]>
Commit | Line | Data |
---|---|---|
651d0aff | 1 | |
f1c236f8 | 2 | OpenSSL CHANGES |
651d0aff RE |
3 | _______________ |
4 | ||
5 | ||
1b276f30 RE |
6 | Changes between 0.9.2b and 0.9.3 |
7 | ||
cfcefcbe DSH |
8 | *) Further PKCS#12 integration. Added password based encryption, PKCS#8 and |
9 | packing functions to asn1 and evp. Changed function names and error | |
10 | codes along the way. | |
11 | [Steve Henson] | |
12 | ||
4b518c26 DSH |
13 | *) PKCS12 integration: and so it begins... First of several patches to |
14 | slowly integrate PKCS#12 functionality into OpenSSL. Add PKCS#12 | |
cfcefcbe | 15 | objects to objects.h |
4b518c26 DSH |
16 | [Steve Henson] |
17 | ||
785cdf20 DSH |
18 | *) Add a new 'indent' option to some X509V3 extension code. Initial ASN1 |
19 | and display support for Thawte strong extranet extension. | |
20 | [Steve Henson] | |
21 | ||
ba423add BL |
22 | *) Add LinuxPPC support. |
23 | [Jeff Dubrule <igor@pobox.org>] | |
24 | ||
67da3df7 BL |
25 | *) Get rid of redundant BN file bn_mulw.c, and rename bn_div64 to |
26 | bn_div_words in alpha.s. | |
27 | [Hannes Reinecke <H.Reinecke@hw.ac.uk> and Ben Laurie] | |
28 | ||
0e9fc711 RE |
29 | *) Make sure the RSA OAEP test is skipped under -DRSAref because |
30 | OAEP isn't supported when OpenSSL is built with RSAref. | |
31 | [Ulf Moeller <ulf@fitug.de>] | |
32 | ||
1b276f30 RE |
33 | *) Move definitions of IS_SET/IS_SEQUENCE inside crypto/asn1/asn1.h |
34 | so they no longer are missing under -DNOPROTO. | |
35 | [Soren S. Jorvang <soren@t.dk>] | |
36 | ||
e98b5b58 | 37 | Changes between 0.9.1c and 0.9.2b |
4f43d0e7 | 38 | |
b4cadc6e BL |
39 | *) Make SSL_get_peer_cert_chain() work in servers. Unfortunately, it still |
40 | doesn't work when the session is reused. Coming soon! | |
41 | [Ben Laurie] | |
42 | ||
43 | *) Fix a security hole, that allows sessions to be reused in the wrong | |
44 | context thus bypassing client cert protection! All software that uses | |
45 | client certs and session caches in multiple contexts NEEDS PATCHING to | |
46 | allow session reuse! A fuller solution is in the works. | |
47 | [Ben Laurie, problem pointed out by Holger Reif, Bodo Moeller (and ???)] | |
48 | ||
afb23063 RE |
49 | *) Some more source tree cleanups (removed obsolete files |
50 | crypto/bf/asm/bf586.pl, test/test.txt and crypto/sha/asm/f.s; changed | |
51 | permission on "config" script to be executable) and a fix for the INSTALL | |
52 | document. | |
53 | [Ulf Moeller <ulf@fitug.de>] | |
54 | ||
199d59e5 DSH |
55 | *) Remove some legacy and erroneous uses of malloc, free instead of |
56 | Malloc, Free. | |
57 | [Lennart Bang <lob@netstream.se>, with minor changes by Steve] | |
58 | ||
b4899bb1 BL |
59 | *) Make rsa_oaep_test return non-zero on error. |
60 | [Ulf Moeller <ulf@fitug.de>] | |
61 | ||
29c0fccb BL |
62 | *) Add support for native Solaris shared libraries. Configure |
63 | solaris-sparc-sc4-pic, make, then run shlib/solaris-sc4.sh. It'd be nice | |
64 | if someone would make that last step automatic. | |
65 | [Matthias Loepfe <Matthias.Loepfe@AdNovum.CH>] | |
66 | ||
cadf126b BL |
67 | *) ctx_size was not built with the right compiler during "make links". Fixed. |
68 | [Ben Laurie] | |
69 | ||
bc420ac5 DSH |
70 | *) Change the meaning of 'ALL' in the cipher list. It now means "everything |
71 | except NULL ciphers". This means the default cipher list will no longer | |
72 | enable NULL ciphers. They need to be specifically enabled e.g. with | |
73 | the string "DEFAULT:eNULL". | |
74 | [Steve Henson] | |
75 | ||
abd4c915 DSH |
