[thirdparty/openssl.git] / NEWS


  NEWS
  ====

  This file gives a brief overview of the major changes between each OpenSSL
  release. For more details please read the CHANGES file.

  Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7:

      o New library section OCSP.
      o Complete haul-over of the ASN.1 library section.

  Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a:

      o Security fix: change behavior of OpenSSL to avoid using
        environment variables when running as root.
      o Security fix: check the result of RSA-CRT to reduce the
        possibility of deducing the private key from an incorrectly
        calculated signature.
      o Security fix: prevent Bleichenbacher's DSA attack.
      o Security fix: Zero the premaster secret after deriving the
        master secret in DH ciphersuites.
      o Reimplement SSL_peek(), which had various problems.
      o Compatibility fix: the function des_encrypt() renamed to
        des_encrypt1() to avoid clashes with some Unixen libc.
      o Bug fixes for Win32, HP/UX and Irix.
      o Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and
        memory checking routines.
      o Bug fixes for RSA operations in threaded enviroments.
      o Bug fixes in misc. openssl applications.
      o Remove a few potential memory leaks.
      o Add tighter checks of BIGNUM routines.
      o Shared library support has been reworked for generality.
      o More documentation.
      o New function BN_rand_range().
      o Add "-rand" option to openssl s_client and s_server.

  Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6:

      o Some documentation for BIO and SSL libraries.
      o Enhanced chain verification using key identifiers.
      o New sign and verify options to 'dgst' application.
      o Support for DER and PEM encoded messages in 'smime' application.
      o New 'rsautl' application, low level RSA utility.
      o MD4 now included.
      o Bugfix for SSL rollback padding check.
      o Support for external crypto devices.
      o Enhanced EVP interface.

  Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a:

      o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8 
      o Shared library support for HPUX and Solaris-gcc
      o Support of Linux/IA64
      o Assembler support for Mingw32
      o New 'rand' application
      o New way to check for existence of algorithms from scripts

  Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5:

      o S/MIME support in new 'smime' command
      o Documentation for the OpenSSL command line application
      o Automation of 'req' application
      o Fixes to make s_client, s_server work under Windows
      o Support for multiple fieldnames in SPKACs
      o New SPKAC command line utilty and associated library functions
      o Options to allow passwords to be obtained from various sources
      o New public key PEM format and options to handle it
      o Many other fixes and enhancements to command line utilities
      o Usable certificate chain verification
      o Certificate purpose checking
      o Certificate trust settings
      o Support of authority information access extension
      o Extensions in certificate requests
      o Simplified X509 name and attribute routines
      o Initial (incomplete) support for international character sets
      o New DH_METHOD, DSA_METHOD and enhanced RSA_METHOD
      o Read only memory BIOs and simplified creation function
      o TLS/SSL protocol bugfixes: Accept TLS 'client hello' in SSL 3.0
        record; allow fragmentation and interleaving of handshake and other
        data
      o TLS/SSL code now "tolerates" MS SGC
      o Work around for Netscape client certificate hang bug
      o RSA_NULL option that removes RSA patent code but keeps other
        RSA functionality
      o Memory leak detection now allows applications to add extra information
        via a per-thread stack
      o PRNG robustness improved
      o EGD support
      o BIGNUM library bug fixes
      o Faster DSA parameter generation
      o Enhanced support for Alpha Linux
      o Experimental MacOS support

  Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4:

      o Transparent support for PKCS#8 format private keys: these are used
        by several software packages and are more secure than the standard
        form
      o PKCS#5 v2.0 implementation
      o Password callbacks have a new void * argument for application data
      o Avoid various memory leaks
      o New pipe-like BIO that allows using the SSL library when actual I/O
        must be handled by the application (BIO pair)

  Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3:
      o Lots of enhancements and cleanups to the Configuration mechanism
      o RSA OEAP related fixes
      o Added `openssl ca -revoke' option for revoking a certificate
      o Source cleanups: const correctness, type-safe stacks and ASN.1 SETs
      o Source tree cleanups: removed lots of obsolete files
      o Thawte SXNet, certificate policies and CRL distribution points
        extension support
      o Preliminary (experimental) S/MIME support
      o Support for ASN.1 UTF8String and VisibleString
      o Full integration of PKCS#12 code
      o Sparc assembler bignum implementation, optimized hash functions
      o Option to disable selected ciphers

  Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b:
      o Fixed a security hole related to session resumption
      o Fixed RSA encryption routines for the p < q case
      o "ALL" in cipher lists now means "everything except NULL ciphers"
      o Support for Triple-DES CBCM cipher
      o Support of Optimal Asymmetric Encryption Padding (OAEP) for RSA
      o First support for new TLSv1 ciphers
      o Added a few new BIOs (syslog BIO, reliable BIO)
      o Extended support for DSA certificate/keys.
      o Extended support for Certificate Signing Requests (CSR)
      o Initial support for X.509v3 extensions
      o Extended support for compression inside the SSL record layer
      o Overhauled Win32 builds
      o Cleanups and fixes to the Big Number (BN) library
      o Support for ASN.1 GeneralizedTime
      o Splitted ASN.1 SETs from SEQUENCEs
      o ASN1 and PEM support for Netscape Certificate Sequences
      o Overhauled Perl interface
      o Lots of source tree cleanups.
      o Lots of memory leak fixes.
      o Lots of bug fixes.

  Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c:
      o Integration of the popular NO_RSA/NO_DSA patches
      o Initial support for compression inside the SSL record layer
      o Added BIO proxy and filtering functionality
      o Extended Big Number (BN) library
      o Added RIPE MD160 message digest
      o Addeed support for RC2/64bit cipher
      o Extended ASN.1 parser routines
      o Adjustations of the source tree for CVS
      o Support for various new platforms
Commit	Line	Data
3b52c2e7 RE	1
	2	NEWS
	3	====
	4
	5	This file gives a brief overview of the major changes between each OpenSSL
	6	release. For more details please read the CHANGES file.
	7
3ba25ee8	8	Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7:
83f25717 RL	9
83f25717 RL	10	o New library section OCSP.
3ba25ee8	11	o Complete haul-over of the ASN.1 library section.
83f25717	12
7cdd2aa1 RL	13	Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a:
	14
	15	o Security fix: change behavior of OpenSSL to avoid using
	16	environment variables when running as root.
	17	o Security fix: check the result of RSA-CRT to reduce the
	18	possibility of deducing the private key from an incorrectly
	19	calculated signature.
	20	o Security fix: prevent Bleichenbacher's DSA attack.
	21	o Security fix: Zero the premaster secret after deriving the
	22	master secret in DH ciphersuites.
4fea8145	23	o Reimplement SSL_peek(), which had various problems.
307bf4da RL	24	o Compatibility fix: the function des_encrypt() renamed to
307bf4da RL	25	des_encrypt1() to avoid clashes with some Unixen libc.
7cdd2aa1 RL	26	o Bug fixes for Win32, HP/UX and Irix.
	27	o Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and
	28	memory checking routines.
	29	o Bug fixes for RSA operations in threaded enviroments.
	30	o Bug fixes in misc. openssl applications.
	31	o Remove a few potential memory leaks.
	32	o Add tighter checks of BIGNUM routines.
	33	o Shared library support has been reworked for generality.
	34	o More documentation.
4fea8145	35	o New function BN_rand_range().
7cdd2aa1 RL	36	o Add "-rand" option to openssl s_client and s_server.
7cdd2aa1 RL	37
4e87e05b DSH	38	Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6:
	39
	40	o Some documentation for BIO and SSL libraries.
	41	o Enhanced chain verification using key identifiers.
	42	o New sign and verify options to 'dgst' application.
	43	o Support for DER and PEM encoded messages in 'smime' application.
	44	o New 'rsautl' application, low level RSA utility.
b38d84d8 BM	45	o MD4 now included.
b38d84d8 BM	46	o Bugfix for SSL rollback padding check.
3ba25ee8	47	o Support for external crypto devices.
fda05b21	48	o Enhanced EVP interface.
b22bda21	49
35a79ecb RL	50	Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a:
35a79ecb RL	51
b7a81df4	52	o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8
35a79ecb RL	53	o Shared library support for HPUX and Solaris-gcc
35a79ecb RL	54	o Support of Linux/IA64
b7a81df4	55	o Assembler support for Mingw32
35a79ecb RL	56	o New 'rand' application
	57	o New way to check for existence of algorithms from scripts
	58
0c235249 UM	59	Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5:
0c235249 UM	60
90644dd7	61	o S/MIME support in new 'smime' command
0c235249	62	o Documentation for the OpenSSL command line application
90644dd7 DSH	63	o Automation of 'req' application
	64	o Fixes to make s_client, s_server work under Windows
