CHANGES.SSLeay revision 238405
197883SgibbsThis file contains the changes for the SSLeay library up to version 297883Sgibbs0.9.0b. For later changes, see the file "CHANGES". 397883Sgibbs 497883Sgibbs SSLeay CHANGES 5102681Sgibbs ______________ 697883Sgibbs 797883SgibbsChanges between 0.8.x and 0.9.0b 897883Sgibbs 997883Sgibbs10-Apr-1998 1097883Sgibbs 1197883SgibbsI said the next version would go out at easter, and so it shall. 1297883SgibbsI expect a 0.9.1 will follow with portability fixes in the next few weeks. 1397883Sgibbs 1497883SgibbsThis is a quick, meet the deadline. Look to ssl-users for comments on what 1597883Sgibbsis new etc. 1697883Sgibbs 1797883Sgibbseric (about to go bushwalking for the 4 day easter break :-) 1897883Sgibbs 1997883Sgibbs16-Mar-98 2097883Sgibbs - Patch for Cray T90 from Wayne Schroeder <schroede@SDSC.EDU> 2197883Sgibbs - Lots and lots of changes 2297883Sgibbs 2397883Sgibbs29-Jan-98 2497883Sgibbs - ASN1_BIT_STRING_set_bit()/ASN1_BIT_STRING_get_bit() from 2597883Sgibbs Goetz Babin-Ebell <babinebell@trustcenter.de>. 2697883Sgibbs - SSL_version() now returns SSL2_VERSION, SSL3_VERSION or 2797883Sgibbs TLS1_VERSION. 2897883Sgibbs 2997883Sgibbs7-Jan-98 3097883Sgibbs - Finally reworked the cipher string to ciphers again, so it 3197883Sgibbs works correctly 3297883Sgibbs - All the app_data stuff is now ex_data with funcion calls to access. 3397883Sgibbs The index is supplied by a function and 'methods' can be setup 3497883Sgibbs for the types that are called on XXX_new/XXX_free. This lets 3597883Sgibbs applications get notified on creation and destruction. Some of 3697883Sgibbs the RSA methods could be implemented this way and I may do so. 3797883Sgibbs - Oh yes, SSL under perl5 is working at the basic level. 3897883Sgibbs 3997883Sgibbs15-Dec-97 4097883Sgibbs - Warning - the gethostbyname cache is not fully thread safe, 4197883Sgibbs but it should work well enough. 42109588Sgibbs - Major internal reworking of the app_data stuff. More functions 4397883Sgibbs but if you were accessing ->app_data directly, things will 4497883Sgibbs stop working. 4597883Sgibbs - The perlv5 stuff is working. Currently on message digests, 4697883Sgibbs ciphers and the bignum library. 4797883Sgibbs 4897883Sgibbs9-Dec-97 4997883Sgibbs - Modified re-negotiation so that server initated re-neg 5097883Sgibbs will cause a SSL_read() to return -1 should retry. 5197883Sgibbs The danger otherwise was that the server and the 5297883Sgibbs client could end up both trying to read when using non-blocking 5397883Sgibbs sockets. 5497883Sgibbs 5597883Sgibbs4-Dec-97 5697883Sgibbs - Lots of small changes 5797883Sgibbs - Fix for binaray mode in Windows for the FILE BIO, thanks to 5897883Sgibbs Bob Denny <rdenny@dc3.com> 59104023Sgibbs 60104023Sgibbs17-Nov-97 61104023Sgibbs - Quite a few internal cleanups, (removal of errno, and using macros 62104023Sgibbs defined in e_os.h). 63104023Sgibbs - A bug in ca.c, pointed out by yasuyuki-ito@d-cruise.co.jp, where 64104023Sgibbs the automactic naming out output files was being stuffed up. 65104023Sgibbs 66104023Sgibbs29-Oct-97 6797883Sgibbs - The Cast5 cipher has been added. MD5 and SHA-1 are now in assember 68104023Sgibbs for x86. 69104023Sgibbs 70104023Sgibbs21-Oct-97 71104023Sgibbs - Fixed a bug in the BIO_gethostbyname() cache. 72104023Sgibbs 73104023Sgibbs15-Oct-97 74104023Sgibbs - cbc mode for blowfish/des/3des is now in assember. Blowfish asm 75107441Sscottl has also been improved. At this point in time, on the pentium, 76107441Sscottl md5 is %80 faster, the unoptimesed sha-1 is %79 faster, 77107441Sscottl des-cbc is %28 faster, des-ede3-cbc is %9 faster and blowfish-cbc 78107441Sscottl is %62 faster. 79107441Sscottl 80107441Sscottl12-Oct-97 81104023Sgibbs - MEM_BUF_grow() has been fixed so that it always sets the buf->length 82107441Sscottl to the value we are 'growing' to. Think of MEM_BUF_grow() as the 83107441Sscottl way to set the length value correctly. 84107441Sscottl 85107441Sscottl10-Oct-97 86107441Sscottl - I now hash for certificate lookup on the raw DER encoded RDN (md5). 87107441Sscottl This breaks things again :-(. This is efficent since I cache 88107441Sscottl the DER encoding of the RDN. 8997883Sgibbs - The text DN now puts in the numeric OID instead of UNKNOWN. 9097883Sgibbs - req can now process arbitary OIDs in the config file. 9197883Sgibbs - I've been implementing md5 in x86 asm, much faster :-). 9297883Sgibbs - Started sha1 in x86 asm, needs more work. 9397883Sgibbs - Quite a few speedups in the BN stuff. RSA public operation 9497883Sgibbs has been made faster by caching the BN_MONT_CTX structure. 9597883Sgibbs The calulating of the Ai where A*Ai === 1 mod m was rather 9697883Sgibbs expensive. Basically a 40-50% speedup on public operations. 9797883Sgibbs The RSA speedup is now 15% on pentiums and %20 on pentium 98102681Sgibbs pro. 99102681Sgibbs 10097883Sgibbs30-Sep-97 10197883Sgibbs - After doing some profiling, I added x86 adm for bn_add_words(), 10297883Sgibbs which just adds 2 arrays of longs together. A %10 speedup 10397883Sgibbs for 512 and 1024 bit RSA on the pentium pro. 10497883Sgibbs 10597883Sgibbs29-Sep-97 10697883Sgibbs - Converted the x86 bignum assembler to us the perl scripts 10797883Sgibbs for generation. 10897883Sgibbs 10997883Sgibbs23-Sep-97 11097883Sgibbs - If SSL_set_session() is passed a NULL session, it now clears the 11197883Sgibbs current session-id. 112102681Sgibbs 113102681Sgibbs22-Sep-97 114102681Sgibbs - Added a '-ss_cert file' to apps/ca.c. This will sign selfsigned 115102681Sgibbs certificates. 116102681Sgibbs - Bug in crypto/evp/encode.c where by decoding of 65 base64 117102681Sgibbs encoded lines, one line at a time (via a memory BIO) would report 118102681Sgibbs EOF after the first line was decoded. 119102681Sgibbs - Fix in X509_find_by_issuer_and_serial() from 12097883Sgibbs Dr Stephen Henson <shenson@bigfoot.com> 12197883Sgibbs 12297883Sgibbs19-Sep-97 12397883Sgibbs - NO_FP_API and NO_STDIO added. 12497883Sgibbs - Put in sh config command. It auto runs Configure with the correct 12597883Sgibbs parameters. 12697883Sgibbs 12797883Sgibbs18-Sep-97 12897883Sgibbs - Fix x509.c so if a DSA cert has different parameters to its parent, 129102681Sgibbs they are left in place. Not tested yet. 130107441Sscottl 131107441Sscottl16-Sep-97 132102681Sgibbs - ssl_create_cipher_list() had some bugs, fixes from 133102681Sgibbs Patrick Eisenacher <eisenach@stud.uni-frankfurt.de> 134102681Sgibbs - Fixed a bug in the Base64 BIO, where it would return 1 instead 135102681Sgibbs of -1 when end of input was encountered but should retry. 136102681Sgibbs Basically a Base64/Memory BIO interaction problem. 