NEWS revision 100936
155714Skris 255714Skris NEWS 355714Skris ==== 455714Skris 555714Skris This file gives a brief overview of the major changes between each OpenSSL 655714Skris release. For more details please read the CHANGES file. 755714Skris 8100928Snectar Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d: 989837Skris 1089837Skris o Various SSL/TLS library bugfixes. 11100928Snectar o Fix DH parameter generation for 'non-standard' generators. 12100928Snectar 13100928Snectar Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c: 14100928Snectar 15100928Snectar o Various SSL/TLS library bugfixes. 1689837Skris o BIGNUM library fixes. 1789837Skris o RSA OAEP and random number generation fixes. 1889837Skris o Object identifiers corrected and added. 1989837Skris o Add assembler BN routines for IA64. 2089837Skris o Add support for OS/390 Unix, UnixWare with gcc, OpenUNIX 8, 2189837Skris MIPS Linux; shared library support for Irix, HP-UX. 2289837Skris o Add crypto accelerator support for AEP, Baltimore SureWare, 2389837Skris Broadcom and Cryptographic Appliance's keyserver 2489837Skris [in 0.9.6c-engine release]. 2589837Skris 26100928Snectar Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b: 2779998Skris 2879998Skris o Security fix: PRNG improvements. 2979998Skris o Security fix: RSA OAEP check. 3079998Skris o Security fix: Reinsert and fix countermeasure to Bleichbacher's 3179998Skris attack. 3279998Skris o MIPS bug fix in BIGNUM. 3379998Skris o Bug fix in "openssl enc". 3479998Skris o Bug fix in X.509 printing routine. 3579998Skris o Bug fix in DSA verification routine and DSA S/MIME verification. 3679998Skris o Bug fix to make PRNG thread-safe. 3779998Skris o Bug fix in RAND_file_name(). 3879998Skris o Bug fix in compatibility mode trust settings. 3979998Skris o Bug fix in blowfish EVP. 4079998Skris o Increase default size for BIO buffering filter. 4179998Skris o Compatibility fixes in some scripts. 4279998Skris 4376866Skris Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a: 4476866Skris 4576866Skris o Security fix: change behavior of OpenSSL to avoid using 4676866Skris environment variables when running as root. 4776866Skris o Security fix: check the result of RSA-CRT to reduce the 4876866Skris possibility of deducing the private key from an incorrectly 4976866Skris calculated signature. 5076866Skris o Security fix: prevent Bleichenbacher's DSA attack. 5176866Skris o Security fix: Zero the premaster secret after deriving the 5276866Skris master secret in DH ciphersuites. 5376866Skris o Reimplement SSL_peek(), which had various problems. 5476866Skris o Compatibility fix: the function des_encrypt() renamed to 5576866Skris des_encrypt1() to avoid clashes with some Unixen libc. 5676866Skris o Bug fixes for Win32, HP/UX and Irix. 5776866Skris o Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and 5876866Skris memory checking routines. 59100936Snectar o Bug fixes for RSA operations in threaded environments. 6076866Skris o Bug fixes in misc. openssl applications. 6176866Skris o Remove a few potential memory leaks. 6276866Skris o Add tighter checks of BIGNUM routines. 6376866Skris o Shared library support has been reworked for generality. 6476866Skris o More documentation. 6576866Skris o New function BN_rand_range(). 6676866Skris o Add "-rand" option to openssl s_client and s_server. 6776866Skris 6868651Skris Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6: 6968651Skris 7068651Skris o Some documentation for BIO and SSL libraries. 7168651Skris o Enhanced chain verification using key identifiers. 7268651Skris o New sign and verify options to 'dgst' application. 7368651Skris o Support for DER and PEM encoded messages in 'smime' application. 7468651Skris o New 'rsautl' application, low level RSA utility. 7568651Skris o MD4 now included. 7668651Skris o Bugfix for SSL rollback padding check. 7768651Skris o Support for external crypto devices [1]. 7868651Skris o Enhanced EVP interface. 7968651Skris 8068651Skris [1] The support for external crypto devices is currently a separate 8168651Skris distribution. See the file README.ENGINE. 8268651Skris 8359191Skris Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a: 8459191Skris 8559191Skris o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8 8659191Skris o Shared library support for HPUX and Solaris-gcc 8759191Skris o Support of Linux/IA64 8859191Skris o Assembler support for Mingw32 8959191Skris o New 'rand' application 9059191Skris o New way to check for existence of algorithms from scripts 9159191Skris 9259191Skris Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5: 9359191Skris 9459191Skris o S/MIME support in new 'smime' command 9559191Skris o Documentation for the OpenSSL command line application 9659191Skris o Automation of 'req' application 9759191Skris o Fixes to make s_client, s_server work under Windows 9859191Skris o Support for multiple fieldnames in