NEWS revision 89837
1 2 NEWS 3 ==== 4 5 This file gives a brief overview of the major changes between each OpenSSL 6 release. For more details please read the CHANGES file. 7 8 Changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c: 9 10 o Various SSL/TLS library bugfixes. 11 o BIGNUM library fixes. 12 o RSA OAEP and random number generation fixes. 13 o Object identifiers corrected and added. 14 o Add assembler BN routines for IA64. 15 o Add support for OS/390 Unix, UnixWare with gcc, OpenUNIX 8, 16 MIPS Linux; shared library support for Irix, HP-UX. 17 o Add crypto accelerator support for AEP, Baltimore SureWare, 18 Broadcom and Cryptographic Appliance's keyserver 19 [in 0.9.6c-engine release]. 20 21 Changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b: 22 23 o Security fix: PRNG improvements. 24 o Security fix: RSA OAEP check. 25 o Security fix: Reinsert and fix countermeasure to Bleichbacher's 26 attack. 27 o MIPS bug fix in BIGNUM. 28 o Bug fix in "openssl enc". 29 o Bug fix in X.509 printing routine. 30 o Bug fix in DSA verification routine and DSA S/MIME verification. 31 o Bug fix to make PRNG thread-safe. 32 o Bug fix in RAND_file_name(). 33 o Bug fix in compatibility mode trust settings. 34 o Bug fix in blowfish EVP. 35 o Increase default size for BIO buffering filter. 36 o Compatibility fixes in some scripts. 37 38 Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a: 39 40 o Security fix: change behavior of OpenSSL to avoid using 41 environment variables when running as root. 42 o Security fix: check the result of RSA-CRT to reduce the 43 possibility of deducing the private key from an incorrectly 44 calculated signature. 45 o Security fix: prevent Bleichenbacher's DSA attack. 46 o Security fix: Zero the premaster secret after deriving the 47 master secret in DH ciphersuites. 48 o Reimplement SSL_peek(), which had various problems. 49 o Compatibility fix: the function des_encrypt() renamed to 50 des_encrypt1() to avoid clashes with some Unixen libc. 51 o Bug fixes for Win32, HP/UX and Irix. 52 o Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and 53 memory checking routines. 54 o Bug fixes for RSA operations in threaded enviroments. 55 o Bug fixes in misc. openssl applications. 56 o Remove a few potential memory leaks. 57 o Add tighter checks of BIGNUM routines. 58 o Shared library support has been reworked for generality. 59 o More documentation. 60 o New function BN_rand_range(). 61 o Add "-rand" option to openssl s_client and s_server. 62 63 Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6: 64 65 o Some documentation for BIO and SSL libraries. 66 o Enhanced chain verification using key identifiers. 67 o New sign and verify options to 'dgst' application. 68 o Support for DER and PEM encoded messages in 'smime' application. 69 o New 'rsautl' application, low level RSA utility. 70 o MD4 now included. 71 o Bugfix for SSL rollback padding check. 72 o Support for external crypto devices [1]. 73 o Enhanced EVP interface. 74 75 [1] The support for external crypto devices is currently a separate 76 distribution. See the file README.ENGINE. 77 78 Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a: 79 80 o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8 81 o Shared library support for HPUX and Solaris-gcc 82 o Support of Linux/IA64 83 o Assembler support for Mingw32 84 o New 'rand' application 85 o New way to check for existence of algorithms from scripts 86 87 Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5: 88 89 o S/MIME support in new 'smime' command 90 o Documentation for the OpenSSL command line application 91 o Automation of 'req' application 92 o Fixes to make s_client, s_server work under Windows 93 o Support for multiple fieldnames in SPKACs 94 o New SPKAC command line utilty and associated library functions 95 o Options to allow passwords to be obtained from various sources 96 o New public key PEM format and options to handle it 97 o Many other fixes and enhancements to command line utilities 98 o Usable certificate chain verification 99 o Certificate purpose checking 100 o Certificate trust settings 101 o Support of authority information access extension 102 o Extensions in certificate requests 103 o Simplified X509 name and attribute routines 104 o Initial (incomplete) support for international character sets 105 o New DH_METHOD, DSA_METHOD and enhanced RSA_METHOD 106 o Read only memory BIOs and simplified creation function 107 o TLS/SSL protocol bugfixes: Accept TLS 'client hello' in SSL 3.0 108 record; allow fragmentation and interleaving of handshake and other 109 data 110 o TLS/SSL code now "tolerates" MS SGC 111 o Work around for Netscape client certificate hang bug 112 o RSA_NULL option that removes RSA patent code but keeps other 113 RSA functionality 114 o Memory leak detection now allows applications to add extra information 115 via a per-thread stack 116 o PRNG robustness improved 117 o EGD support 118 o BIGNUM library bug fixes 119 o Faster DSA parameter generation 120 o Enhanced support for Alpha Linux 121 o Experimental MacOS support 122 123 Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4: 124 125 o Transparent support for PKCS#8 format private keys: these are used 126 by several software packages and are more secure than the standard 127 form 128 o PKCS#5 v2.0 implementation 129 o Password callbacks have a new void * argument for application data 130 o Avoid various memory leaks 131 o New pipe-like BIO that allows using the SSL library when actual I/O 132 must be handled by the application (BIO pair) 133 134 Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3: 135 o Lots of enhancements and cleanups to the Configuration mechanism 136 o RSA OEAP related fixes 137 o Added `openssl ca -revoke' option for revoking a certificate 138 o Source cleanups: const correctness, type-safe stacks and ASN.1 SETs 139 o Source tree cleanups: removed lots of obsolete files 140 o Thawte SXNet, certificate policies and CRL distribution points 141 extension support 142 o Preliminary (experimental) S/MIME support 143 o Support for ASN.1 UTF8String and VisibleString 144 o Full integration of PKCS#12 code 145 o Sparc assembler bignum implementation, optimized hash functions 146 o Option to disable selected ciphers 147 148 Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b: 149 o Fixed a security hole related to session resumption 150 o Fixed RSA encryption routines for the p < q case 151 o "ALL" in cipher lists now means "everything except NULL ciphers" 152 o Support for Triple-DES CBCM cipher 153 o Support of Optimal Asymmetric Encryption Padding (OAEP) for RSA 154 o First support for new TLSv1 ciphers 155 o Added a few new BIOs (syslog BIO, reliable BIO) 156 o Extended support for DSA certificate/keys. 157 o Extended support for Certificate Signing Requests (CSR) 158 o Initial support for X.509v3 extensions 159 o Extended support for compression inside the SSL record layer 160 o Overhauled Win32 builds 161 o Cleanups and fixes to the Big Number (BN) library 162 o Support for ASN.1 GeneralizedTime 163 o Splitted ASN.1 SETs from SEQUENCEs 164 o ASN1 and PEM support for Netscape Certificate Sequences 165 o Overhauled Perl interface 166 o Lots of source tree cleanups. 167 o Lots of memory leak fixes. 168 o Lots of bug fixes. 169 170 Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c: 171 o Integration of the popular NO_RSA/NO_DSA patches 172 o Initial support for compression inside the SSL record layer 173 o Added BIO proxy and filtering functionality 174 o Extended Big Number (BN) library 175 o Added RIPE MD160 message digest 176 o Addeed support for RC2/64bit cipher 177 o Extended ASN.1 parser routines 178 o Adjustations of the source tree for CVS 179 o Support for various new platforms 180 181