+ Changes between 0.9.8a and 0.9.9 [xx XXX xxxx]
+
+ *) Disable rogue ciphersuites:
+
+ - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5")
+ - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5")
+ - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5")
+
+ The latter two were purportedly from
+ draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really
+ appear there.
+
+ Other ciphersuites from draft-ietf-tls-56-bit-ciphersuites-01.txt
+ remain enabled for now, but are just as unofficial, and the ID
+ has long expired; these will probably disappear soon.
+ [Bodo Moeller]
+
+ *) Move code previously exiled into file crypto/ec/ec2_smpt.c
+ to ec2_smpl.c, and no longer require the OPENSSL_EC_BIN_PT_COMP
+ macro.
+ [Bodo Moeller]
+
+ *) New candidate for BIGNUM assembler implementation, bn_mul_mont,
+ dedicated Montgomery multiplication procedure, is introduced.
+ BN_MONT_CTX is modified to allow bn_mul_mont to reach for higher
+ "64-bit" performance on certain 32-bit targets.
+ [Andy Polyakov]
+
+ *) New option SSL_OP_NO_COMP to disable use of compression selectively
+ in SSL structures. New SSL ctrl to set maximum send fragment size.
+ Save memory by seeting the I/O buffer sizes dynamically instead of
+ using the maximum available value.
+ [Steve Henson]
+
+ *) New option -V for 'openssl ciphers'. This prints the ciphersuite code
+ in addition to the text details.
+ [Bodo Moeller]
+
+ *) Very, very preliminary EXPERIMENTAL support for printing of general
+ ASN1 structures. This currently produces rather ugly output and doesn't
+ handle several customised structures at all.
+ [Steve Henson]
+
+ *) Integrated support for PVK file format and some related formats such
+ as MS PUBLICKEYBLOB and PRIVATEKEYBLOB. Command line switches to support
+ these in the 'rsa' and 'dsa' utilities.
+ [Steve Henson]
+
+ *) Support for PKCS#1 RSAPublicKey format on rsa utility command line.
+ [Steve Henson]
+
+ *) Remove the ancient ASN1_METHOD code. This was only ever used in one
+ place for the (very old) "NETSCAPE" format certificates which are now
+ handled using new ASN1 code equivalents.
+ [Steve Henson]
+
+ *) Let the TLSv1_method() etc. functions return a 'const' SSL_METHOD
+ pointer and make the SSL_METHOD parameter in SSL_CTX_new,
+ SSL_CTX_set_ssl_version and SSL_set_ssl_method 'const'.
+ [Nils Larsch]
+
+ *) Modify CRL distribution points extension code to print out previously
+ unsupported fields. Enhance extension setting code to allow setting of
+ all fields.
+ [Steve Henson]
+
+ *) Add print and set support for Issuing Distribution Point CRL extension.
+ [Steve Henson]
+
+ Changes between 0.9.8a and 0.9.8b [XX xxx XXXX]
+
+ *) New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free() to support
+ opaque EVP_CIPHER_CTX handling.
+ [Steve Henson]
+
+ *) Several fixes and enhancements to the OID generation code. The old code
+ sometimes allowed invalid OIDs (1.X for X >= 40 for example), couldn't
+ handle numbers larger than ULONG_MAX, truncated printing and had a
+ non standard OBJ_obj2txt() behaviour.
+ [Steve Henson]
+
+ *) Add support for building of engines under engine/ as shared libraries
+ under VC++ build system.
+ [Steve Henson]
+
+ *) Corrected the numerous bugs in the Win32 path splitter in DSO.
+ Hopefully, we will not see any false combination of paths any more.
+ [Richard Levitte]
+
+ Changes between 0.9.8 and 0.9.8a [11 Oct 2005]
+
+ *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING
+ (part of SSL_OP_ALL). This option used to disable the
+ countermeasure against man-in-the-middle protocol-version
+ rollback in the SSL 2.0 server implementation, which is a bad
+ idea. (CVE-2005-2969)
+
+ [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center
+ for Information Security, National Institute of Advanced Industrial
+ Science and Technology [AIST], Japan)]
+
+ *) Add two function to clear and return the verify parameter flags.