76 | *) Fix to RSA private encryption routines: if p < q then it would |
77 | occasionally produce an invalid result. This will only happen with | |
78 | externally generated keys because OpenSSL (and SSLeay) ensure p > q. | |
79 | [Steve Henson] | |
80 | ||
7e37e72a RE |
81 | *) Be less restrictive and allow also `perl util/perlpath.pl |
82 | /path/to/bin/perl' in addition to `perl util/perlpath.pl /path/to/bin', | |
83 | because this way one can also use an interpreter named `perl5' (which is | |
84 | usually the name of Perl 5.xxx on platforms where an Perl 4.x is still | |
85 | installed as `perl'). | |
86 | [Matthias Loepfe <Matthias.Loepfe@adnovum.ch>] | |
87 | ||
637691e6 RE |
88 | *) Let util/clean-depend.pl work also with older Perl 5.00x versions. |
89 | [Matthias Loepfe <Matthias.Loepfe@adnovum.ch>] | |
90 | ||
83ec54b4 DSH |
91 | *) Fix Makefile.org so CC,CFLAG etc are passed to 'make links' add |
92 | advapi32.lib to Win32 build and change the pem test comparision | |
93 | to fc.exe (thanks to Ulrich Kroener <kroneru@yahoo.com> for the | |
38138020 DSH |
94 | suggestion). Fix misplaced ASNI prototypes and declarations in evp.h |
95 | and crypto/des/ede_cbcm_enc.c. | |
96 | [Steve Henson] | |
83ec54b4 | 97 | |
b241fefd BL |
98 | *) DES quad checksum was broken on big-endian architectures. Fixed. |
99 | [Ben Laurie] | |
100 | ||
d4d2f98c DSH |
101 | *) Comment out two functions in bio.h that aren't implemented. Fix up the |
102 | Win32 test batch file so it (might) work again. The Win32 test batch file | |
103 | is horrible: I feel ill.... | |
104 | [Steve Henson] | |
105 | ||
0cc39579 DSH |
106 | *) Move various #ifdefs around so NO_SYSLOG, NO_DIRENT etc are now selected |
107 | in e_os.h. Audit of header files to check ANSI and non ANSI | |
108 | sections: 10 functions were absent from non ANSI section and not exported | |
109 | from Windows DLLs. Fixed up libeay.num for new functions. | |
d4d2f98c | 110 | [Steve Henson] |
0cc39579 | 111 | |
d10f052b RE |
112 | *) Make `openssl version' output lines consistent. |
113 | [Ralf S. Engelschall] | |
114 | ||
c0e538e1 RE |
115 | *) Fix Win32 symbol export lists for BIO functions: Added |
116 | BIO_get_ex_new_index, BIO_get_ex_num, BIO_get_ex_data and BIO_set_ex_data | |
117 | to ms/libeay{16,32}.def. | |
118 | [Ralf S. Engelschall] | |
119 | ||
84107e6c RE |
120 | *) Second round of fixing the OpenSSL perl/ stuff. It now at least compiled |
121 | fine under Unix and passes some trivial tests I've now added. But the | |
122 | whole stuff is horribly incomplete, so a README.1ST with a disclaimer was | |
123 | added to make sure no one expects that this stuff really works in the | |
124 | OpenSSL 0.9.2 release. Additionally I've started to clean the XS sources | |
125 | up and fixed a few little bugs and inconsistencies in OpenSSL.{pm,xs} and | |
126 | openssl_bio.xs. | |
127 | [Ralf S. Engelschall] | |
128 | ||
26a0846f BL |
129 | *) Fix the generation of two part addresses in perl. |
130 | [Kenji Miyake <kenji@miyake.org>, integrated by Ben Laurie] | |
131 | ||
7d3ce7ba BL |
132 | *) Add config entry for Linux on MIPS. |
133 | [John Tobey <jtobey@channel1.com>] | |
134 | ||
efadf60f | 135 | *) Make links whenever Configure is run, unless we are on Windoze. |
cba5068d BL |
136 | [Ben Laurie] |
137 | ||
1756d405 DSH |
138 | *) Permit extensions to be added to CRLs using crl_section in openssl.cnf. |
139 | Currently only issuerAltName and AuthorityKeyIdentifier make any sense | |
140 | in CRLs. | |
d4d2f98c | 141 | [Steve Henson] |
1756d405 | 142 | |
116e3153 RE |
