Harmonize CHANGES and STATUS files between the 0.9.6a branch and

the trunk to keep diffs small.
This commit is contained in:
Bodo Möller 2001-03-22 10:59:18 +00:00
parent bdcb9321ca
commit a8e738f9ad
2 changed files with 36 additions and 21 deletions

26
CHANGES
View file

@ -28,15 +28,6 @@
X509_NAME_get_index_by_NID() since 0 is a valid index. X509_NAME_get_index_by_NID() since 0 is a valid index.
[Steve Henson reported by Massimiliano Pala <madwolf@opensca.org>] [Steve Henson reported by Massimiliano Pala <madwolf@opensca.org>]
*) Use better test patterns in bntest.
[Ulf Möller]
*) Initialise "ex_data" member of RSA/DSA/DH structures prior to calling
the method-specific "init()" handler. Also clean up ex_data after
calling the method-specific "finish()" handler. Previously, this was
happening the other way round.
[Geoff Thorpe]
*) Avoid coredump with unsupported or invalid public keys by checking if *) Avoid coredump with unsupported or invalid public keys by checking if
X509_get_pubkey() fails in PKCS7_verify(). Fix memory leak when X509_get_pubkey() fails in PKCS7_verify(). Fix memory leak when
PKCS7_verify() fails with non detached data. PKCS7_verify() fails with non detached data.
@ -69,6 +60,7 @@
*) Fix X509_NAME bug which produced incorrect encoding if X509_NAME *) Fix X509_NAME bug which produced incorrect encoding if X509_NAME
was empty. was empty.
[Steve Henson] [Steve Henson]
[This change does not apply to 0.9.7.]
*) Use the cached encoding of an X509_NAME structure rather than *) Use the cached encoding of an X509_NAME structure rather than
copying it. This is apparently the reason for the libsafe "errors" copying it. This is apparently the reason for the libsafe "errors"
@ -80,7 +72,7 @@
Extend BN_[pseudo_]rand: As before, top=1 forces the highest two bits Extend BN_[pseudo_]rand: As before, top=1 forces the highest two bits
to be set and top=0 forces the highest bit to be set; top=-1 is new to be set and top=0 forces the highest bit to be set; top=-1 is new
and leaves the highest bit random. and leaves the highest bit random.
[Ulf Moeller] [Ulf Moeller, Bodo Moeller]
*) In the NCONF_...-based implementations for CONF_... queries *) In the NCONF_...-based implementations for CONF_... queries
(crypto/conf/conf_lib.c), if the input LHASH is NULL, avoid using (crypto/conf/conf_lib.c), if the input LHASH is NULL, avoid using
@ -109,6 +101,7 @@
macros previously used would not encode an empty SEQUENCE OF macros previously used would not encode an empty SEQUENCE OF
and break the signature. and break the signature.
[Steve Henson] [Steve Henson]
[This change does not apply to 0.9.7.]
*) Zero the premaster secret after deriving the master secret in *) Zero the premaster secret after deriving the master secret in
DH ciphersuites. DH ciphersuites.
@ -161,12 +154,19 @@
*) Fix a deadlock in CRYPTO_mem_leaks(). *) Fix a deadlock in CRYPTO_mem_leaks().
[Bodo Moeller] [Bodo Moeller]
*) Use better test patterns in bntest.
[Ulf Möller]
*) rand_win.c fix for Borland C. *) rand_win.c fix for Borland C.
[Ulf Möller] [Ulf Möller]
*) BN_rshift bugfix for n == 0. *) BN_rshift bugfix for n == 0.
[Bodo Moeller] [Bodo Moeller]
*) Add a 'bctest' script that checks for some known 'bc' bugs
so that 'make test' does not abort just because 'bc' is broken.
[Bodo Moeller]
*) Store verify_result within SSL_SESSION also for client side to *) Store verify_result within SSL_SESSION also for client side to
avoid potential security hole. (Re-used sessions on the client side avoid potential security hole. (Re-used sessions on the client side
always resulted in verify_result==X509_V_OK, not using the original always resulted in verify_result==X509_V_OK, not using the original
@ -189,6 +189,12 @@
does the actual work for ssl3_read_internal. does the actual work for ssl3_read_internal.
[Bodo Moeller] [Bodo Moeller]
*) Initialise "ex_data" member of RSA/DSA/DH structures prior to calling
the method-specific "init()" handler. Also clean up ex_data after
calling the method-specific "finish()" handler. Previously, this was
happening the other way round.
[Geoff Thorpe]
*) Increase BN_CTX_NUM (the number of BIGNUMs in a BN_CTX) to 16. *) Increase BN_CTX_NUM (the number of BIGNUMs in a BN_CTX) to 16.
The previous value, 12, was not always sufficient for BN_mod_exp(). The previous value, 12, was not always sufficient for BN_mod_exp().
[Bodo Moeller] [Bodo Moeller]

