() aka CRYPTO_is_mem_check_on().
+
+ 3. Count how many times MemCheck_off() has been called so that
+ nested use can be treated correctly. This also avoids
+ inband-signalling in the previous code (which relied on the
+ assumption that thread ID 0 is impossible).
+ [Bodo Moeller]
+
+ *) Add "-rand" option also to s_client and s_server.
+ [Lutz Jaenicke]
+
+ *) Fix CPU detection on Irix 6.x.
+ [Kurt Hockenbury <khockenb%stevens-tech.edu@localhost> and
+ "Bruce W. Forsberg" <bruce.forsberg%baesystems.com@localhost>]
+
+ *) Fix X509_NAME bug which produced incorrect encoding if X509_NAME
+ was empty.
+ [Steve Henson]
+ [This change does not apply to 0.9.7.]
+
+ *) Use the cached encoding of an X509_NAME structure rather than
+ copying it. This is apparently the reason for the libsafe "errors"
+ but the code is actually correct.
+ [Steve Henson]
+
+ *) Add new function BN_rand_range(), and fix DSA_sign_setup() to prevent
+ Bleichenbacher's DSA attack.
+ Extend BN_[pseudo_]rand: As before, top=1 forces the highest two bits
+ to be set and top=0 forces the highest bit to be set; top=-1 is new
+ and leaves the highest bit random.
+ [Ulf Moeller, Bodo Moeller]
+
+ *) In the NCONF_...-based implementations for CONF_... queries
+ (crypto/conf/conf_lib.c), if the input LHASH is NULL, avoid using
+ a temporary CONF structure with the data component set to NULL
+ (which gives segmentation faults in lh_retrieve).
+ Instead, use NULL for the CONF pointer in CONF_get_string and
+ CONF_get_number (which may use environment variables) and directly
+ return NULL from CONF_get_section.
+ [Bodo Moeller]
+
+ *) Fix potential buffer overrun for EBCDIC.
+ [Ulf Moeller]
+
+ *) Tolerate nonRepudiation as being valid for S/MIME signing and certSign
+ keyUsage if basicConstraints absent for a CA.
+ [Steve Henson]
+
+ *) Make SMIME_write_PKCS7() write mail header values with a format that
+ is more generally accepted (no spaces before the semicolon), since
+ some programs can't parse those values properly otherwise. Also make
+ sure BIO's that break lines after each write do not create invalid
+ headers.
+ [Richard Levitte]
+
+ *) Make the CRL encoding routines work with empty SEQUENCE OF. The
+ macros previously used would not encode an empty SEQUENCE OF
+ and break the signature.
+ [Steve Henson]
+ [This change does not apply to 0.9.7.]
+
+ *) Zero the premaster secret after deriving the master secret in
+ DH ciphersuites.
+ [Steve Henson]
+
+ *) Add some EVP_add_digest_alias registrations (as found in
+ OpenSSL_add_all_digests()) to SSL_library_init()
+ aka OpenSSL_add_ssl_algorithms(). This provides improved
+ compatibility with peers using X.509 certificates
+ with unconventional AlgorithmIdentifier OIDs.
+ [Bodo Moeller]
+
+ *) Fix for Irix with NO_ASM.
+ ["Bruce W. Forsberg" <bruce.forsberg%baesystems.com@localhost>]
+
+ *) ./config script fixes.
+ [Ulf Moeller, Richard Levitte]
+
+ *) Fix 'openssl passwd -1'.
+ [Bodo Moeller]
+
+ *) Change PKCS12_key_gen_asc() so it can cope with non null
+ terminated strings whose length is passed in the passlen
+ parameter, for example from PEM callbacks. This was done
+ by adding an extra length parameter to asc2uni().
+ [Steve Henson, reported by <oddissey%samsung.co.kr@localhost>]
+
+ *) Fix C code generated by 'openssl dsaparam -C': If a BN_bin2bn
+ call failed, free the DSA structure.
+ [Bodo Moeller]
+
+ *) Fix to uni2asc() to cope with zero length Unicode strings.
+ These are present in some PKCS#12 files.
+ [Steve Henson]
+
+ *) Increase s2->wbuf allocation by one byte in ssl2_new (ssl/s2_lib.c).
+ Otherwise do_ssl_write (ssl/s2_pkt.c) will write beyond buffer limits
+ when writing a 32767 byte record.
+ [Bodo Moeller; problem reported by Eric Day <eday%concentric.net@localhost>]
+
+ *) In RSA_eay_public_{en,ed}crypt and RSA_eay_mod_exp (rsa_eay.c),
+ obtain lock CRYPTO_LOCK_RSA before setting rsa->_method_mod_{n,p,q}.
