OpenSSL CHANGES
_______________
- Changes between 0.9.6 and 0.9.6a [xx XXX 2000]
+ Changes between 0.9.6 and 0.9.6a [xx XXX 2001]
+
+ *) Don't use getenv in library functions when run as setuid/setgid.
+ New function OPENSSL_issetugid().
+ [Ulf Moeller]
+
+ *) Avoid false positives in memory leak detection code (crypto/mem_dbg.c)
+ due to incorrect handling of multi-threading:
+
+ 1. Fix timing glitch in the MemCheck_off() portion of CRYPTO_mem_ctrl().
+
+ 2. Fix logical glitch in is_MemCheck_on() aka CRYPTO_is_mem_check_on().
+
+ 3. Count how many times MemCheck_off() has been called so that
+ nested use can be treated correctly. This also avoids
+ inband-signalling in the previous code (which relied on the
+ assumption that thread ID 0 is impossible).
+ [Bodo Moeller]
+
+ *) Add "-rand" option also to s_client and s_server.
+ [Lutz Jaenicke]
+
+ *) Fix CPU detection on Irix 6.x.
+ [Kurt Hockenbury <khockenb@stevens-tech.edu> and
+ "Bruce W. Forsberg" <bruce.forsberg@baesystems.com>]
+
+ *) Fix X509_NAME bug which produced incorrect encoding if X509_NAME
+ was empty.
+ [Steve Henson]
+
+ *) Use the cached encoding of an X509_NAME structure rather than
+ copying it. This is apparently the reason for the libsafe "errors"
+ but the code is actually correct.
+ [Steve Henson]
+
+ *) Add new function BN_rand_range(), and fix DSA_sign_setup() to prevent
+ Bleichenbacher's DSA attack.
+ [Ulf Moeller]
+
+ *) In the NCONF_...-based implementations for CONF_... queries
+ (crypto/conf/conf_lib.c), if the input LHASH is NULL, avoid using
+ a temporary CONF structure with the data component set to NULL
+ (which gives segmentation faults in lh_retrieve).
+ Instead, use NULL for the CONF pointer in CONF_get_string and
+ CONF_get_number (which may use environment variables) and directly
+ return NULL from CONF_get_section.
+ [Bodo Moeller]
+
+ *) Fix potential buffer overrun for EBCDIC.
+ [Ulf Moeller]
+
+ *) Tolerate nonRepudiation as being valid for S/MIME signing and certSign
+ keyUsage if basicConstraints absent for a CA.
+ [Steve Henson]
+
+ *) Make SMIME_write_PKCS7() write mail header values with a format that
+ is more generally accepted (no spaces before the semicolon), since
+ some programs can't parse those values properly otherwise. Also make
+ sure BIO's that break lines after each write do not create invalid
+ headers.
+ [Richard Levitte]
+
+ *) Make the CRL encoding routines work with empty SEQUENCE OF. The
+ macros previously used would not encode an empty SEQUENCE OF
+ and break the signature.
+ [Steve Henson]
+
+ *) Zero the premaster secret after deriving the master secret in
+ DH ciphersuites.
+ [Steve Henson]
*) Add some EVP_add_digest_alias registrations (as found in
OpenSSL_add_all_digests()) to SSL_library_init()
matter what.
[Richard Levitte]
+ *) Added several new manual pages for SSL_* function.
+ [Lutz Jaenicke]
+
Changes between 0.9.5a and 0.9.6 [24 Sep 2000]
*) In ssl23_get_client_hello, generate an error message when faced