CHANGES.SSLeay 42 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968
  1. This file contains the changes for the SSLeay library up to version
  2. 0.9.0b. For later changes, see the file "CHANGES".
  3. SSLeay CHANGES
  4. ______________
  5. Changes between 0.8.x and 0.9.0b
  6. 10-Apr-1998
  7. I said the next version would go out at easter, and so it shall.
  8. I expect a 0.9.1 will follow with portability fixes in the next few weeks.
  9. This is a quick, meet the deadline. Look to ssl-users for comments on what
  10. is new etc.
  11. eric (about to go bushwalking for the 4 day easter break :-)
  12. 16-Mar-98
  13. - Patch for Cray T90 from Wayne Schroeder <schroede@SDSC.EDU>
  14. - Lots and lots of changes
  15. 29-Jan-98
  16. - ASN1_BIT_STRING_set_bit()/ASN1_BIT_STRING_get_bit() from
  17. Goetz Babin-Ebell <babinebell@trustcenter.de>.
  18. - SSL_version() now returns SSL2_VERSION, SSL3_VERSION or
  19. TLS1_VERSION.
  20. 7-Jan-98
  21. - Finally reworked the cipher string to ciphers again, so it
  22. works correctly
  23. - All the app_data stuff is now ex_data with funcion calls to access.
  24. The index is supplied by a function and 'methods' can be setup
  25. for the types that are called on XXX_new/XXX_free. This lets
  26. applications get notified on creation and destruction. Some of
  27. the RSA methods could be implemented this way and I may do so.
  28. - Oh yes, SSL under perl5 is working at the basic level.
  29. 15-Dec-97
  30. - Warning - the gethostbyname cache is not fully thread safe,
  31. but it should work well enough.
  32. - Major internal reworking of the app_data stuff. More functions
  33. but if you were accessing ->app_data directly, things will
  34. stop working.
  35. - The perlv5 stuff is working. Currently on message digests,
  36. ciphers and the bignum library.
  37. 9-Dec-97
  38. - Modified re-negotiation so that server initated re-neg
  39. will cause a SSL_read() to return -1 should retry.
  40. The danger otherwise was that the server and the
  41. client could end up both trying to read when using non-blocking
  42. sockets.
  43. 4-Dec-97
  44. - Lots of small changes
  45. - Fix for binaray mode in Windows for the FILE BIO, thanks to
  46. Bob Denny <rdenny@dc3.com>
  47. 17-Nov-97
  48. - Quite a few internal cleanups, (removal of errno, and using macros
  49. defined in e_os.h).
  50. - A bug in ca.c, pointed out by yasuyuki-ito@d-cruise.co.jp, where
  51. the automactic naming out output files was being stuffed up.
  52. 29-Oct-97
  53. - The Cast5 cipher has been added. MD5 and SHA-1 are now in assember
  54. for x86.
  55. 21-Oct-97
  56. - Fixed a bug in the BIO_gethostbyname() cache.
  57. 15-Oct-97
  58. - cbc mode for blowfish/des/3des is now in assember. Blowfish asm
  59. has also been improved. At this point in time, on the pentium,
  60. md5 is %80 faster, the unoptimesed sha-1 is %79 faster,
  61. des-cbc is %28 faster, des-ede3-cbc is %9 faster and blowfish-cbc
  62. is %62 faster.
  63. 12-Oct-97
  64. - MEM_BUF_grow() has been fixed so that it always sets the buf->length
  65. to the value we are 'growing' to. Think of MEM_BUF_grow() as the
  66. way to set the length value correctly.
  67. 10-Oct-97
  68. - I now hash for certificate lookup on the raw DER encoded RDN (md5).
  69. This breaks things again :-(. This is efficent since I cache
  70. the DER encoding of the RDN.
  71. - The text DN now puts in the numeric OID instead of UNKNOWN.
  72. - req can now process arbitary OIDs in the config file.
  73. - I've been implementing md5 in x86 asm, much faster :-).
  74. - Started sha1 in x86 asm, needs more work.
  75. - Quite a few speedups in the BN stuff. RSA public operation
  76. has been made faster by caching the BN_MONT_CTX structure.
  77. The calulating of the Ai where A*Ai === 1 mod m was rather
  78. expensive. Basically a 40-50% speedup on public operations.
  79. The RSA speedup is now 15% on pentiums and %20 on pentium
  80. pro.
  81. 30-Sep-97
  82. - After doing some profiling, I added x86 adm for bn_add_words(),
  83. which just adds 2 arrays of longs together. A %10 speedup
  84. for 512 and 1024 bit RSA on the pentium pro.
  85. 29-Sep-97
  86. - Converted the x86 bignum assembler to us the perl scripts
  87. for generation.
  88. 23-Sep-97
  89. - If SSL_set_session() is passed a NULL session, it now clears the
  90. current session-id.
  91. 22-Sep-97
  92. - Added a '-ss_cert file' to apps/ca.c. This will sign selfsigned
  93. certificates.
  94. - Bug in crypto/evp/encode.c where by decoding of 65 base64
  95. encoded lines, one line at a time (via a memory BIO) would report
  96. EOF after the first line was decoded.
  97. - Fix in X509_find_by_issuer_and_serial() from
  98. Dr Stephen Henson <shenson@bigfoot.com>
  99. 19-Sep-97
  100. - NO_FP_API and NO_STDIO added.
  101. - Put in sh config command. It auto runs Configure with the correct
  102. parameters.
  103. 18-Sep-97
  104. - Fix x509.c so if a DSA cert has different parameters to its parent,
  105. they are left in place. Not tested yet.
  106. 16-Sep-97
  107. - ssl_create_cipher_list() had some bugs, fixes from
  108. Patrick Eisenacher <eisenach@stud.uni-frankfurt.de>
  109. - Fixed a bug in the Base64 BIO, where it would return 1 instead
  110. of -1 when end of input was encountered but should retry.
  111. Basically a Base64/Memory BIO interaction problem.
  112. - Added a HMAC set of functions in preporarion for TLS work.
  113. 15-Sep-97
  114. - Top level makefile tweak - Cameron Simpson <cs@zip.com.au>
  115. - Prime generation spead up %25 (512 bit prime, pentium pro linux)
  116. by using montgomery multiplication in the prime number test.
  117. 11-Sep-97
  118. - Ugly bug in ssl3_write_bytes(). Basically if application land
  119. does a SSL_write(ssl,buf,len) where len > 16k, the SSLv3 write code
  120. did not check the size and tried to copy the entire buffer.
  121. This would tend to cause memory overwrites since SSLv3 has
  122. a maximum packet size of 16k. If your program uses
  123. buffers <= 16k, you would probably never see this problem.
  124. - Fixed a few errors that were cause by malloc() not returning
  125. 0 initialised memory..
  126. - SSL_OP_NETSCAPE_CA_DN_BUG was being switched on when using
  127. SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL); which was a bad thing
  128. since this flags stops SSLeay being able to handle client
  129. cert requests correctly.
  130. 08-Sep-97
  131. - SSL_SESS_CACHE_NO_INTERNAL_LOOKUP option added. When switched
  132. on, the SSL server routines will not use a SSL_SESSION that is
  133. held in it's cache. This in intended to be used with the session-id
  134. callbacks so that while the session-ids are still stored in the
  135. cache, the decision to use them and how to look them up can be
  136. done by the callbacks. The are the 'new', 'get' and 'remove'
  137. callbacks. This can be used to determine the session-id
  138. to use depending on information like which port/host the connection
  139. is coming from. Since the are also SSL_SESSION_set_app_data() and
  140. SSL_SESSION_get_app_data() functions, the application can hold
  141. information against the session-id as well.
  142. 03-Sep-97
  143. - Added lookup of CRLs to the by_dir method,
  144. X509_load_crl_file() also added. Basically it means you can
  145. lookup CRLs via the same system used to lookup certificates.
  146. - Changed things so that the X509_NAME structure can contain
  147. ASN.1 BIT_STRINGS which is required for the unique
  148. identifier OID.
  149. - Fixed some problems with the auto flushing of the session-id
  150. cache. It was not occuring on the server side.
  151. 02-Sep-97
  152. - Added SSL_CTX_sess_cache_size(SSL_CTX *ctx,unsigned long size)
  153. which is the maximum number of entries allowed in the
  154. session-id cache. This is enforced with a simple FIFO list.
  155. The default size is 20*1024 entries which is rather large :-).
  156. The Timeout code is still always operating.
  157. 01-Sep-97
  158. - Added an argument to all the 'generate private key/prime`
  159. callbacks. It is the last parameter so this should not
  160. break existing code but it is needed for C++.
  161. - Added the BIO_FLAGS_BASE64_NO_NL flag for the BIO_f_base64()
  162. BIO. This lets the BIO read and write base64 encoded data
  163. without inserting or looking for '\n' characters. The '-A'
  164. flag turns this on when using apps/enc.c.
  165. - RSA_NO_PADDING added to help BSAFE functionality. This is a
  166. very dangerous thing to use, since RSA private key
  167. operations without random padding bytes (as PKCS#1 adds) can
  168. be attacked such that the private key can be revealed.
  169. - ASN.1 bug and rc2-40-cbc and rc4-40 added by
  170. Dr Stephen Henson <shenson@bigfoot.com>
  171. 31-Aug-97 (stuff added while I was away)
  172. - Linux pthreads by Tim Hudson (tjh@cryptsoft.com).
  173. - RSA_flags() added allowing bypass of pub/priv match check
  174. in ssl/ssl_rsa.c - Tim Hudson.
  175. - A few minor bugs.
  176. SSLeay 0.8.1 released.
  177. 19-Jul-97
  178. - Server side initated dynamic renegotiation is broken. I will fix
  179. it when I get back from holidays.
  180. 15-Jul-97
  181. - Quite a few small changes.
  182. - INVALID_SOCKET usage cleanups from Alex Kiernan <alex@hisoft.co.uk>
  183. 09-Jul-97
  184. - Added 2 new values to the SSL info callback.
  185. SSL_CB_START which is passed when the SSL protocol is started
  186. and SSL_CB_DONE when it has finished sucsessfully.
  187. 08-Jul-97
  188. - Fixed a few bugs problems in apps/req.c and crypto/asn1/x_pkey.c
  189. that related to DSA public/private keys.
  190. - Added all the relevent PEM and normal IO functions to support
  191. reading and writing RSAPublic keys.
  192. - Changed makefiles to use ${AR} instead of 'ar r'
  193. 07-Jul-97
  194. - Error in ERR_remove_state() that would leave a dangling reference
  195. to a free()ed location - thanks to Alex Kiernan <alex@hisoft.co.uk>
  196. - s_client now prints the X509_NAMEs passed from the server
  197. when requesting a client cert.
  198. - Added a ssl->type, which is one of SSL_ST_CONNECT or
  199. SSL_ST_ACCEPT. I had to add it so I could tell if I was
  200. a connect or an accept after the handshake had finished.
  201. - SSL_get_client_CA_list(SSL *s) now returns the CA names
  202. passed by the server if called by a client side SSL.
