Add a few items I intend to work on for 0.9.8 and on.

[openssl.git] / STATUS

diff --git a/STATUS b/STATUS
index e79e85e50d87e22562031eea3fd8e2970550a6a3..e6c416d1a3cb7293c3f0dac45f3c50fc89cedb10 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -1,10 +1,24 @@
 
   OpenSSL STATUS                           Last modified at
 
   OpenSSL STATUS                           Last modified at

-  ______________                           $Date: 2000/10/23 14:36:18 $
+  ______________                           $Date: 2002/12/07 20:02:20 $

 
   DEVELOPMENT STATE
 
 
   DEVELOPMENT STATE
 

-    o  OpenSSL 0.9.7:  Under development...
+    o  OpenSSL 0.9.8:  Under development...
+    o  OpenSSL 0.9.7-beta5: Released on December  5th, 2002
+    o  OpenSSL 0.9.7-beta4: Released on November 19th, 2002
+       Debian GNU/Linux (kernel version 2.4.19, gcc 2.95.4)    - PASSED
+    o  OpenSSL 0.9.7-beta3: Released on July     30th, 2002
+    o  OpenSSL 0.9.7-beta2: Released on June     16th, 2002
+    o  OpenSSL 0.9.7-beta1: Released on June      1st, 2002
+    o  OpenSSL 0.9.6h: Released on December   5th, 2002
+    o  OpenSSL 0.9.6g: Released on August     9th, 2002
+    o  OpenSSL 0.9.6f: Released on August     8th, 2002
+    o  OpenSSL 0.9.6e: Released on July      30th, 2002
+    o  OpenSSL 0.9.6d: Released on May        9th, 2002
+    o  OpenSSL 0.9.6c: Released on December  21st, 2001
+    o  OpenSSL 0.9.6b: Released on July       9th, 2001
+    o  OpenSSL 0.9.6a: Released on April      5th, 2001

     o  OpenSSL 0.9.6:  Released on September 24th, 2000
     o  OpenSSL 0.9.5a: Released on April      1st, 2000
     o  OpenSSL 0.9.5:  Released on February  28th, 2000
     o  OpenSSL 0.9.6:  Released on September 24th, 2000
     o  OpenSSL 0.9.5a: Released on April      1st, 2000
     o  OpenSSL 0.9.5:  Released on February  28th, 2000


@@ -14,34 +28,60 @@
     o  OpenSSL 0.9.2b: Released on March     22th, 1999
     o  OpenSSL 0.9.1c: Released on December  23th, 1998
 
     o  OpenSSL 0.9.2b: Released on March     22th, 1999
     o  OpenSSL 0.9.1c: Released on December  23th, 1998
 

+  [See also http://www.openssl.org/support/rt2.html]
+

   RELEASE SHOWSTOPPERS
 
   RELEASE SHOWSTOPPERS
 

+    o BN_mod_mul verification fails for mips3-sgi-irix
+      unless configured with no-asm
+
+    o [2002-11-21]
+      PR 343 mentions that scrubbing memory with 'memset(ptr, 0, n)' may
+      be optimized away in modern compilers.  This is definitely not good
+      and needs to be fixed immediately.  The formula to use is presented
+      in:
+
+      http://online.securityfocus.com/archive/82/297918/2002-10-27/2002-11-02/0
+
+      The problem report that mentions this is:
+
+      https://www.aet.TU-Cottbus.DE/rt2/Ticket/Display.html?id=343
+

   AVAILABLE PATCHES
 
   AVAILABLE PATCHES
 

-    o CA.pl patch (Damien Miller)
+    o 

 
   IN PROGRESS
 
     o Steve is currently working on (in no particular order):
         ASN1 code redesign, butchery, replacement.
 
   IN PROGRESS
 
     o Steve is currently working on (in no particular order):
         ASN1 code redesign, butchery, replacement.

+        OCSP

         EVP cipher enhancement.
         EVP cipher enhancement.

-     /* Proper (or at least usable) certificate chain verification. */
+        Enhanced certificate chain verification.

        Private key, certificate and CRL API and implementation.
        Developing and bugfixing PKCS#7 (S/MIME code).
         Various X509 issues: character sets, certificate request extensions.
     o Geoff and Richard are currently working on:
        ENGINE (the new code that gives hardware support among others).
     o Richard is currently working on:
        Private key, certificate and CRL API and implementation.
        Developing and bugfixing PKCS#7 (S/MIME code).
         Various X509 issues: character sets, certificate request extensions.
     o Geoff and Richard are currently working on:
        ENGINE (the new code that gives hardware support among others).
     o Richard is currently working on:

+       UI (User Interface)

        UTIL (a new set of library functions to support some higher level
              functionality that is currently missing).
        UTIL (a new set of library functions to support some higher level
              functionality that is currently missing).

-       Dynamic thread-lock support.

        Shared library support for VMS.
        Shared library support for VMS.

+       Kerberos 5 authentication (Heimdal)
+       Constification
+       Attribute Certificate support
+       Certificate Pair support
+       Storage Engines (primarly an LDAP storage engine)

 
   NEEDS PATCH
 
 
   NEEDS PATCH
 

-    o  non-blocking socket on AIX
-    o  $(PERL) in */Makefile.ssl
-    o  "Sign the certificate?" - "n" creates empty certificate file
+    o  0.9.8-dev: COMPLEMENTOFALL and COMPLEMENTOFDEFAULT do not
+       handle ECCdraft cipher suites correctly.
+
+    o  apps/ca.c: "Sign the certificate?" - "n" creates empty certificate file
+
+    o  "OpenSSL STATUS" is never up-to-date.

 
   OPEN ISSUES
 
 
   OPEN ISSUES
 


@@ -69,22 +109,20 @@
                     which apparently is not flexible enough to generate
                     libcrypto)
 
                     which apparently is not flexible enough to generate
                     libcrypto)
 

+  WISHES

 
 

-    o  The perl/ stuff needs a major overhaul. Currently it's
-       totally obsolete. Either we clean it up and enhance it to be up-to-date
-       with the C code or we also could replace it with the really nice
-       Net::SSLeay package we can find under
-       http://www.neuronio.pt/SSLeay.pm.html.  Ralf uses this package for a
-       longer time and it works fine and is a nice Perl module. Best would be
-       to convince the author to work for the OpenSSL project and create a
-       Net::OpenSSL or Crypt::OpenSSL package out of it and maintains it for
-       us.
+    o  Add variants of DH_generate_parameters() and BN_generate_prime() [etc?]
+       where the callback function can request that the function be aborted.
+       [Gregory Stark <ghstark@pobox.com>, <rayyang2000@yahoo.com>]

 
 

-       Status: Ralf thinks we should both contact the author of Net::SSLeay
-               and look how much effort it is to bring Eric's perl/ stuff up
-               to date.
-               Paul +1
+    o  SRP in TLS.
+       [wished by:
+        Dj <derek@yo.net>, Tom Wu <tom@arcot.com>,
+        Tom Holroyd <tomh@po.crl.go.jp>]

 
 

-  WISHES
+       See http://search.ietf.org/internet-drafts/draft-ietf-tls-srp-00.txt
+       as well as http://www-cs-students.stanford.edu/~tjw/srp/.

 
 

-    o 
+       Tom Holroyd tells us there is a SRP patch for OpenSSH at
+       http://members.tripod.com/professor_tom/archives/, that could
+       be useful.