9 | 9 |
*) Remove SSL_OP_TLS_BLOCK_PADDING_BUG. This is SSLeay legacy, we're
|
10 | 10 |
not aware of clients that still exhibit this bug, and the workaround
|
11 | 11 |
hasn't been working properly for a while.
|
12 | |
[Emilia Käsper]
|
|
12 |
[Emilia Käsper]
|
13 | 13 |
|
14 | 14 |
*) The return type of BIO_number_read() and BIO_number_written() as well as
|
15 | 15 |
the corresponding num_read and num_write members in the BIO structure has
|
|
400 | 400 |
This parameter will be set to 1 or 0 depending on the ciphersuite selected
|
401 | 401 |
by the SSL/TLS server library, indicating whether it can provide forward
|
402 | 402 |
security.
|
403 | |
[Emilia Käsper <emilia.kasper@esat.kuleuven.be> (Google)]
|
|
403 |
[Emilia Käsper <emilia.kasper@esat.kuleuven.be> (Google)]
|
404 | 404 |
|
405 | 405 |
*) New -verify_name option in command line utilities to set verification
|
406 | 406 |
parameters by name.
|
|
487 | 487 |
callbacks.
|
488 | 488 |
|
489 | 489 |
This issue was reported to OpenSSL by Robert Swiecki (Google), and
|
490 | |
independently by Hanno Böck.
|
|
490 |
independently by Hanno Böck.
|
491 | 491 |
(CVE-2015-1789)
|
492 | |
[Emilia Käsper]
|
|
492 |
[Emilia Käsper]
|
493 | 493 |
|
494 | 494 |
*) PKCS7 crash with missing EnvelopedContent
|
495 | 495 |
|
|
503 | 503 |
|
504 | 504 |
This issue was reported to OpenSSL by Michal Zalewski (Google).
|
505 | 505 |
(CVE-2015-1790)
|
506 | |
[Emilia Käsper]
|
|
506 |
[Emilia Käsper]
|
507 | 507 |
|
508 | 508 |
*) CMS verify infinite loop with unknown hash function
|
509 | 509 |
|
|
622 | 622 |
|
623 | 623 |
This issue was reported to OpenSSL by Michal Zalewski (Google).
|
624 | 624 |
(CVE-2015-0289)
|
625 | |
[Emilia Käsper]
|
|
625 |
[Emilia Käsper]
|
626 | 626 |
|
627 | 627 |
*) DoS via reachable assert in SSLv2 servers fix
|
628 | 628 |
|
|
630 | 630 |
servers that both support SSLv2 and enable export cipher suites by sending
|
631 | 631 |
a specially crafted SSLv2 CLIENT-MASTER-KEY message.
|
632 | 632 |
|
633 | |
This issue was discovered by Sean Burford (Google) and Emilia Käsper
|
|
633 |
This issue was discovered by Sean Burford (Google) and Emilia Käsper
|
634 | 634 |
(OpenSSL development team).
|
635 | 635 |
(CVE-2015-0293)
|
636 | |
[Emilia Käsper]
|
|
636 |
[Emilia Käsper]
|
637 | 637 |
|
638 | 638 |
*) Empty CKE with client auth and DHE fix
|
639 | 639 |
|
|
1138 | 1138 |
version does not match the session's version. Resuming with a different
|
1139 | 1139 |
version, while not strictly forbidden by the RFC, is of questionable
|
1140 | 1140 |
sanity and breaks all known clients.
|
1141 | |
[David Benjamin, Emilia Käsper]
|
|
1141 |
[David Benjamin, Emilia Käsper]
|
1142 | 1142 |
|
1143 | 1143 |
*) Tighten handling of the ChangeCipherSpec (CCS) message: reject
|
1144 | 1144 |
early CCS messages during renegotiation. (Note that because
|
1145 | 1145 |
renegotiation is encrypted, this early CCS was not exploitable.)
|
1146 | |
[Emilia Käsper]
|
|
1146 |
[Emilia Käsper]
|
1147 | 1147 |
|
1148 | 1148 |
*) Tighten client-side session ticket handling during renegotiation:
|
1149 | 1149 |
ensure that the client only accepts a session ticket if the server sends
|
|
1154 | 1154 |
Similarly, ensure that the client requires a session ticket if one
|
1155 | 1155 |
was advertised in the ServerHello. Previously, a TLS client would
|
1156 | 1156 |
ignore a missing NewSessionTicket message.
