NEWS revision 101618
1 2 NEWS 3 ==== 4 5 This file gives a brief overview of the major changes between each OpenSSL 6 release. For more details please read the CHANGES file. 7 8 Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g: 9 10 o Important building fixes on Unix. 11 12 Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f: 13 14 o Various important bugfixes. 15 16 Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e: 17 18 o Important security related bugfixes. 19 o Various SSL/TLS library bugfixes. 20 21 Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d: 22 23 o Various SSL/TLS library bugfixes. 24 o Fix DH parameter generation for 'non-standard' generators. 25 26 Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c: 27 28 o Various SSL/TLS library bugfixes. 29 o BIGNUM library fixes. 30 o RSA OAEP and random number generation fixes. 31 o Object identifiers corrected and added. 32 o Add assembler BN routines for IA64. 33 o Add support for OS/390 Unix, UnixWare with gcc, OpenUNIX 8, 34 MIPS Linux; shared library support for Irix, HP-UX. 35 o Add crypto accelerator support for AEP, Baltimore SureWare, 36 Broadcom and Cryptographic Appliance's keyserver 37 [in 0.9.6c-engine release]. 38 39 Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b: 40 41 o Security fix: PRNG improvements. 42 o Security fix: RSA OAEP check. 43 o Security fix: Reinsert and fix countermeasure to Bleichbacher's 44 attack. 45 o MIPS bug fix in BIGNUM. 46 o Bug fix in "openssl enc". 47 o Bug fix in X.509 printing routine. 48 o Bug fix in DSA verification routine and DSA S/MIME verification. 49 o Bug fix to make PRNG thread-safe. 50 o Bug fix in RAND_file_name(). 51 o Bug fix in compatibility mode trust settings. 52 o Bug fix in blowfish EVP. 53 o Increase default size for BIO buffering filter. 54 o Compatibility fixes in some scripts. 55 56 Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a: 57 58 o Security fix: change behavior of OpenSSL to avoid using 59 environment variables when running as root. 60 o Security fix: check the result of RSA-CRT to reduce the 61 possibility of deducing the private key from an incorrectly 62 calculated signature. 63 o Security fix: prevent Bleichenbacher's DSA attack. 64 o Security fix: Zero the premaster secret after deriving the 65 master secret in DH ciphersuites. 66 o Reimplement SSL_peek(), which had various problems. 67 o Compatibility fix: the function des_encrypt() renamed to 68 des_encrypt1() to avoid clashes with some Unixen libc. 69 o Bug fixes for Win32, HP/UX and Irix. 70 o Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and 71 memory checking routines. 72 o Bug fixes for RSA operations in threaded environments. 73 o Bug fixes in misc. openssl applications. 74 o Remove a few potential memory leaks. 75 o Add tighter checks of BIGNUM routines. 76 o Shared library support has been reworked for generality. 77 o More documentation. 78 o New function BN_rand_range(). 79 o Add "-rand" option to openssl s_client and s_server. 80 81 Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6: 82 83 o Some documentation for BIO and SSL libraries. 84 o Enhanced chain verification using key identifiers. 85 o New sign and verify options to 'dgst' application. 86 o Support for DER and PEM encoded messages in 'smime' application. 87 o New 'rsautl' application, low level RSA utility. 88 o MD4 now included. 89 o Bugfix for SSL rollback padding check. 90 o Support for external crypto devices [1]. 91 o Enhanced EVP interface. 92 93 [1] The support for external crypto devices is currently a separate 94 distribution. See the file README.ENGINE. 