1This file contains the changes for the SSLeay library up to version 20.9.0b. For later changes, see the file "CHANGES". 3 4 SSLeay CHANGES 5 ______________ 6 7Changes between 0.8.x and 0.9.0b 8 910-Apr-1998 10 11I said the next version would go out at easter, and so it shall. 12I expect a 0.9.1 will follow with portability fixes in the next few weeks. 13 14This is a quick, meet the deadline. Look to ssl-users for comments on what 15is new etc. 16 17eric (about to go bushwalking for the 4 day easter break :-) 18 1916-Mar-98 20 - Patch for Cray T90 from Wayne Schroeder <schroede@SDSC.EDU> 21 - Lots and lots of changes 22 2329-Jan-98 24 - ASN1_BIT_STRING_set_bit()/ASN1_BIT_STRING_get_bit() from 25 Goetz Babin-Ebell <babinebell@trustcenter.de>. 26 - SSL_version() now returns SSL2_VERSION, SSL3_VERSION or 27 TLS1_VERSION. 28 297-Jan-98 30 - Finally reworked the cipher string to ciphers again, so it 31 works correctly 32 - All the app_data stuff is now ex_data with funcion calls to access. 33 The index is supplied by a function and 'methods' can be setup 34 for the types that are called on XXX_new/XXX_free. This lets 35 applications get notified on creation and destruction. Some of 36 the RSA methods could be implemented this way and I may do so. 37 - Oh yes, SSL under perl5 is working at the basic level. 38 3915-Dec-97 40 - Warning - the gethostbyname cache is not fully thread safe, 41 but it should work well enough. 42 - Major internal reworking of the app_data stuff. More functions 43 but if you were accessing ->app_data directly, things will 44 stop working. 45 - The perlv5 stuff is working. Currently on message digests, 46 ciphers and the bignum library. 47 489-Dec-97 49 - Modified re-negotiation so that server initated re-neg 50 will cause a SSL_read() to return -1 should retry. 51 The danger otherwise was that the server and the 52 client could end up both trying to read when using non-blocking 53 sockets. 54 554-Dec-97 56 - Lots of small changes 57 - Fix for binaray mode in Windows for the FILE BIO, thanks to 58 Bob Denny <rdenny@dc3.com> 59 6017-Nov-97 61 - Quite a few internal cleanups, (removal of errno, and using macros 62 defined in e_os.h). 63 - A bug in ca.c, pointed out by yasuyuki-ito@d-cruise.co.jp, where 64 the automactic naming out output files was being stuffed up. 65 6629-Oct-97 67 - The Cast5 cipher has been added. MD5 and SHA-1 are now in assember 68 for x86. 69 7021-Oct-97 71 - Fixed a bug in the BIO_gethostbyname() cache. 72 7315-Oct-97 74 - cbc mode for blowfish/des/3des is now in assember. Blowfish asm 75 has also been improved. At this point in time, on the pentium, 76 md5 is %80 faster, the unoptimesed sha-1 is %79 faster, 77 des-cbc is %28 faster, des-ede3-cbc is %9 faster and blowfish-cbc 78 is %62 faster. 79 8012-Oct-97 81 - MEM_BUF_grow() has been fixed so that it always sets the buf->length 82 to the value we are 'growing' to. Think of MEM_BUF_grow() as the 83 way to set the length value correctly. 84 8510-Oct-97 86 - I now hash for certificate lookup on the raw DER encoded RDN (md5). 87 This breaks things again :-(. This is efficent since I cache 88 the DER encoding of the RDN. 89 - The text DN now puts in the numeric OID instead of UNKNOWN. 90 - req can now process arbitary OIDs in the config file. 91 - I've been implementing md5 in x86 asm, much faster :-). 92 - Started sha1 in x86 asm, needs more work. 93 - Quite a few speedups in the BN stuff. RSA public operation 94 has been made faster by caching the BN_MONT_CTX structure. 95 The calulating of the Ai where A*Ai === 1 mod m was rather 96 expensive. Basically a 40-50% speedup on public operations. 97 The RSA speedup is now 15% on pentiums and %20 on pentium 98 pro. 99 10030-Sep-97 101 - After doing some profiling, I added x86 adm for bn_add_words(), 102 which just adds 2 arrays of longs together. A %10 speedup 103 for 512 and 1024 bit RSA on the pentium pro. 104 10529-Sep-97 106 - Converted the x86 bignum assembler to us the perl scripts 107 for generation. 108 10923-Sep-97 110 - If SSL_set_session() is passed a NULL session, it now clears the 111 current session-id. 112 11322-Sep-97 114 - Added a '-ss_cert file' to apps/ca.c. This will sign selfsigned 115 certificates. 116 - Bug in crypto/evp/encode.c where by decoding of 65 base64 117 encoded lines, one line at a time (via a memory BIO) would report 118 EOF after the first line was decoded. 119 - Fix in X509_find_by_issuer_and_serial() from 120 Dr Stephen Henson <shenson@bigfoot.com> 121 12219-Sep-97 123 - NO_FP_API and NO_STDIO added. 124 - Put in sh config command. It auto runs Configure with the correct 125 parameters. 126 12718-Sep-97 128 - Fix x509.c so if a DSA cert has different parameters to its parent, 129 they are left in place. Not tested yet. 130 13116-Sep-97 132 - ssl_create_cipher_list() had some bugs, fixes from 133 Patrick Eisenacher <eisenach@stud.uni-frankfurt.de> 134 - Fixed a bug in the Base64 BIO, where it would return 1 instead 135 of -1 when end of input was encountered but should retry. 136 Basically a Base64/Memory BIO interaction problem. 137 - Added a HMAC set of functions in preporarion for TLS work. 138 13915-Sep-97 140 - Top level makefile tweak - Cameron Simpson <cs@zip.com.au> 141 - Prime generation spead up %25 (512 bit prime, pentium pro linux) 142 by using montgomery multiplication in the prime number test. 143 14411-Sep-97 145 - Ugly bug in ssl3_write_bytes(). Basically if application land 146 does a SSL_write(ssl,buf,len) where len > 16k, the SSLv3 write code 147 did not check the size and tried to copy the entire buffer. 