|
1157 | |
[Emilia Käsper]
|
|
1157 |
[Emilia Käsper]
|
1158 | 1158 |
|
1159 | 1159 |
Changes between 1.0.1i and 1.0.1j [15 Oct 2014]
|
1160 | 1160 |
|
|
1234 | 1234 |
with a null pointer dereference (read) by specifying an anonymous (EC)DH
|
1235 | 1235 |
ciphersuite and sending carefully crafted handshake messages.
|
1236 | 1236 |
|
1237 | |
Thanks to Felix Gröbert (Google) for discovering and researching this
|
|
1237 |
Thanks to Felix Gröbert (Google) for discovering and researching this
|
1238 | 1238 |
issue.
|
1239 | 1239 |
(CVE-2014-3510)
|
1240 | |
[Emilia Käsper]
|
|
1240 |
[Emilia Käsper]
|
1241 | 1241 |
|
1242 | 1242 |
*) By sending carefully crafted DTLS packets an attacker could cause openssl
|
1243 | 1243 |
to leak memory. This can be exploited through a Denial of Service attack.
|
|
1274 | 1274 |
properly negotiated with the client. This can be exploited through a
|
1275 | 1275 |
Denial of Service attack.
|
1276 | 1276 |
|
1277 | |
Thanks to Joonas Kuorilehto and Riku Hietamäki (Codenomicon) for
|
|
1277 |
Thanks to Joonas Kuorilehto and Riku Hietamäki (Codenomicon) for
|
1278 | 1278 |
discovering and researching this issue.
|
1279 | 1279 |
(CVE-2014-5139)
|
1280 | 1280 |
[Steve Henson]
|
|
1286 | 1286 |
|
1287 | 1287 |
Thanks to Ivan Fratric (Google) for discovering this issue.
|
1288 | 1288 |
(CVE-2014-3508)
|
1289 | |
[Emilia Käsper, and Steve Henson]
|
|
1289 |
[Emilia Käsper, and Steve Henson]
|
1290 | 1290 |
|
1291 | 1291 |
*) Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.)
|
1292 | 1292 |
for corner cases. (Certain input points at infinity could lead to
|
|
1316 | 1316 |
client or server. This is potentially exploitable to run arbitrary
|
1317 | 1317 |
code on a vulnerable client or server.
|
1318 | 1318 |
|
1319 | |
Thanks to Jüri Aedla for reporting this issue. (CVE-2014-0195)
|
1320 | |
[Jüri Aedla, Steve Henson]
|
|
1319 |
Thanks to Jüri Aedla for reporting this issue. (CVE-2014-0195)
|
|
1320 |
[Jüri Aedla, Steve Henson]
|
1321 | 1321 |
|
1322 | 1322 |
*) Fix bug in TLS code where clients enable anonymous ECDH ciphersuites
|
1323 | 1323 |
are subject to a denial of service attack.
|
1324 | 1324 |
|
1325 | |
Thanks to Felix Gröbert and Ivan Fratric at Google for discovering
|
|
1325 |
Thanks to Felix Gröbert and Ivan Fratric at Google for discovering
|
1326 | 1326 |
this issue. (CVE-2014-3470)
|
1327 | |
[Felix Gröbert, Ivan Fratric, Steve Henson]
|
|
1327 |
[Felix Gröbert, Ivan Fratric, Steve Henson]
|
1328 | 1328 |
|
1329 | 1329 |
*) Harmonize version and its documentation. -f flag is used to display
|
1330 | 1330 |
compilation flags.
|
|
1403 | 1403 |
Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
|
1404 | 1404 |
Security Group at Royal Holloway, University of London
|
1405 | 1405 |
(www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and
|
1406 | |
Emilia Käsper for the initial patch.
|
|
1406 |
Emilia Käsper for the initial patch.
|
1407 | 1407 |
(CVE-2013-0169)
|
1408 | |
[Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]
|
|
1408 |
[Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]
|
1409 | 1409 |
|
1410 | 1410 |
*) Fix flaw in AESNI handling of TLS 1.2 and 1.1 records for CBC mode
|
1411 | 1411 |
ciphersuites which can be exploited in a denial of service attack.