+ [Steve Henson]
+
+ *) Keep cipherlists sorted in the source instead of sorting them at
+ runtime, thus removing the need for a lock.
+ [Nils Larsch]
+
+ *) Avoid some small subgroup attacks in Diffie-Hellman.
+ [Nick Mathewson and Ben Laurie]
+
+ *) Add functions for well-known primes.
+ [Nick Mathewson]
+
+ *) Extended Windows CE support.
+ [Satoshi Nakamura and Andy Polyakov]
+
+ *) Initialize SSL_METHOD structures at compile time instead of during
+ runtime, thus removing the need for a lock.
+ [Steve Henson]
+
+ *) Make PKCS7_decrypt() work even if no certificate is supplied by
+ attempting to decrypt each encrypted key in turn. Add support to
+ smime utility.
+ [Steve Henson]
+
+ Changes between 0.9.7h and 0.9.8 [05 Jul 2005]
+
+ *) Add libcrypto.pc and libssl.pc for those who feel they need them.
+ [Richard Levitte]
+
+ *) Change CA.sh and CA.pl so they don't bundle the CSR and the private
+ key into the same file any more.
+ [Richard Levitte]
+
+ *) Add initial support for Win64, both IA64 and AMD64/x64 flavors.
+ [Andy Polyakov]
+
+ *) Add -utf8 command line and config file option to 'ca'.
+ [Stefan <stf@udoma.org]
+
+ *) Removed the macro des_crypt(), as it seems to conflict with some
+ libraries. Use DES_crypt().
+ [Richard Levitte]
+
+ *) Correct naming of the 'chil' and '4758cca' ENGINEs. This
+ involves renaming the source and generated shared-libs for
+ both. The engines will accept the corrected or legacy ids
+ ('ncipher' and '4758_cca' respectively) when binding. NB,
+ this only applies when building 'shared'.
+ [Corinna Vinschen <vinschen@redhat.com> and Geoff Thorpe]
+
+ *) Add attribute functions to EVP_PKEY structure. Modify
+ PKCS12_create() to recognize a CSP name attribute and
+ use it. Make -CSP option work again in pkcs12 utility.
+ [Steve Henson]
+
+ *) Add new functionality to the bn blinding code:
+ - automatic re-creation of the BN_BLINDING parameters after
+ a fixed number of uses (currently 32)
+ - add new function for parameter creation
+ - introduce flags to control the update behaviour of the
+ BN_BLINDING parameters
+ - hide BN_BLINDING structure
+ Add a second BN_BLINDING slot to the RSA structure to improve
+ performance when a single RSA object is shared among several
+ threads.
+ [Nils Larsch]
+
+ *) Add support for DTLS.
+ [Nagendra Modadugu <nagendra@cs.stanford.edu> and Ben Laurie]
+
+ *) Add support for DER encoded private keys (SSL_FILETYPE_ASN1)
+ to SSL_CTX_use_PrivateKey_file() and SSL_use_PrivateKey_file()
+ [Walter Goulet]
+
+ *) Remove buggy and incompletet DH cert support from
+ ssl/ssl_rsa.c and ssl/s3_both.c
+ [Nils Larsch]
+
+ *) Use SHA-1 instead of MD5 as the default digest algorithm for
+ the apps/openssl applications.
+ [Nils Larsch]
+
+ *) Compile clean with "-Wall -Wmissing-prototypes
+ -Wstrict-prototypes -Wmissing-declarations -Werror". Currently
+ DEBUG_SAFESTACK must also be set.
+ [Ben Laurie]
+
+ *) Change ./Configure so that certain algorithms can be disabled by default.