148 This would tend to cause memory overwrites since SSLv3 has 149 a maximum packet size of 16k. If your program uses 150 buffers <= 16k, you would probably never see this problem. 151 - Fixed a few errors that were cause by malloc() not returning 152 0 initialised memory.. 153 - SSL_OP_NETSCAPE_CA_DN_BUG was being switched on when using 154 SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL); which was a bad thing 155 since this flags stops SSLeay being able to handle client 156 cert requests correctly. 157 15808-Sep-97 159 - SSL_SESS_CACHE_NO_INTERNAL_LOOKUP option added. When switched 160 on, the SSL server routines will not use a SSL_SESSION that is 161 held in it's cache. This in intended to be used with the session-id 162 callbacks so that while the session-ids are still stored in the 163 cache, the decision to use them and how to look them up can be 164 done by the callbacks. The are the 'new', 'get' and 'remove' 165 callbacks. This can be used to determine the session-id 166 to use depending on information like which port/host the connection 167 is coming from. Since the are also SSL_SESSION_set_app_data() and 168 SSL_SESSION_get_app_data() functions, the application can hold 169 information against the session-id as well. 170 17103-Sep-97 172 - Added lookup of CRLs to the by_dir method, 173 X509_load_crl_file() also added. Basically it means you can 174 lookup CRLs via the same system used to lookup certificates. 175 - Changed things so that the X509_NAME structure can contain 176 ASN.1 BIT_STRINGS which is required for the unique 177 identifier OID. 178 - Fixed some problems with the auto flushing of the session-id 179 cache. It was not occuring on the server side. 180 18102-Sep-97 182 - Added SSL_CTX_sess_cache_size(SSL_CTX *ctx,unsigned long size) 183 which is the maximum number of entries allowed in the 184 session-id cache. This is enforced with a simple FIFO list. 185 The default size is 20*1024 entries which is rather large :-). 186 The Timeout code is still always operating. 187 18801-Sep-97 189 - Added an argument to all the 'generate private key/prime` 190 callbacks. It is the last parameter so this should not 191 break existing code but it is needed for C++. 192 - Added the BIO_FLAGS_BASE64_NO_NL flag for the BIO_f_base64() 193 BIO. This lets the BIO read and write base64 encoded data 194 without inserting or looking for '\n' characters. The '-A' 195 flag turns this on when using apps/enc.c. 196 - RSA_NO_PADDING added to help BSAFE functionality. This is a 197 very dangerous thing to use, since RSA private key 198 operations without random padding bytes (as PKCS#1 adds) can 199 be attacked such that the private key can be revealed. 200 - ASN.1 bug and rc2-40-cbc and rc4-40 added by 201 Dr Stephen Henson <shenson@bigfoot.com> 202 20331-Aug-97 (stuff added while I was away) 204 - Linux pthreads by Tim Hudson (tjh@cryptsoft.com). 205 - RSA_flags() added allowing bypass of pub/priv match check 206 in ssl/ssl_rsa.c - Tim Hudson. 207 - A few minor bugs. 208 209SSLeay 0.8.1 released. 210 21119-Jul-97 212 - Server side initated dynamic renegotiation is broken. I will fix 213 it when I get back from holidays. 214 21515-Jul-97 216 - Quite a few small changes. 217 - INVALID_SOCKET usage cleanups from Alex Kiernan <alex@hisoft.co.uk> 218 21909-Jul-97 220 - Added 2 new values to the SSL info callback. 221 SSL_CB_START which is passed when the SSL protocol is started 222 and SSL_CB_DONE when it has finished sucsessfully. 223 22408-Jul-97 225 - Fixed a few bugs problems in apps/req.c and crypto/asn1/x_pkey.c 226 that related to DSA public/private keys. 227 - Added all the relevent PEM and normal IO functions to support 228 reading and writing RSAPublic keys. 229 - Changed makefiles to use ${AR} instead of 'ar r' 230 23107-Jul-97 232 - Error in ERR_remove_state() that would leave a dangling reference 233 to a free()ed location - thanks to Alex Kiernan <alex@hisoft.co.uk> 234 - s_client now prints the X509_NAMEs passed from the server 235 when requesting a client cert. 236 - Added a ssl->type, which is one of SSL_ST_CONNECT or 237 SSL_ST_ACCEPT. I had to add it so I could tell if I was 238 a connect or an accept after the handshake had finished. 239 - SSL_get_client_CA_list(SSL *s) now returns the CA names 240 passed by the server if called by a client side SSL. 241 24205-Jul-97 243 - Bug in X509_NAME_get_text_by_OBJ(), looking starting at index 244 0, not -1 :-( Fix from Tim Hudson (tjh@cryptsoft.com). 245 24604-Jul-97 247 - Fixed some things in X509_NAME_add_entry(), thanks to 248 Matthew Donald <matthew@world.net>. 249 - I had a look at the cipher section and though that it was a 250 bit confused, so I've changed it. 251 - I was not setting up the RC4-64-MD5 cipher correctly. It is 252 a MS special that appears in exported MS Money. 253 - Error in all my DH ciphers. Section 7.6.7.3 of the SSLv3 254 spec. I was missing the two byte length header for the 255 ClientDiffieHellmanPublic value. This is a packet sent from 256 the client to the server. The SSL_OP_SSLEAY_080_CLIENT_DH_BUG 257 option will enable SSLeay server side SSLv3 accept either 258 the correct or my 080 packet format. 259 - Fixed a few typos in crypto/pem.org. 260 26102-Jul-97 262 - Alias mapping for EVP_get_(digest|cipher)byname is now 263 performed before a lookup for actual cipher. This means 264 that an alias can be used to 're-direct' a cipher or a 265 digest. 