|
|
1580 | 1580 |
EC_GROUP_new_by_curve_name() will automatically use these (while
|
1581 | 1581 |
EC_GROUP_new_curve_GFp() currently prefers the more flexible
|
1582 | 1582 |
implementations).
|
1583 | |
[Emilia Käsper, Adam Langley, Bodo Moeller (Google)]
|
|
1583 |
[Emilia Käsper, Adam Langley, Bodo Moeller (Google)]
|
1584 | 1584 |
|
1585 | 1585 |
*) Use type ossl_ssize_t instad of ssize_t which isn't available on
|
1586 | 1586 |
all platforms. Move ssize_t definition from e_os.h to the public
|
|
1856 | 1856 |
[Adam Langley (Google)]
|
1857 | 1857 |
|
1858 | 1858 |
*) Fix spurious failures in ecdsatest.c.
|
1859 | |
[Emilia Käsper (Google)]
|
|
1859 |
[Emilia Käsper (Google)]
|
1860 | 1860 |
|
1861 | 1861 |
*) Fix the BIO_f_buffer() implementation (which was mixing different
|
1862 | 1862 |
interpretations of the '..._len' fields).
|
|
1870 | 1870 |
lock to call BN_BLINDING_invert_ex, and avoids one use of
|
1871 | 1871 |
BN_BLINDING_update for each BN_BLINDING structure (previously,
|
1872 | 1872 |
the last update always remained unused).
|
1873 | |
[Emilia Käsper (Google)]
|
|
1873 |
[Emilia Käsper (Google)]
|
1874 | 1874 |
|
1875 | 1875 |
*) In ssl3_clear, preserve s3->init_extra along with s3->rbuf.
|
1876 | 1876 |
[Bob Buckholz (Google)]
|
|
2679 | 2679 |
|
2680 | 2680 |
*) Add RFC 3161 compliant time stamp request creation, response generation
|
2681 | 2681 |
and response verification functionality.
|
2682 | |
[Zoltán Glózik <zglozik@opentsa.org>, The OpenTSA Project]
|
|
2682 |
[Zoltán Glózik <zglozik@opentsa.org>, The OpenTSA Project]
|
2683 | 2683 |
|
2684 | 2684 |
*) Add initial support for TLS extensions, specifically for the server_name
|
2685 | 2685 |
extension so far. The SSL_SESSION, SSL_CTX, and SSL data structures now
|
|
3847 | 3847 |
|
3848 | 3848 |
*) BN_CTX_get() should return zero-valued bignums, providing the same
|
3849 | 3849 |
initialised value as BN_new().
|
3850 | |
[Geoff Thorpe, suggested by Ulf Möller]
|
|
3850 |
[Geoff Thorpe, suggested by Ulf Möller]
|
3851 | 3851 |
|
3852 | 3852 |
*) Support for inhibitAnyPolicy certificate extension.
|
3853 | 3853 |
[Steve Henson]
|
|
3866 | 3866 |
some point, these tighter rules will become openssl's default to improve
|
3867 | 3867 |
maintainability, though the assert()s and other overheads will remain only
|
3868 | 3868 |
in debugging configurations. See bn.h for more details.
|
3869 | |
[Geoff Thorpe, Nils Larsch, Ulf Möller]
|
|
3869 |
[Geoff Thorpe, Nils Larsch, Ulf Möller]
|
3870 | 3870 |
|
3871 | 3871 |
*) BN_CTX_init() has been deprecated, as BN_CTX is an opaque structure
|
3872 | 3872 |
that can only be obtained through BN_CTX_new() (which implicitly
|
|
3933 | 3933 |
[Douglas Stebila (Sun Microsystems Laboratories)]
|
3934 | 3934 |
|
3935 | 3935 |
*) Add the possibility to load symbols globally with DSO.
|
3936 | |
[Götz Babin-Ebell <babin-ebell@trustcenter.de> via Richard Levitte]
|
|
3936 |
[Götz Babin-Ebell <babin-ebell@trustcenter.de> via Richard Levitte]
|
3937 | 3937 |
|
3938 | 3938 |
*) Add the functions ERR_set_mark() and ERR_pop_to_mark() for better
|
3939 | 3939 |
control of the error stack.
|
|
4648 | 4648 |
[Steve Henson]
|
4649 | 4649 |
|
4650 | 4650 |
*) Undo Cygwin change.
|
4651 | |
[Ulf Möller]
|
|
4651 |
[Ulf Möller]
|
4652 | 4652 |
|
4653 | 4653 |
*) Added support for proxy certificates according to RFC 3820.
|
4654 | 4654 |
Because they may be a security thread to unaware applications,
|
|
4681 | 4681 |
[Stephen Henson, reported by UK NISCC]
|
4682 | 4682 |
|
4683 | 4683 |
*) Use Windows randomness collection on Cygwin.
|
4684 | |
[Ulf Möller]
|
|
4684 |
[Ulf Möller]
|
4685 | 4685 |
|
4686 | 4686 |
*) Fix hang in EGD/PRNGD query when communication socket is closed
|
4687 | 4687 |
prematurely by EGD/PRNGD.
|
4688 | |
[Darren Tucker <dtucker@zip.com.au> via Lutz Jänicke, resolves #1014]
|
|
4688 |
[Darren Tucker <dtucker@zip.com.au> via Lutz Jänicke, resolves #1014]
|
4689 | 4689 |
|
4690 | 4690 |
*) Prompt for pass phrases when appropriate for PKCS12 input format.
|
4691 | 4691 |
[Steve Henson]
|
|
5147 | 5147 |
pointers passed to them whenever necessary. Otherwise it is possible
|
5148 | 5148 |
the caller may have overwritten (or deallocated) the original string
|
5149 | 5149 |
data when a later ENGINE operation tries to use the stored values.
|
5150 | |
[Götz Babin-Ebell <babinebell@trustcenter.de>]
|
|
5150 |
[Götz Babin-Ebell <babinebell@trustcenter.de>]
|
5151 | 5151 |
|
5152 | 5152 |
*) Improve diagnostics in file reading and command-line digests.
|
5153 | 5153 |
[Ben Laurie aided and abetted by Solar Designer <solar@openwall.com>]
|
|
7252 | 7252 |
[Bodo Moeller]
|
7253 | 7253 |
|
7254 | 7254 |
*) BN_sqr() bug fix.
|
7255 | |
[Ulf Möller, reported by Jim Ellis <jim.ellis@cavium.com>]
|
|
7255 |
[Ulf Möller, reported by Jim Ellis <jim.ellis@cavium.com>]
|
7256 | 7256 |
|
7257 | 7257 |
*) Rabin-Miller test analyses assume uniformly distributed witnesses,
|
7258 | 7258 |
so use BN_pseudo_rand_range() instead of using BN_pseudo_rand()
|
|
7412 | 7412 |
[Bodo Moeller]
|
7413 | 7413 |
|
7414 | 7414 |
*) Fix OAEP check.
|
7415 | |
[Ulf Möller, Bodo Möller]
|
|
7415 |
[Ulf Möller, Bodo Möller]
|
7416 | 7416 |
|
7417 | 7417 |
*) The countermeasure against Bleichbacher's attack on PKCS #1 v1.5
|
7418 | 7418 |
RSA encryption was accidentally removed in s3_srvr.c in OpenSSL 0.9.5
|
|
7674 | 7674 |
[Bodo Moeller]
|
7675 | 7675 |
|
7676 | 7676 |
*) Use better test patterns in bntest.
|
7677 | |
[Ulf Möller]
|
|
7677 |
[Ulf Möller]
|
7678 | 7678 |
|
7679 | 7679 |
*) rand_win.c fix for Borland C.
|
7680 | |
[Ulf Möller]
|
|
7680 |
[Ulf Möller]
|
7681 | 7681 |
|
7682 | 7682 |
*) BN_rshift bugfix for n == 0.
|
7683 | 7683 |
[Bodo Moeller]
|
|
7822 | 7822 |
|
7823 | 7823 |
*) New BIO_shutdown_wr macro, which invokes the BIO_C_SHUTDOWN_WR
|
7824 | 7824 |
BIO_ctrl (for BIO pairs).
|
7825 | |
[Bodo Möller]
|
|
7825 |
[Bodo Möller]
|
7826 | 7826 |
|
7827 | 7827 |
*) Add DSO method for VMS.
|
7828 | 7828 |
[Richard Levitte]
|
7829 | 7829 |
|
7830 | 7830 |
*) Bug fix: Montgomery multiplication could produce results with the
|
7831 | 7831 |
wrong sign.
|
7832 | |
[Ulf Möller]
|
|
7832 |
[Ulf Möller]
|
7833 | 7833 |
|
7834 | 7834 |
*) Add RPM specification openssl.spec and modify it to build three
|
7835 | 7835 |
packages. The default package contains applications, application
|
|
7847 | 7847 |
|
7848 | 7848 |
*) Don't set the two most significant bits to one when generating a
|
7849 | 7849 |
random number < q in the DSA library.
|
7850 | |
[Ulf Möller]
|
|
7850 |
[Ulf Möller]
|
7851 | 7851 |
|
7852 | 7852 |
*) New SSL API mode 'SSL_MODE_AUTO_RETRY'. This disables the default
|
7853 | 7853 |
behaviour that SSL_read may result in SSL_ERROR_WANT_READ (even if
|
|
8113 | 8113 |
*) Randomness polling function for Win9x, as described in:
|
8114 | 8114 |
Peter Gutmann, Software Generation of Practically Strong
|
8115 | 8115 |
Random Numbers.
|
8116 | |
[Ulf Möller]
|
|
8116 |
[Ulf Möller]
|
8117 | 8117 |
|
8118 | 8118 |
*) Fix so PRNG is seeded in req if using an already existing
|
8119 | 8119 |
DSA key.
|
|
8333 | 8333 |
[Steve Henson]
|
8334 | 8334 |
|
8335 | 8335 |
*) Eliminate non-ANSI declarations in crypto.h and stack.h.
|
8336 | |
[Ulf Möller]
|
|
8336 |
[Ulf Möller]
|
8337 | 8337 |
|
8338 | 8338 |
*) Fix for SSL server purpose checking. Server checking was
|
8339 | 8339 |
rejecting certificates which had extended key usage present
|
|
8365 | 8365 |
[Bodo Moeller]
|
8366 | 8366 |
|
8367 | 8367 |
*) Bugfix for linux-elf makefile.one.
|
8368 | |
[Ulf Möller]
|
|
8368 |
[Ulf Möller]
|
8369 | 8369 |
|
8370 | 8370 |
*) RSA_get_default_method() will now cause a default
|
8371 | 8371 |
RSA_METHOD to be chosen if one doesn't exist already.
|
|
8454 | 8454 |
[Steve Henson]
|
8455 | 8455 |
|
8456 | 8456 |
*) des_quad_cksum() byte order bug fix.
|
8457 | |
[Ulf Möller, using the problem description in krb4-0.9.7, where
|
|
8457 |
[Ulf Möller, using the problem description in krb4-0.9.7, where
|
8458 | 8458 |
the solution is attributed to Derrick J Brashear <shadow@DEMENTIA.ORG>]
|
8459 | 8459 |
|
8460 | 8460 |
*) Fix so V_ASN1_APP_CHOOSE works again: however its use is strongly
|
|
8555 | 8555 |
[Rolf Haberrecker <rolf@suse.de>]
|
8556 | 8556 |
|
8557 | 8557 |
*) Assembler module support for Mingw32.
|
8558 | |
[Ulf Möller]
|
|
8558 |
[Ulf Möller]
|
8559 | 8559 |
|
8560 | 8560 |
*) Shared library support for HPUX (in shlib/).
|
8561 | 8561 |
[Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE> and Anonymous]
|
|
8574 | 8574 |
|
8575 | 8575 |
*) BN_mul bugfix: In bn_mul_part_recursion() only the a>a[n] && b>b[n]
|
8576 | 8576 |
case was implemented. This caused BN_div_recp() to fail occasionally.
|
8577 | |
[Ulf Möller]
|
|
8577 |
[Ulf Möller]
|
8578 | 8578 |
|
8579 | 8579 |
*) Add an optional second argument to the set_label() in the perl
|
8580 | 8580 |
assembly language builder. If this argument exists and is set
|
|
8604 | 8604 |
[Steve Henson]
|
8605 | 8605 |
|
8606 | 8606 |
*) Fix potential buffer overrun problem in BIO_printf().
