CHANGES

 OpenSSL CHANGES
 _______________

 Changes between 0.9.4 and 0.9.5  [xx XXX 1999]

  *) Make crypto/rand/md_rand.c more robust:
     - Detect fork() and assure unique random states.
     - Make sure that concurrent threads access the global counter and
       md serializably so that we never lose entropy in them
       or use exactly the same state in multiple threads.
       Access to the large state is not always serializable because
       the additional locking could be a performance killer, and
       md should be large enough anyway.
     [Bodo Moeller]

  *) New file apps/app_rand.c with commonly needed functionality
     for handling the random seed file.

     Use the random seed file in some applications that previously did not:
          ca,
          dsaparam -genkey (which also ignored its `-rand' option), 
          s_client,
          s_server,
          x509 (when signing).
     Except on systems with /dev/urandom, it is crucial to have a random
     seed file at least for key creation, DSA signing, and for DH exchanges;
     for RSA signatures we could do without one.

     gendh and gendsa (unlike genrsa) used to read only the first byte
     of each file listed in the `-rand' option.  The function as previously
     found in genrsa is now in app_rand.c and is used by all programs
     that support `-rand'.
     [Bodo Moeller]

  *) In RAND_write_file, use mode 0600 for creating files;
     don't just chmod when it may be too late.
     [Bodo Moeller]

  *) Report an error from X509_STORE_load_locations
     when X509_LOOKUP_load_file or X509_LOOKUP_add_dir failed.
     [Bill Perry]

  *) New function ASN1_mbstring_copy() this copies a string in either
     ASCII, Unicode, Universal (4 bytes per character) or UTF8 format
     into an ASN1_STRING type. A mask of permissible types is passed
     and it chooses the "minimal" type to use or an error if not type
     is suitable.
     [Steve Henson]

  *) Add function equivalents to the various macros in asn1.h. The old
     macros are retained with an M_ prefix. Code inside the library can
     use the M_ macros. External code (including the openssl utility)
     should *NOT* in order to be "shared library friendly".
     [Steve Henson]

  *) Add various functions that can check a certificate's extensions
     to see if it usable for various purposes such as SSL client,
     server or S/MIME and CAs of these types. This is currently 
     VERY EXPERIMENTAL but will ultimately be used for certificate chain
     verification. Also added a -purpose flag to x509 utility to
     print out all the purposes.
     [Steve Henson]

  *) Add a CRYPTO_EX_DATA to X509 certificate structure and associated
     functions.
     [Steve Henson]

  *) New X509V3_{X509,CRL,REVOKED}_get_d2i() functions. These will search
     for, obtain and decode and extension and obtain its critical flag.
     This allows all the necessary extension code to be handled in a
     single function call.
     [Steve Henson]

  *) RC4 tune-up featuring 30-40% performance improvement on most RISC
     platforms. See crypto/rc4/rc4_enc.c for further details.
     [Andy Polyakov]

  *) New -noout option to asn1parse. This causes no output to be produced
     its main use is when combined with -strparse and -out to extract data
     from a file (which may not be in ASN.1 format).
     [Steve Henson]

  *) Fix for pkcs12 program. It was hashing an invalid certificate pointer
     when producing the local key id.
     [Richard Levitte <levitte@stacken.kth.se>]

  *) New option -dhparam in s_server. This allows a DH parameter file to be
     stated explicitly. If it is not stated then it tries the first server
     certificate file. The previous behaviour hard coded the filename
     "server.pem".
     [Steve Henson]

  *) Add -pubin and -pubout options to the rsa and dsa commands. These allow
     a public key to be input or output. For example:
     openssl rsa -in key.pem -pubout -out pubkey.pem
     Also added necessary DSA public key functions to handle this.
     [Steve Henson]

  *) Fix so PKCS7_dataVerify() doesn't crash if no certificates are contained
     in the message. This was handled by allowing
     X509_find_by_issuer_and_serial() to tolerate a NULL passed to it.
     [Steve Henson, reported by Sampo Kellomaki <sampo@mail.neuronio.pt>]

  *) Fix for bug in d2i_ASN1_bytes(): other ASN1 functions add an extra null
     to the end of the strings whereas this didn't. This would cause problems
     if strings read with d2i_ASN1_bytes() were later modified.
     [Steve Henson, reported by Arne Ansper <arne@ats.cyber.ee>]