143 | *) Add a useful kludge to allow package maintainers to specify compiler and |
144 | other platforms details on the command line without having to patch the | |
145 | Configure script everytime: One now can use ``perl Configure | |
146 | <id>:<details>'', i.e. platform ids are allowed to have details appended | |
147 | to them (seperated by colons). This is treated as there would be a static | |
148 | pre-configured entry in Configure's %table under key <id> with value | |
149 | <details> and ``perl Configure <id>'' is called. So, when you want to | |
150 | perform a quick test-compile under FreeBSD 3.1 with pgcc and without | |
151 | assembler stuff you can use ``perl Configure "FreeBSD-elf:pgcc:-O6:::"'' | |
152 | now, which overrides the FreeBSD-elf entry on-the-fly. | |
153 | [Ralf S. Engelschall] | |
154 | ||
bc348244 BL |
155 | *) Disable new TLS1 ciphersuites by default: they aren't official yet. |
156 | [Ben Laurie] | |
157 | ||
3eb0ed6d RE |
158 | *) Allow DSO flags like -fpic, -fPIC, -KPIC etc. to be specified |
159 | on the `perl Configure ...' command line. This way one can compile | |
160 | OpenSSL libraries with Position Independent Code (PIC) which is needed | |
161 | for linking it into DSOs. | |
162 | [Ralf S. Engelschall] | |
163 | ||
f415fa32 BL |
164 | *) Remarkably, export ciphers were totally broken and no-one had noticed! |
165 | Fixed. | |
166 | [Ben Laurie] | |
167 | ||
0b903ec0 RE |
168 | *) Cleaned up the LICENSE document: The official contact for any license |
169 | questions now is the OpenSSL core team under openssl-core@openssl.org. | |
170 | And add a paragraph about the dual-license situation to make sure people | |
171 | recognize that _BOTH_ the OpenSSL license _AND_ the SSLeay license apply | |
172 | to the OpenSSL toolkit. | |
173 | [Ralf S. Engelschall] | |
174 | ||
bb8f3c58 RE |
175 | *) General source tree makefile cleanups: Made `making xxx in yyy...' |
176 | display consistent in the source tree and replaced `/bin/rm' by `rm'. | |
177 | Additonally cleaned up the `make links' target: Remove unnecessary | |
178 | semicolons, subsequent redundant removes, inline point.sh into mklink.sh | |
179 | to speed processing and no longer clutter the display with confusing | |
180 | stuff. Instead only the actually done links are displayed. | |
181 | [Ralf S. Engelschall] | |
182 | ||
988788f6 BL |
183 | *) Permit null encryption ciphersuites, used for authentication only. It used |
184 | to be necessary to set the preprocessor define SSL_ALLOW_ENULL to do this. | |
185 | It is now necessary to set SSL_FORBID_ENULL to prevent the use of null | |
186 | encryption. | |
187 | [Ben Laurie] | |
188 | ||
924acc54 DSH |
189 | *) Add a bunch of fixes to the PKCS#7 stuff. It used to sometimes reorder |
190 | signed attributes when verifying signatures (this would break them), | |
191 | the detached data encoding was wrong and public keys obtained using | |
192 | X509_get_pubkey() weren't freed. | |
193 | [Steve Henson] | |
194 | ||
d00b7aad DSH |
195 | *) Add text documentation for the BUFFER functions. Also added a work around |
196 | to a Win95 console bug. This was triggered by the password read stuff: the | |
197 | last character typed gets carried over to the next fread(). If you were | |
198 | generating a new cert request using 'req' for example then the last | |
199 | character of the passphrase would be CR which would then enter the first | |
200 | field as blank. | |
9985bed3 DSH |
201 | [Steve Henson] |
202 | ||
789285aa RE |
203 | *) Added the new `Includes OpenSSL Cryptography Software' button as |