13797883Sgibbs - Added a HMAC set of functions in preporarion for TLS work. 13897883Sgibbs 13997883Sgibbs15-Sep-97 14097883Sgibbs - Top level makefile tweak - Cameron Simpson <cs@zip.com.au> 14197883Sgibbs - Prime generation spead up %25 (512 bit prime, pentium pro linux) 14297883Sgibbs by using montgomery multiplication in the prime number test. 143102681Sgibbs 14497883Sgibbs11-Sep-97 14597883Sgibbs - Ugly bug in ssl3_write_bytes(). Basically if application land 14697883Sgibbs does a SSL_write(ssl,buf,len) where len > 16k, the SSLv3 write code 14797883Sgibbs did not check the size and tried to copy the entire buffer. 14897883Sgibbs This would tend to cause memory overwrites since SSLv3 has 14997883Sgibbs a maximum packet size of 16k. If your program uses 15097883Sgibbs buffers <= 16k, you would probably never see this problem. 15197883Sgibbs - Fixed a few errors that were cause by malloc() not returning 152102681Sgibbs 0 initialised memory.. 153102681Sgibbs - SSL_OP_NETSCAPE_CA_DN_BUG was being switched on when using 15497883Sgibbs SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL); which was a bad thing 15597883Sgibbs since this flags stops SSLeay being able to handle client 15697883Sgibbs cert requests correctly. 15797883Sgibbs 158102681Sgibbs08-Sep-97 15997883Sgibbs - SSL_SESS_CACHE_NO_INTERNAL_LOOKUP option added. When switched 16097883Sgibbs on, the SSL server routines will not use a SSL_SESSION that is 16197883Sgibbs held in it's cache. This in intended to be used with the session-id 16297883Sgibbs callbacks so that while the session-ids are still stored in the 163102681Sgibbs cache, the decision to use them and how to look them up can be 16497883Sgibbs done by the callbacks. The are the 'new', 'get' and 'remove' 16597883Sgibbs callbacks. This can be used to determine the session-id 16697883Sgibbs to use depending on information like which port/host the connection 16797883Sgibbs is coming from. Since the are also SSL_SESSION_set_app_data() and 16897883Sgibbs SSL_SESSION_get_app_data() functions, the application can hold 169102681Sgibbs information against the session-id as well. 170102681Sgibbs 171102681Sgibbs03-Sep-97 172102681Sgibbs - Added lookup of CRLs to the by_dir method, 173102681Sgibbs X509_load_crl_file() also added. Basically it means you can 174102681Sgibbs lookup CRLs via the same system used to lookup certificates. 175107441Sscottl - Changed things so that the X509_NAME structure can contain 176109588Sgibbs ASN.1 BIT_STRINGS which is required for the unique 177109588Sgibbs identifier OID. 178109588Sgibbs - Fixed some problems with the auto flushing of the session-id 179109588Sgibbs cache. It was not occuring on the server side. 180109588Sgibbs 181109588Sgibbs02-Sep-97 182109588Sgibbs - Added SSL_CTX_sess_cache_size(SSL_CTX *ctx,unsigned long size) 183109588Sgibbs which is the maximum number of entries allowed in the 184109588Sgibbs session-id cache. This is enforced with a simple FIFO list. 185109588Sgibbs The default size is 20*1024 entries which is rather large :-). 186109588Sgibbs The Timeout code is still always operating. 187109588Sgibbs 188109588Sgibbs01-Sep-97 189109588Sgibbs - Added an argument to all the 'generate private key/prime` 190109588Sgibbs callbacks. It is the last parameter so this should not 191109588Sgibbs break existing code but it is needed for C++. 192109588Sgibbs - Added the BIO_FLAGS_BASE64_NO_NL flag for the BIO_f_base64() 193107441Sscottl BIO. This lets the BIO read and write base64 encoded data 194107441Sscottl without inserting or looking for '\n' characters. The '-A' 195107441Sscottl flag turns this on when using apps/enc.c. 196107441Sscottl - RSA_NO_PADDING added to help BSAFE functionality. This is a 197107441Sscottl very dangerous thing to use, since RSA private key 198102681Sgibbs operations without random padding bytes (as PKCS#1 adds) can 19997883Sgibbs be attacked such that the private key can be revealed. 20097883Sgibbs - ASN.1 bug and rc2-40-cbc and rc4-40 added by 20197883Sgibbs Dr Stephen Henson <shenson@bigfoot.com> 20297883Sgibbs 20397883Sgibbs31-Aug-97 (stuff added while I was away) 20497883Sgibbs - Linux pthreads by Tim Hudson (tjh@cryptsoft.com). 20597883Sgibbs - RSA_flags() added allowing bypass of pub/priv match check 20697883Sgibbs in ssl/ssl_rsa.c - Tim Hudson. 207102681Sgibbs - A few minor bugs. 208102681Sgibbs 209102681SgibbsSSLeay 0.8.1 released. 210107623Sscottl 211102681Sgibbs19-Jul-97 212102681Sgibbs - Server side initated dynamic renegotiation is broken. I will fix 213102681Sgibbs it when I get back from holidays. 214102681Sgibbs 21597883Sgibbs15-Jul-97 21697883Sgibbs - Quite a few small changes. 21797883Sgibbs - INVALID_SOCKET usage cleanups from Alex Kiernan <alex@hisoft.co.uk> 21897883Sgibbs 21997883Sgibbs09-Jul-97 22097883Sgibbs - Added 2 new values to the SSL info callback. 22197883Sgibbs SSL_CB_START which is passed when the SSL protocol is started 22297883Sgibbs and SSL_CB_DONE when it has finished sucsessfully. 223102681Sgibbs 224102681Sgibbs08-Jul-97 225102681Sgibbs - Fixed a few bugs problems in apps/req.c and crypto/asn1/x_pkey.c 226102681Sgibbs that related to DSA public/private keys. 227102681Sgibbs - Added all the relevent PEM and normal IO functions to support 228102681Sgibbs reading and writing RSAPublic keys. 229102681Sgibbs - Changed makefiles to use ${AR} instead of 'ar r' 23097883Sgibbs 23197883Sgibbs07-Jul-97 23297883Sgibbs - Error in ERR_remove_state() that would leave a dangling reference 23397883Sgibbs to a free()ed location - thanks to Alex Kiernan <alex@hisoft.co.uk> 23497883Sgibbs - s_client now prints the X509_NAMEs passed from the server 23597883Sgibbs when requesting a client cert. 23697883Sgibbs - Added a ssl->type, which is one of SSL_ST_CONNECT or 23797883Sgibbs SSL_ST_ACCEPT. I had to add it so I could tell if I was 238102681Sgibbs a connect or an accept after the handshake had finished. 239102681Sgibbs - SSL_get_client_CA_list(SSL *s) now returns the CA names 240102681Sgibbs passed by the server if called by a client side SSL. 241102681Sgibbs 242102681Sgibbs05-Jul-97 243102681Sgibbs - Bug in X509_NAME_get_text_by_OBJ(), looking starting at index 244102681Sgibbs 0, not -1 :-( Fix from Tim Hudson (tjh@cryptsoft.com). 24597883Sgibbs 24697883Sgibbs04-Jul-97 24797883Sgibbs - Fixed some things in X509_NAME_add_entry(), thanks to 24897883Sgibbs Matthew Donald <matthew@world.net>. 24997883Sgibbs - I had a look at the cipher section and though that it was a 25097883Sgibbs bit confused, so I've changed it. 25197883Sgibbs - I was not setting up the RC4-64-MD5 cipher correctly. It is 25297883Sgibbs a MS special that appears in exported MS Money. 25397883Sgibbs - Error in all my DH ciphers. Section 7.6.7.3 of the SSLv3 254102681Sgibbs spec. I was missing the two byte length header for the 255102681Sgibbs ClientDiffieHellmanPublic value. This is a packet sent from 256102681Sgibbs the client to the server. The SSL_OP_SSLEAY_080_CLIENT_DH_BUG 257102681Sgibbs option will enable SSLeay server side SSLv3 accept either 258102681Sgibbs the correct or my 080 packet format. 