95 96 Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a: 97 98 o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8 99 o Shared library support for HPUX and Solaris-gcc 100 o Support of Linux/IA64 101 o Assembler support for Mingw32 102 o New 'rand' application 103 o New way to check for existence of algorithms from scripts 104 105 Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5: 106 107 o S/MIME support in new 'smime' command 108 o Documentation for the OpenSSL command line application 109 o Automation of 'req' application 110 o Fixes to make s_client, s_server work under Windows 111 o Support for multiple fieldnames in SPKACs 112 o New SPKAC command line utilty and associated library functions 113 o Options to allow passwords to be obtained from various sources 114 o New public key PEM format and options to handle it 115 o Many other fixes and enhancements to command line utilities 116 o Usable certificate chain verification 117 o Certificate purpose checking 118 o Certificate trust settings 119 o Support of authority information access extension 120 o Extensions in certificate requests 121 o Simplified X509 name and attribute routines 122 o Initial (incomplete) support for international character sets 123 o New DH_METHOD, DSA_METHOD and enhanced RSA_METHOD 124 o Read only memory BIOs and simplified creation function 125 o TLS/SSL protocol bugfixes: Accept TLS 'client hello' in SSL 3.0 126 record; allow fragmentation and interleaving of handshake and other 127 data 128 o TLS/SSL code now "tolerates" MS SGC 129 o Work around for Netscape client certificate hang bug 130 o RSA_NULL option that removes RSA patent code but keeps other 131 RSA functionality 132 o Memory leak detection now allows applications to add extra information 133 via a per-thread stack 134 o PRNG robustness improved 135 o EGD support 136 o BIGNUM library bug fixes 137 o Faster DSA parameter generation 138 o Enhanced support for Alpha Linux 139 o Experimental MacOS support 140 141 Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4: 142 143 o Transparent support for PKCS#8 format private keys: these are used 144 by several software packages and are more secure than the standard 145 form 146 o PKCS#5 v2.0 implementation 147 o Password callbacks have a new void * argument for application data 148 o Avoid various memory leaks 149 o New pipe-like BIO that allows using the SSL library when actual I/O 150 must be handled by the application (BIO pair) 151 152 Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3: 153 o Lots of enhancements and cleanups to the Configuration mechanism 154 o RSA OEAP related fixes 155 o Added `openssl ca -revoke' option for revoking a certificate 156 o Source cleanups: const correctness, type-safe stacks and ASN.1 SETs 157 o Source tree cleanups: removed lots of obsolete files 158 o Thawte SXNet, certificate policies and CRL distribution points 159 extension support 160 o Preliminary (experimental) S/MIME support 161 o Support for ASN.1 UTF8String and VisibleString 162 o Full integration of PKCS#12 code 163 o Sparc assembler bignum implementation, optimized hash functions 164 o Option to disable selected ciphers 165 166 Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b: 167 o Fixed a security hole related to session resumption 168 o Fixed RSA encryption routines for the p < q case 169 o "ALL" in cipher lists now means "everything except NULL ciphers" 170 o Support for Triple-DES CBCM cipher 171 o Support of Optimal Asymmetric Encryption Padding (OAEP) for RSA 172 o First support for new TLSv1 ciphers 173 o Added a few new BIOs (syslog BIO, reliable BIO) 174 o Extended support for DSA certificate/keys. 175 o Extended support for Certificate Signing Requests (CSR) 176 o Initial support for X.509v3 extensions 177 o Extended support for compression inside the SSL record layer 178 o Overhauled Win32 builds 179 o Cleanups and fixes to the Big Number (BN) library 180 o Support for ASN.1 GeneralizedTime 181 o Splitted ASN.1 SETs from SEQUENCEs 182 o ASN1 and PEM support for Netscape Certificate Sequences 183 o Overhauled Perl interface 184 o Lots of source tree cleanups. 185 o Lots of memory leak fixes. 186 o Lots of bug fixes. 187 188 Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c: 189 o Integration of the popular NO_RSA/NO_DSA patches 190 o Initial support for compression inside the SSL record layer 191 o Added BIO proxy and filtering functionality 192 o Extended Big Number (BN) library 193 o Added RIPE MD160 message digest 194 o Addeed support for RC2/64bit cipher 195 o Extended ASN.1 parser routines 196 o Adjustations of the source tree for CVS 197 o Support for various new platforms 198 199