diff options
author | Bodo Möller <bodo@openssl.org> | 1999-10-26 01:56:29 +0000 |
---|---|---|
committer | Bodo Möller <bodo@openssl.org> | 1999-10-26 01:56:29 +0000 |
commit | a31011e8e0ea18f1cc79d7eb53238768ae9369c6 (patch) | |
tree | da6c9af95c39c6e6c44d2b71ace3bd4495728be1 /CHANGES | |
parent | 38899535f85784442395aeab921b25fc79266491 (diff) |
Various randomness handling bugfixes and improvements --
some utilities that should have used RANDFILE did not,
and -rand handling was broken except in genrsa.
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 27 |
1 files changed, 27 insertions, 0 deletions
@@ -4,6 +4,33 @@ Changes between 0.9.4 and 0.9.5 [xx XXX 1999] + *) New file apps/app_rand.c with commonly needed functionality + for handling the random seed file. + + Use the random seed file in some applications that previously did not: + ca, + dsaparam -genkey (which also ignored its `-rand' option), + s_client, + s_server, + x509 (when signing). + Except on systems with /dev/urandom, it is crucial to have a random + seed file at least for key creation, DSA signing, and for DH exchanges; + for RSA signatures it might not hurt _that_ much not to have one. + + gendh and gendsa (unlike genrsa) used to read only the first byte + of each file listed in the `-rand' option. The function as previously + found in genrsa is now in app_rand.c and is used by all programs + that support `-rand'. + [Bodo Moeller] + + *) In RAND_write_file, use mode 0600 for creating files; + don't just chmod when it may be too late. + [Bodo Moeller] + + *) Report an error from X509_STORE_load_locations + when X509_LOOKUP_load_file or X509_LOOKUP_add_dir failed. + [Bill Perry] + *) New function ASN1_mbstring_copy() this copies a string in either ASCII, Unicode, Universal (4 bytes per character) or UTF8 format into an ASN1_STRING type. A mask of permissible types is passed |