259102681Sgibbs - Fixed a few typos in crypto/pem.org. 260102681Sgibbs 261102681Sgibbs02-Jul-97 26297883Sgibbs - Alias mapping for EVP_get_(digest|cipher)byname is now 26397883Sgibbs performed before a lookup for actual cipher. This means 26497883Sgibbs that an alias can be used to 're-direct' a cipher or a 26597883Sgibbs digest. 26697883Sgibbs - ASN1_read_bio() had a bug that only showed up when using a 26797883Sgibbs memory BIO. When EOF is reached in the memory BIO, it is 26897883Sgibbs reported as a -1 with BIO_should_retry() set to true. 26997883Sgibbs 27097883Sgibbs01-Jul-97 27197883Sgibbs - Fixed an error in X509_verify_cert() caused by my 27297883Sgibbs miss-understanding how 'do { contine } while(0);' works. 27397883Sgibbs Thanks to Emil Sit <sit@mit.edu> for educating me :-) 27497883Sgibbs 27597883Sgibbs30-Jun-97 27697883Sgibbs - Base64 decoding error. If the last data line did not end with 27797883Sgibbs a '=', sometimes extra data would be returned. 27897883Sgibbs - Another 'cut and paste' bug in x509.c related to setting up the 27997883Sgibbs STDout BIO. 28097883Sgibbs 28197883Sgibbs27-Jun-97 28297883Sgibbs - apps/ciphers.c was not printing due to an editing error. 28397883Sgibbs - Alex Kiernan <alex@hisoft.co.uk> send in a nice fix for 28497883Sgibbs a library build error in util/mk1mf.pl 285109588Sgibbs 28697883Sgibbs26-Jun-97 28797883Sgibbs - Still did not have the auto 'experimental' code removal 288109588Sgibbs script correct. 28997883Sgibbs - A few header tweaks for Watcom 11.0 under Win32 from 29097883Sgibbs Rolf Lindemann <Lindemann@maz-hh.de> 29197883Sgibbs - 0 length OCTET_STRING bug in asn1_parse 29297883Sgibbs - A minor fix with an non-existent function in the MS .def files. 29397883Sgibbs - A few changes to the PKCS7 stuff. 29497883Sgibbs 295109588Sgibbs25-Jun-97 29697883Sgibbs SSLeay 0.8.0 finally it gets released. 297102681Sgibbs 298102681Sgibbs24-Jun-97 299102681Sgibbs Added a SSL_OP_EPHEMERAL_RSA option which causes all SSLv3 RSA keys to 300102681Sgibbs use a temporary RSA key. This is experimental and needs some more work. 301102681Sgibbs Fixed a few Win16 build problems. 30297883Sgibbs 30397883Sgibbs23-Jun-97 30497883Sgibbs SSLv3 bug. I was not doing the 'lookup' of the CERT structure 30597883Sgibbs correctly. I was taking the SSL->ctx->default_cert when I should 30697883Sgibbs have been using SSL->cert. The bug was in ssl/s3_srvr.c 30797883Sgibbs 308109588Sgibbs20-Jun-97 30997883Sgibbs X509_ATTRIBUTES were being encoded wrongly by apps/reg.c and the 310102681Sgibbs rest of the library. Even though I had the code required to do 311102681Sgibbs it correctly, apps/req.c was doing the wrong thing. I have fixed 312102681Sgibbs and tested everything. 313102681Sgibbs 314102681Sgibbs Missing a few #ifdef FIONBIO sections in crypto/bio/bss_acpt.c. 31597883Sgibbs 31697883Sgibbs19-Jun-97 31797883Sgibbs Fixed a bug in the SSLv2 server side first packet handling. When 31897883Sgibbs using the non-blocking test BIO, the ssl->s2->first_packet flag 31997883Sgibbs was being reset when a would-block failure occurred when reading 32097883Sgibbs the first 5 bytes of the first packet. This caused the checking 321109588Sgibbs logic to run at the wrong time and cause an error. 32297883Sgibbs 32397883Sgibbs Fixed a problem with specifying cipher. If RC4-MD5 were used, 32497883Sgibbs only the SSLv3 version would be picked up. Now this will pick 32597883Sgibbs up both SSLv2 and SSLv3 versions. This required changing the 32697883Sgibbs SSL_CIPHER->mask values so that they only mask the ciphers, 32797883Sgibbs digests, authentication, export type and key-exchange algorithms. 32897883Sgibbs 32997883Sgibbs I found that when a SSLv23 session is established, a reused 33097883Sgibbs session, of type SSLv3 was attempting to write the SSLv2 33197883Sgibbs ciphers, which were invalid. The SSL_METHOD->put_cipher_by_char 33297883Sgibbs method has been modified so it will only write out cipher which 33397883Sgibbs that method knows about. 33497883Sgibbs 33597883Sgibbs 33697883Sgibbs Changes between 0.8.0 and 0.8.1 33797883Sgibbs 33897883Sgibbs *) Mostly bug fixes. 33997883Sgibbs There is an Ephemeral DH cipher problem which is fixed. 34097883Sgibbs 34197883Sgibbs SSLeay 0.8.0 34297883Sgibbs 34397883SgibbsThis version of SSLeay has quite a lot of things different from the 34497883Sgibbsprevious version. 34597883Sgibbs 34697883SgibbsBasically check all callback parameters, I will be producing documentation 34797883Sgibbsabout how to use things in th future. Currently I'm just getting 080 out 34897883Sgibbsthe door. Please not that there are several ways to do everything, and 34997883Sgibbsmost of the applications in the apps directory are hybrids, some using old 35097883Sgibbsmethods and some using new methods. 35197883Sgibbs 35297883SgibbsHave a look in demos/bio for some very simple programs and 35397883Sgibbsapps/s_client.c and apps/s_server.c for some more advanced versions. 35497883SgibbsNotes are definitly needed but they are a week or so away. 35597883Sgibbs 35697883SgibbsAnyway, some quick nots from Tim Hudson (tjh@cryptsoft.com) 35797883Sgibbs--- 35897883SgibbsQuick porting notes for moving from SSLeay-0.6.x to SSLeay-0.8.x to 35997883Sgibbsget those people that want to move to using the new code base off to 36097883Sgibbsa quick start. 36197883Sgibbs 362102681SgibbsNote that Eric has tidied up a lot of the areas of the API that were 363102681Sgibbsless than desirable and renamed quite a few things (as he had to break 364102681Sgibbsthe API in lots of places anyrate). There are a whole pile of additional 365102681Sgibbsfunctions for making dealing with (and creating) certificates a lot 366102681Sgibbscleaner. 367102681Sgibbs 368102681Sgibbs01-Jul-97 369102681SgibbsTim Hudson 370102681Sgibbstjh@cryptsoft.com 371102681Sgibbs 372102681Sgibbs---8<--- 373102681Sgibbs 374102681SgibbsTo maintain code that uses both SSLeay-0.6.x and SSLeay-0.8.x you could 375102681Sgibbsuse something like the following (assuming you #include "crypto.h" which 376102681Sgibbsis something that you really should be doing). 