X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=384abf882f93b8b56e0b57eaf8643e9ee7e415f7;hp=057909ea47849ff042a1e8da6c4d781b6f95cd9b;hb=f00a10b89734e84fe80f98ad9e2e77b557c701ae;hpb=9cf315ef90d0cfeb8bb7a38873eea07a8f0dffec diff --git a/CHANGES b/CHANGES index 057909ea47..384abf882f 100644 --- a/CHANGES +++ b/CHANGES @@ -3,6 +3,24 @@ _______________ Changes between 1.0.2 and 1.1.0 [xx XXX xxxx] + + *) In DSA_generate_parameters_ex, if the provided seed is too short, + return an error + [Rich Salz and Ismo Puustinen ] + + *) Rewrite PSK to support ECDHE_PSK, DHE_PSK and RSA_PSK. Add ciphersuites + from RFC4279, RFC4785, RFC5487, RFC5489. + + Thanks to Christian J. Dietrich and Giuseppe D'Angelo for the + original RSA_PSK patch. + [Steve Henson] + + *) Dropped support for the SSL3_FLAGS_DELAY_CLIENT_FINISHED flag. This SSLeay + era flag was never set throughout the codebase (only read). Also removed + SSL3_FLAGS_POP_BUFFER which was only used if + SSL3_FLAGS_DELAY_CLIENT_FINISHED was also set. + [Matt Caswell] + *) Changed the default name options in the "ca", "crl", "req" and "x509" to be "oneline" instead of "compat". [Richard Levitte] @@ -10,7 +28,7 @@ *) Remove SSL_OP_TLS_BLOCK_PADDING_BUG. This is SSLeay legacy, we're not aware of clients that still exhibit this bug, and the workaround hasn't been working properly for a while. - [Emilia Käsper] + [Emilia Käsper] *) The return type of BIO_number_read() and BIO_number_written() as well as the corresponding num_read and num_write members in the BIO structure has @@ -148,7 +166,7 @@ [mancha ] *) Fix eckey_priv_encode so it immediately returns an error upon a failure - in i2d_ECPrivateKey. + in i2d_ECPrivateKey. Thanks to Ted Unangst for feedback on this issue. [mancha ] *) Fix some double frees. These are not thought to be exploitable. @@ -401,7 +419,7 @@ This parameter will be set to 1 or 0 depending on the ciphersuite selected by the SSL/TLS server library, indicating whether it can provide forward security. - [Emilia Käsper (Google)] + [Emilia Käsper (Google)] *) New -verify_name option in command line utilities to set verification parameters by name. @@ -434,7 +452,29 @@ whose return value is often ignored. [Steve Henson] - Changes between 1.0.2a and 1.0.2b [xx XXX xxxx] + Changes between 1.0.2c and 1.0.2d [9 Jul 2015] + + *) Alternate chains certificate forgery + + During certificate verfification, OpenSSL will attempt to find an + alternative certificate chain if the first attempt to build such a chain + fails. An error in the implementation of this logic can mean that an + attacker could cause certain checks on untrusted certificates to be + bypassed, such as the CA flag, enabling them to use a valid leaf + certificate to act as a CA and "issue" an invalid certificate. + + This issue was reported to OpenSSL by Adam Langley/David Benjamin + (Google/BoringSSL). + [Matt Caswell] + + Changes between 1.0.2b and 1.0.2c [12 Jun 2015] + + *) Fix HMAC ABI incompatibility. The previous version introduced an ABI + incompatibility in the handling of HMAC. The previous ABI has now been + restored. + [Matt Caswell] + + Changes between 1.0.2a and 1.0.2b [11 Jun 2015] *) Malformed ECParameters causes infinite loop @@ -466,9 +506,9 @@ callbacks. This issue was reported to OpenSSL by Robert Swiecki (Google), and - independently by Hanno Böck. + independently by Hanno Böck. (CVE-2015-1789) - [Emilia Käsper] + [Emilia Käsper] *) PKCS7 crash with missing EnvelopedContent @@ -482,7 +522,7 @@ This issue was reported to OpenSSL by Michal Zalewski (Google). (CVE-2015-1790) - [Emilia Käsper] + [Emilia Käsper] *) CMS verify infinite loop with unknown hash function @@ -601,7 +641,7 @@ This issue was reported to OpenSSL by Michal Zalewski (Google). (CVE-2015-0289) - [Emilia Käsper] + [Emilia Käsper] *) DoS via reachable assert in SSLv2 servers fix @@ -609,10 +649,10 @@ servers that both support SSLv2 and enable export cipher suites by sending a specially crafted SSLv2 CLIENT-MASTER-KEY message. - This issue was discovered by Sean Burford (Google) and Emilia Käsper + This issue was discovered by Sean Burford (Google) and Emilia Käsper (OpenSSL development team). (CVE-2015-0293) - [Emilia