From: Bodo Möller Date: Thu, 22 Mar 2001 10:59:18 +0000 (+0000) Subject: Harmonize CHANGES and STATUS files between the 0.9.6a branch and X-Git-Tag: OpenSSL_0_9_6a-beta3~38 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=a8e738f9ad9ae1503753a0557a24aa5a28581a1a;p=oweals%2Fopenssl.git Harmonize CHANGES and STATUS files between the 0.9.6a branch and the trunk to keep diffs small. --- diff --git a/CHANGES b/CHANGES index b55c928cab..3f0e64d90a 100644 --- a/CHANGES +++ b/CHANGES @@ -28,15 +28,6 @@ X509_NAME_get_index_by_NID() since 0 is a valid index. [Steve Henson reported by Massimiliano Pala ] - *) Use better test patterns in bntest. - [Ulf Möller] - - *) Initialise "ex_data" member of RSA/DSA/DH structures prior to calling - the method-specific "init()" handler. Also clean up ex_data after - calling the method-specific "finish()" handler. Previously, this was - happening the other way round. - [Geoff Thorpe] - *) Avoid coredump with unsupported or invalid public keys by checking if X509_get_pubkey() fails in PKCS7_verify(). Fix memory leak when PKCS7_verify() fails with non detached data. @@ -69,6 +60,7 @@ *) Fix X509_NAME bug which produced incorrect encoding if X509_NAME was empty. [Steve Henson] + [This change does not apply to 0.9.7.] *) Use the cached encoding of an X509_NAME structure rather than copying it. This is apparently the reason for the libsafe "errors" @@ -80,7 +72,7 @@ Extend BN_[pseudo_]rand: As before, top=1 forces the highest two bits to be set and top=0 forces the highest bit to be set; top=-1 is new and leaves the highest bit random. - [Ulf Moeller] + [Ulf Moeller, Bodo Moeller] *) In the NCONF_...-based implementations for CONF_... queries (crypto/conf/conf_lib.c), if the input LHASH is NULL, avoid using @@ -109,6 +101,7 @@ macros previously used would not encode an empty SEQUENCE OF and break the signature. [Steve Henson] + [This change does not apply to 0.9.7.] *) Zero the premaster secret after deriving the master secret in DH ciphersuites. @@ -161,12 +154,19 @@ *) Fix a deadlock in CRYPTO_mem_leaks(). [Bodo Moeller] + *) Use better test patterns in bntest. + [Ulf Möller] + *) rand_win.c fix for Borland C. [Ulf Möller] *) BN_rshift bugfix for n == 0. [Bodo Moeller] + *) Add a 'bctest' script that checks for some known 'bc' bugs + so that 'make test' does not abort just because 'bc' is broken. + [Bodo Moeller] + *) Store verify_result within SSL_SESSION also for client side to avoid potential security hole. (Re-used sessions on the client side always resulted in verify_result==X509_V_OK, not using the original @@ -189,6 +189,12 @@ does the actual work for ssl3_read_internal. [Bodo Moeller] + *) Initialise "ex_data" member of RSA/DSA/DH structures prior to calling + the method-specific "init()" handler. Also clean up ex_data after + calling the method-specific "finish()" handler. Previously, this was + happening the other way round. + [Geoff Thorpe] + *) Increase BN_CTX_NUM (the number of BIGNUMs in a BN_CTX) to 16. The previous value, 12, was not always sufficient for BN_mod_exp(). [Bodo Moeller] diff --git a/STATUS b/STATUS index fc2250702b..c488da955c 100644 --- a/STATUS +++ b/STATUS @@ -1,10 +1,10 @@ OpenSSL STATUS Last modified at - ______________ $Date: 2001/03/22 09:02:38 $ + ______________ $Date: 2001/03/22 10:59:16 $ DEVELOPMENT STATE - o OpenSSL 0.9.6a: In development... + o OpenSSL 0.9.6a: Bugfix release -- under development... Beta 1 released on March 13th, 2001 HP-UX 10.20 (hpux-parisc-cc) - PASSED [normal+engine] HP-UX 10.20 (hpux-parisc-gcc) - PASSED [normal+engine] @@ -50,14 +50,13 @@ AVAILABLE PATCHES - o CA.pl patch (Damien Miller) - IN PROGRESS o Steve is currently working on (in no particular order): ASN1 code redesign, butchery, replacement. + OCSP EVP cipher enhancement. - Proper (or at least usable) certificate chain verification. + Enhanced certificate chain verification. Private key, certificate and CRL API and implementation. Developing and bugfixing PKCS#7 (S/MIME code). Various X509 issues: character sets, certificate request extensions. @@ -66,19 +65,29 @@ o Richard is currently working on: UTIL (a new set of library functions to support some higher level functionality that is currently missing). - Dynamic thread-lock support. Shared library support for VMS. + OCSP + Kerberos 5 authentication + Constification NEEDS PATCH - o non-blocking socket on AIX - o $(PERL) in */Makefile.ssl - o "Sign the certificate?" - "n" creates empty certificate file + o apps/ca.c: "Sign the certificate?" - "n" creates empty certificate file + + o OpenSSL_0_9_6-stable: + #include in exported header files is illegal since + e_os.h is suitable only for library-internal use. + + o Whenever strncpy is used, make sure the resulting string is NULL-terminated + or an error is reported OPEN ISSUES - o internal_verify doesn't know about X509.v3 (basicConstraints - CA flag ...) + o crypto/ex_data.c is not really thread-safe and so must be used + with care (e.g., extra locking where necessary, or don't call + CRYPTO_get_ex_new_index once multiple threads exist). + The current API is not suitable for everything that it pretends + to offer. o The Makefile hierarchy and build mechanism is still not a round thing: