projects / thirdparty / openssl.git / blame
| Commit | Line | Data |
|---|---|---|
| 3b52c2e7 RE |
1 | |
| 2 | NEWS | |
| 3 | ==== | |
| 4 | ||
| 5 | This file gives a brief overview of the major changes between each OpenSSL | |
| 6 | release. For more details please read the CHANGES file. | |
| 7 | ||
| e27fd320 | 8 | Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d: |
| c1fb6557 RL |
9 | |
| 10 | o Various SSL/TLS library bugfixes. | |
| 11 | o Fix DH parameter generation for 'non-standard' generators. | |
| 12 | ||
| e27fd320 | 13 | Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c: |
| da904c9c BM |
14 | |
| 15 | o Various SSL/TLS library bugfixes. | |
| 16 | o BIGNUM library fixes. | |
| d8e2daf1 RL |
17 | o RSA OAEP and random number generation fixes. |
| 18 | o Object identifiers corrected and added. | |
| 19 | o Add assembler BN routines for IA64. | |
| 20 | o Add support for OS/390 Unix, UnixWare with gcc, OpenUNIX 8, | |
| 21 | MIPS Linux; shared library support for Irix, HP-UX. | |
| da904c9c | 22 | o Add crypto accelerator support for AEP, Baltimore SureWare, |
| d8e2daf1 RL |
23 | Broadcom and Cryptographic Appliance's keyserver |
| 24 | [in 0.9.6c-engine release]. | |
| da904c9c | 25 | |
| e27fd320 | 26 | Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b: |
| 7b24a1a3 RL |
27 | |
| 28 | o Security fix: PRNG improvements. | |
| 29 | o Security fix: RSA OAEP check. | |
| 30 | o Security fix: Reinsert and fix countermeasure to Bleichbacher's | |
| 31 | attack. | |
| 32 | o MIPS bug fix in BIGNUM. | |
| 33 | o Bug fix in "openssl enc". | |
| 34 | o Bug fix in X.509 printing routine. | |
| 35 | o Bug fix in DSA verification routine and DSA S/MIME verification. | |
| 36 | o Bug fix to make PRNG thread-safe. | |
| 37 | o Bug fix in RAND_file_name(). | |
| 38 | o Bug fix in compatibility mode trust settings. | |
| 39 | o Bug fix in blowfish EVP. | |
| 40 | o Increase default size for BIO buffering filter. | |
| 41 | o Compatibility fixes in some scripts. | |
| 42 | ||
| 4c37da80 RL |
43 | Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a: |
| 44 | ||
| 45 | o Security fix: change behavior of OpenSSL to avoid using | |
| 46 | environment variables when running as root. | |
| 47 | o Security fix: check the result of RSA-CRT to reduce the | |
| 48 | possibility of deducing the private key from an incorrectly | |
| 49 | calculated signature. | |
| 50 | o Security fix: prevent Bleichenbacher's DSA attack. | |
| 51 | o Security fix: Zero the premaster secret after deriving the | |
| 52 | master secret in DH ciphersuites. | |
| 6b458088 | 53 | o Reimplement SSL_peek(), which had various problems. |
| 4c37da80 RL |
54 | o Compatibility fix: the function des_encrypt() renamed to |
| 55 | des_encrypt1() to avoid clashes with some Unixen libc. | |
| 56 | o Bug fixes for Win32, HP/UX and Irix. | |
| 57 | o Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and | |
| 58 | memory checking routines. | |
| 59 | o Bug fixes for RSA operations in threaded enviroments. | |
| 60 | o Bug fixes in misc. openssl applications. | |
| 61 | o Remove a few potential memory leaks. | |
| 62 | o Add tighter checks of BIGNUM routines. | |
| 63 | o Shared library support has been reworked for generality. | |
| 64 | o More documentation. | |
| 6b458088 | 65 | o New function BN_rand_range(). |
| 4c37da80 RL |
66 | o Add "-rand" option to openssl s_client and s_server. |
| 67 | ||
| 4cae3ac3 RL |
68 | Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6: |
| 69 | ||
| 70 | o Some documentation for BIO and SSL libraries. | |
| 71 | o Enhanced chain verification using key identifiers. | |
| 72 | o New sign and verify options to 'dgst' application. | |
| 73 | o Support for DER and PEM encoded messages in 'smime' application. | |
| 74 | o New 'rsautl' application, low level RSA utility. | |
| 103a6049 RL |
75 | o MD4 now included. |
| 76 | o Bugfix for SSL rollback padding check. | |
| 47dc5a13 RL |
77 | o Support for external crypto devices [1]. |
| 78 | o Enhanced EVP interface. | |
| 4cae3ac3 | 79 | |
| 103a6049 RL |
80 | [1] The support for external crypto devices is currently a separate |
| 81 | distribution. See the file README.ENGINE. | |
| 4cae3ac3 | 82 | |
| 35a79ecb RL |
83 | Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a: |
| 84 | ||
| b7a81df4 | 85 | o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8 |
| 35a79ecb RL |
86 | o Shared library support for HPUX and Solaris-gcc |
| 87 | o Support of Linux/IA64 | |
| b7a81df4 | 88 | o Assembler support for Mingw32 |
| 35a79ecb RL |
89 | o New 'rand' application |
| 90 | o New way to check for existence of algorithms from scripts | |
| 91 | ||
| 0c235249 UM |
92 | Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5: |
| 93 | ||
| 90644dd7 | 94 | o S/MIME support in new 'smime' command |
| 0c235249 | 95 | o Documentation for the OpenSSL command line application |
| 90644dd7 DSH |
96 | o Automation of 'req' application |
| 97 | o Fixes to make s_client, s_server work under Windows | |
| 98 | o Support for multiple fieldnames in SPKACs | |