Käsper] + [Emilia Käsper] *) Empty CKE with client auth and DHE fix @@ -1117,12 +1157,12 @@ version does not match the session's version. Resuming with a different version, while not strictly forbidden by the RFC, is of questionable sanity and breaks all known clients. - [David Benjamin, Emilia Käsper] + [David Benjamin, Emilia Käsper] *) Tighten handling of the ChangeCipherSpec (CCS) message: reject early CCS messages during renegotiation. (Note that because renegotiation is encrypted, this early CCS was not exploitable.) - [Emilia Käsper] + [Emilia Käsper] *) Tighten client-side session ticket handling during renegotiation: ensure that the client only accepts a session ticket if the server sends @@ -1133,7 +1173,7 @@ Similarly, ensure that the client requires a session ticket if one was advertised in the ServerHello. Previously, a TLS client would ignore a missing NewSessionTicket message. - [Emilia Käsper] + [Emilia Käsper] Changes between 1.0.1i and 1.0.1j [15 Oct 2014] @@ -1213,10 +1253,10 @@ with a null pointer dereference (read) by specifying an anonymous (EC)DH ciphersuite and sending carefully crafted handshake messages. - Thanks to Felix Gröbert (Google) for discovering and researching this + Thanks to Felix Gröbert (Google) for discovering and researching this issue. (CVE-2014-3510) - [Emilia Käsper] + [Emilia Käsper] *) By sending carefully crafted DTLS packets an attacker could cause openssl to leak memory. This can be exploited through a Denial of Service attack. @@ -1253,7 +1293,7 @@ properly negotiated with the client. This can be exploited through a Denial of Service attack. - Thanks to Joonas Kuorilehto and Riku Hietamäki (Codenomicon) for + Thanks to Joonas Kuorilehto and Riku Hietamäki (Codenomicon) for discovering and researching this issue. (CVE-2014-5139) [Steve Henson] @@ -1265,7 +1305,7 @@ Thanks to Ivan Fratric (Google) for discovering this issue. (CVE-2014-3508) - [Emilia Käsper, and Steve Henson] + [Emilia Käsper, and Steve Henson] *) Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.) for corner cases. (Certain input points at infinity could lead to @@ -1295,15 +1335,15 @@ client or server. This is potentially exploitable to run arbitrary code on a vulnerable client or server. - Thanks to Jüri Aedla for reporting this issue. (CVE-2014-0195) - [Jüri Aedla, Steve Henson] + Thanks to Jüri Aedla for reporting this issue. (CVE-2014-0195) + [Jüri Aedla, Steve Henson] *) Fix bug in TLS code where clients enable anonymous ECDH ciphersuites are subject to a denial of service attack. - Thanks to Felix Gröbert and Ivan Fratric at Google for discovering + Thanks to Felix Gröbert and Ivan Fratric at Google for discovering this issue. (CVE-2014-3470) - [Felix Gröbert, Ivan Fratric, Steve Henson] + [Felix Gröbert, Ivan Fratric, Steve Henson] *) Harmonize version and its documentation. -f flag is used to display compilation flags. @@ -1382,9 +1422,9 @@ Thanks go to Nadhem Alfardan and Kenny Paterson of the Information Security Group at Royal Holloway, University of London (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and - Emilia Käsper for the initial patch. + Emilia Käsper for the initial patch. (CVE-2013-0169) - [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson] + [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson] *) Fix flaw in AESNI handling of TLS 1.2 and 1.1 records for CBC mode ciphersuites which can be exploited in a denial of service attack. @@ -1559,7 +1599,7 @@ EC_GROUP_new_by_curve_name() will automatically use these (while EC_GROUP_new_curve_GFp() currently prefers the more flexible implementations). - [Emilia Käsper, Adam Langley, Bodo Moeller (Google)] + [Emilia Käsper, Adam Langley, Bodo Moeller (Google)] *) Use type ossl_ssize_t instad of ssize_t which isn't available on all platforms. Move ssize_t definition from e_os.h to the public @@ -1835,7 +1875,7 @@ [Adam Langley (Google)] *) Fix spurious failures in ecdsatest.c. - [Emilia Käsper (Google)] + [Emilia Käsper (Google)] *) Fix the BIO_f_buffer() implementation (which was mixing different interpretations of the '..._len' fields). @@ -1849,7 +1889,7 @@ lock to call BN_BLINDING_invert_ex, and