377102681Sgibbs 378102681Sgibbs#if SSLEAY_VERSION_NUMBER >= 0x0800 379102681Sgibbs#define SSLEAY8 380102681Sgibbs#endif 38197883Sgibbs 38297883Sgibbsbuffer.h -> splits into buffer.h and bio.h so you need to include bio.h 38397883Sgibbs too if you are working with BIO internal stuff (as distinct 38497883Sgibbs from simply using the interface in an opaque manner) 38597883Sgibbs 38697883Sgibbs#include "bio.h" - required along with "buffer.h" if you write 38797883Sgibbs your own BIO routines as the buffer and bio 38897883Sgibbs stuff that was intermixed has been separated 389102681Sgibbs out 390102681Sgibbs 391102681Sgibbsenvelope.h -> evp.h (which should have been done ages ago) 392102681Sgibbs 393102681SgibbsInitialisation ... don't forget these or you end up with code that 394102681Sgibbsis missing the bits required to do useful things (like ciphers): 395102681Sgibbs 396102681SgibbsSSLeay_add_ssl_algorithms() 39797883Sgibbs(probably also want SSL_load_error_strings() too but you should have 39897883Sgibbs already had that call in place) 39997883Sgibbs 40097883SgibbsSSL_CTX_new() - requires an extra method parameter 40197883Sgibbs SSL_CTX_new(SSLv23_method()) 40297883Sgibbs SSL_CTX_new(SSLv2_method()) 40397883Sgibbs SSL_CTX_new(SSLv3_method()) 40497883Sgibbs 40597883Sgibbs OR to only have the server or the client code 406102681Sgibbs SSL_CTX_new(SSLv23_server_method()) 407107441Sscottl SSL_CTX_new(SSLv2_server_method()) 408102681Sgibbs SSL_CTX_new(SSLv3_server_method()) 409102681Sgibbs or 410102681Sgibbs SSL_CTX_new(SSLv23_client_method()) 411102681Sgibbs SSL_CTX_new(SSLv2_client_method()) 412102681Sgibbs SSL_CTX_new(SSLv3_client_method()) 413102681Sgibbs 414102681SgibbsSSL_set_default_verify_paths() ... renamed to the more appropriate 415102681SgibbsSSL_CTX_set_default_verify_paths() 416102681Sgibbs 41797883SgibbsIf you want to use client certificates then you have to add in a bit 41897883Sgibbsof extra stuff in that a SSLv3 server sends a list of those CAs that 41997883Sgibbsit will accept certificates from ... so you have to provide a list to 42097883SgibbsSSLeay otherwise certain browsers will not send client certs. 42197883Sgibbs 42297883SgibbsSSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file)); 42397883Sgibbs 42497883Sgibbs 42597883SgibbsX509_NAME_oneline(X) -> X509_NAME_oneline(X,NULL,0) 426102681Sgibbs or provide a buffer and size to copy the 427102681Sgibbs result into 428102681Sgibbs 429102681SgibbsX509_add_cert -> X509_STORE_add_cert (and you might want to read the 430102681Sgibbs notes on X509_NAME structure changes too) 431102681Sgibbs 43297883Sgibbs 43397883SgibbsVERIFICATION CODE 43497883Sgibbs================= 43597883Sgibbs 43697883SgibbsThe codes have all be renamed from VERIFY_ERR_* to X509_V_ERR_* to 43797883Sgibbsmore accurately reflect things. 43897883Sgibbs 43997883SgibbsThe verification callback args are now packaged differently so that 44097883Sgibbsextra fields for verification can be added easily in future without 441102681Sgibbshaving to break things by adding extra parameters each release :-) 442102681Sgibbs 443102681SgibbsX509_cert_verify_error_string -> X509_verify_cert_error_string 444102681Sgibbs 445102681Sgibbs 446102681SgibbsBIO INTERNALS 447102681Sgibbs============= 44897883Sgibbs 44997883SgibbsEric has fixed things so that extra flags can be introduced in 45097883Sgibbsthe BIO layer in future without having to play with all the BIO 45197883Sgibbsmodules by adding in some macros. 45297883Sgibbs 45397883SgibbsThe ugly stuff using 45497883Sgibbs b->flags ~= (BIO_FLAGS_RW|BIO_FLAGS_SHOULD_RETRY) 45597883Sgibbsbecomes 45697883Sgibbs BIO_clear_retry_flags(b) 457102681Sgibbs 458102681Sgibbs b->flags |= (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY) 459102681Sgibbsbecomes 46097883Sgibbs BIO_set_retry_read(b) 46197883Sgibbs 46297883SgibbsAlso ... BIO_get_retry_flags(b), BIO_set_flags(b) 46397883Sgibbs 46497883Sgibbs 46597883Sgibbs 466102681SgibbsOTHER THINGS 467102681Sgibbs============ 468102681Sgibbs 469102681SgibbsX509_NAME has been altered so that it isn't just a STACK ... the STACK 47097883Sgibbsis now in the "entries" field ... and there are a pile of nice functions 47197883Sgibbsfor getting at the details in a much cleaner manner. 47297883Sgibbs 47397883SgibbsSSL_CTX has been altered ... "cert" is no longer a direct member of this 47497883Sgibbsstructure ... things are now down under "cert_store" (see x509_vfy.h) and 47597883Sgibbsthings are no longer in a CERTIFICATE_CTX but instead in a X509_STORE. 47697883SgibbsIf your code "knows" about this level of detail then it will need some 47797883Sgibbssurgery. 47897883Sgibbs 479102681SgibbsIf you depending on the incorrect spelling of a number of the error codes 480102681Sgibbsthen you will have to change your code as these have been fixed. 481102681Sgibbs 48297883SgibbsENV_CIPHER "type" got renamed to "nid" and as that is what it actually 48397883Sgibbshas been all along so this makes things clearer. 48497883Sgibbsify_cert_error_string(ctx->error)); 48597883Sgibbs 48697883SgibbsSSL_R_NO_CIPHER_WE_TRUST -> SSL_R_NO_CIPHER_LIST 48797883Sgibbs and SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 48897883Sgibbs 48997883Sgibbs 49097883Sgibbs 49197883Sgibbs Changes between 0.7.x and 0.8.0 49297883Sgibbs 49397883Sgibbs *) There have been lots of changes, mostly the addition of SSLv3. 49497883Sgibbs There have been many additions from people and amongst 49597883Sgibbs others, C2Net has assisted greatly. 49697883Sgibbs 49797883Sgibbs Changes between 0.7.x and 0.7.x 49897883Sgibbs 49997883Sgibbs *) Internal development version only 50097883Sgibbs 50197883SgibbsSSLeay 0.6.6 13-Jan-1997 50297883Sgibbs 50397883SgibbsThe main additions are 50497883Sgibbs 505107441Sscottl- assember for x86 DES improvments. 506107441Sscottl From 191,000 per second on a pentium 100, I now get 281,000. The inner 507107441Sscottl loop and the IP/FP modifications are from 508107441Sscottl Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>. Many thanks for his 509107441Sscottl contribution. 510107441Sscottl- The 'DES macros' introduced in 0.6.5 now have 3 types. 511107441Sscottl DES_PTR1, DES_PTR2 and 'normal'. As per before, des_opts reports which 512107441Sscottl is best and there is a summery of mine in crypto/des/options.txt 513107441Sscottl- A few bug fixes. 514107441Sscottl- Added blowfish. It is not used by SSL but all the other stuff that 515107441Sscottl deals with ciphers can use it in either ecb, cbc, cfb64 or ofb64 modes. 51697883Sgibbs There are 3 options for optimising Blowfish. BF_PTR, BF_PTR2 and 'normal'. 51797883Sgibbs BF_PTR2 is pentium/x86 specific. The correct option is setup in 51897883Sgibbs the 'Configure' script. 51997883Sgibbs- There is now a 'get client certificate' callback which can be 52097883Sgibbs 'non-blocking'. If more details are required, let me know. It will 52197883Sgibbs documented more in SSLv3 when I finish it. 52297883Sgibbs- Bug fixes from 0.6.5 including the infamous 'ca' bug. The 'make test' 52397883Sgibbs now tests the ca program. 52497883Sgibbs- Lots of little things modified and tweaked. 52597883Sgibbs 52697883Sgibbs SSLeay 0.6.5 52797883Sgibbs 52897883SgibbsAfter quite some time (3 months), the new release. I have been very busy 52997883Sgibbsfor the last few months and so this is mostly bug fixes and improvments. 53097883Sgibbs 53197883SgibbsThe main additions are 53297883Sgibbs 53397883Sgibbs- assember for x86 DES. For all those gcc based systems, this is a big 53497883Sgibbs improvement. From 117,000 DES operation a second on a pentium 100, 53597883Sgibbs I now get 191,000. I have also reworked the C version so it 53697883Sgibbs now gives 148,000 DESs per second. 