SPKACs 9959191Skris o New SPKAC command line utilty and associated library functions 10059191Skris o Options to allow passwords to be obtained from various sources 10159191Skris o New public key PEM format and options to handle it 10259191Skris o Many other fixes and enhancements to command line utilities 10359191Skris o Usable certificate chain verification 10459191Skris o Certificate purpose checking 10559191Skris o Certificate trust settings 10659191Skris o Support of authority information access extension 10759191Skris o Extensions in certificate requests 10859191Skris o Simplified X509 name and attribute routines 10959191Skris o Initial (incomplete) support for international character sets 11059191Skris o New DH_METHOD, DSA_METHOD and enhanced RSA_METHOD 11159191Skris o Read only memory BIOs and simplified creation function 11259191Skris o TLS/SSL protocol bugfixes: Accept TLS 'client hello' in SSL 3.0 11359191Skris record; allow fragmentation and interleaving of handshake and other 11459191Skris data 11559191Skris o TLS/SSL code now "tolerates" MS SGC 11659191Skris o Work around for Netscape client certificate hang bug 11759191Skris o RSA_NULL option that removes RSA patent code but keeps other 11859191Skris RSA functionality 11959191Skris o Memory leak detection now allows applications to add extra information 12059191Skris via a per-thread stack 12159191Skris o PRNG robustness improved 12259191Skris o EGD support 12359191Skris o BIGNUM library bug fixes 12459191Skris o Faster DSA parameter generation 12559191Skris o Enhanced support for Alpha Linux 12659191Skris o Experimental MacOS support 12759191Skris 12855714Skris Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4: 12955714Skris 13055714Skris o Transparent support for PKCS#8 format private keys: these are used 13155714Skris by several software packages and are more secure than the standard 13255714Skris form 13355714Skris o PKCS#5 v2.0 implementation 13455714Skris o Password callbacks have a new void * argument for application data 13555714Skris o Avoid various memory leaks 13655714Skris o New pipe-like BIO that allows using the SSL library when actual I/O 13755714Skris must be handled by the application (BIO pair) 13855714Skris 13955714Skris Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3: 14055714Skris o Lots of enhancements and cleanups to the Configuration mechanism 14155714Skris o RSA OEAP related fixes 14255714Skris o Added `openssl ca -revoke' option for revoking a certificate 14355714Skris o Source cleanups: const correctness, type-safe stacks and ASN.1 SETs 14455714Skris o Source tree cleanups: removed lots of obsolete files 14555714Skris o Thawte SXNet, certificate policies and CRL distribution points 14655714Skris extension support 14755714Skris o Preliminary (experimental) S/MIME support 14855714Skris o Support for ASN.1 UTF8String and VisibleString 14955714Skris o Full integration of PKCS#12 code 15055714Skris o Sparc assembler bignum implementation, optimized hash functions 15155714Skris o Option to disable selected ciphers 15255714Skris 15355714Skris Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b: 15455714Skris o Fixed a security hole related to session resumption 15555714Skris o Fixed RSA encryption routines for the p < q case 15655714Skris o "ALL" in cipher lists now means "everything except NULL ciphers" 15755714Skris o Support for Triple-DES CBCM cipher 15855714Skris o Support of Optimal Asymmetric Encryption Padding (OAEP) for RSA 15955714Skris o First support for new TLSv1 ciphers 16055714Skris o Added a few new BIOs (syslog BIO, reliable BIO) 16155714Skris o Extended support for DSA certificate/keys. 16255714Skris o Extended support for Certificate Signing Requests (CSR) 16355714Skris o Initial support for X.509v3 extensions 16455714Skris o Extended support for compression inside the SSL record layer 16555714Skris o Overhauled Win32 builds 16655714Skris o Cleanups and fixes to the Big Number (BN) library 16755714Skris o Support for ASN.1 GeneralizedTime 16855714Skris o Splitted ASN.1 SETs from SEQUENCEs 16955714Skris o ASN1 and PEM support for Netscape Certificate Sequences 17055714Skris o Overhauled Perl interface 17155714Skris o Lots of source tree cleanups. 17255714Skris o Lots of memory leak fixes. 17355714Skris o Lots of bug fixes. 17455714Skris 17555714Skris Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c: 17655714Skris o Integration of the popular NO_RSA/NO_DSA patches 17755714Skris o Initial support for compression inside the SSL record layer 17855714Skris o Added BIO proxy and filtering functionality 17955714Skris o Extended Big Number (BN) library 18055714Skris o Added RIPE MD160 message digest 18155714Skris o Addeed support for RC2/64bit cipher 18255714Skris o Extended ASN.1 parser routines 18355714Skris o Adjustations of the source tree for CVS 18455714Skris o Support for various new platforms 18555714Skris 186