266 - ASN1_read_bio() had a bug that only showed up when using a 267 memory BIO. When EOF is reached in the memory BIO, it is 268 reported as a -1 with BIO_should_retry() set to true. 269 27001-Jul-97 271 - Fixed an error in X509_verify_cert() caused by my 272 miss-understanding how 'do { contine } while(0);' works. 273 Thanks to Emil Sit <sit@mit.edu> for educating me :-) 274 27530-Jun-97 276 - Base64 decoding error. If the last data line did not end with 277 a '=', sometimes extra data would be returned. 278 - Another 'cut and paste' bug in x509.c related to setting up the 279 STDout BIO. 280 28127-Jun-97 282 - apps/ciphers.c was not printing due to an editing error. 283 - Alex Kiernan <alex@hisoft.co.uk> send in a nice fix for 284 a library build error in util/mk1mf.pl 285 28626-Jun-97 287 - Still did not have the auto 'experimental' code removal 288 script correct. 289 - A few header tweaks for Watcom 11.0 under Win32 from 290 Rolf Lindemann <Lindemann@maz-hh.de> 291 - 0 length OCTET_STRING bug in asn1_parse 292 - A minor fix with an non-existent function in the MS .def files. 293 - A few changes to the PKCS7 stuff. 294 29525-Jun-97 296 SSLeay 0.8.0 finally it gets released. 297 29824-Jun-97 299 Added a SSL_OP_EPHEMERAL_RSA option which causes all SSLv3 RSA keys to 300 use a temporary RSA key. This is experimental and needs some more work. 301 Fixed a few Win16 build problems. 302 30323-Jun-97 304 SSLv3 bug. I was not doing the 'lookup' of the CERT structure 305 correctly. I was taking the SSL->ctx->default_cert when I should 306 have been using SSL->cert. The bug was in ssl/s3_srvr.c 307 30820-Jun-97 309 X509_ATTRIBUTES were being encoded wrongly by apps/reg.c and the 310 rest of the library. Even though I had the code required to do 311 it correctly, apps/req.c was doing the wrong thing. I have fixed 312 and tested everything. 313 314 Missing a few #ifdef FIONBIO sections in crypto/bio/bss_acpt.c. 315 31619-Jun-97 317 Fixed a bug in the SSLv2 server side first packet handling. When 318 using the non-blocking test BIO, the ssl->s2->first_packet flag 319 was being reset when a would-block failure occurred when reading 320 the first 5 bytes of the first packet. This caused the checking 321 logic to run at the wrong time and cause an error. 322 323 Fixed a problem with specifying cipher. If RC4-MD5 were used, 324 only the SSLv3 version would be picked up. Now this will pick 325 up both SSLv2 and SSLv3 versions. This required changing the 326 SSL_CIPHER->mask values so that they only mask the ciphers, 327 digests, authentication, export type and key-exchange algorithms. 328 329 I found that when a SSLv23 session is established, a reused 330 session, of type SSLv3 was attempting to write the SSLv2 331 ciphers, which were invalid. The SSL_METHOD->put_cipher_by_char 332 method has been modified so it will only write out cipher which 333 that method knows about. 334 335 336 Changes between 0.8.0 and 0.8.1 337 338 *) Mostly bug fixes. 339 There is an Ephemeral DH cipher problem which is fixed. 340 341 SSLeay 0.8.0 342 343This version of SSLeay has quite a lot of things different from the 344previous version. 345 346Basically check all callback parameters, I will be producing documentation 347about how to use things in th future. Currently I'm just getting 080 out 348the door. Please not that there are several ways to do everything, and 349most of the applications in the apps directory are hybrids, some using old 350methods and some using new methods. 351 352Have a look in demos/bio for some very simple programs and 353apps/s_client.c and apps/s_server.c for some more advanced versions. 354Notes are definitly needed but they are a week or so away. 355 356Anyway, some quick nots from Tim Hudson (tjh@cryptsoft.com) 357--- 358Quick porting notes for moving from SSLeay-0.6.x to SSLeay-0.8.x to 359get those people that want to move to using the new code base off to 360a quick start. 361 362Note that Eric has tidied up a lot of the areas of the API that were 363less than desirable and renamed quite a few things (as he had to break 364the API in lots of places anyrate). There are a whole pile of additional 365functions for making dealing with (and creating) certificates a lot 366cleaner. 367 36801-Jul-97 369Tim Hudson 370tjh@cryptsoft.com 371 372---8<--- 373 374To maintain code that uses both SSLeay-0.6.x and SSLeay-0.8.x you could 375use something like the following (assuming you #include "crypto.h" which 376is something that you really should be doing). 377 378#if SSLEAY_VERSION_NUMBER >= 0x0800 379#define SSLEAY8 380#endif 381 382buffer.h -> splits into buffer.h and bio.h so you need to include bio.h 383 too if you are working with BIO internal stuff (as distinct 384 from simply using the interface in an opaque manner) 385 386#include "bio.h" - required along with "buffer.h" if you write 387 your own BIO routines as the buffer and bio 388 stuff that was intermixed has been separated 389 out 390 391envelope.h -> evp.h (which should have been done ages ago) 392 393Initialisation ... don't forget these or you end up with code that 394is missing the bits required to do useful things (like ciphers): 395 396SSLeay_add_ssl_algorithms() 397(probably also want SSL_load_error_strings() too but you should have 398 already had that call in place) 399 400SSL_CTX_new() - requires an extra method parameter 401 SSL_CTX_new(SSLv23_method()) 402 SSL_CTX_new(SSLv2_method()) 403 SSL_CTX_new(SSLv3_method()) 404 405 OR to only have the server or the client code 406 SSL_CTX_new(SSLv23_server_method()) 407 SSL_CTX_new(SSLv2_server_method()) 408 SSL_CTX_new(SSLv3_server_method()) 409 or 410 SSL_CTX_new(SSLv23_client_method()) 411 SSL_CTX_new(SSLv2_client_method()) 412 SSL_CTX_new(SSLv3_client_method()) 413 414SSL_set_default_verify_paths() ... renamed to the more appropriate 415SSL_CTX_set_default_verify_paths() 416 417If you want to use client certificates then you have to add in a bit 418of extra stuff in that a SSLv3 server sends a list of those CAs that 419it will accept certificates from ... so you have to provide a list to 420SSLeay otherwise certain browsers will not send client certs. 