+ The new counterpiece to "no-xxx" is "enable-xxx".
+
+ The patented RC5 and MDC2 algorithms will now be disabled unless
+ "enable-rc5" and "enable-mdc2", respectively, are specified.
+
+ (IDEA remains enabled despite being patented. This is because IDEA
+ is frequently required for interoperability, and there is no license
+ fee for non-commercial use. As before, "no-idea" can be used to
+ avoid this algorithm.)
+
+ [Bodo Moeller]
+
+ *) Add processing of proxy certificates (see RFC 3820). This work was
+ sponsored by KTH (The Royal Institute of Technology in Stockholm) and
+ EGEE (Enabling Grids for E-science in Europe).
+ [Richard Levitte]
+
+ *) RC4 performance overhaul on modern architectures/implementations, such
+ as Intel P4, IA-64 and AMD64.
+ [Andy Polyakov]
+
+ *) New utility extract-section.pl. This can be used specify an alternative
+ section number in a pod file instead of having to treat each file as
+ a separate case in Makefile. This can be done by adding two lines to the
+ pod file:
+
+ =for comment openssl_section:XXX
+
+ The blank line is mandatory.
+
+ [Steve Henson]
+
+ *) New arguments -certform, -keyform and -pass for s_client and s_server
+ to allow alternative format key and certificate files and passphrase
+ sources.
+ [Steve Henson]
+
+ *) New structure X509_VERIFY_PARAM which combines current verify parameters,
+ update associated structures and add various utility functions.
+
+ Add new policy related verify parameters, include policy checking in
+ standard verify code. Enhance 'smime' application with extra parameters
+ to support policy checking and print out.
+ [Steve Henson]
+
+ *) Add a new engine to support VIA PadLock ACE extensions in the VIA C3
+ Nehemiah processors. These extensions support AES encryption in hardware
+ as well as RNG (though RNG support is currently disabled).
+ [Michal Ludvig <michal@logix.cz>, with help from Andy Polyakov]
+
+ *) Deprecate BN_[get|set]_params() functions (they were ignored internally).
+ [Geoff Thorpe]
+
+ *) New FIPS 180-2 algorithms, SHA-224/-256/-384/-512 are implemented.
+ [Andy Polyakov and a number of other people]
+
+ *) Improved PowerPC platform support. Most notably BIGNUM assembler
+ implementation contributed by IBM.
+ [Suresh Chari, Peter Waltenberg, Andy Polyakov]
+
+ *) The new 'RSA_generate_key_ex' function now takes a BIGNUM for the public
+ exponent rather than 'unsigned long'. There is a corresponding change to
+ the new 'rsa_keygen' element of the RSA_METHOD structure.
+ [Jelte Jansen, Geoff Thorpe]
+
+ *) Functionality for creating the initial serial number file is now
+ moved from CA.pl to the 'ca' utility with a new option -create_serial.
+
+ (Before OpenSSL 0.9.7e, CA.pl used to initialize the serial
+ number file to 1, which is bound to cause problems. To avoid
+ the problems while respecting compatibility between different 0.9.7
+ patchlevels, 0.9.7e employed 'openssl x509 -next_serial' in
+ CA.pl for serial number initialization. With the new release 0.9.8,
+ we can fix the problem directly in the 'ca' utility.)
+ [Steve Henson]
+
+ *) Reduced header interdepencies by declaring more opaque objects in
+ ossl_typ.h. As a consequence, including some headers (eg. engine.h) will
+ give fewer recursive includes, which could break lazy source code - so
+ this change is covered by the OPENSSL_NO_DEPRECATED symbol. As always,
+ developers should define this symbol when building and using openssl to
+ ensure they track the recommended behaviour, interfaces, [etc], but
+ backwards-compatible behaviour prevails when this isn't defined.
+ [Geoff Thorpe]
+
+ *) New function X509_POLICY_NODE_print() which prints out policy nodes.
+ [Steve Henson]