53797883Sgibbs- As mentioned above, the inner DES macros now have some more variant that 53897883Sgibbs sometimes help, sometimes hinder performance. There are now 3 options 53997883Sgibbs DES_PTR (ptr vs array lookup), DES_UNROLL (full vs partial loop unrolling) 54097883Sgibbs and DES_RISC (a more register intensive version of the inner macro). 54197883Sgibbs The crypto/des/des_opts.c program, when compiled and run, will give 54297883Sgibbs an indication of the correct options to use. 54397883Sgibbs- The BIO stuff has been improved. Read doc/bio.doc. There are now 54497883Sgibbs modules for encryption and base64 encoding and a BIO_printf() function. 54597883Sgibbs- The CA program will accept simple one line X509v3 extensions in the 54697883Sgibbs ssleay.cnf file. Have a look at the example. Currently this just 54797883Sgibbs puts the text into the certificate as an OCTET_STRING so currently 54897883Sgibbs the more advanced X509v3 data types are not handled but this is enough 54997883Sgibbs for the netscape extensions. 55097883Sgibbs- There is the start of a nicer higher level interface to the X509 55197883Sgibbs strucutre. 55297883Sgibbs- Quite a lot of bug fixes. 55397883Sgibbs- CRYPTO_malloc_init() (or CRYPTO_set_mem_functions()) can be used 55497883Sgibbs to define the malloc(), free() and realloc() routines to use 55597883Sgibbs (look in crypto/crypto.h). This is mostly needed for Windows NT/95 when 55697883Sgibbs using DLLs and mixing CRT libraries. 55797883Sgibbs 55897883SgibbsIn general, read the 'VERSION' file for changes and be aware that some of 55997883Sgibbsthe new stuff may not have been tested quite enough yet, so don't just plonk 56097883Sgibbsin SSLeay 0.6.5 when 0.6.4 used to work and expect nothing to break. 56197883Sgibbs 56297883SgibbsSSLeay 0.6.4 30/08/96 eay 56397883Sgibbs 56497883SgibbsI've just finished some test builds on Windows NT, Windows 3.1, Solaris 2.3, 56597883SgibbsSolaris 2.5, Linux, IRIX, HPUX 10 and everthing seems to work :-). 56697883Sgibbs 56797883SgibbsThe main changes in this release 56897883Sgibbs 56997883Sgibbs- Thread safe. have a read of doc/threads.doc and play in the mt directory. 57097883Sgibbs For anyone using 0.6.3 with threads, I found 2 major errors so consider 57197883Sgibbs moving to 0.6.4. I have a test program that builds under NT and 57297883Sgibbs solaris. 57397883Sgibbs- The get session-id callback has changed. Have a read of doc/callback.doc. 57497883Sgibbs- The X509_cert_verify callback (the SSL_verify callback) now 57597883Sgibbs has another argument. Have a read of doc/callback.doc 57697883Sgibbs- 'ca -preserve', sign without re-ordering the DN. Not tested much. 57797883Sgibbs- VMS support. 57897883Sgibbs- Compile time memory leak detection can now be built into SSLeay. 57997883Sgibbs Read doc/memory.doc 58097883Sgibbs- CONF routines now understand '\', '\n', '\r' etc. What this means is that 58197883Sgibbs the SPKAC object mentioned in doc/ns-ca.doc can be on multiple lines. 58297883Sgibbs- 'ssleay ciphers' added, lists the default cipher list for SSLeay. 58397883Sgibbs- RC2 key setup is now compatable with Netscape. 58497883Sgibbs- Modifed server side of SSL implementation, big performance difference when 58597883Sgibbs using session-id reuse. 58697883Sgibbs 58797883Sgibbs0.6.3 58897883Sgibbs 589102681SgibbsBug fixes and the addition of some nice stuff to the 'ca' program. 590102681SgibbsHave a read of doc/ns-ca.doc for how hit has been modified so 591102681Sgibbsit can be driven from a CGI script. The CGI script is not provided, 592102681Sgibbsbut that is just being left as an excersize for the reader :-). 593102681Sgibbs 594102681Sgibbs0.6.2 595102681Sgibbs 596102681SgibbsThis is most bug fixes and functionality improvements. 597102681Sgibbs 598102681SgibbsAdditions are 599102681Sgibbs- More thread debugging patches, the thread stuff is still being 600102681Sgibbs tested, but for those keep to play with stuff, have a look in 601102681Sgibbs crypto/cryptlib.c. The application needs to define 1 (or optionaly 602102681Sgibbs a second) callback that is used to implement locking. Compiling 603102681Sgibbs with LOCK_DEBUG spits out lots of locking crud :-). 604102681Sgibbs This is what I'm currently working on. 605102681Sgibbs- SSL_CTX_set_default_passwd_cb() can be used to define the callback 606102681Sgibbs function used in the SSL*_file() functions used to load keys. I was 607102681Sgibbs always of the opinion that people should call 608102681Sgibbs PEM_read_RSAPrivateKey() and pass the callback they want to use, but 60997883Sgibbs it appears they just want to use the SSL_*_file() function() :-(. 61097883Sgibbs- 'enc' now has a -kfile so a key can be read from a file. This is 61197883Sgibbs mostly used so that the passwd does not appear when using 'ps', 61297883Sgibbs which appears imposible to stop under solaris. 61397883Sgibbs- X509v3 certificates now work correctly. I even have more examples 61497883Sgibbs in my tests :-). There is now a X509_EXTENSION type that is used in 61597883Sgibbs X509v3 certificates and CRLv2. 61697883Sgibbs- Fixed that signature type error :-( 61797883Sgibbs- Fixed quite a few potential memory leaks and problems when reusing 61897883Sgibbs X509, CRL and REQ structures. 61997883Sgibbs- EVP_set_pw_prompt() now sets the library wide default password 62097883Sgibbs prompt. 62197883Sgibbs- The 'pkcs7' command will now, given the -print_certs flag, output in 62297883Sgibbs pem format, all certificates and CRL contained within. This is more 62397883Sgibbs of a pre-emtive thing for the new verisign distribution method. I 62497883Sgibbs should also note, that this also gives and example in code, of how 62597883Sgibbs to do this :-), or for that matter, what is involved in going the 626102681Sgibbs other way (list of certs and crl -> pkcs7). 627102681Sgibbs- Added RSA's DESX to the DES library. It is also available via the 628102681Sgibbs EVP_desx_cbc() method and via 'enc desx'. 629102681Sgibbs 63097883SgibbsSSLeay 0.6.1 63197883Sgibbs 63297883SgibbsThe main functional changes since 0.6.0 are as follows 63397883Sgibbs- Bad news, the Microsoft 060 DLL's are not compatable, but the good news is 63497883Sgibbs that from now on, I'll keep the .def numbers the same so they will be. 63597883Sgibbs- RSA private key operations are about 2 times faster that 0.6.0 63697883Sgibbs- The SSL_CTX now has more fields so default values can be put against 63797883Sgibbs it. When an SSL structure is created, these default values are used 63897883Sgibbs but can be overwritten. There are defaults for cipher, certificate, 63997883Sgibbs private key, verify mode and callback. This means SSL session 64097883Sgibbs creation can now be 64197883Sgibbs ssl=SSL_new() 64297883Sgibbs SSL_set_fd(ssl,sock); 64397883Sgibbs SSL_accept(ssl) 64497883Sgibbs .... 