204 | doc/openssl_button.{gif,html} which is similar in style to the old SSLeay | |
205 | button and can be used by applications based on OpenSSL to show the | |
206 | relationship to the OpenSSL project. | |
207 | [Ralf S. Engelschall] | |
208 | ||
a06c602e RE |
209 | *) Remove confusing variables in function signatures in files |
210 | ssl/ssl_lib.c and ssl/ssl.h. | |
211 | [Lennart Bong <lob@kulthea.stacken.kth.se>] | |
212 | ||
8d697db1 RE |
213 | *) Don't install bss_file.c under PREFIX/include/ |
214 | [Lennart Bong <lob@kulthea.stacken.kth.se>] | |
215 | ||
06c68491 DSH |
216 | *) Get the Win32 compile working again. Modify mkdef.pl so it can handle |
217 | functions that return function pointers and has support for NT specific | |
218 | stuff. Fix mk1mf.pl and VC-32.pl to support NT differences also. Various | |
219 | #ifdef WIN32 and WINNTs sprinkled about the place and some changes from | |
220 | unsigned to signed types: this was killing the Win32 compile. | |
221 | [Steve Henson] | |
222 | ||
72e442a3 RE |
223 | *) Add new certificate file to stack functions, |
224 | SSL_add_dir_cert_subjects_to_stack() and | |
225 | SSL_add_file_cert_subjects_to_stack(). These largely supplant | |
226 | SSL_load_client_CA_file(), and can be used to add multiple certs easily | |
227 | to a stack (usually this is then handed to SSL_CTX_set_client_CA_list()). | |
eb90a483 BL |
228 | This means that Apache-SSL and similar packages don't have to mess around |
229 | to add as many CAs as they want to the preferred list. | |
230 | [Ben Laurie] | |
231 | ||
4f43d0e7 BL |
232 | *) Experiment with doxygen documentation. Currently only partially applied to |
233 | ssl/ssl_lib.c. | |
234 | See http://www.stack.nl/~dimitri/doxygen/index.html, and run doxygen with | |
235 | openssl.doxy as the configuration file. | |
236 | [Ben Laurie] | |
74d7abc2 RE |
237 | |
238 | *) Get rid of remaining C++-style comments which strict C compilers hate. | |
239 | [Ralf S. Engelschall, pointed out by Carlos Amengual] | |
0172f988 | 240 | |
7283ecea DSH |
241 | *) Changed BN_RECURSION in bn_mont.c to BN_RECURSION_MONT so it is not |
242 | compiled in by default: it has problems with large keys. | |
243 | [Steve Henson] | |
244 | ||
15d21c2d RE |
245 | *) Add a bunch of SSL_xxx() functions for configuring the temporary RSA and |
246 | DH private keys and/or callback functions which directly correspond to | |
247 | their SSL_CTX_xxx() counterparts but work on a per-connection basis. This | |
248 | is needed for applications which have to configure certificates on a | |
249 | per-connection basis (e.g. Apache+mod_ssl) instead of a per-context basis | |
250 | (e.g. s_server). | |
251 | For the RSA certificate situation is makes no difference, but | |
252 | for the DSA certificate situation this fixes the "no shared cipher" | |
253 | problem where the OpenSSL cipher selection procedure failed because the | |
254 | temporary keys were not overtaken from the context and the API provided | |
255 | no way to reconfigure them. | |
256 | The new functions now let applications reconfigure the stuff and they | |
257 | are in detail: SSL_need_tmp_RSA, SSL_set_tmp_rsa, SSL_set_tmp_dh, | |
258 | SSL_set_tmp_rsa_callback and SSL_set_tmp_dh_callback. Additionally a new | |
259 | non-public-API function ssl_cert_instantiate() is used as a helper | |
260 | function and also to reduce code redundancy inside ssl_rsa.c. | |
261 | [Ralf S. Engelschall] | |
262 | ||
ea14a91f RE |
263 | *) Move s_server -dcert and -dkey options out of the undocumented feature |