  203. 05-Jul-97
  204. - Bug in X509_NAME_get_text_by_OBJ(), looking starting at index
  205. 0, not -1 :-( Fix from Tim Hudson (tjh@cryptsoft.com).
  206. 04-Jul-97
  207. - Fixed some things in X509_NAME_add_entry(), thanks to
  208. Matthew Donald <matthew@world.net>.
  209. - I had a look at the cipher section and though that it was a
  210. bit confused, so I've changed it.
  211. - I was not setting up the RC4-64-MD5 cipher correctly. It is
  212. a MS special that appears in exported MS Money.
  213. - Error in all my DH ciphers. Section 7.6.7.3 of the SSLv3
  214. spec. I was missing the two byte length header for the
  215. ClientDiffieHellmanPublic value. This is a packet sent from
  216. the client to the server. The SSL_OP_SSLEAY_080_CLIENT_DH_BUG
  217. option will enable SSLeay server side SSLv3 accept either
  218. the correct or my 080 packet format.
  219. - Fixed a few typos in crypto/pem.org.
  220. 02-Jul-97
  221. - Alias mapping for EVP_get_(digest|cipher)byname is now
  222. performed before a lookup for actual cipher. This means
  223. that an alias can be used to 're-direct' a cipher or a
  224. digest.
  225. - ASN1_read_bio() had a bug that only showed up when using a
  226. memory BIO. When EOF is reached in the memory BIO, it is
  227. reported as a -1 with BIO_should_retry() set to true.
  228. 01-Jul-97
  229. - Fixed an error in X509_verify_cert() caused by my
  230. miss-understanding how 'do { contine } while(0);' works.
  231. Thanks to Emil Sit <sit@mit.edu> for educating me :-)
  232. 30-Jun-97
  233. - Base64 decoding error. If the last data line did not end with
  234. a '=', sometimes extra data would be returned.
  235. - Another 'cut and paste' bug in x509.c related to setting up the
  236. STDout BIO.
  237. 27-Jun-97
  238. - apps/ciphers.c was not printing due to an editing error.
  239. - Alex Kiernan <alex@hisoft.co.uk> send in a nice fix for
  240. a library build error in util/mk1mf.pl
  241. 26-Jun-97
  242. - Still did not have the auto 'experimental' code removal
  243. script correct.
  244. - A few header tweaks for Watcom 11.0 under Win32 from
  245. Rolf Lindemann <Lindemann@maz-hh.de>
  246. - 0 length OCTET_STRING bug in asn1_parse
  247. - A minor fix with an non-existent function in the MS .def files.
  248. - A few changes to the PKCS7 stuff.
  249. 25-Jun-97
  250. SSLeay 0.8.0 finally it gets released.
  251. 24-Jun-97
  252. Added a SSL_OP_EPHEMERAL_RSA option which causes all SSLv3 RSA keys to
  253. use a temporary RSA key. This is experimental and needs some more work.
  254. Fixed a few Win16 build problems.
  255. 23-Jun-97
  256. SSLv3 bug. I was not doing the 'lookup' of the CERT structure
  257. correctly. I was taking the SSL->ctx->default_cert when I should
  258. have been using SSL->cert. The bug was in ssl/s3_srvr.c
  259. 20-Jun-97
  260. X509_ATTRIBUTES were being encoded wrongly by apps/reg.c and the
  261. rest of the library. Even though I had the code required to do
  262. it correctly, apps/req.c was doing the wrong thing. I have fixed
  263. and tested everything.
  264. Missing a few #ifdef FIONBIO sections in crypto/bio/bss_acpt.c.
  265. 19-Jun-97
  266. Fixed a bug in the SSLv2 server side first packet handling. When
  267. using the non-blocking test BIO, the ssl->s2->first_packet flag
  268. was being reset when a would-block failure occurred when reading
  269. the first 5 bytes of the first packet. This caused the checking
  270. logic to run at the wrong time and cause an error.
  271. Fixed a problem with specifying cipher. If RC4-MD5 were used,
  272. only the SSLv3 version would be picked up. Now this will pick
  273. up both SSLv2 and SSLv3 versions. This required changing the
  274. SSL_CIPHER->mask values so that they only mask the ciphers,
  275. digests, authentication, export type and key-exchange algorithms.
  276. I found that when a SSLv23 session is established, a reused
  277. session, of type SSLv3 was attempting to write the SSLv2
  278. ciphers, which were invalid. The SSL_METHOD->put_cipher_by_char
  279. method has been modified so it will only write out cipher which
  280. that method knows about.
  281. Changes between 0.8.0 and 0.8.1
  282. *) Mostly bug fixes.
  283. There is an Ephemeral DH cipher problem which is fixed.
  284. SSLeay 0.8.0
  285. This version of SSLeay has quite a lot of things different from the
  286. previous version.
  287. Basically check all callback parameters, I will be producing documentation
  288. about how to use things in th future. Currently I'm just getting 080 out
  289. the door. Please not that there are several ways to do everything, and
  290. most of the applications in the apps directory are hybrids, some using old
  291. methods and some using new methods.
  292. Have a look in demos/bio for some very simple programs and
  293. apps/s_client.c and apps/s_server.c for some more advanced versions.
  294. Notes are definitly needed but they are a week or so away.
  295. Anyway, some quick nots from Tim Hudson (tjh@cryptsoft.com)
  296. ---
  297. Quick porting notes for moving from SSLeay-0.6.x to SSLeay-0.8.x to
  298. get those people that want to move to using the new code base off to
  299. a quick start.
  300. Note that Eric has tidied up a lot of the areas of the API that were
  301. less than desirable and renamed quite a few things (as he had to break
  302. the API in lots of places anyrate). There are a whole pile of additional
  303. functions for making dealing with (and creating) certificates a lot
  304. cleaner.
  305. 01-Jul-97
  306. Tim Hudson
  307. tjh@cryptsoft.com
  308. ---8<---
  309. To maintain code that uses both SSLeay-0.6.x and SSLeay-0.8.x you could
  310. use something like the following (assuming you #include "crypto.h" which
  311. is something that you really should be doing).
  312. #if SSLEAY_VERSION_NUMBER >= 0x0800
  313. #define SSLEAY8
  314. #endif
  315. buffer.h -> splits into buffer.h and bio.h so you need to include bio.h
  316. too if you are working with BIO internal stuff (as distinct
  317. from simply using the interface in an opaque manner)
  318. #include "bio.h" - required along with "buffer.h" if you write
  319. your own BIO routines as the buffer and bio
  320. stuff that was intermixed has been separated
  321. out
  322. envelope.h -> evp.h (which should have been done ages ago)
  323. Initialisation ... don't forget these or you end up with code that
  324. is missing the bits required to do useful things (like ciphers):
  325. SSLeay_add_ssl_algorithms()
  326. (probably also want SSL_load_error_strings() too but you should have
  327. already had that call in place)
  328. SSL_CTX_new() - requires an extra method parameter
  329. SSL_CTX_new(SSLv23_method())
  330. SSL_CTX_new(SSLv2_method())
  331. SSL_CTX_new(SSLv3_method())
  332. OR to only have the server or the client code
  333. SSL_CTX_new(SSLv23_server_method())
  334. SSL_CTX_new(SSLv2_server_method())
  335. SSL_CTX_new(SSLv3_server_method())
  336. or
  337. SSL_CTX_new(SSLv23_client_method())
  338. SSL_CTX_new(SSLv2_client_method())
  339. SSL_CTX_new(SSLv3_client_method())
  340. SSL_set_default_verify_paths() ... renamed to the more appropriate
  341. SSL_CTX_set_default_verify_paths()
  342. If you want to use client certificates then you have to add in a bit
  343. of extra stuff in that a SSLv3 server sends a list of those CAs that
  344. it will accept certificates from ... so you have to provide a list to
  345. SSLeay otherwise certain browsers will not send client certs.
  346. SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file));
  347. X509_NAME_oneline(X) -> X509_NAME_oneline(X,NULL,0)
  348. or provide a buffer and size to copy the
  349. result into
  350. X509_add_cert -> X509_STORE_add_cert (and you might want to read the
  351. notes on X509_NAME structure changes too)
  352. VERIFICATION CODE
  353. =================
  354. The codes have all be renamed from VERIFY_ERR_* to X509_V_ERR_* to
  355. more accurately reflect things.
  356. The verification callback args are now packaged differently so that
  357. extra fields for verification can be added easily in future without
  358. having to break things by adding extra parameters each release :-)
  359. X509_cert_verify_error_string -> X509_verify_cert_error_string
  360. BIO INTERNALS
  361. =============
  362. Eric has fixed things so that extra flags can be introduced in
  363. the BIO layer in future without having to play with all the BIO
  364. modules by adding in some macros.
  365. The ugly stuff using
  366. b->flags ~= (BIO_FLAGS_RW|BIO_FLAGS_SHOULD_RETRY)
  367. becomes
  368. BIO_clear_retry_flags(b)
  369. b->flags |= (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY)
  370. becomes
  371. BIO_set_retry_read(b)
  372. Also ... BIO_get_retry_flags(b), BIO_set_flags(b)
  373. OTHER THINGS
  374. ============
  375. X509_NAME has been altered so that it isn't just a STACK ... the STACK
  376. is now in the "entries" field ... and there are a pile of nice functions
  377. for getting at the details in a much cleaner manner.
  378. SSL_CTX has been altered ... "cert" is no longer a direct member of this
  379. structure ... things are now down under "cert_store" (see x509_vfy.h) and
  380. things are no longer in a CERTIFICATE_CTX but instead in a X509_STORE.
  381. If your code "knows" about this level of detail then it will need some
  382. surgery.
  383. If you depending on the incorrect spelling of a number of the error codes
  384. then you will have to change your code as these have been fixed.
  385. ENV_CIPHER "type" got renamed to "nid" and as that is what it actually
  386. has been all along so this makes things clearer.
  387. ify_cert_error_string(ctx->error));
  388. SSL_R_NO_CIPHER_WE_TRUST -> SSL_R_NO_CIPHER_LIST
  389. and SSL_R_REUSE_CIPHER_LIST_NOT_ZERO
  390. Changes between 0.7.x and 0.8.0
  391. *) There have been lots of changes, mostly the addition of SSLv3.
  392. There have been many additions from people and amongst
  393. others, C2Net has assisted greatly.
  394. Changes between 0.7.x and 0.7.x
  395. *) Internal development version only
  396. SSLeay 0.6.6 13-Jan-1997
  397. The main additions are
  398. - assember for x86 DES improvments.
  399. From 191,000 per second on a pentium 100, I now get 281,000. The inner
  400. loop and the IP/FP modifications are from
  401. Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>. Many thanks for his
  402. contribution.
  403. - The 'DES macros' introduced in 0.6.5 now have 3 types.
  404. DES_PTR1, DES_PTR2 and 'normal'. As per before, des_opts reports which
  405. is best and there is a summery of mine in crypto/des/options.txt
  406. - A few bug fixes.
  407. - Added blowfish. It is not used by SSL but all the other stuff that
  408. deals with ciphers can use it in either ecb, cbc, cfb64 or ofb64 modes.
  409. There are 3 options for optimising Blowfish. BF_PTR, BF_PTR2 and 'normal'.
  410. BF_PTR2 is pentium/x86 specific. The correct option is setup in
  411. the 'Configure' script.
  412. - There is now a 'get client certificate' callback which can be
  413. 'non-blocking'. If more details are required, let me know. It will
  414. documented more in SSLv3 when I finish it.
  415. - Bug fixes from 0.6.5 including the infamous 'ca' bug. The 'make test'
  416. now tests the ca program.
  417. - Lots of little things modified and tweaked.
  418. SSLeay 0.6.5
  419. After quite some time (3 months), the new release. I have been very busy
  420. for the last few months and so this is mostly bug fixes and improvments.
  421. The main additions are
  422. - assember for x86 DES. For all those gcc based systems, this is a big
  423. improvement. From 117,000 DES operation a second on a pentium 100,
  424. I now get 191,000. I have also reworked the C version so it
  425. now gives 148,000 DESs per second.
  426. - As mentioned above, the inner DES macros now have some more variant that
  427. sometimes help, sometimes hinder performance. There are now 3 options
  428. DES_PTR (ptr vs array lookup), DES_UNROLL (full vs partial loop unrolling)
  429. and DES_RISC (a more register intensive version of the inner macro).
  430. The crypto/des/des_opts.c program, when compiled and run, will give
  431. an indication of the correct options to use.
  432. - The BIO stuff has been improved. Read doc/bio.doc. There are now
  433. modules for encryption and base64 encoding and a BIO_printf() function.
  434. - The CA program will accept simple one line X509v3 extensions in the
  435. ssleay.cnf file. Have a look at the example. Currently this just
  436. puts the text into the certificate as an OCTET_STRING so currently
  437. the more advanced X509v3 data types are not handled but this is enough
  438. for the netscape extensions.
  439. - There is the start of a nicer higher level interface to the X509
  440. strucutre.
  441. - Quite a lot of bug fixes.
  442. - CRYPTO_malloc_init() (or CRYPTO_set_mem_functions()) can be used
  443. to define the malloc(), free() and realloc() routines to use
  444. (look in crypto/crypto.h). This is mostly needed for Windows NT/95 when
  445. using DLLs and mixing CRT libraries.
  446. In general, read the 'VERSION' file for changes and be aware that some of
  447. the new stuff may not have been tested quite enough yet, so don't just plonk
  448. in SSLeay 0.6.5 when 0.6.4 used to work and expect nothing to break.
  449. SSLeay 0.6.4 30/08/96 eay
  450. I've just finished some test builds on Windows NT, Windows 3.1, Solaris 2.3,
  451. Solaris 2.5, Linux, IRIX, HPUX 10 and everthing seems to work :-).
  452. The main changes in this release
  453. - Thread safe. have a read of doc/threads.doc and play in the mt directory.
  454. For anyone using 0.6.3 with threads, I found 2 major errors so consider
  455. moving to 0.6.4. I have a test program that builds under NT and
  456. solaris.
  457. - The get session-id callback has changed. Have a read of doc/callback.doc.
  458. - The X509_cert_verify callback (the SSL_verify callback) now
  459. has another argument. Have a read of doc/callback.doc
  460. - 'ca -preserve', sign without re-ordering the DN. Not tested much.
  461. - VMS support.
  462. - Compile time memory leak detection can now be built into SSLeay.
  463. Read doc/memory.doc
  464. - CONF routines now understand '\', '\n', '\r' etc. What this means is that
  465. the SPKAC object mentioned in doc/ns-ca.doc can be on multiple lines.
  466. - 'ssleay ciphers' added, lists the default cipher list for SSLeay.
  467. - RC2 key setup is now compatable with Netscape.
  468. - Modifed server side of SSL implementation, big performance difference when
  469. using session-id reuse.
  470. 0.6.3
  471. Bug fixes and the addition of some nice stuff to the 'ca' program.
  472. Have a read of doc/ns-ca.doc for how hit has been modified so
  473. it can be driven from a CGI script. The CGI script is not provided,
  474. but that is just being left as an excersize for the reader :-).
  475. 0.6.2
  476. This is most bug fixes and functionality improvements.
  477. Additions are
  478. - More thread debugging patches, the thread stuff is still being
  479. tested, but for those keep to play with stuff, have a look in
  480. crypto/cryptlib.c. The application needs to define 1 (or optionaly
  481. a second) callback that is used to implement locking. Compiling
  482. with LOCK_DEBUG spits out lots of locking crud :-).
  483. This is what I'm currently working on.
  484. - SSL_CTX_set_default_passwd_cb() can be used to define the callback
  485. function used in the SSL*_file() functions used to load keys. I was
  486. always of the opinion that people should call
  487. PEM_read_RSAPrivateKey() and pass the callback they want to use, but
  488. it appears they just want to use the SSL_*_file() function() :-(.
  489. - 'enc' now has a -kfile so a key can be read from a file. This is
  490. mostly used so that the passwd does not appear when using 'ps',
  491. which appears imposible to stop under solaris.
  492. - X509v3 certificates now work correctly. I even have more examples
  493. in my tests :-). There is now a X509_EXTENSION type that is used in
  494. X509v3 certificates and CRLv2.
  495. - Fixed that signature type error :-(
  496. - Fixed quite a few potential memory leaks and problems when reusing
  497. X509, CRL and REQ structures.
  498. - EVP_set_pw_prompt() now sets the library wide default password
  499. prompt.
  500. - The 'pkcs7' command will now, given the -print_certs flag, output in
  501. pem format, all certificates and CRL contained within. This is more
  502. of a pre-emtive thing for the new verisign distribution method. I
  503. should also note, that this also gives and example in code, of how
  504. to do this :-), or for that matter, what is involved in going the
  505. other way (list of certs and crl -> pkcs7).
  506. - Added RSA's DESX to the DES library. It is also available via the
  507. EVP_desx_cbc() method and via 'enc desx'.
  508. SSLeay 0.6.1
  509. The main functional changes since 0.6.0 are as follows
  510. - Bad news, the Microsoft 060 DLL's are not compatable, but the good news is
  511. that from now on, I'll keep the .def numbers the same so they will be.
  512. - RSA private key operations are about 2 times faster that 0.6.0
  513. - The SSL_CTX now has more fields so default values can be put against
  514. it. When an SSL structure is created, these default values are used
  515. but can be overwritten. There are defaults for cipher, certificate,
  516. private key, verify mode and callback. This means SSL session
  517. creation can now be
  518. ssl=SSL_new()
  519. SSL_set_fd(ssl,sock);
  520. SSL_accept(ssl)
  521. ....
  522. All the other uglyness with having to keep a global copy of the
  523. private key and certificate/verify mode in the server is now gone.
  524. - ssl/ssltest.c - one process talking SSL to its self for testing.
  525. - Storage of Session-id's can be controled via a session_cache_mode
  526. flag. There is also now an automatic default flushing of
  527. old session-id's.
  528. - The X509_cert_verify() function now has another parameter, this
  529. should not effect most people but it now means that the reason for
  530. the failure to verify is now available via SSL_get_verify_result(ssl).
  531. You don't have to use a global variable.
  532. - SSL_get_app_data() and SSL_set_app_data() can be used to keep some
  533. application data against the SSL structure. It is upto the application
  534. to free the data. I don't use it, but it is available.
  535. - SSL_CTX_set_cert_verify_callback() can be used to specify a
  536. verify callback function that completly replaces my certificate
  537. verification code. Xcert should be able to use this :-).
  538. The callback is of the form int app_verify_callback(arg,ssl,cert).
  539. This needs to be documented more.
  540. - I have started playing with shared library builds, have a look in
  541. the shlib directory. It is very simple. If you need a numbered
  542. list of functions, have a look at misc/crypto.num and misc/ssl.num.
  543. - There is some stuff to do locking to make the library thread safe.
  544. I have only started this stuff and have not finished. If anyone is
  545. keen to do so, please send me the patches when finished.
  546. So I have finally made most of the additions to the SSL interface that
  547. I thought were needed.
  548. There will probably be a pause before I make any non-bug/documentation
  549. related changes to SSLeay since I'm feeling like a bit of a break.
  550. eric - 12 Jul 1996
  551. I saw recently a comment by some-one that we now seem to be entering
  552. the age of perpetual Beta software.
  553. Pioneered by packages like linux but refined to an art form by
  554. netscape.
  555. I too wish to join this trend with the anouncement of SSLeay 0.6.0 :-).
  556. There are quite a large number of sections that are 'works in
  557. progress' in this package. I will also list the major changes and
  558. what files you should read.
  559. BIO - this is the new IO structure being used everywhere in SSLeay. I
  560. started out developing this because of microsoft, I wanted a mechanism
  561. to callback to the application for all IO, so Windows 3.1 DLL
  562. perversion could be hidden from me and the 15 different ways to write
  563. to a file under NT would also not be dictated by me at library build
  564. time. What the 'package' is is an API for a data structure containing
  565. functions. IO interfaces can be written to conform to the
  566. specification. This in not intended to hide the underlying data type
  567. from the application, but to hide it from SSLeay :-).
  568. I have only really finished testing the FILE * and socket/fd modules.
  569. There are also 'filter' BIO's. Currently I have only implemented
  570. message digests, and it is in use in the dgst application. This
  571. functionality will allow base64/encrypto/buffering modules to be
  572. 'push' into a BIO without it affecting the semantics. I'm also
  573. working on an SSL BIO which will hide the SSL_accept()/SLL_connet()
  574. from an event loop which uses the interface.
  575. It is also possible to 'attach' callbacks to a BIO so they get called
  576. before and after each operation, alowing extensive debug output
  577. to be generated (try running dgst with -d).
  578. Unfortunaly in the conversion from 0.5.x to 0.6.0, quite a few
  579. functions that used to take FILE *, now take BIO *.
  580. The wrappers are easy to write
  581. function_fp(fp,x)
  582. FILE *fp;
  583. {
  584. BIO *b;
  585. int ret;
  586. if ((b=BIO_new(BIO_s_file())) == NULL) error.....
  587. BIO_set_fp(b,fp,BIO_NOCLOSE);
  588. ret=function_bio(b,x);
  589. BIO_free(b);
  590. return(ret);
  591. }
  592. Remember, there are no functions that take FILE * in SSLeay when
  593. compiled for Windows 3.1 DLL's.
  594. --
  595. I have added a general EVP_PKEY type that can hold a public/private
  596. key. This is now what is used by the EVP_ functions and is passed
  597. around internally. I still have not done the PKCS#8 stuff, but
  598. X509_PKEY is defined and waiting :-)
  599. --
  600. For a full function name listings, have a look at ms/crypt32.def and
  601. ms/ssl32.def. These are auto-generated but are complete.
  602. Things like ASN1_INTEGER_get() have been added and are in here if you
  603. look. I have renamed a few things, again, have a look through the
  604. function list and you will probably find what you are after. I intend
  605. to at least put a one line descrition for each one.....
  606. --
  607. Microsoft - thats what this release is about, read the MICROSOFT file.
  608. --
  609. Multi-threading support. I have started hunting through the code and
  610. flaging where things need to be done. In a state of work but high on
  611. the list.
  612. --
  613. For random numbers, edit e_os.h and set DEVRANDOM (it's near the top)
  614. be be you random data device, otherwise 'RFILE' in e_os.h
  615. will be used, in your home directory. It will be updated
  616. periodically. The environment variable RANDFILE will override this
  617. choice and read/write to that file instead. DEVRANDOM is used in
  618. conjunction to the RFILE/RANDFILE. If you wish to 'seed' the random
  619. number generator, pick on one of these files.
  620. --
  621. The list of things to read and do
  622. dgst -d
  623. s_client -state (this uses a callback placed in the SSL state loop and
  624. will be used else-where to help debug/monitor what
  625. is happening.)
  626. doc/why.doc
  627. doc/bio.doc <- hmmm, needs lots of work.
  628. doc/bss_file.doc <- one that is working :-)
  629. doc/session.doc <- it has changed
  630. doc/speed.doc
  631. also play with ssleay version -a. I have now added a SSLeay()
  632. function that returns a version number, eg 0600 for this release
  633. which is primarily to be used to check DLL version against the
  634. application.
  635. util/* Quite a few will not interest people, but some may, like
  636. mk1mf.pl, mkdef.pl,
  637. util/do_ms.sh
  638. try
  639. cc -Iinclude -Icrypto -c crypto/crypto.c
  640. cc -Iinclude -Issl -c ssl/ssl.c
  641. You have just built the SSLeay libraries as 2 object files :-)
  642. Have a general rummage around in the bin stall directory and look at
  643. what is in there, like CA.sh and c_rehash
  644. There are lots more things but it is 12:30am on a Friday night and I'm
  645. heading home :-).
  646. eric 22-Jun-1996
  647. This version has quite a few major bug fixes and improvements. It DOES NOT
  648. do SSLv3 yet.
  649. The main things changed
  650. - A Few days ago I added the s_mult application to ssleay which is
  651. a demo of an SSL server running in an event loop type thing.
  652. It supports non-blocking IO, I have finally gotten it right, SSL_accept()
  653. can operate in non-blocking IO mode, look at the code to see how :-).
  654. Have a read of doc/s_mult as well. This program leaks memory and
  655. file descriptors everywhere but I have not cleaned it up yet.
  656. This is a demo of how to do non-blocking IO.
  657. - The SSL session management has been 'worked over' and there is now
  658. quite an expansive set of functions to manipulate them. Have a read of
  659. doc/session.doc for some-things I quickly whipped up about how it now works.
  660. This assume you know the SSLv2 protocol :-)
  661. - I can now read/write the netscape certificate format, use the
  662. -inform/-outform 'net' options to the x509 command. I have not put support
  663. for this type in the other demo programs, but it would be easy to add.
  664. - asn1parse and 'enc' have been modified so that when reading base64
  665. encoded files (pem format), they do not require '-----BEGIN' header lines.
  666. The 'enc' program had a buffering bug fixed, it can be used as a general
  667. base64 -> binary -> base64 filter by doing 'enc -a -e' and 'enc -a -d'
  668. respecivly. Leaving out the '-a' flag in this case makes the 'enc' command
  669. into a form of 'cat'.
  670. - The 'x509' and 'req' programs have been fixed and modified a little so
  671. that they generate self-signed certificates correctly. The test
  672. script actually generates a 'CA' certificate and then 'signs' a
  673. 'user' certificate. Have a look at this shell script (test/sstest)
  674. to see how things work, it tests most possible combinations of what can
  675. be done.
  676. - The 'SSL_set_pref_cipher()' function has been 'fixed' and the prefered name
  677. of SSL_set_cipher_list() is now the correct API (stops confusion :-).
  678. If this function is used in the client, only the specified ciphers can
  679. be used, with preference given to the order the ciphers were listed.
  680. For the server, if this is used, only the specified ciphers will be used
  681. to accept connections. If this 'option' is not used, a default set of
  682. ciphers will be used. The SSL_CTX_set_cipher_list(SSL_CTX *ctx) sets this
  683. list for all ciphers started against the SSL_CTX. So the order is
  684. SSL cipher_list, if not present, SSL_CTX cipher list, if not
  685. present, then the library default.
  686. What this means is that normally ciphers like
  687. NULL-MD5 will never be used. The only way this cipher can be used
  688. for both ends to specify to use it.
  689. To enable or disable ciphers in the library at build time, modify the
  690. first field for the cipher in the ssl_ciphers array in ssl/ssl_lib.c.
  691. This file also contains the 'pref_cipher' list which is the default
  692. cipher preference order.
  693. - I'm not currently sure if the 'rsa -inform net' and the 'rsa -outform net'
  694. options work. They should, and they enable loading and writing the
  695. netscape rsa private key format. I will be re-working this section of
  696. SSLeay for the next version. What is currently in place is a quick and
  697. dirty hack.
  698. - I've re-written parts of the bignum library. This gives speedups
  699. for all platforms. I now provide assembler for use under Windows NT.
  700. I have not tested the Windows 3.1 assembler but it is quite simple code.
  701. This gives RSAprivate_key operation encryption times of 0.047s (512bit key)
  702. and 0.230s (1024bit key) on a pentium 100 which I consider reasonable.
  703. Basically the times available under linux/solaris x86 can be achieve under
  704. Windows NT. I still don't know how these times compare to RSA's BSAFE
  705. library but I have been emailing with people and with their help, I should
  706. be able to get my library's quite a bit faster still (more algorithm changes).
  707. The object file crypto/bn/asm/x86-32.obj should be used when linking
  708. under NT.
  709. - 'make makefile.one' in the top directory will generate a single makefile
  710. called 'makefile.one' This makefile contains no perl references and
  711. will build the SSLeay library into the 'tmp' and 'out' directories.
  712. util/mk1mf.pl >makefile.one is how this makefile is
  713. generated. The mk1mf.pl command take several option to generate the
  714. makefile for use with cc, gcc, Visual C++ and Borland C++. This is
  715. still under development. I have only build .lib's for NT and MSDOS
  716. I will be working on this more. I still need to play with the
  717. correct compiler setups for these compilers and add some more stuff but
  718. basically if you just want to compile the library
  719. on a 'non-unix' platform, this is a very very good file to start with :-).
  720. Have a look in the 'microsoft' directory for my current makefiles.
  721. I have not yet modified things to link with sockets under Windows NT.
  722. You guys should be able to do this since this is actually outside of the
  723. SSLeay scope :-). I will be doing it for myself soon.
  724. util/mk1mf.pl takes quite a few options including no-rc, rsaref and no-sock
  725. to build without RC2/RC4, to require RSAref for linking, and to
  726. build with no socket code.
  727. - Oh yes, the cipher that was reported to be compatible with RSA's RC2 cipher
  728. that was posted to sci.crypt has been added to the library and SSL.
  729. I take the view that if RC2 is going to be included in a standard,
  730. I'll include the cipher to make my package complete.
  731. There are NO_RC2, NO_RC4 and NO_IDEA macros to remove these ciphers
  732. at compile time. I have not tested this recently but it should all work
  733. and if you are in the USA and don't want RSA threatening to sue you,
  734. you could probably remove the RC4/RC2 code inside these sections.
  735. I may in the future include a perl script that does this code
  736. removal automatically for those in the USA :-).
  737. - I have removed all references to sed in the makefiles. So basically,
  738. the development environment requires perl and sh. The build environment
  739. does not (use the makefile.one makefile).
  740. The Configure script still requires perl, this will probably stay that way
  741. since I have perl for Windows NT :-).
  742. eric (03-May-1996)
  743. PS Have a look in the VERSION file for more details on the changes and
  744. bug fixes.
  745. I have fixed a few bugs, added alpha and x86 assembler and generally cleaned
  746. things up. This version will be quite stable, mostly because I'm on
  747. holidays until 10-March-1996. For any problems in the interum, send email
  748. to Tim Hudson <tjh@mincom.oz.au>.
  749. SSLeay 0.5.0
  750. 12-12-95
  751. This is going out before it should really be released.
  752. I leave for 11 weeks holidays on the 22-12-95 and so I either sit on
  753. this for 11 weeks or get things out. It is still going to change a
  754. lot in the next week so if you do grab this version, please test and
  755. give me feed back ASAP, inculuding questions on how to do things with
  756. the library. This will prompt me to write documentation so I don't
  757. have to answer the same question again :-).
  758. This 'pre' release version is for people who are interested in the
  759. library. The applications will have to be changed to use
  760. the new version of the SSL interface. I intend to finish more
  761. documentation before I leave but until then, look at the programs in
  762. the apps directory. As far as code goes, it is much much nicer than
  763. the old version.
  764. The current library works, has no memory leaks (as far as I can tell)
  765. and is far more bug free that 0.4.5d. There are no global variable of
  766. consequence (I believe) and I will produce some documentation that
  767. tell where to look for those people that do want to do multi-threaded
  768. stuff.
  769. There should be more documentation. Have a look in the
  770. doc directory. I'll be adding more before I leave, it is a start
  771. by mostly documents the crypto library. Tim Hudson will update
  772. the web page ASAP. The spelling and grammar are crap but
  773. it is better than nothing :-)
  774. Reasons to start playing with version 0.5.0
  775. - All the programs in the apps directory build into one ssleay binary.
  776. - There is a new version of the 'req' program that generates certificate
  777. requests, there is even documentation for this one :-)
  778. - There is a demo certification authorithy program. Currently it will
  779. look at the simple database and update it. It will generate CRL from
  780. the data base. You need to edit the database by hand to revoke a
  781. certificate, it is my aim to use perl5/Tk but I don't have time to do
  782. this right now. It will generate the certificates but the management
  783. scripts still need to be written. This is not a hard task.
  784. - Things have been cleaned up alot.
  785. - Have a look at the enc and dgst programs in the apps directory.
  786. - It supports v3 of x509 certiticates.
  787. Major things missing.
  788. - I have been working on (and thinging about) the distributed x509
  789. hierachy problem. I have not had time to put my solution in place.
  790. It will have to wait until I come back.
  791. - I have not put in CRL checking in the certificate verification but
  792. it would not be hard to do. I was waiting until I could generate my
  793. own CRL (which has only been in the last week) and I don't have time
  794. to put it in correctly.
  795. - Montgomery multiplication need to be implemented. I know the
  796. algorithm, just ran out of time.
  797. - PKCS#7. I can load and write the DER version. I need to re-work
  798. things to support BER (if that means nothing, read the ASN1 spec :-).
  799. - Testing of the higher level digital envelope routines. I have not
  800. played with the *_seal() and *_open() type functions. They are
  801. written but need testing. The *_sign() and *_verify() functions are
  802. rock solid.
  803. - PEM. Doing this and PKCS#7 have been dependant on the distributed
  804. x509 heirachy problem. I started implementing my ideas, got
  805. distracted writing a CA program and then ran out of time. I provide
  806. the functionality of RSAref at least.
  807. - Re work the asm. code for the x86. I've changed by low level bignum
  808. interface again, so I really need to tweak the x86 stuff. gcc is
  809. good enough for the other boxes.