64597883Sgibbs All the other uglyness with having to keep a global copy of the 64697883Sgibbs private key and certificate/verify mode in the server is now gone. 647102681Sgibbs- ssl/ssltest.c - one process talking SSL to its self for testing. 648102681Sgibbs- Storage of Session-id's can be controled via a session_cache_mode 64997883Sgibbs flag. There is also now an automatic default flushing of 65097883Sgibbs old session-id's. 65197883Sgibbs- The X509_cert_verify() function now has another parameter, this 65297883Sgibbs should not effect most people but it now means that the reason for 65397883Sgibbs the failure to verify is now available via SSL_get_verify_result(ssl). 65497883Sgibbs You don't have to use a global variable. 65597883Sgibbs- SSL_get_app_data() and SSL_set_app_data() can be used to keep some 65697883Sgibbs application data against the SSL structure. It is upto the application 65797883Sgibbs to free the data. I don't use it, but it is available. 658102681Sgibbs- SSL_CTX_set_cert_verify_callback() can be used to specify a 659102681Sgibbs verify callback function that completly replaces my certificate 66097883Sgibbs verification code. Xcert should be able to use this :-). 66197883Sgibbs The callback is of the form int app_verify_callback(arg,ssl,cert). 66297883Sgibbs This needs to be documented more. 66397883Sgibbs- I have started playing with shared library builds, have a look in 66497883Sgibbs the shlib directory. It is very simple. If you need a numbered 66597883Sgibbs list of functions, have a look at misc/crypto.num and misc/ssl.num. 66697883Sgibbs- There is some stuff to do locking to make the library thread safe. 66797883Sgibbs I have only started this stuff and have not finished. If anyone is 66897883Sgibbs keen to do so, please send me the patches when finished. 669102681Sgibbs 670102681SgibbsSo I have finally made most of the additions to the SSL interface that 67197883SgibbsI thought were needed. 67297883Sgibbs 67397883SgibbsThere will probably be a pause before I make any non-bug/documentation 67497883Sgibbsrelated changes to SSLeay since I'm feeling like a bit of a break. 67597883Sgibbs 67697883Sgibbseric - 12 Jul 1996 67797883SgibbsI saw recently a comment by some-one that we now seem to be entering 67897883Sgibbsthe age of perpetual Beta software. 67997883SgibbsPioneered by packages like linux but refined to an art form by 680102681Sgibbsnetscape. 681102681Sgibbs 682102681SgibbsI too wish to join this trend with the anouncement of SSLeay 0.6.0 :-). 683102681Sgibbs 684102681SgibbsThere are quite a large number of sections that are 'works in 685102681Sgibbsprogress' in this package. I will also list the major changes and 68697883Sgibbswhat files you should read. 68797883Sgibbs 68897883SgibbsBIO - this is the new IO structure being used everywhere in SSLeay. I 68997883Sgibbsstarted out developing this because of microsoft, I wanted a mechanism 69097883Sgibbsto callback to the application for all IO, so Windows 3.1 DLL 69197883Sgibbsperversion could be hidden from me and the 15 different ways to write 69297883Sgibbsto a file under NT would also not be dictated by me at library build 69397883Sgibbstime. What the 'package' is is an API for a data structure containing 69497883Sgibbsfunctions. IO interfaces can be written to conform to the 695102681Sgibbsspecification. This in not intended to hide the underlying data type 69697883Sgibbsfrom the application, but to hide it from SSLeay :-). 69797883SgibbsI have only really finished testing the FILE * and socket/fd modules. 69897883SgibbsThere are also 'filter' BIO's. Currently I have only implemented 69997883Sgibbsmessage digests, and it is in use in the dgst application. This 70097883Sgibbsfunctionality will allow base64/encrypto/buffering modules to be 70197883Sgibbs'push' into a BIO without it affecting the semantics. I'm also 70297883Sgibbsworking on an SSL BIO which will hide the SSL_accept()/SLL_connet() 70397883Sgibbsfrom an event loop which uses the interface. 70497883SgibbsIt is also possible to 'attach' callbacks to a BIO so they get called 705102681Sgibbsbefore and after each operation, alowing extensive debug output 70697883Sgibbsto be generated (try running dgst with -d). 70797883Sgibbs 70897883SgibbsUnfortunaly in the conversion from 0.5.x to 0.6.0, quite a few 70997883Sgibbsfunctions that used to take FILE *, now take BIO *. 71097883SgibbsThe wrappers are easy to write 71197883Sgibbs 71297883Sgibbsfunction_fp(fp,x) 71397883SgibbsFILE *fp; 71497883Sgibbs { 715102681Sgibbs BIO *b; 71697883Sgibbs int ret; 71797883Sgibbs 71897883Sgibbs if ((b=BIO_new(BIO_s_file())) == NULL) error..... 71997883Sgibbs BIO_set_fp(b,fp,BIO_NOCLOSE); 72097883Sgibbs ret=function_bio(b,x); 72197883Sgibbs BIO_free(b); 72297883Sgibbs return(ret); 72397883Sgibbs } 72497883SgibbsRemember, there are no functions that take FILE * in SSLeay when 725102681Sgibbscompiled for Windows 3.1 DLL's. 726102681Sgibbs 727102681Sgibbs-- 728102681SgibbsI have added a general EVP_PKEY type that can hold a public/private 729102681Sgibbskey. This is now what is used by the EVP_ functions and is passed 730102681Sgibbsaround internally. I still have not done the PKCS#8 stuff, but 73197883SgibbsX509_PKEY is defined and waiting :-) 73297883Sgibbs 73397883Sgibbs-- 73497883SgibbsFor a full function name listings, have a look at ms/crypt32.def and 73597883Sgibbsms/ssl32.def. These are auto-generated but are complete. 73697883SgibbsThings like ASN1_INTEGER_get() have been added and are in here if you 73797883Sgibbslook. I have renamed a few things, again, have a look through the 73897883Sgibbsfunction list and you will probably find what you are after. I intend 73997883Sgibbsto at least put a one line descrition for each one..... 740102681Sgibbs 74197883Sgibbs-- 74297883SgibbsMicrosoft - thats what this release is about, read the MICROSOFT file. 74397883Sgibbs 74497883Sgibbs-- 74597883SgibbsMulti-threading support. I have started hunting through the code and 74697883Sgibbsflaging where things need to be done. In a state of work but high on 74797883Sgibbsthe list. 74897883Sgibbs 74997883Sgibbs-- 750102681SgibbsFor random numbers, edit e_os.h and set DEVRANDOM (it's near the top) 75197883Sgibbsbe be you random data device, otherwise 'RFILE' in e_os.h 75297883Sgibbswill be used, in your home directory. It will be updated 75397883Sgibbsperiodically. The environment variable RANDFILE will override this 75497883Sgibbschoice and read/write to that file instead. DEVRANDOM is used in 75597883Sgibbsconjunction to the RFILE/RANDFILE. If you wish to 'seed' the random 75697883Sgibbsnumber generator, pick on one of these files. 75797883Sgibbs 75897883Sgibbs-- 75997883Sgibbs 760102681SgibbsThe list of things to read and do 76197883Sgibbs 76297883Sgibbsdgst -d 76397883Sgibbss_client -state (this uses a callback placed in the SSL state loop and 76497883Sgibbs will be used else-where to help debug/monitor what 76597883Sgibbs is happening.) 76697883Sgibbs 76797883Sgibbsdoc/why.doc 76897883Sgibbsdoc/bio.doc <- hmmm, needs lots of work. 76997883Sgibbsdoc/bss_file.doc <- one that is working :-) 77097883Sgibbsdoc/session.doc <- it has changed 77197883Sgibbsdoc/speed.doc 77297883Sgibbs also play with ssleay version -a. I have now added a SSLeay() 77397883Sgibbs function that returns a version number, eg 0600 for this release 77497883Sgibbs which is primarily to be used to check DLL version against the 77597883Sgibbs application. 77697883Sgibbsutil/* Quite a few will not interest people, but some may, like 77797883Sgibbs mk1mf.pl, mkdef.pl, 77897883Sgibbsutil/do_ms.sh 779102681Sgibbs 78097883Sgibbstry 78197883Sgibbscc -Iinclude -Icrypto -c crypto/crypto.c 78297883Sgibbscc -Iinclude -Issl -c ssl/ssl.c 78397883SgibbsYou have just built the SSLeay libraries as 2 object files :-) 78497883Sgibbs 78597883SgibbsHave a general rummage around in the bin stall directory and look at 78697883Sgibbswhat is in there, like CA.sh and c_rehash 78797883Sgibbs 78897883SgibbsThere are lots more things but it is 12:30am on a Friday night and I'm 789102681Sgibbsheading home :-). 79097883Sgibbs 79197883Sgibbseric 22-Jun-1996 79297883SgibbsThis version has quite a few major bug fixes and improvements. It DOES NOT 79397883Sgibbsdo SSLv3 yet. 79497883Sgibbs 79597883SgibbsThe main things changed 79697883Sgibbs- A Few days ago I added the s_mult application to ssleay which is 79797883Sgibbs a demo of an SSL server running in an event loop type thing. 79897883Sgibbs It supports non-blocking IO, I have finally gotten it right, SSL_accept() 799102681Sgibbs can operate in non-blocking IO mode, look at the code to see how :-). 80097883Sgibbs Have a read of doc/s_mult as well. This program leaks memory and 80197883Sgibbs file descriptors everywhere but I have not cleaned it up yet. 80297883Sgibbs This is a demo of how to do non-blocking IO. 80397883Sgibbs- The SSL session management has been 'worked over' and there is now 80497883Sgibbs quite an expansive set of functions to manipulate them. Have a read of 80597883Sgibbs doc/session.doc for some-things I quickly whipped up about how it now works. 80697883Sgibbs This assume you know the SSLv2 protocol :-) 80797883Sgibbs- I can now read/write the netscape certificate format, use the 80897883Sgibbs -inform/-outform 'net' options to the x509 command. I have not put support 809102681Sgibbs for this type in the other demo programs, but it would be easy to add. 810102681Sgibbs- asn1parse and 'enc' have been modified so that when reading base64 811102681Sgibbs encoded files (pem format), they do not require '-----BEGIN' header lines. 812102681Sgibbs The 'enc' program had a buffering bug fixed, it can be used as a general 813102681Sgibbs base64 -> binary -> base64 filter by doing 'enc -a -e' and 'enc -a -d' 814102681Sgibbs respecivly. Leaving out the '-a' flag in this case makes the 'enc' command 815102681Sgibbs into a form of 'cat'. 81697883Sgibbs- The 'x509' and 'req' programs have been fixed and modified a little so 81797883Sgibbs that they generate self-signed certificates correctly. The test 81897883Sgibbs script actually generates a 'CA' certificate and then 'signs' a 81997883Sgibbs 'user' certificate. Have a look at this shell script (test/sstest) 82097883Sgibbs to see how things work, it tests most possible combinations of what can 82197883Sgibbs be done. 82297883Sgibbs- The 'SSL_set_pref_cipher()' function has been 'fixed' and the prefered name 82397883Sgibbs of SSL_set_cipher_list() is now the correct API (stops confusion :-). 82497883Sgibbs If this function is used in the client, only the specified ciphers can 82597883Sgibbs be used, with preference given to the order the ciphers were listed. 82697883Sgibbs For the server, if this is used, only the specified ciphers will be used 82797883Sgibbs to accept connections. If this 'option' is not used, a default set of 82897883Sgibbs ciphers will be used. The SSL_CTX_set_cipher_list(SSL_CTX *ctx) sets this 82997883Sgibbs list for all ciphers started against the SSL_CTX. So the order is 83097883Sgibbs SSL cipher_list, if not present, SSL_CTX cipher list, if not 83197883Sgibbs present, then the library default. 83297883Sgibbs What this means is that normally ciphers like 83397883Sgibbs NULL-MD5 will never be used. The only way this cipher can be used 83497883Sgibbs for both ends to specify to use it. 83597883Sgibbs To enable or disable ciphers in the library at build time, modify the 83697883Sgibbs first field for the cipher in the ssl_ciphers array in ssl/ssl_lib.c. 83797883Sgibbs This file also contains the 'pref_cipher' list which is the default 83897883Sgibbs cipher preference order. 83997883Sgibbs- I'm not currently sure if the 'rsa -inform net' and the 'rsa -outform net' 84097883Sgibbs options work. They should, and they enable loading and writing the 84197883Sgibbs netscape rsa private key format. I will be re-working this section of 84297883Sgibbs SSLeay for the next version. What is currently in place is a quick and 84397883Sgibbs dirty hack. 84497883Sgibbs- I've re-written parts of the bignum library. This gives speedups 84597883Sgibbs for all platforms. I now provide assembler for use under Windows NT. 84697883Sgibbs I have not tested the Windows 3.1 assembler but it is quite simple code. 84797883Sgibbs This gives RSAprivate_key operation encryption times of 0.047s (512bit key) 84897883Sgibbs and 0.230s (1024bit key) on a pentium 100 which I consider reasonable. 84997883Sgibbs Basically the times available under linux/solaris x86 can be achieve under 85097883Sgibbs Windows NT. I still don't know how these times compare to RSA's BSAFE 85197883Sgibbs library but I have been emailing with people and with their help, I should 85297883Sgibbs be able to get my library's quite a bit faster still (more algorithm changes). 853102681Sgibbs The object file crypto/bn/asm/x86-32.obj should be used when linking 854102681Sgibbs under NT. 855102681Sgibbs- 'make makefile.one' in the top directory will generate a single makefile 856102681Sgibbs called 'makefile.one' This makefile contains no perl references and 857102681Sgibbs will build the SSLeay library into the 'tmp' and 'out' directories. 858102681Sgibbs util/mk1mf.pl >makefile.one is how this makefile is 859102681Sgibbs generated. The mk1mf.pl command take several option to generate the 860102681Sgibbs makefile for use with cc, gcc, Visual C++ and Borland C++. This is 86197883Sgibbs still under development. I have only build .lib's for NT and MSDOS 86297883Sgibbs I will be working on this more. I still need to play with the 86397883Sgibbs correct compiler setups for these compilers and add some more stuff but 86497883Sgibbs basically if you just want to compile the library 86597883Sgibbs on a 'non-unix' platform, this is a very very good file to start with :-). 