avoids one use of BN_BLINDING_update for each BN_BLINDING structure (previously, the last update always remained unused). - [Emilia Käsper (Google)] + [Emilia Käsper (Google)] *) In ssl3_clear, preserve s3->init_extra along with s3->rbuf. [Bob Buckholz (Google)] @@ -2658,7 +2698,7 @@ *) Add RFC 3161 compliant time stamp request creation, response generation and response verification functionality. - [Zoltán Glózik , The OpenTSA Project] + [Zoltán Glózik , The OpenTSA Project] *) Add initial support for TLS extensions, specifically for the server_name extension so far. The SSL_SESSION, SSL_CTX, and SSL data structures now @@ -3826,7 +3866,7 @@ *) BN_CTX_get() should return zero-valued bignums, providing the same initialised value as BN_new(). - [Geoff Thorpe, suggested by Ulf Möller] + [Geoff Thorpe, suggested by Ulf Möller] *) Support for inhibitAnyPolicy certificate extension. [Steve Henson] @@ -3845,7 +3885,7 @@ some point, these tighter rules will become openssl's default to improve maintainability, though the assert()s and other overheads will remain only in debugging configurations. See bn.h for more details. - [Geoff Thorpe, Nils Larsch, Ulf Möller] + [Geoff Thorpe, Nils Larsch, Ulf Möller] *) BN_CTX_init() has been deprecated, as BN_CTX is an opaque structure that can only be obtained through BN_CTX_new() (which implicitly @@ -3912,7 +3952,7 @@ [Douglas Stebila (Sun Microsystems Laboratories)] *) Add the possibility to load symbols globally with DSO. - [Götz Babin-Ebell via Richard Levitte] + [Götz Babin-Ebell via Richard Levitte] *) Add the functions ERR_set_mark() and ERR_pop_to_mark() for better control of the error stack. @@ -4627,7 +4667,7 @@ [Steve Henson] *) Undo Cygwin change. - [Ulf Möller] + [Ulf Möller] *) Added support for proxy certificates according to RFC 3820. Because they may be a security thread to unaware applications, @@ -4660,11 +4700,11 @@ [Stephen Henson, reported by UK NISCC] *) Use Windows randomness collection on Cygwin. - [Ulf Möller] + [Ulf Möller] *) Fix hang in EGD/PRNGD query when communication socket is closed prematurely by EGD/PRNGD. - [Darren Tucker via Lutz Jänicke, resolves #1014] + [Darren Tucker via Lutz Jänicke, resolves #1014] *) Prompt for pass phrases when appropriate for PKCS12 input format. [Steve Henson] @@ -5126,7 +5166,7 @@ pointers passed to them whenever necessary. Otherwise it is possible the caller may have overwritten (or deallocated) the original string data when a later ENGINE operation tries to use the stored values. - [Götz Babin-Ebell ] + [Götz Babin-Ebell ] *) Improve diagnostics in file reading and command-line digests. [Ben Laurie aided and abetted by Solar Designer ] @@ -7231,7 +7271,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Bodo Moeller] *) BN_sqr() bug fix. - [Ulf Möller, reported by Jim Ellis ] + [Ulf Möller, reported by Jim Ellis ] *) Rabin-Miller test analyses assume uniformly distributed witnesses, so use BN_pseudo_rand_range() instead of using BN_pseudo_rand() @@ -7391,7 +7431,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Bodo Moeller] *) Fix OAEP check. - [Ulf Möller, Bodo Möller] + [Ulf Möller, Bodo Möller] *) The countermeasure against Bleichbacher's attack on PKCS #1 v1.5 RSA encryption was accidentally removed in s3_srvr.c in OpenSSL 0.9.5 @@ -7653,10 +7693,10 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Bodo Moeller] *) Use better test patterns in bntest. - [Ulf Möller] + [Ulf Möller] *) rand_win.c fix for Borland C. - [Ulf Möller] + [Ulf Möller] *) BN_rshift bugfix for n == 0. [Bodo Moeller] @@ -7801,14 +7841,14 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) New BIO_shutdown_wr macro, which invokes the BIO_C_SHUTDOWN_WR BIO_ctrl (for BIO pairs). - [Bodo Möller] + [Bodo Möller] *) Add DSO method for VMS. [Richard Levitte] *) Bug fix: Montgomery multiplication could produce results with the wrong sign. - [Ulf Möller] + [Ulf Möller] *) Add RPM specification openssl.spec and modify it to build three packages. The default package contains applications, application @@ -7826,7 +7866,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Don't set the two most significant bits to one when generating a