X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=CHANGES;h=1e13733070574ecfb12b500f1b1ab483accd07bf;hb=f763e0b5ae74c67795d096c9029b5c61e891e68a;hp=78b002083a7b525049788160448a8bbe61f4c5ed;hpb=a0e7c8eede26b29b09057f48b8e51f46f8811ddd;p=oweals%2Fopenssl.git diff --git a/CHANGES b/CHANGES index 78b002083a..1e13733070 100644 --- a/CHANGES +++ b/CHANGES @@ -2,7 +2,34 @@ OpenSSL CHANGES _______________ - Changes between 0.9.7e and 0.9.8 [xx XXX xxxx] + Changes between 0.9.7f and 0.9.8 [xx XXX xxxx] + + *) Use SHA-1 instead of MD5 as the default digest algorithm for + the apps/openssl applications. + [Nils Larsch] + + *) Compile clean with "-Wall -Wmissing-prototypes + -Wstrict-prototypes -Wmissing-declarations -Werror". Currently + DEBUG_SAFESTACK must also be set. + [Ben Laurie] + + *) Change ./Configure so that certain algorithms can be disabled by default. + The new counterpiece to "no-xxx" is "enable-xxx". + + The patented RC5 and MDC2 algorithms will now be disabled unless + "enable-rc5" and "enable-mdc2", respectively, are specified. + + (IDEA remains enabled despite being patented. This is because IDEA + is frequently required for interoperability, and there is no license + fee for non-commercial use. As before, "no-idea" can be used to + avoid this algorithm.) + + [Bodo Moeller] + + *) Add processing of proxy certificates (see RFC 3820). This work was + sponsored by KTH (The Royal Institute of Technology in Stockholm) and + EGEE (Enabling Grids for E-science in Europe). + [Richard Levitte] *) RC4 performance overhaul on modern architectures/implementations, such as Intel P4, IA-64 and AMD64. @@ -743,7 +770,48 @@ differing sizes. [Richard Levitte] - Changes between 0.9.7e and 0.9.7f [XX xxx XXXX] + Changes between 0.9.7f and 0.9.7g [XX xxx xxxx] + + *) Undo Cygwin change. + [Ulf Möller] + + Changes between 0.9.7e and 0.9.7f [22 Mar 2005] + + *) Use (SSL_RANDOM_VALUE - 4) bytes of pseudo random data when generating + server and client random values. Previously + (SSL_RANDOM_VALUE - sizeof(time_t)) would be used which would result in + less random data when sizeof(time_t) > 4 (some 64 bit platforms). + + This change has negligible security impact because: + + 1. Server and client random values still have 24 bytes of pseudo random + data. + + 2. Server and client random values are sent in the clear in the initial + handshake. + + 3. The master secret is derived using the premaster secret (48 bytes in + size for static RSA ciphersuites) as well as client server and random + values. + + The OpenSSL team would like to thank the UK NISCC for bringing this issue + to our attention. + + [Stephen Henson, reported by UK NISCC] + + *) Use Windows randomness collection on Cygwin. + [Ulf Möller] + + *) Fix hang in EGD/PRNGD query when communication socket is closed + prematurely by EGD/PRNGD. + [Darren Tucker via Lutz Jänicke, resolves #1014] + + *) Prompt for pass phrases when appropriate for PKCS12 input format. + [Steve Henson] + + *) Back-port of selected performance improvements from development + branch, as well as improved support for PowerPC platforms. + [Andy Polyakov] *) Add lots of checks for memory allocation failure, error codes to indicate failure and freeing up memory if a failure occurs.