264 | area because they are useful for the DSA situation and should be | |
265 | recognized by the users. | |
266 | [Ralf S. Engelschall] | |
267 | ||
90a52cec RE |
268 | *) Fix the cipher decision scheme for export ciphers: the export bits are |
269 | *not* within SSL_MKEY_MASK or SSL_AUTH_MASK, they are within | |
270 | SSL_EXP_MASK. So, the original variable has to be used instead of the | |
271 | already masked variable. | |
272 | [Richard Levitte <levitte@stacken.kth.se>] | |
273 | ||
def9f431 RE |
274 | *) Fix 'port' variable from `int' to `unsigned int' in crypto/bio/b_sock.c |
275 | [Richard Levitte <levitte@stacken.kth.se>] | |
276 | ||
8aef252b RE |
277 | *) Change type of another md_len variable in pk7_doit.c:PKCS7_dataFinal() |
278 | from `int' to `unsigned int' because it's a length and initialized by | |
279 | EVP_DigestFinal() which expects an `unsigned int *'. | |
280 | [Richard Levitte <levitte@stacken.kth.se>] | |
281 | ||
a4ed5532 RE |
282 | *) Don't hard-code path to Perl interpreter on shebang line of Configure |
283 | script. Instead use the usual Shell->Perl transition trick. | |
284 | [Ralf S. Engelschall] | |
285 | ||
7be304ac RE |
286 | *) Make `openssl x509 -noout -modulus' functional also for DSA certificates |
287 | (in addition to RSA certificates) to match the behaviour of `openssl dsa | |
288 | -noout -modulus' as it's already the case for `openssl rsa -noout | |
289 | -modulus'. For RSA the -modulus is the real "modulus" while for DSA | |
290 | currently the public key is printed (a decision which was already done by | |
291 | `openssl dsa -modulus' in the past) which serves a similar purpose. | |
292 | Additionally the NO_RSA no longer completely removes the whole -modulus | |
293 | option; it now only avoids using the RSA stuff. Same applies to NO_DSA | |
294 | now, too. | |
295 | [Ralf S. Engelschall] | |
296 | ||
55ab3bf7 BL |
297 | *) Add Arne Ansper's reliable BIO - this is an encrypted, block-digested |
298 | BIO. See the source (crypto/evp/bio_ok.c) for more info. | |
299 | [Arne Ansper <arne@ats.cyber.ee>] | |
300 | ||
a43aa73e DSH |
301 | *) Dump the old yucky req code that tried (and failed) to allow raw OIDs |
302 | to be added. Now both 'req' and 'ca' can use new objects defined in the | |
303 | config file. | |
304 | [Steve Henson] | |
305 | ||
0849d138 BL |
306 | *) Add cool BIO that does syslog (or event log on NT). |
307 | [Arne Ansper <arne@ats.cyber.ee>, integrated by Ben Laurie] | |
308 | ||
06ab81f9 BL |
309 | *) Add support for new TLS ciphersuites, TLS_RSA_EXPORT56_WITH_RC4_56_MD5, |
310 | TLS_RSA_EXPORT56_WITH_RC2_CBC_56_MD5 and | |
311 | TLS_RSA_EXPORT56_WITH_DES_CBC_SHA, as specified in "56-bit Export Cipher | |
312 | Suites For TLS", draft-ietf-tls-56-bit-ciphersuites-00.txt. | |
313 | [Ben Laurie] | |
314 | ||
deff75b6 DSH |
315 | *) Add preliminary config info for new extension code. |
316 | [Steve Henson] | |
317 | ||
0c8a1281 DSH |
318 | *) Make RSA_NO_PADDING really use no padding. |
319 | [Ulf Moeller <ulf@fitug.de>] | |
320 | ||
4004dbb7 BL |
321 | *) Generate errors when private/public key check is done. |
322 | [Ben Laurie] | |
323 | ||
0ca5f8b1 DSH |
324 | *) Overhaul for 'crl' utility. New function X509_CRL_print. Partial support |
325 | for some CRL extensions and new objects added. | |
326 | [Steve Henson] | |
327 | ||
3d8accc3 DSH |
328 | *) Really fix the ASN1 IMPLICIT bug this time... Partial support for private |
329 | key usage extension and fuller support for authority key id. | |
330 | [Steve Henson] | |
331 | ||
a4949896 BL |
332 | *) Add OAEP encryption for the OpenSSL crypto library. OAEP is the improved |
333 | padding method for RSA, which is recommended for new applications in PKCS | |
334 | #1 v2.0 (RFC 2437, October 1998). | |
335 | OAEP (Optimal Asymmetric Encryption Padding) has better theoretical | |
336 | foundations than the ad-hoc padding used in PKCS #1 v1.5. It is secure | |
337 | against Bleichbacher's attack on RSA. | |
338 | [Ulf Moeller <ulf@fitug.de>, reformatted, corrected and integrated by | |
339 | Ben Laurie] | |
340 | ||
413c4f45 MC |
341 | *) Updates to the new SSL compression code |
342 | [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)] | |
343 | ||
344 | *) Fix so that the version number in the master secret, when passed | |
345 | via RSA, checks that if TLS was proposed, but we roll back to SSLv3 | |
346 | (because the server will not accept higher), that the version number | |
347 | is 0x03,0x01, not 0x03,0x00 | |
348 | [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)] | |
349 | ||
a8236c8c DSH |
350 | *) Run extensive memory leak checks on SSL apps. Fixed *lots* of memory |
351 | leaks in ssl/ relating to new X509_get_pubkey() behaviour. Also fixes | |
3d8accc3 | 352 | in apps/ and an unrelated leak in crypto/dsa/dsa_vrf.c |
a8236c8c DSH |
353 | [Steve Henson] |
354 | ||
388ff0b0 DSH |
355 | *) Support for RAW extensions where an arbitrary extension can be |
356 | created by including its DER encoding. See apps/openssl.cnf for | |
357 | an example. | |
a8236c8c | 358 | [Steve Henson] |
388ff0b0 | 359 | |
6013fa83 RE |
360 | *) Make sure latest Perl versions don't interpret some generated C array |
361 | code as Perl array code in the crypto/err/err_genc.pl script. | |
362 | [Lars Weber <3weber@informatik.uni-hamburg.de>] | |
363 | ||
5c00879e DSH |
364 | *) Modify ms/do_ms.bat to not generate assembly language makefiles since |
365 | not many people have the assembler. Various Win32 compilation fixes and | |
366 | update to the INSTALL.W32 file with (hopefully) more accurate Win32 | |
367 | build instructions. | |
368 | [Steve Henson] | |
369 | ||
9becf666 DSH |
370 | *) Modify configure script 'Configure' to automatically create crypto/date.h |
371 | file under Win32 and also build pem.h from pem.org. New script | |
372 | util/mkfiles.pl to create the MINFO file on environments that can't do a | |
373 | 'make files': perl util/mkfiles.pl >MINFO should work. | |
374 | [Steve Henson] | |
375 | ||
4e31df2c BL |
376 | *) Major rework of DES function declarations, in the pursuit of correctness |
377 | and purity. As a result, many evil casts evaporated, and some weirdness, | |
378 | too. You may find this causes warnings in your code. Zapping your evil | |
379 | casts will probably fix them. Mostly. | |
380 | [Ben Laurie] | |
381 | ||
e4119b93 DSH |
382 | *) Fix for a typo in asn1.h. Bug fix to object creation script |
383 | obj_dat.pl. It considered a zero in an object definition to mean | |
384 | "end of object": none of the objects in objects.h have any zeros | |
385 | so it wasn't spotted. | |
386 | [Steve Henson, reported by Erwann ABALEA <eabalea@certplus.com>] | |
387 | ||
4a71b90d BL |
388 | *) Add support for Triple DES Cipher Block Chaining with Output Feedback |
389 | Masking (CBCM). In the absence of test vectors, the best I have been able | |
390 | to do is check that the decrypt undoes the encrypt, so far. Send me test | |
391 | vectors if you have them. | |
392 | [Ben Laurie] | |
393 | ||
2c6ccde1 | 394 | *) Correct calculation of key length for export ciphers (too much space was |