random number < q in the DSA library. - [Ulf Möller] + [Ulf Möller] *) New SSL API mode 'SSL_MODE_AUTO_RETRY'. This disables the default behaviour that SSL_read may result in SSL_ERROR_WANT_READ (even if @@ -8092,7 +8132,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Randomness polling function for Win9x, as described in: Peter Gutmann, Software Generation of Practically Strong Random Numbers. - [Ulf Möller] + [Ulf Möller] *) Fix so PRNG is seeded in req if using an already existing DSA key. @@ -8312,7 +8352,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) Eliminate non-ANSI declarations in crypto.h and stack.h. - [Ulf Möller] + [Ulf Möller] *) Fix for SSL server purpose checking. Server checking was rejecting certificates which had extended key usage present @@ -8344,7 +8384,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Bodo Moeller] *) Bugfix for linux-elf makefile.one. - [Ulf Möller] + [Ulf Möller] *) RSA_get_default_method() will now cause a default RSA_METHOD to be chosen if one doesn't exist already. @@ -8433,7 +8473,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) des_quad_cksum() byte order bug fix. - [Ulf Möller, using the problem description in krb4-0.9.7, where + [Ulf Möller, using the problem description in krb4-0.9.7, where the solution is attributed to Derrick J Brashear ] *) Fix so V_ASN1_APP_CHOOSE works again: however its use is strongly @@ -8534,7 +8574,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Rolf Haberrecker ] *) Assembler module support for Mingw32. - [Ulf Möller] + [Ulf Möller] *) Shared library support for HPUX (in shlib/). [Lutz Jaenicke and Anonymous] @@ -8553,7 +8593,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) BN_mul bugfix: In bn_mul_part_recursion() only the a>a[n] && b>b[n] case was implemented. This caused BN_div_recp() to fail occasionally. - [Ulf Möller] + [Ulf Möller] *) Add an optional second argument to the set_label() in the perl assembly language builder. If this argument exists and is set @@ -8583,14 +8623,14 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) Fix potential buffer overrun problem in BIO_printf(). - [Ulf Möller, using public domain code by Patrick Powell; problem + [Ulf Möller, using public domain code by Patrick Powell; problem pointed out by David Sacerdote ] *) Support EGD . New functions RAND_egd() and RAND_status(). In the command line application, the EGD socket can be specified like a seed file using RANDFILE or -rand. - [Ulf Möller] + [Ulf Möller] *) Allow the string CERTIFICATE to be tolerated in PKCS#7 structures. Some CAs (e.g. Verisign) distribute certificates in this form. @@ -8623,7 +8663,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k #define OPENSSL_ALGORITHM_DEFINES #include defines all pertinent NO_ symbols, such as NO_IDEA, NO_RSA, etc. - [Richard Levitte, Ulf and Bodo Möller] + [Richard Levitte, Ulf and Bodo Möller] *) Bugfix: Tolerate fragmentation and interleaving in the SSL 3/TLS record layer. @@ -8674,17 +8714,17 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Bug fix for BN_div_recp() for numerators with an even number of bits. - [Ulf Möller] + [Ulf Möller] *) More tests in bntest.c, and changed test_bn output. - [Ulf Möller] + [Ulf Möller] *) ./config recognizes MacOS X now. [Andy Polyakov] *) Bug fix for BN_div() when the first words of num and divsor are equal (it gave wrong results if (rem=(n1-q*d0)&BN_MASK2) < d0). - [Ulf Möller] + [Ulf Möller] *) Add support for various broken PKCS#8 formats, and command line options to produce them. @@ -8692,11 +8732,11 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) New functions BN_CTX_start(), BN_CTX_get() and BT_CTX_end() to get temporary BIGNUMs from a BN_CTX. - [Ulf Möller] + [Ulf Möller] *) Correct return values in BN_mod_exp_mont() and BN_mod_exp2_mont() for p == 0. - [Ulf Möller] + [Ulf Möller] *) Change the SSLeay_add_all_*() functions to OpenSSL_add_all_*() and include a #define from the old name to the new. The original intent @@ -8720,7 +8760,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Source code cleanups: use const where appropriate, eliminate casts, use void * instead of char * in lhash. - [Ulf