421 422SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file)); 423 424 425X509_NAME_oneline(X) -> X509_NAME_oneline(X,NULL,0) 426 or provide a buffer and size to copy the 427 result into 428 429X509_add_cert -> X509_STORE_add_cert (and you might want to read the 430 notes on X509_NAME structure changes too) 431 432 433VERIFICATION CODE 434================= 435 436The codes have all be renamed from VERIFY_ERR_* to X509_V_ERR_* to 437more accurately reflect things. 438 439The verification callback args are now packaged differently so that 440extra fields for verification can be added easily in future without 441having to break things by adding extra parameters each release :-) 442 443X509_cert_verify_error_string -> X509_verify_cert_error_string 444 445 446BIO INTERNALS 447============= 448 449Eric has fixed things so that extra flags can be introduced in 450the BIO layer in future without having to play with all the BIO 451modules by adding in some macros. 452 453The ugly stuff using 454 b->flags ~= (BIO_FLAGS_RW|BIO_FLAGS_SHOULD_RETRY) 455becomes 456 BIO_clear_retry_flags(b) 457 458 b->flags |= (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY) 459becomes 460 BIO_set_retry_read(b) 461 462Also ... BIO_get_retry_flags(b), BIO_set_flags(b) 463 464 465 466OTHER THINGS 467============ 468 469X509_NAME has been altered so that it isn't just a STACK ... the STACK 470is now in the "entries" field ... and there are a pile of nice functions 471for getting at the details in a much cleaner manner. 472 473SSL_CTX has been altered ... "cert" is no longer a direct member of this 474structure ... things are now down under "cert_store" (see x509_vfy.h) and 475things are no longer in a CERTIFICATE_CTX but instead in a X509_STORE. 476If your code "knows" about this level of detail then it will need some 477surgery. 478 479If you depending on the incorrect spelling of a number of the error codes 480then you will have to change your code as these have been fixed. 481 482ENV_CIPHER "type" got renamed to "nid" and as that is what it actually 483has been all along so this makes things clearer. 484ify_cert_error_string(ctx->error)); 485 486SSL_R_NO_CIPHER_WE_TRUST -> SSL_R_NO_CIPHER_LIST 487 and SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 488 489 490 491 Changes between 0.7.x and 0.8.0 492 493 *) There have been lots of changes, mostly the addition of SSLv3. 494 There have been many additions from people and amongst 495 others, C2Net has assisted greatly. 496 497 Changes between 0.7.x and 0.7.x 498 499 *) Internal development version only 500 501SSLeay 0.6.6 13-Jan-1997 502 503The main additions are 504 505- assember for x86 DES improvments. 506 From 191,000 per second on a pentium 100, I now get 281,000. The inner 507 loop and the IP/FP modifications are from 508 Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>. Many thanks for his 509 contribution. 510- The 'DES macros' introduced in 0.6.5 now have 3 types. 511 DES_PTR1, DES_PTR2 and 'normal'. As per before, des_opts reports which 512 is best and there is a summery of mine in crypto/des/options.txt 513- A few bug fixes. 514- Added blowfish. It is not used by SSL but all the other stuff that 515 deals with ciphers can use it in either ecb, cbc, cfb64 or ofb64 modes. 516 There are 3 options for optimising Blowfish. BF_PTR, BF_PTR2 and 'normal'. 517 BF_PTR2 is pentium/x86 specific. The correct option is setup in 518 the 'Configure' script. 519- There is now a 'get client certificate' callback which can be 520 'non-blocking'. If more details are required, let me know. It will 521 documented more in SSLv3 when I finish it. 522- Bug fixes from 0.6.5 including the infamous 'ca' bug. The 'make test' 523 now tests the ca program. 524- Lots of little things modified and tweaked. 525 526 SSLeay 0.6.5 527 528After quite some time (3 months), the new release. I have been very busy 529for the last few months and so this is mostly bug fixes and improvments. 530 531The main additions are 532 533- assember for x86 DES. For all those gcc based systems, this is a big 534 improvement. From 117,000 DES operation a second on a pentium 100, 535 I now get 191,000. I have also reworked the C version so it 536 now gives 148,000 DESs per second. 537- As mentioned above, the inner DES macros now have some more variant that 538 sometimes help, sometimes hinder performance. There are now 3 options 539 DES_PTR (ptr vs array lookup), DES_UNROLL (full vs partial loop unrolling) 540 and DES_RISC (a more register intensive version of the inner macro). 541 The crypto/des/des_opts.c program, when compiled and run, will give 542 an indication of the correct options to use. 543- The BIO stuff has been improved. Read doc/bio.doc. There are now 544 modules for encryption and base64 encoding and a BIO_printf() function. 