436d318c BL |
395 | allocated for null ciphers). This has not been tested! |
396 | [Ben Laurie] | |
397 | ||
55a9cc6e DSH |
398 | *) Modifications to the mkdef.pl for Win32 DEF file creation. The usage |
399 | message is now correct (it understands "crypto" and "ssl" on its | |
400 | command line). There is also now an "update" option. This will update | |
401 | the util/ssleay.num and util/libeay.num files with any new functions. | |
402 | If you do a: | |
403 | perl util/mkdef.pl crypto ssl update | |
404 | it will update them. | |
e4119b93 | 405 | [Steve Henson] |
55a9cc6e | 406 | |
8073036d RE |
407 | *) Overhauled the Perl interface (perl/*): |
408 | - ported BN stuff to OpenSSL's different BN library | |
409 | - made the perl/ source tree CVS-aware | |
410 | - renamed the package from SSLeay to OpenSSL (the files still contain | |
411 | their history because I've copied them in the repository) | |
412 | - removed obsolete files (the test scripts will be replaced | |
413 | by better Test::Harness variants in the future) | |
414 | [Ralf S. Engelschall] | |
415 | ||
483fdf18 RE |
416 | *) First cut for a very conservative source tree cleanup: |
417 | 1. merge various obsolete readme texts into doc/ssleay.txt | |
418 | where we collect the old documents and readme texts. | |
419 | 2. remove the first part of files where I'm already sure that we no | |
420 | longer need them because of three reasons: either they are just temporary | |
421 | files which were left by Eric or they are preserved original files where | |
422 | I've verified that the diff is also available in the CVS via "cvs diff | |
423 | -rSSLeay_0_8_1b" or they were renamed (as it was definitely the case for | |
424 | the crypto/md/ stuff). | |
425 | [Ralf S. Engelschall] | |
426 | ||
175b0942 DSH |
427 | *) More extension code. Incomplete support for subject and issuer alt |
428 | name, issuer and authority key id. Change the i2v function parameters | |
429 | and add an extra 'crl' parameter in the X509V3_CTX structure: guess | |
430 | what that's for :-) Fix to ASN1 macro which messed up | |
431 | IMPLICIT tag and add f_enum.c which adds a2i, i2a for ENUMERATED. | |
432 | [Steve Henson] | |
433 | ||
bceacf93 DSH |
434 | *) Preliminary support for ENUMERATED type. This is largely copied from the |
435 | INTEGER code. | |
436 | [Steve Henson] | |
437 | ||
351d8998 MC |
438 | *) Add new function, EVP_MD_CTX_copy() to replace frequent use of memcpy. |
439 | [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)] | |
440 | ||
b621d772 RE |
441 | *) Make sure `make rehash' target really finds the `openssl' program. |
442 | [Ralf S. Engelschall, Matthias Loepfe <Matthias.Loepfe@adnovum.ch>] | |
443 | ||
a96e7810 BL |
444 | *) Squeeze another 7% of speed out of MD5 assembler, at least on a P2. I'd |
445 | like to hear about it if this slows down other processors. | |
446 | [Ben Laurie] | |
447 | ||
e04a6c2b RE |
448 | *) Add CygWin32 platform information to Configure script. |
449 | [Alan Batie <batie@aahz.jf.intel.com>] | |
450 | ||
0172f988 RE |
451 | *) Fixed ms/32all.bat script: `no_asm' -> `no-asm' |
452 | [Rainer W. Gerling <gerling@mpg-gv.mpg.de>] | |
79dfa975 DSH |
453 | |
454 | *) New program nseq to manipulate netscape certificate sequences | |
455 | [Steve Henson] | |
320a14cb | 456 | |
9fe84296 DSH |
457 | *) Modify crl2pkcs7 so it supports multiple -certfile arguments. Fix a |
458 | few typos. | |
459 | [Steve Henson] | |
460 | ||
a0a54079 MC |
461 | *) Fixes to BN code. Previously the default was to define BN_RECURSION |