|
8607 | |
[Ulf Möller, using public domain code by Patrick Powell; problem
|
|
8607 |
[Ulf Möller, using public domain code by Patrick Powell; problem
|
8608 | 8608 |
pointed out by David Sacerdote <das33@cornell.edu>]
|
8609 | 8609 |
|
8610 | 8610 |
*) Support EGD <http://www.lothar.com/tech/crypto/>. New functions
|
8611 | 8611 |
RAND_egd() and RAND_status(). In the command line application,
|
8612 | 8612 |
the EGD socket can be specified like a seed file using RANDFILE
|
8613 | 8613 |
or -rand.
|
8614 | |
[Ulf Möller]
|
|
8614 |
[Ulf Möller]
|
8615 | 8615 |
|
8616 | 8616 |
*) Allow the string CERTIFICATE to be tolerated in PKCS#7 structures.
|
8617 | 8617 |
Some CAs (e.g. Verisign) distribute certificates in this form.
|
|
8644 | 8644 |
#define OPENSSL_ALGORITHM_DEFINES
|
8645 | 8645 |
#include <openssl/opensslconf.h>
|
8646 | 8646 |
defines all pertinent NO_<algo> symbols, such as NO_IDEA, NO_RSA, etc.
|
8647 | |
[Richard Levitte, Ulf and Bodo Möller]
|
|
8647 |
[Richard Levitte, Ulf and Bodo Möller]
|
8648 | 8648 |
|
8649 | 8649 |
*) Bugfix: Tolerate fragmentation and interleaving in the SSL 3/TLS
|
8650 | 8650 |
record layer.
|
|
8695 | 8695 |
|
8696 | 8696 |
*) Bug fix for BN_div_recp() for numerators with an even number of
|
8697 | 8697 |
bits.
|
8698 | |
[Ulf Möller]
|
|
8698 |
[Ulf Möller]
|
8699 | 8699 |
|
8700 | 8700 |
*) More tests in bntest.c, and changed test_bn output.
|
8701 | |
[Ulf Möller]
|
|
8701 |
[Ulf Möller]
|
8702 | 8702 |
|
8703 | 8703 |
*) ./config recognizes MacOS X now.
|
8704 | 8704 |
[Andy Polyakov]
|
8705 | 8705 |
|
8706 | 8706 |
*) Bug fix for BN_div() when the first words of num and divsor are
|
8707 | 8707 |
equal (it gave wrong results if (rem=(n1-q*d0)&BN_MASK2) < d0).
|
8708 | |
[Ulf Möller]
|
|
8708 |
[Ulf Möller]
|
8709 | 8709 |
|
8710 | 8710 |
*) Add support for various broken PKCS#8 formats, and command line
|
8711 | 8711 |
options to produce them.
|
|
8713 | 8713 |
|
8714 | 8714 |
*) New functions BN_CTX_start(), BN_CTX_get() and BT_CTX_end() to
|
8715 | 8715 |
get temporary BIGNUMs from a BN_CTX.
|
8716 | |
[Ulf Möller]
|
|
8716 |
[Ulf Möller]
|
8717 | 8717 |
|
8718 | 8718 |
*) Correct return values in BN_mod_exp_mont() and BN_mod_exp2_mont()
|
8719 | 8719 |
for p == 0.
|
8720 | |
[Ulf Möller]
|
|
8720 |
[Ulf Möller]
|
8721 | 8721 |
|
8722 | 8722 |
*) Change the SSLeay_add_all_*() functions to OpenSSL_add_all_*() and
|
8723 | 8723 |
include a #define from the old name to the new. The original intent
|
|
8741 | 8741 |
|
8742 | 8742 |
*) Source code cleanups: use const where appropriate, eliminate casts,
|
8743 | 8743 |
use void * instead of char * in lhash.
|
8744 | |
[Ulf Möller]
|
|
8744 |
[Ulf Möller]
|
8745 | 8745 |
|
8746 | 8746 |
*) Bugfix: ssl3_send_server_key_exchange was not restartable
|
8747 | 8747 |
(the state was not changed to SSL3_ST_SW_KEY_EXCH_B, and because of
|
|
8786 | 8786 |
[Steve Henson]
|
8787 | 8787 |
|
8788 | 8788 |
*) New function BN_pseudo_rand().