545- The CA program will accept simple one line X509v3 extensions in the 546 ssleay.cnf file. Have a look at the example. Currently this just 547 puts the text into the certificate as an OCTET_STRING so currently 548 the more advanced X509v3 data types are not handled but this is enough 549 for the netscape extensions. 550- There is the start of a nicer higher level interface to the X509 551 strucutre. 552- Quite a lot of bug fixes. 553- CRYPTO_malloc_init() (or CRYPTO_set_mem_functions()) can be used 554 to define the malloc(), free() and realloc() routines to use 555 (look in crypto/crypto.h). This is mostly needed for Windows NT/95 when 556 using DLLs and mixing CRT libraries. 557 558In general, read the 'VERSION' file for changes and be aware that some of 559the new stuff may not have been tested quite enough yet, so don't just plonk 560in SSLeay 0.6.5 when 0.6.4 used to work and expect nothing to break. 561 562SSLeay 0.6.4 30/08/96 eay 563 564I've just finished some test builds on Windows NT, Windows 3.1, Solaris 2.3, 565Solaris 2.5, Linux, IRIX, HPUX 10 and everthing seems to work :-). 566 567The main changes in this release 568 569- Thread safe. have a read of doc/threads.doc and play in the mt directory. 570 For anyone using 0.6.3 with threads, I found 2 major errors so consider 571 moving to 0.6.4. I have a test program that builds under NT and 572 solaris. 573- The get session-id callback has changed. Have a read of doc/callback.doc. 574- The X509_cert_verify callback (the SSL_verify callback) now 575 has another argument. Have a read of doc/callback.doc 576- 'ca -preserve', sign without re-ordering the DN. Not tested much. 577- VMS support. 578- Compile time memory leak detection can now be built into SSLeay. 579 Read doc/memory.doc 580- CONF routines now understand '\', '\n', '\r' etc. What this means is that 581 the SPKAC object mentioned in doc/ns-ca.doc can be on multiple lines. 582- 'ssleay ciphers' added, lists the default cipher list for SSLeay. 583- RC2 key setup is now compatable with Netscape. 584- Modifed server side of SSL implementation, big performance difference when 585 using session-id reuse. 586 5870.6.3 588 589Bug fixes and the addition of some nice stuff to the 'ca' program. 590Have a read of doc/ns-ca.doc for how hit has been modified so 591it can be driven from a CGI script. The CGI script is not provided, 592but that is just being left as an excersize for the reader :-). 593 5940.6.2 595 596This is most bug fixes and functionality improvements. 597 598Additions are 599- More thread debugging patches, the thread stuff is still being 600 tested, but for those keep to play with stuff, have a look in 601 crypto/cryptlib.c. The application needs to define 1 (or optionaly 602 a second) callback that is used to implement locking. Compiling 603 with LOCK_DEBUG spits out lots of locking crud :-). 604 This is what I'm currently working on. 605- SSL_CTX_set_default_passwd_cb() can be used to define the callback 606 function used in the SSL*_file() functions used to load keys. I was 607 always of the opinion that people should call 608 PEM_read_RSAPrivateKey() and pass the callback they want to use, but 609 it appears they just want to use the SSL_*_file() function() :-(. 610- 'enc' now has a -kfile so a key can be read from a file. This is 611 mostly used so that the passwd does not appear when using 'ps', 612 which appears imposible to stop under solaris. 613- X509v3 certificates now work correctly. I even have more examples 614 in my tests :-). There is now a X509_EXTENSION type that is used in 615 X509v3 certificates and CRLv2. 616- Fixed that signature type error :-( 617- Fixed quite a few potential memory leaks and problems when reusing 618 X509, CRL and REQ structures. 619- EVP_set_pw_prompt() now sets the library wide default password 620 prompt. 621- The 'pkcs7' command will now, given the -print_certs flag, output in 622 pem format, all certificates and CRL contained within. This is more 623 of a pre-emtive thing for the new verisign distribution method. I 624 should also note, that this also gives and example in code, of how 625 to do this :-), or for that matter, what is involved in going the 626 other way (list of certs and crl -> pkcs7). 627- Added RSA's DESX to the DES library. It is also available via the 628 EVP_desx_cbc() method and via 'enc desx'. 629 630SSLeay 0.6.1 631 632The main functional changes since 0.6.0 are as follows 633- Bad news, the Microsoft 060 DLL's are not compatable, but the good news is 634 that from now on, I'll keep the .def numbers the same so they will be. 635- RSA private key operations are about 2 times faster that 0.6.0 636- The SSL_CTX now has more fields so default values can be put against 637 it. When an SSL structure is created, these default values are used 638 but can be overwritten. There are defaults for cipher, certificate, 639 private key, verify mode and callback. This means SSL session 640 creation can now be 641 ssl=SSL_new() 642 SSL_set_fd(ssl,sock); 643 SSL_accept(ssl) 644 .... 645 All the other uglyness with having to keep a global copy of the 646 private key and certificate/verify mode in the server is now gone. 647- ssl/ssltest.c - one process talking SSL to its self for testing. 