Möller] + [Ulf Möller] *) Bugfix: ssl3_send_server_key_exchange was not restartable (the state was not changed to SSL3_ST_SW_KEY_EXCH_B, and because of @@ -8765,13 +8805,13 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) New function BN_pseudo_rand(). - [Ulf Möller] + [Ulf Möller] *) Clean up BN_mod_mul_montgomery(): replace the broken (and unreadable) bignum version of BN_from_montgomery() with the working code from SSLeay 0.9.0 (the word based version is faster anyway), and clean up the comments. - [Ulf Möller] + [Ulf Möller] *) Avoid a race condition in s2_clnt.c (function get_server_hello) that made it impossible to use the same SSL_SESSION data structure in @@ -8781,25 +8821,25 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) The return value of RAND_load_file() no longer counts bytes obtained by stat(). RAND_load_file(..., -1) is new and uses the complete file to seed the PRNG (previously an explicit byte count was required). - [Ulf Möller, Bodo Möller] + [Ulf Möller, Bodo Möller] *) Clean up CRYPTO_EX_DATA functions, some of these didn't have prototypes used (char *) instead of (void *) and had casts all over the place. [Steve Henson] *) Make BN_generate_prime() return NULL on error if ret!=NULL. - [Ulf Möller] + [Ulf Möller] *) Retain source code compatibility for BN_prime_checks macro: BN_is_prime(..., BN_prime_checks, ...) now uses BN_prime_checks_for_size to determine the appropriate number of Rabin-Miller iterations. - [Ulf Möller] + [Ulf Möller] *) Diffie-Hellman uses "safe" primes: DH_check() return code renamed to DH_CHECK_P_NOT_SAFE_PRIME. (Check if this is true? OpenPGP calls them "strong".) - [Ulf Möller] + [Ulf Möller] *) Merge the functionality of "dh" and "gendh" programs into a new program "dhparam". The old programs are retained for now but will handle DH keys @@ -8855,7 +8895,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Add missing #ifndefs that caused missing symbols when building libssl as a shared library without RSA. Use #ifndef NO_SSL2 instead of NO_RSA in ssl/s2*.c. - [Kris Kennaway , modified by Ulf Möller] + [Kris Kennaway , modified by Ulf Möller] *) Precautions against using the PRNG uninitialized: RAND_bytes() now has a return value which indicates the quality of the random data @@ -8864,7 +8904,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k guaranteed to be unique but not unpredictable. RAND_add is like RAND_seed, but takes an extra argument for an entropy estimate (RAND_seed always assumes full entropy). - [Ulf Möller] + [Ulf Möller] *) Do more iterations of Rabin-Miller probable prime test (specifically, 3 for 1024-bit primes, 6 for 512-bit primes, 12 for 256-bit primes @@ -8894,7 +8934,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) Honor the no-xxx Configure options when creating .DEF files. - [Ulf Möller] + [Ulf Möller] *) Add PKCS#10 attributes to field table: challengePassword, unstructuredName and unstructuredAddress. These are taken from @@ -9728,7 +9768,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) More DES library cleanups: remove references to srand/rand and delete an unused file. - [Ulf Möller] + [Ulf Möller] *) Add support for the the free Netwide assembler (NASM) under Win32, since not many people have MASM (ml) and it can be hard to obtain. @@ -9817,7 +9857,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k worked. *) Fix problems with no-hmac etc. - [Ulf Möller, pointed out by Brian Wellington ] + [Ulf Möller, pointed out by Brian Wellington ] *) New functions RSA_get_default_method(), RSA_set_method() and RSA_get_method(). These allows replacement of RSA_METHODs without having @@ -9934,7 +9974,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Ben Laurie] *) DES library cleanups. - [Ulf Möller] + [Ulf Möller] *) Add support for PKCS#5 v2.0 PBE algorithms. This will permit PKCS#8 to be used with any cipher unlike PKCS#5 v1.5 which can at most handle 64 bit @@ -9977,7 +10017,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Christian Forster ] *) config now generates no-xxx options for missing ciphers. - [Ulf Möller] + [Ulf Möller] *) Support the EBCDIC character set (work in progress). File ebcdic.c not yet