| 99 | o New SPKAC command line utilty and associated library functions | |
| ae1bb4e5 | 100 | o Options to allow passwords to be obtained from various sources |
| 90644dd7 DSH |
101 | o New public key PEM format and options to handle it |
| 102 | o Many other fixes and enhancements to command line utilities | |
| 103 | o Usable certificate chain verification | |
| 104 | o Certificate purpose checking | |
| 105 | o Certificate trust settings | |
| 106 | o Support of authority information access extension | |
| 107 | o Extensions in certificate requests | |
| 108 | o Simplified X509 name and attribute routines | |
| ae1bb4e5 | 109 | o Initial (incomplete) support for international character sets |
| 90644dd7 DSH |
110 | o New DH_METHOD, DSA_METHOD and enhanced RSA_METHOD |
| 111 | o Read only memory BIOs and simplified creation function | |
| 8bd5b794 BM |
112 | o TLS/SSL protocol bugfixes: Accept TLS 'client hello' in SSL 3.0 |
| 113 | record; allow fragmentation and interleaving of handshake and other | |
| 114 | data | |
| 90644dd7 | 115 | o TLS/SSL code now "tolerates" MS SGC |
| 8bd5b794 | 116 | o Work around for Netscape client certificate hang bug |
| 90644dd7 DSH |
117 | o RSA_NULL option that removes RSA patent code but keeps other |
| 118 | RSA functionality | |
| 07e6dbde BM |
119 | o Memory leak detection now allows applications to add extra information |
| 120 | via a per-thread stack | |
| 121 | o PRNG robustness improved | |
| 4d524e10 | 122 | o EGD support |
| 6d9ca500 | 123 | o BIGNUM library bug fixes |
| 4d524e10 | 124 | o Faster DSA parameter generation |
| 74235cc9 UM |
125 | o Enhanced support for Alpha Linux |
| 126 | o Experimental MacOS support | |
| 0c235249 | 127 | |
| ed7f60fb DSH |
128 | Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4: |
| 129 | ||
| 130 | o Transparent support for PKCS#8 format private keys: these are used | |
| c97cbcb3 BM |
131 | by several software packages and are more secure than the standard |
| 132 | form | |
| 133 | o PKCS#5 v2.0 implementation | |
| 134 | o Password callbacks have a new void * argument for application data | |
| 135 | o Avoid various memory leaks | |
| 136 | o New pipe-like BIO that allows using the SSL library when actual I/O | |
| 137 | must be handled by the application (BIO pair) | |
| ed7f60fb | 138 | |
| 8e8a8a5f | 139 | Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3: |
| 9de649ff UM |
140 | o Lots of enhancements and cleanups to the Configuration mechanism |
| 141 | o RSA OEAP related fixes | |
| 8e8a8a5f RE |
142 | o Added `openssl ca -revoke' option for revoking a certificate |
| 143 | o Source cleanups: const correctness, type-safe stacks and ASN.1 SETs | |
| 144 | o Source tree cleanups: removed lots of obsolete files | |
| 703126f0 | 145 | o Thawte SXNet, certificate policies and CRL distribution points |
| a03dd7a6 | 146 | extension support |
| 703126f0 DSH |
147 | o Preliminary (experimental) S/MIME support |
| 148 | o Support for ASN.1 UTF8String and VisibleString | |
| 149 | o Full integration of PKCS#12 code | |
| 2cf9fcda | 150 | o Sparc assembler bignum implementation, optimized hash functions |
| b0759f87 | 151 | o Option to disable selected ciphers |
| 8e8a8a5f | 152 | |
| d343d272 | 153 | Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b: |
| 738769ff RE |
154 | o Fixed a security hole related to session resumption |
| 155 | o Fixed RSA encryption routines for the p < q case | |
| 156 | o "ALL" in cipher lists now means "everything except NULL ciphers" | |
| 3b52c2e7 RE |
157 | o Support for Triple-DES CBCM cipher |
| 158 | o Support of Optimal Asymmetric Encryption Padding (OAEP) for RSA | |
| 159 | o First support for new TLSv1 ciphers | |
| 160 | o Added a few new BIOs (syslog BIO, reliable BIO) | |
| 161 | o Extended support for DSA certificate/keys. | |
| 03e20a1a | 162 | o Extended support for Certificate Signing Requests (CSR) |
| 3b52c2e7 RE |
163 | o Initial support for X.509v3 extensions |
| 164 | o Extended support for compression inside the SSL record layer | |
| 165 | o Overhauled Win32 builds | |
| 166 | o Cleanups and fixes to the Big Number (BN) library | |
| 167 | o Support for ASN.1 GeneralizedTime | |
| 168 | o Splitted ASN.1 SETs from SEQUENCEs | |
| 169 | o ASN1 and PEM support for Netscape Certificate Sequences | |
| 170 | o Overhauled Perl interface | |
| 171 | o Lots of source tree cleanups. | |
| 172 | o Lots of memory leak fixes. | |
| 173 | o Lots of bug fixes. | |
| 174 | ||
| 175 | Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c: | |
| 176 | o Integration of the popular NO_RSA/NO_DSA patches | |
| 177 | o Initial support for compression inside the SSL record layer | |
| 178 | o Added BIO proxy and filtering functionality | |
| 179 | o Extended Big Number (BN) library | |
| 180 | o Added RIPE MD160 message digest | |
| 181 | o Addeed support for RC2/64bit cipher | |
| 182 | o Extended ASN.1 parser routines | |
| 183 | o Adjustations of the source tree for CVS | |
| 184 | o Support for various new platforms | |
| 185 |