31
STATUS
View file

@ -1,10 +1,10 @@
OpenSSL STATUS Last modified at OpenSSL STATUS Last modified at
______________ $Date: 2001/03/22 09:02:38 $ ______________ $Date: 2001/03/22 10:59:16 $
DEVELOPMENT STATE DEVELOPMENT STATE
o OpenSSL 0.9.6a: In development... o OpenSSL 0.9.6a: Bugfix release -- under development...
Beta 1 released on March 13th, 2001 Beta 1 released on March 13th, 2001
HP-UX 10.20 (hpux-parisc-cc) - PASSED [normal+engine] HP-UX 10.20 (hpux-parisc-cc) - PASSED [normal+engine]
HP-UX 10.20 (hpux-parisc-gcc) - PASSED [normal+engine] HP-UX 10.20 (hpux-parisc-gcc) - PASSED [normal+engine]
@ -50,14 +50,13 @@
AVAILABLE PATCHES AVAILABLE PATCHES
o CA.pl patch (Damien Miller)
IN PROGRESS IN PROGRESS
o Steve is currently working on (in no particular order): o Steve is currently working on (in no particular order):
ASN1 code redesign, butchery, replacement. ASN1 code redesign, butchery, replacement.
OCSP
EVP cipher enhancement. EVP cipher enhancement.
Proper (or at least usable) certificate chain verification. Enhanced certificate chain verification.
Private key, certificate and CRL API and implementation. Private key, certificate and CRL API and implementation.
Developing and bugfixing PKCS#7 (S/MIME code). Developing and bugfixing PKCS#7 (S/MIME code).
Various X509 issues: character sets, certificate request extensions. Various X509 issues: character sets, certificate request extensions.
@ -66,19 +65,29 @@
o Richard is currently working on: o Richard is currently working on:
UTIL (a new set of library functions to support some higher level UTIL (a new set of library functions to support some higher level
functionality that is currently missing). functionality that is currently missing).
Dynamic thread-lock support.
Shared library support for VMS. Shared library support for VMS.
OCSP
Kerberos 5 authentication
Constification
NEEDS PATCH NEEDS PATCH
o non-blocking socket on AIX o apps/ca.c: "Sign the certificate?" - "n" creates empty certificate file
o $(PERL) in */Makefile.ssl
o "Sign the certificate?" - "n" creates empty certificate file o OpenSSL_0_9_6-stable:
#include <openssl/e_os.h> in exported header files is illegal since
e_os.h is suitable only for library-internal use.
o Whenever strncpy is used, make sure the resulting string is NULL-terminated
or an error is reported
OPEN ISSUES OPEN ISSUES
o internal_verify doesn't know about X509.v3 (basicConstraints o crypto/ex_data.c is not really thread-safe and so must be used
CA flag ...) with care (e.g., extra locking where necessary, or don't call
CRYPTO_get_ex_new_index once multiple threads exist).
The current API is not suitable for everything that it pretends
to offer.
o The Makefile hierarchy and build mechanism is still not a round thing: o The Makefile hierarchy and build mechanism is still not a round thing: