"Fossies" - the Fresh Open Source Software Archive

Member "openssl-1.0.2q/CHANGES.SSLeay" (20 Nov 2018, 42751 Bytes) of package /linux/misc/openssl-1.0.2q.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 This file contains the changes for the SSLeay library up to version
    2 0.9.0b. For later changes, see the file "CHANGES".
    3 
    4   SSLeay CHANGES
    5   ______________
    6 
    7 Changes between 0.8.x and 0.9.0b
    8 
    9 10-Apr-1998
   10 
   11 I said the next version would go out at easter, and so it shall.
   12 I expect a 0.9.1 will follow with portability fixes in the next few weeks.
   13 
   14 This is a quick, meet the deadline.  Look to ssl-users for comments on what
   15 is new etc.
   16 
   17 eric (about to go bushwalking for the 4 day easter break :-)
   18 
   19 16-Mar-98
   20     - Patch for Cray T90 from Wayne Schroeder <schroede@SDSC.EDU>
   21     - Lots and lots of changes
   22 
   23 29-Jan-98
   24     - ASN1_BIT_STRING_set_bit()/ASN1_BIT_STRING_get_bit() from
   25       Goetz Babin-Ebell <babinebell@trustcenter.de>.
   26     - SSL_version() now returns SSL2_VERSION, SSL3_VERSION or
   27       TLS1_VERSION.
   28 
   29 7-Jan-98
   30     - Finally reworked the cipher string to ciphers again, so it
   31       works correctly
   32     - All the app_data stuff is now ex_data with funcion calls to access.
   33       The index is supplied by a function and 'methods' can be setup
   34       for the types that are called on XXX_new/XXX_free.  This lets
   35       applications get notified on creation and destruction.  Some of
   36       the RSA methods could be implemented this way and I may do so.
   37     - Oh yes, SSL under perl5 is working at the basic level.
   38 
   39 15-Dec-97
   40     - Warning - the gethostbyname cache is not fully thread safe,
   41       but it should work well enough.
   42     - Major internal reworking of the app_data stuff.  More functions
   43       but if you were accessing ->app_data directly, things will
   44       stop working.
   45     - The perlv5 stuff is working.  Currently on message digests,
   46       ciphers and the bignum library.
   47 
   48 9-Dec-97
   49     - Modified re-negotiation so that server initated re-neg
   50       will cause a SSL_read() to return -1 should retry.
   51       The danger otherwise was that the server and the
   52       client could end up both trying to read when using non-blocking
   53       sockets.
   54 
   55 4-Dec-97
   56     - Lots of small changes
   57     - Fix for binaray mode in Windows for the FILE BIO, thanks to
   58       Bob Denny <rdenny@dc3.com>
   59 
   60 17-Nov-97
   61     - Quite a few internal cleanups, (removal of errno, and using macros
   62       defined in e_os.h).
   63     - A bug in ca.c, pointed out by yasuyuki-ito@d-cruise.co.jp, where
   64       the automactic naming out output files was being stuffed up.
   65 
   66 29-Oct-97
   67     - The Cast5 cipher has been added.  MD5 and SHA-1 are now in assember
   68       for x86.
   69 
   70 21-Oct-97
   71     - Fixed a bug in the BIO_gethostbyname() cache.
   72 
   73 15-Oct-97
   74     - cbc mode for blowfish/des/3des is now in assember.  Blowfish asm
   75       has also been improved.  At this point in time, on the pentium,
   76       md5 is %80 faster, the unoptimesed sha-1 is %79 faster,
   77       des-cbc is %28 faster, des-ede3-cbc is %9 faster and blowfish-cbc
   78       is %62 faster.
   79 
   80 12-Oct-97
   81     - MEM_BUF_grow() has been fixed so that it always sets the buf->length
   82       to the value we are 'growing' to.  Think of MEM_BUF_grow() as the
   83       way to set the length value correctly.
   84 
   85 10-Oct-97
   86     - I now hash for certificate lookup on the raw DER encoded RDN (md5).
   87       This breaks things again :-(.  This is efficent since I cache
   88       the DER encoding of the RDN.
   89     - The text DN now puts in the numeric OID instead of UNKNOWN.
   90     - req can now process arbitary OIDs in the config file.
   91     - I've been implementing md5 in x86 asm, much faster :-).
   92     - Started sha1 in x86 asm, needs more work.
   93     - Quite a few speedups in the BN stuff.  RSA public operation
   94       has been made faster by caching the BN_MONT_CTX structure.
   95       The calulating of the Ai where A*Ai === 1 mod m was rather
   96       expensive.  Basically a 40-50% speedup on public operations.
   97       The RSA speedup is now 15% on pentiums and %20 on pentium
   98       pro.
   99 
  100 30-Sep-97
  101     - After doing some profiling, I added x86 adm for bn_add_words(),
  102       which just adds 2 arrays of longs together.  A %10 speedup
  103       for 512 and 1024 bit RSA on the pentium pro.
  104 
  105 29-Sep-97
  106     - Converted the x86 bignum assembler to us the perl scripts
  107       for generation.
  108 
  109 23-Sep-97
  110     - If SSL_set_session() is passed a NULL session, it now clears the
  111       current session-id.
  112 
  113 22-Sep-97
  114     - Added a '-ss_cert file' to apps/ca.c.  This will sign selfsigned
  115       certificates.
  116     - Bug in crypto/evp/encode.c where by decoding of 65 base64
  117       encoded lines, one line at a time (via a memory BIO) would report
  118       EOF after the first line was decoded.
  119     - Fix in X509_find_by_issuer_and_serial() from
  120       Dr Stephen Henson <shenson@bigfoot.com>
  121 
  122 19-Sep-97
  123     - NO_FP_API and NO_STDIO added.
  124     - Put in sh config command.  It auto runs Configure with the correct
  125       parameters.
  126 
  127 18-Sep-97
  128     - Fix x509.c so if a DSA cert has different parameters to its parent,
  129       they are left in place.  Not tested yet.
  130 
  131 16-Sep-97
  132     - ssl_create_cipher_list() had some bugs, fixes from
  133       Patrick Eisenacher <eisenach@stud.uni-frankfurt.de>
  134     - Fixed a bug in the Base64 BIO, where it would return 1 instead
  135       of -1 when end of input was encountered but should retry.
  136       Basically a Base64/Memory BIO interaction problem.
  137     - Added a HMAC set of functions in preporarion for TLS work.
  138 
  139 15-Sep-97
  140     - Top level makefile tweak - Cameron Simpson <cs@zip.com.au>
  141     - Prime generation spead up %25 (512 bit prime, pentium pro linux)
  142       by using montgomery multiplication in the prime number test.
  143 
  144 11-Sep-97
  145     - Ugly bug in ssl3_write_bytes().  Basically if application land
  146       does a SSL_write(ssl,buf,len) where len > 16k, the SSLv3 write code
  147       did not check the size and tried to copy the entire buffer.
  148       This would tend to cause memory overwrites since SSLv3 has
  149       a maximum packet size of 16k.  If your program uses
  150       buffers <= 16k, you would probably never see this problem.
  151     - Fixed a few errors that were cause by malloc() not returning
  152       0 initialised memory..
  153     - SSL_OP_NETSCAPE_CA_DN_BUG was being switched on when using
  154       SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL); which was a bad thing
  155       since this flags stops SSLeay being able to handle client
  156       cert requests correctly.
  157 
  158 08-Sep-97
  159     - SSL_SESS_CACHE_NO_INTERNAL_LOOKUP option added.  When switched
  160       on, the SSL server routines will not use a SSL_SESSION that is
  161       held in it's cache.  This in intended to be used with the session-id
  162       callbacks so that while the session-ids are still stored in the
  163       cache, the decision to use them and how to look them up can be
  164       done by the callbacks.  The are the 'new', 'get' and 'remove'
  165       callbacks.  This can be used to determine the session-id
  166       to use depending on information like which port/host the connection
  167       is coming from.  Since the are also SSL_SESSION_set_app_data() and
  168       SSL_SESSION_get_app_data() functions, the application can hold
  169       information against the session-id as well.
  170 
  171 03-Sep-97
  172     - Added lookup of CRLs to the by_dir method,
  173       X509_load_crl_file() also added.  Basically it means you can
  174       lookup CRLs via the same system used to lookup certificates.
  175     - Changed things so that the X509_NAME structure can contain
  176       ASN.1 BIT_STRINGS which is required for the unique
  177       identifier OID.
  178     - Fixed some problems with the auto flushing of the session-id
  179       cache.  It was not occuring on the server side.
  180 
  181 02-Sep-97
  182     - Added SSL_CTX_sess_cache_size(SSL_CTX *ctx,unsigned long size)
  183       which is the maximum number of entries allowed in the
  184       session-id cache.  This is enforced with a simple FIFO list.
  185       The default size is 20*1024 entries which is rather large :-).
  186       The Timeout code is still always operating.
  187 
  188 01-Sep-97
  189     - Added an argument to all the 'generate private key/prime`
  190       callbacks.  It is the last parameter so this should not
  191       break existing code but it is needed for C++.
  192     - Added the BIO_FLAGS_BASE64_NO_NL flag for the BIO_f_base64()
  193       BIO.  This lets the BIO read and write base64 encoded data
  194       without inserting or looking for '\n' characters.  The '-A'
  195       flag turns this on when using apps/enc.c.
  196     - RSA_NO_PADDING added to help BSAFE functionality.  This is a
  197       very dangerous thing to use, since RSA private key
  198       operations without random padding bytes (as PKCS#1 adds) can
  199       be attacked such that the private key can be revealed.
  200     - ASN.1 bug and rc2-40-cbc and rc4-40 added by
  201       Dr Stephen Henson <shenson@bigfoot.com>
  202 
  203 31-Aug-97 (stuff added while I was away)    
  204     - Linux pthreads by Tim Hudson (tjh@cryptsoft.com).
  205     - RSA_flags() added allowing bypass of pub/priv match check
  206       in ssl/ssl_rsa.c - Tim Hudson.
  207     - A few minor bugs.
  208 
  209 SSLeay 0.8.1 released.
  210 
  211 19-Jul-97
  212     - Server side initated dynamic renegotiation is broken.  I will fix
  213       it when I get back from holidays.
  214 
  215 15-Jul-97
  216     - Quite a few small changes.
  217     - INVALID_SOCKET usage cleanups from Alex Kiernan <alex@hisoft.co.uk>
  218 
  219 09-Jul-97
  220     - Added 2 new values to the SSL info callback.
  221       SSL_CB_START which is passed when the SSL protocol is started
  222       and SSL_CB_DONE when it has finished sucsessfully.
  223 
  224 08-Jul-97
  225     - Fixed a few bugs problems in apps/req.c and crypto/asn1/x_pkey.c
  226       that related to DSA public/private keys.
  227     - Added all the relevent PEM and normal IO functions to support
  228       reading and writing RSAPublic keys.
  229     - Changed makefiles to use ${AR} instead of 'ar r'
  230 
  231 07-Jul-97
  232     - Error in ERR_remove_state() that would leave a dangling reference
  233       to a free()ed location - thanks to Alex Kiernan <alex@hisoft.co.uk>
  234     - s_client now prints the X509_NAMEs passed from the server
  235       when requesting a client cert.
  236     - Added a ssl->type, which is one of SSL_ST_CONNECT or
  237       SSL_ST_ACCEPT.  I had to add it so I could tell if I was
  238       a connect or an accept after the handshake had finished.
  239     - SSL_get_client_CA_list(SSL *s) now returns the CA names
  240       passed by the server if called by a client side SSL.
  241 
  242 05-Jul-97
  243     - Bug in X509_NAME_get_text_by_OBJ(), looking starting at index
  244       0, not -1 :-(  Fix from Tim Hudson (tjh@cryptsoft.com).
  245 
  246 04-Jul-97
  247     - Fixed some things in X509_NAME_add_entry(), thanks to
  248       Matthew Donald <matthew@world.net>.
  249     - I had a look at the cipher section and though that it was a
  250       bit confused, so I've changed it.
  251     - I was not setting up the RC4-64-MD5 cipher correctly.  It is
  252       a MS special that appears in exported MS Money.
  253     - Error in all my DH ciphers.  Section 7.6.7.3 of the SSLv3
  254       spec.  I was missing the two byte length header for the
  255       ClientDiffieHellmanPublic value.  This is a packet sent from
  256       the client to the server.  The SSL_OP_SSLEAY_080_CLIENT_DH_BUG
  257       option will enable SSLeay server side SSLv3 accept either
  258       the correct or my 080 packet format.
  259     - Fixed a few typos in crypto/pem.org.
  260 
  261 02-Jul-97
  262     - Alias mapping for EVP_get_(digest|cipher)byname is now
  263       performed before a lookup for actual cipher.  This means
  264       that an alias can be used to 're-direct' a cipher or a
  265       digest.
  266     - ASN1_read_bio() had a bug that only showed up when using a
  267       memory BIO.  When EOF is reached in the memory BIO, it is
  268       reported as a -1 with BIO_should_retry() set to true.
  269 
  270 01-Jul-97
  271     - Fixed an error in X509_verify_cert() caused by my
  272       miss-understanding how 'do { contine } while(0);' works.
  273       Thanks to Emil Sit <sit@mit.edu> for educating me :-)
  274 
  275 30-Jun-97
  276     - Base64 decoding error.  If the last data line did not end with
  277       a '=', sometimes extra data would be returned.
  278     - Another 'cut and paste' bug in x509.c related to setting up the
  279       STDout BIO.
  280 
  281 27-Jun-97
  282     - apps/ciphers.c was not printing due to an editing error.
  283     - Alex Kiernan <alex@hisoft.co.uk> send in a nice fix for
  284       a library build error in util/mk1mf.pl
  285 
  286 26-Jun-97
  287     - Still did not have the auto 'experimental' code removal
  288       script correct.
  289     - A few header tweaks for Watcom 11.0 under Win32 from
  290       Rolf Lindemann <Lindemann@maz-hh.de>
  291     - 0 length OCTET_STRING bug in asn1_parse
  292     - A minor fix with an non-existent function in the MS .def files.
  293     - A few changes to the PKCS7 stuff.
  294 
  295 25-Jun-97
  296     SSLeay 0.8.0 finally it gets released.
  297 
  298 24-Jun-97
  299     Added a SSL_OP_EPHEMERAL_RSA option which causes all SSLv3 RSA keys to
  300     use a temporary RSA key.  This is experimental and needs some more work.
  301     Fixed a few Win16 build problems.
  302 
  303 23-Jun-97
  304     SSLv3 bug. I was not doing the 'lookup' of the CERT structure
  305     correctly. I was taking the SSL->ctx->default_cert when I should
  306     have been using SSL->cert. The bug was in ssl/s3_srvr.c
  307 
  308 20-Jun-97
  309     X509_ATTRIBUTES were being encoded wrongly by apps/reg.c and the
  310     rest of the library. Even though I had the code required to do
  311     it correctly, apps/req.c was doing the wrong thing.  I have fixed
  312     and tested everything.
  313 
  314     Missing a few #ifdef FIONBIO sections in crypto/bio/bss_acpt.c.
  315 
  316 19-Jun-97
  317     Fixed a bug in the SSLv2 server side first packet handling. When
  318     using the non-blocking test BIO, the ssl->s2->first_packet flag
  319     was being reset when a would-block failure occurred when reading
  320     the first 5 bytes of the first packet. This caused the checking
  321     logic to run at the wrong time and cause an error.
  322 
  323     Fixed a problem with specifying cipher. If RC4-MD5 were used,
  324     only the SSLv3 version would be picked up.  Now this will pick
  325     up both SSLv2 and SSLv3 versions. This required changing the
  326     SSL_CIPHER->mask values so that they only mask the ciphers,
  327     digests, authentication, export type and key-exchange algorithms.
  328 
  329     I found that when a SSLv23 session is established, a reused
  330     session, of type SSLv3 was attempting to write the SSLv2 
  331     ciphers, which were invalid. The SSL_METHOD->put_cipher_by_char 
  332     method has been modified so it will only write out cipher which
  333     that method knows about.  
  334 
  335 
  336  Changes between 0.8.0 and 0.8.1
  337 
  338   *) Mostly bug fixes. 
  339      There is an Ephemeral DH cipher problem which is fixed.
  340 
  341  SSLeay 0.8.0
  342 
  343 This version of SSLeay has quite a lot of things different from the
  344 previous version.
  345 
  346 Basically check all callback parameters, I will be producing documentation
  347 about how to use things in th future.  Currently I'm just getting 080 out
  348 the door.  Please not that there are several ways to do everything, and
  349 most of the applications in the apps directory are hybrids, some using old
  350 methods and some using new methods.
  351 
  352 Have a look in demos/bio for some very simple programs and
  353 apps/s_client.c and apps/s_server.c for some more advanced versions.
  354 Notes are definitly needed but they are a week or so away.
  355 
  356 Anyway, some quick nots from Tim Hudson (tjh@cryptsoft.com)
  357 ---
  358 Quick porting notes for moving from SSLeay-0.6.x to SSLeay-0.8.x to
  359 get those people that want to move to using the new code base off to
  360 a quick start.
  361 
  362 Note that Eric has tidied up a lot of the areas of the API that were
  363 less than desirable and renamed quite a few things (as he had to break
  364 the API in lots of places anyrate). There are a whole pile of additional
  365 functions for making dealing with (and creating) certificates a lot
  366 cleaner.
  367 
  368 01-Jul-97
  369 Tim Hudson
  370 tjh@cryptsoft.com
  371 
  372 ---8<---
  373 
  374 To maintain code that uses both SSLeay-0.6.x and SSLeay-0.8.x you could
  375 use something like the following (assuming you #include "crypto.h" which
  376 is something that you really should be doing).
  377 
  378 #if SSLEAY_VERSION_NUMBER >= 0x0800
  379 #define SSLEAY8
  380 #endif
  381 
  382 buffer.h -> splits into buffer.h and bio.h so you need to include bio.h
  383             too if you are working with BIO internal stuff (as distinct
  384         from simply using the interface in an opaque manner)
  385 
  386 #include "bio.h"    - required along with "buffer.h" if you write
  387               your own BIO routines as the buffer and bio
  388               stuff that was intermixed has been separated
  389               out 
  390             
  391 envelope.h -> evp.h  (which should have been done ages ago)
  392 
  393 Initialisation ... don't forget these or you end up with code that
  394 is missing the bits required to do useful things (like ciphers):
  395 
  396 SSLeay_add_ssl_algorithms()
  397 (probably also want SSL_load_error_strings() too but you should have
  398  already had that call in place)
  399 
  400 SSL_CTX_new()   - requires an extra method parameter
  401               SSL_CTX_new(SSLv23_method()) 
  402               SSL_CTX_new(SSLv2_method()) 
  403               SSL_CTX_new(SSLv3_method()) 
  404 
  405           OR to only have the server or the client code
  406               SSL_CTX_new(SSLv23_server_method()) 
  407               SSL_CTX_new(SSLv2_server_method()) 
  408               SSL_CTX_new(SSLv3_server_method()) 
  409           or  
  410               SSL_CTX_new(SSLv23_client_method()) 
  411               SSL_CTX_new(SSLv2_client_method()) 
  412               SSL_CTX_new(SSLv3_client_method()) 
  413 
  414 SSL_set_default_verify_paths() ... renamed to the more appropriate
  415 SSL_CTX_set_default_verify_paths()
  416 
  417 If you want to use client certificates then you have to add in a bit
  418 of extra stuff in that a SSLv3 server sends a list of those CAs that
  419 it will accept certificates from ... so you have to provide a list to
  420 SSLeay otherwise certain browsers will not send client certs.
  421 
  422 SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file));
  423 
  424 
  425 X509_NAME_oneline(X)    -> X509_NAME_oneline(X,NULL,0)  
  426                or provide a buffer and size to copy the
  427                result into
  428 
  429 X509_add_cert ->  X509_STORE_add_cert (and you might want to read the
  430           notes on X509_NAME structure changes too)
  431 
  432 
  433 VERIFICATION CODE
  434 =================
  435 
  436 The codes have all be renamed from VERIFY_ERR_* to X509_V_ERR_* to
  437 more accurately reflect things.
  438 
  439 The verification callback args are now packaged differently so that
  440 extra fields for verification can be added easily in future without
  441 having to break things by adding extra parameters each release :-)
  442 
  443 X509_cert_verify_error_string -> X509_verify_cert_error_string
  444 
  445 
  446 BIO INTERNALS
  447 =============
  448 
  449 Eric has fixed things so that extra flags can be introduced in
  450 the BIO layer in future without having to play with all the BIO
  451 modules by adding in some macros.
  452 
  453 The ugly stuff using 
  454     b->flags ~= (BIO_FLAGS_RW|BIO_FLAGS_SHOULD_RETRY)
  455 becomes
  456     BIO_clear_retry_flags(b)
  457 
  458     b->flags |= (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY)
  459 becomes
  460     BIO_set_retry_read(b)
  461 
  462 Also ... BIO_get_retry_flags(b), BIO_set_flags(b)
  463 
  464 
  465 
  466 OTHER THINGS
  467 ============
  468 
  469 X509_NAME has been altered so that it isn't just a STACK ... the STACK
  470 is now in the "entries" field ... and there are a pile of nice functions
  471 for getting at the details in a much cleaner manner.
  472 
  473 SSL_CTX has been altered ... "cert" is no longer a direct member of this
  474 structure ... things are now down under "cert_store" (see x509_vfy.h) and
  475 things are no longer in a CERTIFICATE_CTX but instead in a X509_STORE.
  476 If your code "knows" about this level of detail then it will need some 
  477 surgery.
  478 
  479 If you depending on the incorrect spelling of a number of the error codes
  480 then you will have to change your code as these have been fixed.
  481 
  482 ENV_CIPHER "type" got renamed to "nid" and as that is what it actually
  483 has been all along so this makes things clearer.
  484 ify_cert_error_string(ctx->error));
  485 
  486 SSL_R_NO_CIPHER_WE_TRUST -> SSL_R_NO_CIPHER_LIST
  487             and SSL_R_REUSE_CIPHER_LIST_NOT_ZERO
  488 
  489 
  490 
  491  Changes between 0.7.x and 0.8.0
  492   
  493   *) There have been lots of changes, mostly the addition of SSLv3.
  494      There have been many additions from people and amongst
  495      others, C2Net has assisted greatly.
  496  
  497  Changes between 0.7.x and 0.7.x
  498 
  499   *) Internal development version only
  500 
  501 SSLeay 0.6.6 13-Jan-1997
  502 
  503 The main additions are
  504 
  505 - assember for x86 DES improvments.
  506   From 191,000 per second on a pentium 100, I now get 281,000.  The inner
  507   loop and the IP/FP modifications are from
  508   Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>.  Many thanks for his
  509   contribution.
  510 - The 'DES macros' introduced in 0.6.5 now have 3 types.
  511   DES_PTR1, DES_PTR2 and 'normal'.  As per before, des_opts reports which
  512   is best and there is a summery of mine in crypto/des/options.txt
  513 - A few bug fixes.
  514 - Added blowfish.  It is not used by SSL but all the other stuff that
  515   deals with ciphers can use it in either ecb, cbc, cfb64 or ofb64 modes.
  516   There are 3 options for optimising Blowfish.  BF_PTR, BF_PTR2 and 'normal'.
  517   BF_PTR2 is pentium/x86 specific.  The correct option is setup in
  518   the 'Configure' script.
  519 - There is now a 'get client certificate' callback which can be
  520   'non-blocking'.  If more details are required, let me know.  It will
  521   documented more in SSLv3 when I finish it.
  522 - Bug fixes from 0.6.5 including the infamous 'ca' bug.  The 'make test'
  523   now tests the ca program.
  524 - Lots of little things modified and tweaked.
  525 
  526  SSLeay 0.6.5
  527 
  528 After quite some time (3 months), the new release.  I have been very busy
  529 for the last few months and so this is mostly bug fixes and improvments.
  530 
  531 The main additions are
  532 
  533 - assember for x86 DES.  For all those gcc based systems, this is a big
  534   improvement.  From 117,000 DES operation a second on a pentium 100,
  535   I now get 191,000.  I have also reworked the C version so it
  536   now gives 148,000 DESs per second.  
  537 - As mentioned above, the inner DES macros now have some more variant that
  538   sometimes help, sometimes hinder performance.  There are now 3 options
  539   DES_PTR (ptr vs array lookup), DES_UNROLL (full vs partial loop unrolling)
  540   and DES_RISC (a more register intensive version of the inner macro).
  541   The crypto/des/des_opts.c program, when compiled and run, will give
  542   an indication of the correct options to use.
  543 - The BIO stuff has been improved.  Read doc/bio.doc.  There are now
  544   modules for encryption and base64 encoding and a BIO_printf() function.
  545 - The CA program will accept simple one line X509v3 extensions in the
  546   ssleay.cnf file.  Have a look at the example.  Currently this just
  547   puts the text into the certificate as an OCTET_STRING so currently
  548   the more advanced X509v3 data types are not handled but this is enough
  549   for the netscape extensions.
  550 - There is the start of a nicer higher level interface to the X509
  551   strucutre.
  552 - Quite a lot of bug fixes.
  553 - CRYPTO_malloc_init()  (or CRYPTO_set_mem_functions()) can be used
  554   to define the malloc(), free() and realloc() routines to use
  555   (look in crypto/crypto.h).  This is mostly needed for Windows NT/95 when
  556   using DLLs and mixing CRT libraries.
  557 
  558 In general, read the 'VERSION' file for changes and be aware that some of
  559 the new stuff may not have been tested quite enough yet, so don't just plonk
  560 in SSLeay 0.6.5 when 0.6.4 used to work and expect nothing to break.
  561 
  562 SSLeay 0.6.4 30/08/96 eay
  563 
  564 I've just finished some test builds on Windows NT, Windows 3.1, Solaris 2.3,
  565 Solaris 2.5, Linux, IRIX, HPUX 10 and everthing seems to work :-).
  566 
  567 The main changes in this release
  568 
  569 - Thread safe.  have a read of doc/threads.doc and play in the mt directory.
  570   For anyone using 0.6.3 with threads, I found 2 major errors so consider
  571   moving to 0.6.4.  I have a test program that builds under NT and
  572   solaris.
  573 - The get session-id callback has changed.  Have a read of doc/callback.doc.
  574 - The X509_cert_verify callback (the SSL_verify callback) now
  575   has another argument.  Have a read of doc/callback.doc
  576 - 'ca -preserve', sign without re-ordering the DN.  Not tested much.
  577 - VMS support.
  578 - Compile time memory leak detection can now be built into SSLeay.
  579   Read doc/memory.doc
  580 - CONF routines now understand '\', '\n', '\r' etc.  What this means is that
  581   the  SPKAC object mentioned in doc/ns-ca.doc can be on multiple lines.
  582 - 'ssleay ciphers' added, lists the default cipher list for SSLeay.
  583 - RC2 key setup is now compatable with Netscape.
  584 - Modifed server side of SSL implementation, big performance difference when
  585       using session-id reuse.
  586 
  587 0.6.3
  588 
  589 Bug fixes and the addition of some nice stuff to the 'ca' program.
  590 Have a read of doc/ns-ca.doc for how hit has been modified so
  591 it can be driven from a CGI script.  The CGI script is not provided,
  592 but that is just being left as an excersize for the reader :-).
  593 
  594 0.6.2
  595 
  596 This is most bug fixes and functionality improvements.
  597 
  598 Additions are
  599 - More thread debugging patches, the thread stuff is still being
  600   tested, but for those keep to play with stuff, have a look in
  601   crypto/cryptlib.c.  The application needs to define 1 (or optionaly
  602   a second) callback that is used to implement locking.  Compiling
  603   with LOCK_DEBUG spits out lots of locking crud :-).
  604   This is what I'm currently working on.
  605 - SSL_CTX_set_default_passwd_cb() can be used to define the callback
  606   function used in the SSL*_file() functions used to load keys.  I was
  607   always of the opinion that people should call
  608   PEM_read_RSAPrivateKey() and pass the callback they want to use, but
  609   it appears they just want to use the SSL_*_file() function() :-(.
  610 - 'enc' now has a -kfile so a key can be read from a file.  This is
  611   mostly used so that the passwd does not appear when using 'ps',
  612   which appears imposible to stop under solaris.
  613 - X509v3 certificates now work correctly.  I even have more examples
  614   in my tests :-).  There is now a X509_EXTENSION type that is used in
  615   X509v3 certificates and CRLv2.
  616 - Fixed that signature type error :-(
  617 - Fixed quite a few potential memory leaks and problems when reusing
  618   X509, CRL and REQ structures.
  619 - EVP_set_pw_prompt() now sets the library wide default password
  620   prompt.
  621 - The 'pkcs7' command will now, given the -print_certs flag, output in
  622   pem format, all certificates and CRL contained within.  This is more
  623   of a pre-emtive thing for the new verisign distribution method.  I
  624   should also note, that this also gives and example in code, of how
  625   to do this :-), or for that matter, what is involved in going the
  626   other way (list of certs and crl -> pkcs7).
  627 - Added RSA's DESX to the DES library.  It is also available via the
  628   EVP_desx_cbc() method and via 'enc desx'. 
  629 
  630 SSLeay 0.6.1
  631 
  632 The main functional changes since 0.6.0 are as follows
  633 - Bad news, the Microsoft 060 DLL's are not compatable, but the good news is
  634   that from now on, I'll keep the .def numbers the same so they will be.
  635 - RSA private key operations are about 2 times faster that 0.6.0
  636 - The SSL_CTX now has more fields so default values can be put against
  637   it.  When an SSL structure is created, these default values are used
  638   but can be overwritten.  There are defaults for cipher, certificate,
  639   private key, verify mode and callback.  This means SSL session
  640   creation can now be
  641   ssl=SSL_new()
  642   SSL_set_fd(ssl,sock);
  643   SSL_accept(ssl)
  644   ....
  645   All the other uglyness with having to keep a global copy of the
  646   private key and certificate/verify mode in the server is now gone.
  647 - ssl/ssltest.c - one process talking SSL to its self for testing.
  648 - Storage of Session-id's can be controled via a session_cache_mode
  649   flag.  There is also now an automatic default flushing of 
  650   old session-id's.
  651 - The X509_cert_verify() function now has another parameter, this
  652   should not effect most people but it now means that the reason for
  653   the failure to verify is now available via SSL_get_verify_result(ssl).
  654   You don't have to use a global variable.
  655 - SSL_get_app_data() and SSL_set_app_data() can be used to keep some
  656   application data against the SSL structure.  It is upto the application
  657   to free the data.  I don't use it, but it is available.
  658 - SSL_CTX_set_cert_verify_callback() can be used to specify a
  659   verify callback function that completly replaces my certificate
  660   verification code.  Xcert should be able to use this :-).
  661   The callback is of the form int app_verify_callback(arg,ssl,cert).
  662   This needs to be documented more.
  663 - I have started playing with shared library builds, have a look in
  664   the shlib directory.  It is very simple.  If you need a numbered
  665   list of functions, have a look at misc/crypto.num and misc/ssl.num.
  666 - There is some stuff to do locking to make the library thread safe.
  667   I have only started this stuff and have not finished.  If anyone is
  668   keen to do so, please send me the patches when finished.
  669 
  670 So I have finally made most of the additions to the SSL interface that
  671 I thought were needed.
  672 
  673 There will probably be a pause before I make any non-bug/documentation
  674 related changes to SSLeay since I'm feeling like a bit of a break.
  675 
  676 eric - 12 Jul 1996
  677 I saw recently a comment by some-one that we now seem to be entering
  678 the age of perpetual Beta software.
  679 Pioneered by packages like linux but refined to an art form by
  680 netscape.
  681 
  682 I too wish to join this trend with the anouncement of SSLeay 0.6.0 :-).
  683 
  684 There are quite a large number of sections that are 'works in
  685 progress' in this package.  I will also list the major changes and
  686 what files you should read.
  687 
  688 BIO - this is the new IO structure being used everywhere in SSLeay.  I
  689 started out developing this because of microsoft, I wanted a mechanism
  690 to callback to the application for all IO, so Windows 3.1 DLL
  691 perversion could be hidden from me and the 15 different ways to write
  692 to a file under NT would also not be dictated by me at library build
  693 time.  What the 'package' is is an API for a data structure containing
  694 functions.  IO interfaces can be written to conform to the
  695 specification.  This in not intended to hide the underlying data type
  696 from the application, but to hide it from SSLeay :-).
  697 I have only really finished testing the FILE * and socket/fd modules.
  698 There are also 'filter' BIO's.  Currently I have only implemented
  699 message digests, and it is in use in the dgst application.  This
  700 functionality will allow base64/encrypto/buffering modules to be
  701 'push' into a BIO without it affecting the semantics.  I'm also
  702 working on an SSL BIO which will hide the SSL_accept()/SLL_connet()
  703 from an event loop which uses the interface.
  704 It is also possible to 'attach' callbacks to a BIO so they get called
  705 before and after each operation, alowing extensive debug output
  706 to be generated (try running dgst with -d).
  707 
  708 Unfortunaly in the conversion from 0.5.x to 0.6.0, quite a few
  709 functions that used to take FILE *, now take BIO *.
  710 The wrappers are easy to write
  711 
  712 function_fp(fp,x)
  713 FILE *fp;
  714     {
  715     BIO *b;
  716     int ret;
  717 
  718     if ((b=BIO_new(BIO_s_file())) == NULL) error.....
  719     BIO_set_fp(b,fp,BIO_NOCLOSE);
  720     ret=function_bio(b,x);
  721     BIO_free(b);
  722     return(ret);
  723     }
  724 Remember, there are no functions that take FILE * in SSLeay when
  725 compiled for Windows 3.1 DLL's.
  726 
  727 --
  728 I have added a general EVP_PKEY type that can hold a public/private
  729 key.  This is now what is used by the EVP_ functions and is passed
  730 around internally.  I still have not done the PKCS#8 stuff, but
  731 X509_PKEY is defined and waiting :-)
  732 
  733 --
  734 For a full function name listings, have a look at ms/crypt32.def and
  735 ms/ssl32.def.  These are auto-generated but are complete.
  736 Things like ASN1_INTEGER_get() have been added and are in here if you
  737 look.  I have renamed a few things, again, have a look through the
  738 function list and you will probably find what you are after.  I intend
  739 to at least put a one line descrition for each one.....
  740 
  741 --
  742 Microsoft - thats what this release is about, read the MICROSOFT file.
  743 
  744 --
  745 Multi-threading support.  I have started hunting through the code and
  746 flaging where things need to be done.  In a state of work but high on
  747 the list.
  748 
  749 --
  750 For random numbers, edit e_os.h and set DEVRANDOM (it's near the top)
  751 be be you random data device, otherwise 'RFILE' in e_os.h
  752 will be used, in your home directory.  It will be updated
  753 periodically.  The environment variable RANDFILE will override this
  754 choice and read/write to that file instead.  DEVRANDOM is used in
  755 conjunction to the RFILE/RANDFILE.  If you wish to 'seed' the random
  756 number generator, pick on one of these files.
  757 
  758 --
  759 
  760 The list of things to read and do
  761 
  762 dgst -d
  763 s_client -state (this uses a callback placed in the SSL state loop and
  764         will be used else-where to help debug/monitor what
  765         is happening.)
  766 
  767 doc/why.doc
  768 doc/bio.doc <- hmmm, needs lots of work.
  769 doc/bss_file.doc <- one that is working :-)
  770 doc/session.doc <- it has changed
  771 doc/speed.doc
  772  also play with ssleay version -a.  I have now added a SSLeay()
  773  function that returns a version number, eg 0600 for this release
  774  which is primarily to be used to check DLL version against the
  775  application.
  776 util/*  Quite a few will not interest people, but some may, like
  777  mk1mf.pl, mkdef.pl,
  778 util/do_ms.sh
  779 
  780 try
  781 cc -Iinclude -Icrypto -c crypto/crypto.c
  782 cc -Iinclude -Issl -c ssl/ssl.c
  783 You have just built the SSLeay libraries as 2 object files :-)
  784 
  785 Have a general rummage around in the bin stall directory and look at
  786 what is in there, like CA.sh and c_rehash
  787 
  788 There are lots more things but it is 12:30am on a Friday night and I'm
  789 heading home :-).
  790 
  791 eric 22-Jun-1996
  792 This version has quite a few major bug fixes and improvements.  It DOES NOT
  793 do SSLv3 yet.
  794 
  795 The main things changed
  796 - A Few days ago I added the s_mult application to ssleay which is
  797   a demo of an SSL server running in an event loop type thing.
  798   It supports non-blocking IO, I have finally gotten it right, SSL_accept()
  799   can operate in non-blocking IO mode, look at the code to see how :-).
  800   Have a read of doc/s_mult as well.  This program leaks memory and
  801   file descriptors everywhere but I have not cleaned it up yet.
  802   This is a demo of how to do non-blocking IO.
  803 - The SSL session management has been 'worked over' and there is now
  804   quite an expansive set of functions to manipulate them.  Have a read of
  805   doc/session.doc for some-things I quickly whipped up about how it now works.
  806   This assume you know the SSLv2 protocol :-)
  807 - I can now read/write the netscape certificate format, use the
  808   -inform/-outform  'net' options to the x509 command.  I have not put support
  809   for this type in the other demo programs, but it would be easy to add.
  810 - asn1parse and 'enc' have been modified so that when reading base64
  811   encoded files (pem format), they do not require '-----BEGIN' header lines.
  812   The 'enc' program had a buffering bug fixed, it can be used as a general
  813   base64 -> binary -> base64 filter by doing 'enc -a -e' and 'enc -a -d'
  814   respecivly.  Leaving out the '-a' flag in this case makes the 'enc' command
  815   into a form of 'cat'.
  816 - The 'x509' and 'req' programs have been fixed and modified a little so
  817   that they generate self-signed certificates correctly.  The test
  818   script actually generates a 'CA' certificate and then 'signs' a
  819   'user' certificate.  Have a look at this shell script (test/sstest)
  820   to see how things work, it tests most possible combinations of what can
  821   be done.
  822 - The 'SSL_set_pref_cipher()' function has been 'fixed' and the prefered name
  823   of SSL_set_cipher_list() is now the correct API (stops confusion :-).
  824   If this function is used in the client, only the specified ciphers can
  825   be used, with preference given to the order the ciphers were listed.
  826   For the server, if this is used, only the specified ciphers will be used
  827   to accept connections.  If this 'option' is not used, a default set of
  828   ciphers will be used.  The SSL_CTX_set_cipher_list(SSL_CTX *ctx) sets this
  829   list for all ciphers started against the SSL_CTX.  So the order is
  830   SSL cipher_list, if not present, SSL_CTX cipher list, if not
  831   present, then the library default.
  832   What this means is that normally ciphers like
  833   NULL-MD5 will never be used.  The only way this cipher can be used
  834   for both ends to specify to use it.
  835   To enable or disable ciphers in the library at build time, modify the
  836   first field for the cipher in the ssl_ciphers array in ssl/ssl_lib.c.
  837   This file also contains the 'pref_cipher' list which is the default
  838   cipher preference order.
  839 - I'm not currently sure if the 'rsa -inform net' and the 'rsa -outform net'
  840   options work.  They should, and they enable loading and writing the
  841   netscape rsa private key format.  I will be re-working this section of
  842   SSLeay for the next version.  What is currently in place is a quick and
  843   dirty hack.
  844 - I've re-written parts of the bignum library.  This gives speedups
  845   for all platforms.  I now provide assembler for use under Windows NT.
  846   I have not tested the Windows 3.1 assembler but it is quite simple code.
  847   This gives RSAprivate_key operation encryption times of 0.047s (512bit key)
  848   and 0.230s (1024bit key) on a pentium 100 which I consider reasonable.
  849   Basically the times available under linux/solaris x86 can be achieve under
  850   Windows NT.  I still don't know how these times compare to RSA's BSAFE
  851   library but I have been emailing with people and with their help, I should
  852   be able to get my library's quite a bit faster still (more algorithm changes).
  853   The object file crypto/bn/asm/x86-32.obj should be used when linking
  854   under NT.
  855 - 'make makefile.one' in the top directory will generate a single makefile
  856   called 'makefile.one'  This makefile contains no perl references and
  857   will build the SSLeay library into the 'tmp' and 'out' directories.
  858   util/mk1mf.pl >makefile.one is how this makefile is
  859   generated.  The mk1mf.pl command take several option to generate the
  860   makefile for use with cc, gcc, Visual C++ and Borland C++.  This is
  861   still under development.  I have only build .lib's for NT and MSDOS
  862   I will be working on this more.  I still need to play with the
  863   correct compiler setups for these compilers and add some more stuff but
  864   basically if you just want to compile the library
  865   on a 'non-unix' platform, this is a very very good file to start with :-).
  866   Have a look in the 'microsoft' directory for my current makefiles.
  867   I have not yet modified things to link with sockets under Windows NT.
  868   You guys should be able to do this since this is actually outside of the
  869   SSLeay scope :-).  I will be doing it for myself soon.
  870   util/mk1mf.pl takes quite a few options including no-rc, rsaref  and no-sock
  871   to build without RC2/RC4, to require RSAref for linking, and to
  872   build with no socket code.
  873 
  874 - Oh yes, the cipher that was reported to be compatible with RSA's RC2 cipher
  875   that was posted to sci.crypt has been added to the library and SSL.
  876   I take the view that if RC2 is going to be included in a standard,
  877   I'll include the cipher to make my package complete.
  878   There are NO_RC2, NO_RC4 and NO_IDEA macros to remove these ciphers
  879   at compile time.  I have not tested this recently but it should all work
  880   and if you are in the USA and don't want RSA threatening to sue you,
  881   you could probably remove the RC4/RC2 code inside these sections.
  882   I may in the future include a perl script that does this code
  883   removal automatically for those in the USA :-).
  884 - I have removed all references to sed in the makefiles.  So basically,
  885   the development environment requires perl and sh.  The build environment
  886   does not (use the makefile.one makefile).
  887   The Configure script still requires perl, this will probably stay that way
  888   since I have perl for Windows NT :-).
  889 
  890 eric (03-May-1996)
  891 
  892 PS Have a look in the VERSION file for more details on the changes and
  893    bug fixes.
  894 I have fixed a few bugs, added alpha and x86 assembler and generally cleaned
  895 things up.  This version will be quite stable, mostly because I'm on
  896 holidays until 10-March-1996.  For any problems in the interum, send email
  897 to Tim Hudson <tjh@mincom.oz.au>.
  898 
  899 SSLeay 0.5.0
  900 
  901 12-12-95
  902 This is going out before it should really be released.
  903 
  904 I leave for 11 weeks holidays on the 22-12-95 and so I either sit on
  905 this for 11 weeks or get things out.  It is still going to change a
  906 lot in the next week so if you do grab this version, please test and
  907 give me feed back ASAP, inculuding questions on how to do things with
  908 the library.  This will prompt me to write documentation so I don't
  909 have to answer the same question again :-).
  910 
  911 This 'pre' release version is for people who are interested in the
  912 library.  The applications will have to be changed to use
  913 the new version of the SSL interface.  I intend to finish more
  914 documentation before I leave but until then, look at the programs in
  915 the apps directory.  As far as code goes, it is much much nicer than
  916 the old version.
  917 
  918 The current library works, has no memory leaks (as far as I can tell)
  919 and is far more bug free that 0.4.5d.  There are no global variable of
  920 consequence (I believe) and I will produce some documentation that
  921 tell where to look for those people that do want to do multi-threaded
  922 stuff.
  923 
  924 There should be more documentation.  Have a look in the
  925 doc directory.  I'll be adding more before I leave, it is a start
  926 by mostly documents the crypto library.  Tim Hudson will update
  927 the web page ASAP.  The spelling and grammar are crap but
  928 it is better than nothing :-)
  929 
  930 Reasons to start playing with version 0.5.0
  931 - All the programs in the apps directory build into one ssleay binary.
  932 - There is a new version of the 'req' program that generates certificate
  933   requests, there is even documentation for this one :-)
  934 - There is a demo certification authorithy program.  Currently it will
  935   look at the simple database and update it.  It will generate CRL from
  936   the data base.  You need to edit the database by hand to revoke a
  937   certificate, it is my aim to use perl5/Tk but I don't have time to do
  938   this right now.  It will generate the certificates but the management
  939   scripts still need to be written.  This is not a hard task.
  940 - Things have been cleaned up alot.
  941 - Have a look at the enc and dgst programs in the apps directory.
  942 - It supports v3 of x509 certiticates.
  943 
  944 
  945 Major things missing.
  946 - I have been working on (and thinging about) the distributed x509
  947   hierachy problem.  I have not had time to put my solution in place.
  948   It will have to wait until I come back.
  949 - I have not put in CRL checking in the certificate verification but
  950   it would not be hard to do.  I was waiting until I could generate my
  951   own CRL (which has only been in the last week) and I don't have time
  952   to put it in correctly.
  953 - Montgomery multiplication need to be implemented.  I know the
  954   algorithm, just ran out of time.
  955 - PKCS#7.  I can load and write the DER version.  I need to re-work
  956   things to support BER (if that means nothing, read the ASN1 spec :-).
  957 - Testing of the higher level digital envelope routines.  I have not
  958   played with the *_seal() and *_open() type functions.  They are
  959   written but need testing.  The *_sign() and *_verify() functions are
  960   rock solid. 
  961 - PEM.  Doing this and PKCS#7 have been dependant on the distributed
  962   x509 heirachy problem.  I started implementing my ideas, got
  963   distracted writing a CA program and then ran out of time.  I provide
  964   the functionality of RSAref at least.
  965 - Re work the asm. code for the x86.  I've changed by low level bignum
  966   interface again, so I really need to tweak the x86 stuff.  gcc is
  967   good enough for the other boxes.
  968