included because it has a different license. @@ -10090,7 +10130,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Bodo Moeller] *) Move openssl.cnf out of lib/. - [Ulf Möller] + [Ulf Möller] *) Fix various things to let OpenSSL even pass ``egcc -pipe -O2 -Wall -Wshadow -Wpointer-arith -Wcast-align -Wmissing-prototypes @@ -10147,10 +10187,10 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Ben Laurie] *) Support Borland C++ builder. - [Janez Jere , modified by Ulf Möller] + [Janez Jere , modified by Ulf Möller] *) Support Mingw32. - [Ulf Möller] + [Ulf Möller] *) SHA-1 cleanups and performance enhancements. [Andy Polyakov ] @@ -10159,7 +10199,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Andy Polyakov ] *) Accept any -xxx and +xxx compiler options in Configure. - [Ulf Möller] + [Ulf Möller] *) Update HPUX configuration. [Anonymous] @@ -10192,7 +10232,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Bodo Moeller] *) OAEP decoding bug fix. - [Ulf Möller] + [Ulf Möller] *) Support INSTALL_PREFIX for package builders, as proposed by David Harris. @@ -10215,21 +10255,21 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Niels Poppe ] *) New Configure option no- (rsa, idea, rc5, ...). - [Ulf Möller] + [Ulf Möller] *) Add the PKCS#12 API documentation to openssl.txt. Preliminary support for extension adding in x509 utility. [Steve Henson] *) Remove NOPROTO sections and error code comments. - [Ulf Möller] + [Ulf Möller] *) Partial rewrite of the DEF file generator to now parse the ANSI prototypes. [Steve Henson] *) New Configure options --prefix=DIR and --openssldir=DIR. - [Ulf Möller] + [Ulf Möller] *) Complete rewrite of the error code script(s). It is all now handled by one script at the top level which handles error code gathering, @@ -10258,7 +10298,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) Move the autogenerated header file parts to crypto/opensslconf.h. - [Ulf Möller] + [Ulf Möller] *) Fix new 56-bit DES export ciphersuites: they were using 7 bytes instead of 8 of keying material. Merlin has also confirmed interop with this fix @@ -10276,13 +10316,13 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Andy Polyakov ] *) Change functions to ANSI C. - [Ulf Möller] + [Ulf Möller] *) Fix typos in error codes. - [Martin Kraemer , Ulf Möller] + [Martin Kraemer , Ulf Möller] *) Remove defunct assembler files from Configure. - [Ulf Möller] + [Ulf Möller] *) SPARC v8 assembler BIGNUM implementation. [Andy Polyakov ] @@ -10319,7 +10359,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) New Configure option "rsaref". - [Ulf Möller] + [Ulf Möller] *) Don't auto-generate pem.h. [Bodo Moeller] @@ -10367,7 +10407,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) New functions DSA_do_sign and DSA_do_verify to provide access to the raw DSA values prior to ASN.1 encoding. - [Ulf Möller] + [Ulf Möller] *) Tweaks to Configure [Niels Poppe ] @@ -10377,11 +10417,11 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) New variables $(RANLIB) and $(PERL) in the Makefiles. - [Ulf Möller] + [Ulf Möller] *) New config option to avoid instructions that are illegal on the 80386. The default code is faster, but requires at least a 486. - [Ulf Möller] + [Ulf Möller] *) Got rid of old SSL2_CLIENT_VERSION (inconsistently used) and SSL2_SERVER_VERSION (not used at all) macros, which are now the @@ -10920,7 +10960,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k Hagino ] *) File was opened incorrectly in randfile.c. - [Ulf Möller ] + [Ulf Möller ] *) Beginning of support for GeneralizedTime. d2i, i2d, check and print functions. Also ASN1_TIME suite which is a CHOICE of UTCTime or @@ -10930,7 +10970,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) Correct Linux 1 recognition in config. - [Ulf Möller ] + [Ulf Möller ] *) Remove pointless MD5 hash when using DSA keys in ca. [Anonymous ] @@ -11077,7 +11117,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Fix the RSA header declarations that hid a bug I fixed in 0.9.0b but was already fixed by Eric for 0.9.1 it seems. - [Ben Laurie - pointed out by Ulf Möller ] + [Ben Laurie - pointed out by Ulf Möller ] *) Autodetect FreeBSD3. [Ben Laurie]