86697883Sgibbs Have a look in the 'microsoft' directory for my current makefiles. 86797883Sgibbs I have not yet modified things to link with sockets under Windows NT. 86897883Sgibbs You guys should be able to do this since this is actually outside of the 86997883Sgibbs SSLeay scope :-). I will be doing it for myself soon. 870102681Sgibbs util/mk1mf.pl takes quite a few options including no-rc, rsaref and no-sock 871102681Sgibbs to build without RC2/RC4, to require RSAref for linking, and to 872102681Sgibbs build with no socket code. 873102681Sgibbs 874102681Sgibbs- Oh yes, the cipher that was reported to be compatible with RSA's RC2 cipher 875102681Sgibbs that was posted to sci.crypt has been added to the library and SSL. 876102681Sgibbs I take the view that if RC2 is going to be included in a standard, 877102681Sgibbs I'll include the cipher to make my package complete. 87897883Sgibbs There are NO_RC2, NO_RC4 and NO_IDEA macros to remove these ciphers 87997883Sgibbs at compile time. I have not tested this recently but it should all work 88097883Sgibbs and if you are in the USA and don't want RSA threatening to sue you, 88197883Sgibbs you could probably remove the RC4/RC2 code inside these sections. 88297883Sgibbs I may in the future include a perl script that does this code 88397883Sgibbs removal automatically for those in the USA :-). 88497883Sgibbs- I have removed all references to sed in the makefiles. So basically, 88597883Sgibbs the development environment requires perl and sh. The build environment 88697883Sgibbs does not (use the makefile.one makefile). 887102681Sgibbs The Configure script still requires perl, this will probably stay that way 888102681Sgibbs since I have perl for Windows NT :-). 889102681Sgibbs 890102681Sgibbseric (03-May-1996) 891102681Sgibbs 892102681SgibbsPS Have a look in the VERSION file for more details on the changes and 893102681Sgibbs bug fixes. 894102681SgibbsI have fixed a few bugs, added alpha and x86 assembler and generally cleaned 89597883Sgibbsthings up. This version will be quite stable, mostly because I'm on 89697883Sgibbsholidays until 10-March-1996. For any problems in the interum, send email 89797883Sgibbsto Tim Hudson <tjh@mincom.oz.au>. 89897883Sgibbs 89997883SgibbsSSLeay 0.5.0 90097883Sgibbs 90197883Sgibbs12-12-95 90297883SgibbsThis is going out before it should really be released. 90397883Sgibbs 904102681SgibbsI leave for 11 weeks holidays on the 22-12-95 and so I either sit on 90597883Sgibbsthis for 11 weeks or get things out. It is still going to change a 90697883Sgibbslot in the next week so if you do grab this version, please test and 90797883Sgibbsgive me feed back ASAP, inculuding questions on how to do things with 90897883Sgibbsthe library. This will prompt me to write documentation so I don't 90997883Sgibbshave to answer the same question again :-). 91097883Sgibbs 91197883SgibbsThis 'pre' release version is for people who are interested in the 91297883Sgibbslibrary. The applications will have to be changed to use 91397883Sgibbsthe new version of the SSL interface. I intend to finish more 914102681Sgibbsdocumentation before I leave but until then, look at the programs in 91597883Sgibbsthe apps directory. As far as code goes, it is much much nicer than 91697883Sgibbsthe old version. 91797883Sgibbs 91897883SgibbsThe current library works, has no memory leaks (as far as I can tell) 91997883Sgibbsand is far more bug free that 0.4.5d. There are no global variable of 92097883Sgibbsconsequence (I believe) and I will produce some documentation that 92197883Sgibbstell where to look for those people that do want to do multi-threaded 92297883Sgibbsstuff. 92397883Sgibbs 924102681SgibbsThere should be more documentation. Have a look in the 92597883Sgibbsdoc directory. I'll be adding more before I leave, it is a start 92697883Sgibbsby mostly documents the crypto library. Tim Hudson will update 92797883Sgibbsthe web page ASAP. The spelling and grammar are crap but 92897883Sgibbsit is better than nothing :-) 92997883Sgibbs 93097883SgibbsReasons to start playing with version 0.5.0 93197883Sgibbs- All the programs in the apps directory build into one ssleay binary. 93297883Sgibbs- There is a new version of the 'req' program that generates certificate 93397883Sgibbs requests, there is even documentation for this one :-) 934102681Sgibbs- There is a demo certification authorithy program. Currently it will 935102681Sgibbs look at the simple database and update it. It will generate CRL from 93697883Sgibbs the data base. You need to edit the database by hand to revoke a 93797883Sgibbs certificate, it is my aim to use perl5/Tk but I don't have time to do 93897883Sgibbs this right now. It will generate the certificates but the management 93997883Sgibbs scripts still need to be written. This is not a hard task. 94097883Sgibbs- Things have been cleaned up alot. 94197883Sgibbs- Have a look at the enc and dgst programs in the apps directory. 94297883Sgibbs- It supports v3 of x509 certiticates. 94397883Sgibbs 94497883Sgibbs 945102681SgibbsMajor things missing. 94697883Sgibbs- I have been working on (and thinging about) the distributed x509 94797883Sgibbs hierachy problem. I have not had time to put my solution in place. 94897883Sgibbs It will have to wait until I come back. 94997883Sgibbs- I have not put in CRL checking in the certificate verification but 95097883Sgibbs it would not be hard to do. I was waiting until I could generate my 95197883Sgibbs own CRL (which has only been in the last week) and I don't have time 95297883Sgibbs to put it in correctly. 95397883Sgibbs- Montgomery multiplication need to be implemented. I know the 95497883Sgibbs algorithm, just ran out of time. 955102681Sgibbs- PKCS#7. I can load and write the DER version. I need to re-work 95697883Sgibbs things to support BER (if that means nothing, read the ASN1 spec :-). 95797883Sgibbs- Testing of the higher level digital envelope routines. I have not 95897883Sgibbs played with the *_seal() and *_open() type functions. They are 95997883Sgibbs written but need testing. The *_sign() and *_verify() functions are 96097883Sgibbs rock solid. 96197883Sgibbs- PEM. Doing this and PKCS#7 have been dependant on the distributed 96297883Sgibbs x509 heirachy problem. I started implementing my ideas, got 96397883Sgibbs distracted writing a CA program and then ran out of time. I provide 96497883Sgibbs the functionality of RSAref at least. 965102681Sgibbs- Re work the asm. code for the x86. I've changed by low level bignum 96697883Sgibbs interface again, so I really need to tweak the x86 stuff. gcc is 96797883Sgibbs good enough for the other boxes. 96897883Sgibbs 96997883Sgibbs