+
+ (RSA objects have a reference count access to which is protected
+ by CRYPTO_LOCK_RSA [see rsa_lib.c, s3_srvr.c, ssl_cert.c, ssl_rsa.c],
+ so they are meant to be shared between threads.)
+ [Bodo Moeller, Geoff Thorpe; original patch submitted by
+ "Reddie, Steven" <Steven.Reddie%ca.com@localhost>]
+
+ *) Fix a deadlock in CRYPTO_mem_leaks().
+ [Bodo Moeller]
+
+ *) Use better test patterns in bntest.
+ [Ulf Möller]
+
+ *) rand_win.c fix for Borland C.
+ [Ulf Möller]
+
+ *) BN_rshift bugfix for n == 0.
+ [Bodo Moeller]
+
+ *) Add a 'bctest' script that checks for some known 'bc' bugs
+ so that 'make test' does not abort just because 'bc' is broken.
+ [Bodo Moeller]
+
+ *) Store verify_result within SSL_SESSION also for client side to
+ avoid potential security hole. (Re-used sessions on the client side
+ always resulted in verify_result==X509_V_OK, not using the original
+ result of the server certificate verification.)
+ [Lutz Jaenicke]
+
+ *) Fix ssl3_pending: If the record in s->s3->rrec is not of type
+ SSL3_RT_APPLICATION_DATA, return 0.
+ Similarly, change ssl2_pending to return 0 if SSL_in_init(s) is true.
+ [Bodo Moeller]
+
+ *) Fix SSL_peek:
+ Both ssl2_peek and ssl3_peek, which were totally broken in earlier
+ releases, have been re-implemented by renaming the previous
+ implementations of ssl2_read and ssl3_read to ssl2_read_internal
+ and ssl3_read_internal, respectively, and adding 'peek' parameters
+ to them. The new ssl[23]_{read,peek} functions are calls to
+ ssl[23]_read_internal with the 'peek' flag set appropriately.
+ A 'peek' parameter has also been added to ssl3_read_bytes, which
+ does the actual work for ssl3_read_internal.
+ [Bodo Moeller]
+
+ *) Initialise "ex_data" member of RSA/DSA/DH structures prior to calling
+ the method-specific "init()" handler. Also clean up ex_data after
+ calling the method-specific "finish()" handler. Previously, this was
+ happening the other way round.
+ [Geoff Thorpe]
+
+ *) Increase BN_CTX_NUM (the number of BIGNUMs in a BN_CTX) to 16.
+ The previous value, 12, was not always sufficient for BN_mod_exp().
+ [Bodo Moeller]
+
+ *) Make sure that shared libraries get the internal name engine with
+ the full version number and not just 0. This should mark the
+ shared libraries as not backward compatible. Of course, this should
+ be changed again when we can guarantee backward binary compatibility.
+ [Richard Levitte]
+
+ *) Fix typo in get_cert_by_subject() in by_dir.c
+ [Jean-Marc Desperrier <jean-marc.desperrier%certplus.com@localhost>]
+
+ *) Rework the system to generate shared libraries:
+
+ - Make note of the expected extension for the shared libraries and
+ if there is a need for symbolic links from for example libcrypto.so.0
+ to libcrypto.so.0.9.7. There is extended info in Configure for
+ that.
+
+ - Make as few rebuilds of the shared libraries as possible.
+
+ - Still avoid linking the OpenSSL programs with the shared libraries.
+
+ - When installing, install the shared libraries separately from the
+ static ones.
+ [Richard Levitte]
+
+ *) Fix SSL_CTX_set_read_ahead macro to actually use its argument.
+
+ Copy SSL_CTX's read_ahead flag to SSL object directly in SSL_new
+ and not in SSL_clear because the latter is also used by the
+ accept/connect functions; previously, the settings made by
+ SSL_set_read_ahead would be lost during the handshake.
+ [Bodo Moeller; problems reported by Anders Gertz <gertz%epact.se@localhost>]
+
+ *) Correct util/mkdef.pl to be selective about disabled algorithms.
+ Previously, it would create entries for disableed algorithms no
+ matter what.
+ [Richard Levitte]
+
+ *) Added several new manual pages for SSL_* function.
+ [Lutz Jaenicke]
+
+ Changes between 0.9.5a and 0.9.6 [24 Sep 2000]
+
+ *) In ssl23_get_client_hello, generate an error message when faced
+ with an initial SSL 3.0/TLS record that is too small to contain the
+ first two bytes of the ClientHello message, i.e. client_version.
+ (Note that this is a pathologic case that probably has never happened
+ in real life.) The previous approach was to use the version number
+ from the record header as a substitute; but our protocol choice
Home |
Main Index |
Thread Index |
Old Index