  *) Fix for base64 decode bug. When a base64 bio reads only one line of
     data and it contains EOF it will end up returning an error. This is
     caused by input 46 bytes long. The cause is due to the way base64
     BIOs find the start of base64 encoded data. They do this by trying a
     trial decode on each line until they find one that works. When they
     do a flag is set and it starts again knowing it can pass all the
     data directly through the decoder. Unfortunately it doesn't reset
     the context it uses. This means that if EOF is reached an attempt
     is made to pass two EOFs through the context and this causes the
     resulting error. This can also cause other problems as well. As is
     usual with these problems it takes *ages* to find and the fix is
     trivial: move one line.
     [Steve Henson, reported by ian@uns.ns.ac.yu (Ivan Nejgebauer) ]

  *) Ugly workaround to get s_client and s_server working under Windows. The
     old code wouldn't work because it needed to select() on sockets and the
     tty (for keypresses and to see if data could be written). Win32 only
     supports select() on sockets so we select() with a 1s timeout on the
     sockets and then see if any characters are waiting to be read, if none
     are present then we retry, we also assume we can always write data to
     the tty. This isn't nice because the code then blocks until we've
     received a complete line of data and it is effectively polling the
     keyboard at 1s intervals: however it's quite a bit better than not
     working at all :-) A dedicated Windows application might handle this
     with an event loop for example.
     [Steve Henson]

  *) Enhance RSA_METHOD structure. Now there are two extra methods, rsa_sign
     and rsa_verify. When the RSA_FLAGS_SIGN_VER option is set these functions
     will be called when RSA_sign() and RSA_verify() are used. This is useful
     if rsa_pub_dec() and rsa_priv_enc() equivalents are not available.
     For this to work properly RSA_public_decrypt() and RSA_private_encrypt()
     should *not* be used: RSA_sign() and RSA_verify() must be used instead.
     This necessitated the support of an extra signature type NID_md5_sha1
     for SSL signatures and modifications to the SSL library to use it instead
     of calling RSA_public_decrypt() and RSA_private_encrypt().
     [Steve Henson]

  *) Add new -verify -CAfile and -CApath options to the crl program, these
     will lookup a CRL issuers certificate and verify the signature in a
     similar way to the verify program. Tidy up the crl program so it
     no longer acesses structures directly. Make the ASN1 CRL parsing a bit
     less strict. It will now permit CRL extensions even if it is not
     a V2 CRL: this will allow it to tolerate some broken CRLs.
     [Steve Henson]

  *) Initialize all non-automatic variables each time one of the openssl
     sub-programs is started (this is necessary as they may be started
     multiple times from the "OpenSSL>" prompt).
     [Lennart Bang, Bodo Moeller]

  *) Preliminary compilation option RSA_NULL which disables RSA crypto without
     removing all other RSA functionality (this is what NO_RSA does). This
     is so (for example) those in the US can disable those operations covered
     by the RSA patent while allowing storage and parsing of RSA keys and RSA
     key generation.
     [Steve Henson]

  *) Non-copying interface to BIO pairs.
     (still largely untested)
     [Bodo Moeller]

  *) New function ANS1_tag2str() to convert an ASN1 tag to a descriptive
     ASCII string. This was handled independently in various places before.
     [Steve Henson]

  *) New functions UTF8_getc() and UTF8_putc() that parse and generate
     UTF8 strings a character at a time.
     [Steve Henson]

  *) Use client_version from client hello to select the protocol
     (s23_srvr.c) and for RSA client key exchange verification
     (s3_srvr.c), as required by the SSL 3.0/TLS 1.0 specifications.
     [Bodo Moeller]

  *) Add various utility functions to handle SPKACs, these were previously
     handled by poking round in the structure internals. Added new function
     NETSCAPE_SPKI_print() to print out SPKAC and a new utility 'spkac' to
     print, verify and generate SPKACs. Based on an original idea from
     Massimiliano Pala <madwolf@comune.modena.it> but extensively modified.
     [Steve Henson]

  *) RIPEMD160 is operational on all platforms and is back in 'make test'.
     [Andy Polyakov]

  *) Allow the config file extension section to be overwritten on the
     command line. Based on an original idea from Massimiliano Pala
     <madwolf@comune.modena.it>. The new option is called -extensions
     and can be applied to ca, req and x509. Also -reqexts to override
     the request extensions in req and -crlexts to override the crl extensions
     in ca.