648- Storage of Session-id's can be controled via a session_cache_mode 649 flag. There is also now an automatic default flushing of 650 old session-id's. 651- The X509_cert_verify() function now has another parameter, this 652 should not effect most people but it now means that the reason for 653 the failure to verify is now available via SSL_get_verify_result(ssl). 654 You don't have to use a global variable. 655- SSL_get_app_data() and SSL_set_app_data() can be used to keep some 656 application data against the SSL structure. It is upto the application 657 to free the data. I don't use it, but it is available. 658- SSL_CTX_set_cert_verify_callback() can be used to specify a 659 verify callback function that completly replaces my certificate 660 verification code. Xcert should be able to use this :-). 661 The callback is of the form int app_verify_callback(arg,ssl,cert). 662 This needs to be documented more. 663- I have started playing with shared library builds, have a look in 664 the shlib directory. It is very simple. If you need a numbered 665 list of functions, have a look at misc/crypto.num and misc/ssl.num. 666- There is some stuff to do locking to make the library thread safe. 667 I have only started this stuff and have not finished. If anyone is 668 keen to do so, please send me the patches when finished. 669 670So I have finally made most of the additions to the SSL interface that 671I thought were needed. 672 673There will probably be a pause before I make any non-bug/documentation 674related changes to SSLeay since I'm feeling like a bit of a break. 675 676eric - 12 Jul 1996 677I saw recently a comment by some-one that we now seem to be entering 678the age of perpetual Beta software. 679Pioneered by packages like linux but refined to an art form by 680netscape. 681 682I too wish to join this trend with the anouncement of SSLeay 0.6.0 :-). 683 684There are quite a large number of sections that are 'works in 685progress' in this package. I will also list the major changes and 686what files you should read. 687 688BIO - this is the new IO structure being used everywhere in SSLeay. I 689started out developing this because of microsoft, I wanted a mechanism 690to callback to the application for all IO, so Windows 3.1 DLL 691perversion could be hidden from me and the 15 different ways to write 692to a file under NT would also not be dictated by me at library build 693time. What the 'package' is is an API for a data structure containing 694functions. IO interfaces can be written to conform to the 695specification. This in not intended to hide the underlying data type 696from the application, but to hide it from SSLeay :-). 697I have only really finished testing the FILE * and socket/fd modules. 698There are also 'filter' BIO's. Currently I have only implemented 699message digests, and it is in use in the dgst application. This 700functionality will allow base64/encrypto/buffering modules to be 701'push' into a BIO without it affecting the semantics. I'm also 702working on an SSL BIO which will hide the SSL_accept()/SLL_connet() 703from an event loop which uses the interface. 704It is also possible to 'attach' callbacks to a BIO so they get called 705before and after each operation, alowing extensive debug output 706to be generated (try running dgst with -d). 707 708Unfortunaly in the conversion from 0.5.x to 0.6.0, quite a few 709functions that used to take FILE *, now take BIO *. 710The wrappers are easy to write 711 712function_fp(fp,x) 713FILE *fp; 714 { 715 BIO *b; 716 int ret; 717 718 if ((b=BIO_new(BIO_s_file())) == NULL) error..... 719 BIO_set_fp(b,fp,BIO_NOCLOSE); 720 ret=function_bio(b,x); 721 BIO_free(b); 722 return(ret); 723 } 724Remember, there are no functions that take FILE * in SSLeay when 725compiled for Windows 3.1 DLL's. 726 727-- 728I have added a general EVP_PKEY type that can hold a public/private 729key. This is now what is used by the EVP_ functions and is passed 730around internally. I still have not done the PKCS#8 stuff, but 731X509_PKEY is defined and waiting :-) 732 733-- 734For a full function name listings, have a look at ms/crypt32.def and 735ms/ssl32.def. These are auto-generated but are complete. 736Things like ASN1_INTEGER_get() have been added and are in here if you 737look. I have renamed a few things, again, have a look through the 738function list and you will probably find what you are after. I intend 739to at least put a one line descrition for each one..... 740 741-- 742Microsoft - thats what this release is about, read the MICROSOFT file. 743 744-- 745Multi-threading support. I have started hunting through the code and 746flaging where things need to be done. In a state of work but high on 747the list. 748 749-- 750For random numbers, edit e_os.h and set DEVRANDOM (it's near the top) 751be be you random data device, otherwise 'RFILE' in e_os.h 752will be used, in your home directory. It will be updated 753periodically. The environment variable RANDFILE will override this 754choice and read/write to that file instead. DEVRANDOM is used in 755conjunction to the RFILE/RANDFILE. If you wish to 'seed' the random 756number generator, pick on one of these files. 757 758-- 759 760The list of things to read and do 761 762dgst -d 763s_client -state (this uses a callback placed in the SSL state loop and 764 will be used else-where to help debug/monitor what 765 is happening.) 766 767doc/why.doc 768doc/bio.doc <- hmmm, needs lots of work. 769doc/bss_file.doc <- one that is working :-) 770doc/session.doc <- it has changed 771doc/speed.doc 772 also play with ssleay version -a. I have now added a SSLeay() 773 function that returns a version number, eg 0600 for this release 774 which is primarily to be used to check DLL version against the 775 application. 