	65	o Support for multiple fieldnames in SPKACs
	66	o New SPKAC command line utilty and associated library functions
ae1bb4e5	67	o Options to allow passwords to be obtained from various sources
90644dd7 DSH	68	o New public key PEM format and options to handle it
	69	o Many other fixes and enhancements to command line utilities
	70	o Usable certificate chain verification
	71	o Certificate purpose checking
	72	o Certificate trust settings
	73	o Support of authority information access extension
	74	o Extensions in certificate requests
	75	o Simplified X509 name and attribute routines
ae1bb4e5	76	o Initial (incomplete) support for international character sets
90644dd7 DSH	77	o New DH_METHOD, DSA_METHOD and enhanced RSA_METHOD
90644dd7 DSH	78	o Read only memory BIOs and simplified creation function
8bd5b794 BM	79	o TLS/SSL protocol bugfixes: Accept TLS 'client hello' in SSL 3.0
	80	record; allow fragmentation and interleaving of handshake and other
	81	data
90644dd7	82	o TLS/SSL code now "tolerates" MS SGC
8bd5b794	83	o Work around for Netscape client certificate hang bug
90644dd7 DSH	84	o RSA_NULL option that removes RSA patent code but keeps other
90644dd7 DSH	85	RSA functionality
07e6dbde BM	86	o Memory leak detection now allows applications to add extra information
	87	via a per-thread stack
	88	o PRNG robustness improved
4d524e10	89	o EGD support
6d9ca500	90	o BIGNUM library bug fixes
4d524e10	91	o Faster DSA parameter generation
74235cc9 UM	92	o Enhanced support for Alpha Linux
74235cc9 UM	93	o Experimental MacOS support
0c235249	94
ed7f60fb DSH	95	Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4:
	96
	97	o Transparent support for PKCS#8 format private keys: these are used
c97cbcb3 BM	98	by several software packages and are more secure than the standard
	99	form
	100	o PKCS#5 v2.0 implementation
	101	o Password callbacks have a new void * argument for application data
	102	o Avoid various memory leaks
	103	o New pipe-like BIO that allows using the SSL library when actual I/O
	104	must be handled by the application (BIO pair)
ed7f60fb	105
8e8a8a5f	106	Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3:
9de649ff UM	107	o Lots of enhancements and cleanups to the Configuration mechanism
9de649ff UM	108	o RSA OEAP related fixes
8e8a8a5f RE	109	o Added `openssl ca -revoke' option for revoking a certificate
	110	o Source cleanups: const correctness, type-safe stacks and ASN.1 SETs
	111	o Source tree cleanups: removed lots of obsolete files
703126f0	112	o Thawte SXNet, certificate policies and CRL distribution points
a03dd7a6	113	extension support
703126f0 DSH	114	o Preliminary (experimental) S/MIME support
	115	o Support for ASN.1 UTF8String and VisibleString
	116	o Full integration of PKCS#12 code
2cf9fcda	117	o Sparc assembler bignum implementation, optimized hash functions
b0759f87	118	o Option to disable selected ciphers
8e8a8a5f	119
d343d272	120	Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b:
738769ff RE	121	o Fixed a security hole related to session resumption
	122	o Fixed RSA encryption routines for the p < q case
	123	o "ALL" in cipher lists now means "everything except NULL ciphers"
3b52c2e7 RE	124	o Support for Triple-DES CBCM cipher
	125	o Support of Optimal Asymmetric Encryption Padding (OAEP) for RSA
	126	o First support for new TLSv1 ciphers
	127	o Added a few new BIOs (syslog BIO, reliable BIO)
	128	o Extended support for DSA certificate/keys.
03e20a1a	129	o Extended support for Certificate Signing Requests (CSR)
3b52c2e7 RE	130	o Initial support for X.509v3 extensions
	131	o Extended support for compression inside the SSL record layer
	132	o Overhauled Win32 builds
	133	o Cleanups and fixes to the Big Number (BN) library
	134	o Support for ASN.1 GeneralizedTime
	135	o Splitted ASN.1 SETs from SEQUENCEs
	136	o ASN1 and PEM support for Netscape Certificate Sequences
	137	o Overhauled Perl interface
	138	o Lots of source tree cleanups.
	139	o Lots of memory leak fixes.
	140	o Lots of bug fixes.
	141
	142	Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c:
	143	o Integration of the popular NO_RSA/NO_DSA patches
	144	o Initial support for compression inside the SSL record layer
	145	o Added BIO proxy and filtering functionality
	146	o Extended Big Number (BN) library
	147	o Added RIPE MD160 message digest
	148	o Addeed support for RC2/64bit cipher
	149	o Extended ASN.1 parser routines
	150	o Adjustations of the source tree for CVS
	151	o Support for various new platforms
	152