|
8789 | |
[Ulf Möller]
|
|
8789 |
[Ulf Möller]
|
8790 | 8790 |
|
8791 | 8791 |
*) Clean up BN_mod_mul_montgomery(): replace the broken (and unreadable)
|
8792 | 8792 |
bignum version of BN_from_montgomery() with the working code from
|
8793 | 8793 |
SSLeay 0.9.0 (the word based version is faster anyway), and clean up
|
8794 | 8794 |
the comments.
|
8795 | |
[Ulf Möller]
|
|
8795 |
[Ulf Möller]
|
8796 | 8796 |
|
8797 | 8797 |
*) Avoid a race condition in s2_clnt.c (function get_server_hello) that
|
8798 | 8798 |
made it impossible to use the same SSL_SESSION data structure in
|
|
8802 | 8802 |
*) The return value of RAND_load_file() no longer counts bytes obtained
|
8803 | 8803 |
by stat(). RAND_load_file(..., -1) is new and uses the complete file
|
8804 | 8804 |
to seed the PRNG (previously an explicit byte count was required).
|
8805 | |
[Ulf Möller, Bodo Möller]
|
|
8805 |
[Ulf Möller, Bodo Möller]
|
8806 | 8806 |
|
8807 | 8807 |
*) Clean up CRYPTO_EX_DATA functions, some of these didn't have prototypes
|
8808 | 8808 |
used (char *) instead of (void *) and had casts all over the place.
|
8809 | 8809 |
[Steve Henson]
|
8810 | 8810 |
|
8811 | 8811 |
*) Make BN_generate_prime() return NULL on error if ret!=NULL.
|
8812 | |
[Ulf Möller]
|
|
8812 |
[Ulf Möller]
|
8813 | 8813 |
|
8814 | 8814 |
*) Retain source code compatibility for BN_prime_checks macro:
|
8815 | 8815 |
BN_is_prime(..., BN_prime_checks, ...) now uses
|
8816 | 8816 |
BN_prime_checks_for_size to determine the appropriate number of
|
8817 | 8817 |
Rabin-Miller iterations.
|
8818 | |
[Ulf Möller]
|
|
8818 |
[Ulf Möller]
|
8819 | 8819 |
|
8820 | 8820 |
*) Diffie-Hellman uses "safe" primes: DH_check() return code renamed to
|
8821 | 8821 |
DH_CHECK_P_NOT_SAFE_PRIME.
|
8822 | 8822 |
(Check if this is true? OpenPGP calls them "strong".)
|
8823 | |
[Ulf Möller]
|
|
8823 |
[Ulf Möller]
|
8824 | 8824 |
|
8825 | 8825 |
*) Merge the functionality of "dh" and "gendh" programs into a new program
|
8826 | 8826 |
"dhparam". The old programs are retained for now but will handle DH keys
|
|
8876 | 8876 |
*) Add missing #ifndefs that caused missing symbols when building libssl
|
8877 | 8877 |
as a shared library without RSA. Use #ifndef NO_SSL2 instead of
|
8878 | 8878 |
NO_RSA in ssl/s2*.c.
|
8879 | |
[Kris Kennaway <kris@hub.freebsd.org>, modified by Ulf Möller]
|
|
8879 |
[Kris Kennaway <kris@hub.freebsd.org>, modified by Ulf Möller]
|
8880 | 8880 |
|
8881 | 8881 |
*) Precautions against using the PRNG uninitialized: RAND_bytes() now
|
8882 | 8882 |
has a return value which indicates the quality of the random data
|
|
8885 | 8885 |
guaranteed to be unique but not unpredictable. RAND_add is like
|
8886 | 8886 |
RAND_seed, but takes an extra argument for an entropy estimate
|
8887 | 8887 |
(RAND_seed always assumes full entropy).
|
8888 | |
[Ulf Möller]
|
|
8888 |
[Ulf Möller]
|
8889 | 8889 |
|
8890 | 8890 |
*) Do more iterations of Rabin-Miller probable prime test (specifically,
|
8891 | 8891 |
3 for 1024-bit primes, 6 for 512-bit primes, 12 for 256-bit primes
|
|
8915 | 8915 |
[Steve Henson]
|
8916 | 8916 |
|
8917 | 8917 |
*) Honor the no-xxx Configure options when creating .DEF files.