462 | but the BN code had some problems that would cause failures when | |
463 | doing certificate verification and some other functions. | |
464 | [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)] | |
465 | ||
92c046ca DSH |
466 | *) Add ASN1 and PEM code to support netscape certificate sequences. |
467 | [Steve Henson] | |
468 | ||
79dfa975 DSH |
469 | *) Add ASN1 and PEM code to support netscape certificate sequences. |
470 | [Steve Henson] | |
471 | ||
a27598bf DSH |
472 | *) Add several PKIX and private extended key usage OIDs. |
473 | [Steve Henson] | |
474 | ||
b2347661 DSH |
475 | *) Modify the 'ca' program to handle the new extension code. Modify |
476 | openssl.cnf for new extension format, add comments. | |
477 | [Steve Henson] | |
478 | ||
f317aa4c DSH |
479 | *) More X509 V3 changes. Fix typo in v3_bitstr.c. Add support to 'req' |
480 | and add a sample to openssl.cnf so req -x509 now adds appropriate | |
481 | CA extensions. | |
482 | [Steve Henson] | |
483 | ||
834eeef9 DSH |
484 | *) Continued X509 V3 changes. Add to other makefiles, integrate with the |
485 | error code, add initial support to X509_print() and x509 application. | |
f317aa4c | 486 | [Steve Henson] |
834eeef9 | 487 | |
9aeaf1b4 DSH |
488 | *) Takes a deep breath and start addding X509 V3 extension support code. Add |
489 | files in crypto/x509v3. Move original stuff to crypto/x509v3/old. All this | |
490 | stuff is currently isolated and isn't even compiled yet. | |
491 | [Steve Henson] | |
492 | ||
9b5cc156 DSH |
493 | *) Continuing patches for GeneralizedTime. Fix up certificate and CRL |
494 | ASN1 to use ASN1_TIME and modify print routines to use ASN1_TIME_print. | |
495 | Removed the versions check from X509 routines when loading extensions: | |
496 | this allows certain broken certificates that don't set the version | |
497 | properly to be processed. | |
498 | [Steve Henson] | |
499 | ||
8039257d BL |
500 | *) Deal with irritating shit to do with dependencies, in YAAHW (Yet Another |
501 | Ad Hoc Way) - Makefile.ssls now all contain local dependencies, which | |
502 | can still be regenerated with "make depend". | |
503 | [Ben Laurie] | |
504 | ||
b13a1554 BL |
505 | *) Spelling mistake in C version of CAST-128. |
506 | [Ben Laurie, reported by Jeremy Hylton <jeremy@cnri.reston.va.us>] | |
507 | ||
6c8abdd7 DSH |
508 | *) Changes to the error generation code. The perl script err-code.pl |
509 | now reads in the old error codes and retains the old numbers, only | |
510 | adding new ones if necessary. It also only changes the .err files if new | |
511 | codes are added. The makefiles have been modified to only insert errors | |
512 | when needed (to avoid needlessly modifying header files). This is done | |
513 | by only inserting errors if the .err file is newer than the auto generated | |
514 | C file. To rebuild all the error codes from scratch (the old behaviour) | |
515 | either modify crypto/Makefile.ssl to pass the -regen flag to err_code.pl | |
516 | or delete all the .err files. | |
9b5cc156 | 517 | [Steve Henson] |
6c8abdd7 | 518 | |
649cdb7b BL |
519 | *) CAST-128 was incorrectly implemented for short keys. The C version has |
520 | been fixed, but is untested. The assembler versions are also fixed, but | |
521 | new assembler HAS NOT BEEN GENERATED FOR WIN32 - the Makefile needs fixing | |
522 | to regenerate it if needed. | |
523 | [Ben Laurie, reported (with fix for C version) by Jun-ichiro itojun | |
524 | Hagino <itojun@kame.net>] | |
525 | ||
526 | *) File was opened incorrectly in randfile.c. | |
527 |