776util/* Quite a few will not interest people, but some may, like 777 mk1mf.pl, mkdef.pl, 778util/do_ms.sh 779 780try 781cc -Iinclude -Icrypto -c crypto/crypto.c 782cc -Iinclude -Issl -c ssl/ssl.c 783You have just built the SSLeay libraries as 2 object files :-) 784 785Have a general rummage around in the bin stall directory and look at 786what is in there, like CA.sh and c_rehash 787 788There are lots more things but it is 12:30am on a Friday night and I'm 789heading home :-). 790 791eric 22-Jun-1996 792This version has quite a few major bug fixes and improvements. It DOES NOT 793do SSLv3 yet. 794 795The main things changed 796- A Few days ago I added the s_mult application to ssleay which is 797 a demo of an SSL server running in an event loop type thing. 798 It supports non-blocking IO, I have finally gotten it right, SSL_accept() 799 can operate in non-blocking IO mode, look at the code to see how :-). 800 Have a read of doc/s_mult as well. This program leaks memory and 801 file descriptors everywhere but I have not cleaned it up yet. 802 This is a demo of how to do non-blocking IO. 803- The SSL session management has been 'worked over' and there is now 804 quite an expansive set of functions to manipulate them. Have a read of 805 doc/session.doc for some-things I quickly whipped up about how it now works. 806 This assume you know the SSLv2 protocol :-) 807- I can now read/write the netscape certificate format, use the 808 -inform/-outform 'net' options to the x509 command. I have not put support 809 for this type in the other demo programs, but it would be easy to add. 810- asn1parse and 'enc' have been modified so that when reading base64 811 encoded files (pem format), they do not require '-----BEGIN' header lines. 812 The 'enc' program had a buffering bug fixed, it can be used as a general 813 base64 -> binary -> base64 filter by doing 'enc -a -e' and 'enc -a -d' 814 respecivly. Leaving out the '-a' flag in this case makes the 'enc' command 815 into a form of 'cat'. 816- The 'x509' and 'req' programs have been fixed and modified a little so 817 that they generate self-signed certificates correctly. The test 818 script actually generates a 'CA' certificate and then 'signs' a 819 'user' certificate. Have a look at this shell script (test/sstest) 820 to see how things work, it tests most possible combinations of what can 821 be done. 822- The 'SSL_set_pref_cipher()' function has been 'fixed' and the prefered name 823 of SSL_set_cipher_list() is now the correct API (stops confusion :-). 824 If this function is used in the client, only the specified ciphers can 825 be used, with preference given to the order the ciphers were listed. 826 For the server, if this is used, only the specified ciphers will be used 827 to accept connections. If this 'option' is not used, a default set of 828 ciphers will be used. The SSL_CTX_set_cipher_list(SSL_CTX *ctx) sets this 829 list for all ciphers started against the SSL_CTX. So the order is 830 SSL cipher_list, if not present, SSL_CTX cipher list, if not 831 present, then the library default. 832 What this means is that normally ciphers like 833 NULL-MD5 will never be used. The only way this cipher can be used 834 for both ends to specify to use it. 835 To enable or disable ciphers in the library at build time, modify the 836 first field for the cipher in the ssl_ciphers array in ssl/ssl_lib.c. 837 This file also contains the 'pref_cipher' list which is the default 838 cipher preference order. 839- I'm not currently sure if the 'rsa -inform net' and the 'rsa -outform net' 840 options work. They should, and they enable loading and writing the 841 netscape rsa private key format. I will be re-working this section of 842 SSLeay for the next version. What is currently in place is a quick and 843 dirty hack. 844- I've re-written parts of the bignum library. This gives speedups 845 for all platforms. I now provide assembler for use under Windows NT. 846 I have not tested the Windows 3.1 assembler but it is quite simple code. 847 This gives RSAprivate_key operation encryption times of 0.047s (512bit key) 848 and 0.230s (1024bit key) on a pentium 100 which I consider reasonable. 849 Basically the times available under linux/solaris x86 can be achieve under 850 Windows NT. I still don't know how these times compare to RSA's BSAFE 851 library but I have been emailing with people and with their help, I should 852 be able to get my library's quite a bit faster still (more algorithm changes). 853 The object file crypto/bn/asm/x86-32.obj should be used when linking 854 under NT. 855- 'make makefile.one' in the top directory will generate a single makefile 856 called 'makefile.one' This makefile contains no perl references and 857 will build the SSLeay library into the 'tmp' and 'out' directories. 858 util/mk1mf.pl >makefile.one is how this makefile is 859 generated. The mk1mf.pl command take several option to generate the 860 makefile for use with cc, gcc, Visual C++ and Borland C++. This is 861 still under development. I have only build .lib's for NT and MSDOS 862 I will be working on this more. I still need to play with the 863 correct compiler setups for these compilers and add some more stuff but 864 basically if you just want to compile the library 865 on a 'non-unix' platform, this is a very very good file to start with :-). 