X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=STATUS;h=7853d9ff50ed3b17f34512c22b2bbdfab7b38505;hp=a5f2b4008b2752533a23c79cbf9c6bc4baa70e6b;hb=17d6bb815813bab443a29cfd821d876afc9ecfef;hpb=6b46ca135a70ad7f77bba771496751f555e4863c diff --git a/STATUS b/STATUS index a5f2b4008b..7853d9ff50 100644 --- a/STATUS +++ b/STATUS @@ -1,10 +1,11 @@ OpenSSL STATUS Last modified at - ______________ $Date: 2001/07/17 14:39:26 $ + ______________ $Date: 2002/03/11 09:36:04 $ DEVELOPMENT STATE o OpenSSL 0.9.7: Under development... + o OpenSSL 0.9.6c: Released on December 21st, 2001 o OpenSSL 0.9.6b: Released on July 9th, 2001 o OpenSSL 0.9.6a: Released on April 5th, 2001 o OpenSSL 0.9.6: Released on September 24th, 2000 @@ -18,12 +19,25 @@ RELEASE SHOWSTOPPERS + o BIGNUM library failures on 64-bit platforms (0.9.7-dev): + - BN_mod_mul verificiation (bc) fails for solaris64-sparcv9-cc + and other 64-bit platforms + + Checked on Result + alpha-cc (Tru64 version 4.0) works + linux-alpha+bwx-gcc doesn't work. Reported by + Sean O'Riordain + OpenBSD-sparc64 doesn't work. BN_mod_mul breaks. + + Needs checked on + [add platforms here] + + - BN_mod_mul verification fails for mips3-sgi-irix + unless configured with no-asm + AVAILABLE PATCHES - o IA-64 (a.k.a. Intel Itanium) public-key operation performance - patch for Linux is available for download at - http://www.openssl.org/~appro/096b.linux-ia64.diff. As URL - suggests the patch is relative to OpenSSL 0.9.6b. + o IN PROGRESS @@ -48,23 +62,16 @@ NEEDS PATCH - o apps/ca.c: "Sign the certificate?" - "n" creates empty certificate file + o An (optional) countermeasure against the predictable-IV CBC + weakness in SSL/TLS should be added; see + http://www.openssl.org/~bodo/tls-cbc.txt - o OpenSSL_0_9_6-stable: - #include in exported header files is illegal since - e_os.h is suitable only for library-internal use. + o apps/ca.c: "Sign the certificate?" - "n" creates empty certificate file - o Whenever strncpy is used, make sure the resulting string is NULL-terminated - or an error is reported + o "OpenSSL STATUS" is never up-to-date. OPEN ISSUES - o crypto/ex_data.c is not really thread-safe and so must be used - with care (e.g., extra locking where necessary, or don't call - CRYPTO_get_ex_new_index once multiple threads exist). - The current API is not suitable for everything that it pretends - to offer. - o The Makefile hierarchy and build mechanism is still not a round thing: 1. The config vs. Configure scripts @@ -89,24 +96,12 @@ which apparently is not flexible enough to generate libcrypto) - - o The perl/ stuff needs a major overhaul. Currently it's - totally obsolete. Either we clean it up and enhance it to be up-to-date - with the C code or we also could replace it with the really nice - Net::SSLeay package we can find under - http://www.neuronio.pt/SSLeay.pm.html. Ralf uses this package for a - longer time and it works fine and is a nice Perl module. Best would be - to convince the author to work for the OpenSSL project and create a - Net::OpenSSL or Crypt::OpenSSL package out of it and maintains it for - us. - - Status: Ralf thinks we should both contact the author of Net::SSLeay - and look how much effort it is to bring Eric's perl/ stuff up - to date. - Paul +1 - WISHES + o Add variants of DH_generate_parameters() and BN_generate_prime() [etc?] + where the callback function can request that the function be aborted. + [Gregory Stark , ] + o SRP in TLS. [wished by: Dj , Tom Wu ,