866 Have a look in the 'microsoft' directory for my current makefiles. 867 I have not yet modified things to link with sockets under Windows NT. 868 You guys should be able to do this since this is actually outside of the 869 SSLeay scope :-). I will be doing it for myself soon. 870 util/mk1mf.pl takes quite a few options including no-rc, rsaref and no-sock 871 to build without RC2/RC4, to require RSAref for linking, and to 872 build with no socket code. 873 874- Oh yes, the cipher that was reported to be compatible with RSA's RC2 cipher 875 that was posted to sci.crypt has been added to the library and SSL. 876 I take the view that if RC2 is going to be included in a standard, 877 I'll include the cipher to make my package complete. 878 There are NO_RC2, NO_RC4 and NO_IDEA macros to remove these ciphers 879 at compile time. I have not tested this recently but it should all work 880 and if you are in the USA and don't want RSA threatening to sue you, 881 you could probably remove the RC4/RC2 code inside these sections. 882 I may in the future include a perl script that does this code 883 removal automatically for those in the USA :-). 884- I have removed all references to sed in the makefiles. So basically, 885 the development environment requires perl and sh. The build environment 886 does not (use the makefile.one makefile). 887 The Configure script still requires perl, this will probably stay that way 888 since I have perl for Windows NT :-). 889 890eric (03-May-1996) 891 892PS Have a look in the VERSION file for more details on the changes and 893 bug fixes. 894I have fixed a few bugs, added alpha and x86 assembler and generally cleaned 895things up. This version will be quite stable, mostly because I'm on 896holidays until 10-March-1996. For any problems in the interum, send email 897to Tim Hudson <tjh@mincom.oz.au>. 898 899SSLeay 0.5.0 900 90112-12-95 902This is going out before it should really be released. 903 904I leave for 11 weeks holidays on the 22-12-95 and so I either sit on 905this for 11 weeks or get things out. It is still going to change a 906lot in the next week so if you do grab this version, please test and 907give me feed back ASAP, inculuding questions on how to do things with 908the library. This will prompt me to write documentation so I don't 909have to answer the same question again :-). 910 911This 'pre' release version is for people who are interested in the 912library. The applications will have to be changed to use 913the new version of the SSL interface. I intend to finish more 914documentation before I leave but until then, look at the programs in 915the apps directory. As far as code goes, it is much much nicer than 916the old version. 917 918The current library works, has no memory leaks (as far as I can tell) 919and is far more bug free that 0.4.5d. There are no global variable of 920consequence (I believe) and I will produce some documentation that 921tell where to look for those people that do want to do multi-threaded 922stuff. 923 924There should be more documentation. Have a look in the 925doc directory. I'll be adding more before I leave, it is a start 926by mostly documents the crypto library. Tim Hudson will update 927the web page ASAP. The spelling and grammar are crap but 928it is better than nothing :-) 929 930Reasons to start playing with version 0.5.0 931- All the programs in the apps directory build into one ssleay binary. 932- There is a new version of the 'req' program that generates certificate 933 requests, there is even documentation for this one :-) 934- There is a demo certification authorithy program. Currently it will 935 look at the simple database and update it. It will generate CRL from 936 the data base. You need to edit the database by hand to revoke a 937 certificate, it is my aim to use perl5/Tk but I don't have time to do 938 this right now. It will generate the certificates but the management 939 scripts still need to be written. This is not a hard task. 940- Things have been cleaned up alot. 941- Have a look at the enc and dgst programs in the apps directory. 942- It supports v3 of x509 certiticates. 943 944 945Major things missing. 946- I have been working on (and thinging about) the distributed x509 947 hierachy problem. I have not had time to put my solution in place. 948 It will have to wait until I come back. 949- I have not put in CRL checking in the certificate verification but 950 it would not be hard to do. I was waiting until I could generate my 951 own CRL (which has only been in the last week) and I don't have time 952 to put it in correctly. 953- Montgomery multiplication need to be implemented. I know the 954 algorithm, just ran out of time. 955- PKCS#7. I can load and write the DER version. I need to re-work 956 things to support BER (if that means nothing, read the ASN1 spec :-). 957- Testing of the higher level digital envelope routines. I have not 958 played with the *_seal() and *_open() type functions. They are 959 written but need testing. The *_sign() and *_verify() functions are 960 rock solid. 961- PEM. Doing this and PKCS#7 have been dependant on the distributed 962 x509 heirachy problem. I started implementing my ideas, got 963 distracted writing a CA program and then ran out of time. I provide 964 the functionality of RSAref at least. 965- Re work the asm. code for the x86. I've changed by low level bignum 966 interface again, so I really need to tweak the x86 stuff. gcc is 967 good enough for the other boxes. 968 969