|
8918 | |
[Ulf Möller]
|
|
8918 |
[Ulf Möller]
|
8919 | 8919 |
|
8920 | 8920 |
*) Add PKCS#10 attributes to field table: challengePassword,
|
8921 | 8921 |
unstructuredName and unstructuredAddress. These are taken from
|
|
9749 | 9749 |
|
9750 | 9750 |
*) More DES library cleanups: remove references to srand/rand and
|
9751 | 9751 |
delete an unused file.
|
9752 | |
[Ulf Möller]
|
|
9752 |
[Ulf Möller]
|
9753 | 9753 |
|
9754 | 9754 |
*) Add support for the the free Netwide assembler (NASM) under Win32,
|
9755 | 9755 |
since not many people have MASM (ml) and it can be hard to obtain.
|
|
9838 | 9838 |
worked.
|
9839 | 9839 |
|
9840 | 9840 |
*) Fix problems with no-hmac etc.
|
9841 | |
[Ulf Möller, pointed out by Brian Wellington <bwelling@tislabs.com>]
|
|
9841 |
[Ulf Möller, pointed out by Brian Wellington <bwelling@tislabs.com>]
|
9842 | 9842 |
|
9843 | 9843 |
*) New functions RSA_get_default_method(), RSA_set_method() and
|
9844 | 9844 |
RSA_get_method(). These allows replacement of RSA_METHODs without having
|
|
9955 | 9955 |
[Ben Laurie]
|
9956 | 9956 |
|
9957 | 9957 |
*) DES library cleanups.
|
9958 | |
[Ulf Möller]
|
|
9958 |
[Ulf Möller]
|
9959 | 9959 |
|
9960 | 9960 |
*) Add support for PKCS#5 v2.0 PBE algorithms. This will permit PKCS#8 to be
|
9961 | 9961 |
used with any cipher unlike PKCS#5 v1.5 which can at most handle 64 bit
|
|
9998 | 9998 |
[Christian Forster <fo@hawo.stw.uni-erlangen.de>]
|
9999 | 9999 |
|
10000 | 10000 |
*) config now generates no-xxx options for missing ciphers.
|
10001 | |
[Ulf Möller]
|
|
10001 |
[Ulf Möller]
|
10002 | 10002 |
|
10003 | 10003 |
*) Support the EBCDIC character set (work in progress).
|
10004 | 10004 |
File ebcdic.c not yet included because it has a different license.
|
|
10111 | 10111 |
[Bodo Moeller]
|
10112 | 10112 |
|
10113 | 10113 |
*) Move openssl.cnf out of lib/.
|
10114 | |
[Ulf Möller]
|
|
10114 |
[Ulf Möller]
|
10115 | 10115 |
|
10116 | 10116 |
*) Fix various things to let OpenSSL even pass ``egcc -pipe -O2 -Wall
|
10117 | 10117 |
-Wshadow -Wpointer-arith -Wcast-align -Wmissing-prototypes
|
|
10168 | 10168 |
[Ben Laurie]
|
10169 | 10169 |
|
10170 | 10170 |
*) Support Borland C++ builder.
|
10171 | |
[Janez Jere <jj@void.si>, modified by Ulf Möller]
|
|
10171 |
[Janez Jere <jj@void.si>, modified by Ulf Möller]
|
10172 | 10172 |
|
10173 | 10173 |
*) Support Mingw32.
|
10174 | |
[Ulf Möller]
|
|
10174 |
[Ulf Möller]
|
10175 | 10175 |
|
10176 | 10176 |
*) SHA-1 cleanups and performance enhancements.
|
10177 | 10177 |
[Andy Polyakov <appro@fy.chalmers.se>]
|
|
10180 | 10180 |
[Andy Polyakov <appro@fy.chalmers.se>]
|
10181 | 10181 |
|
10182 | 10182 |
*) Accept any -xxx and +xxx compiler options in Configure.
|
10183 | |
[Ulf Möller]
|
|
10183 |
[Ulf Möller]
|
10184 | 10184 |
|
10185 | 10185 |
*) Update HPUX configuration.
|
10186 | 10186 |
[Anonymous]
|
|
10213 | 10213 |
[Bodo Moeller]
|
10214 | 10214 |
|
10215 | 10215 |
*) OAEP decoding bug fix.
|
10216 | |
[Ulf Möller]
|
|
10216 |
[Ulf Möller]
|
10217 | 10217 |
|
10218 | 10218 |
*) Support INSTALL_PREFIX for package builders, as proposed by
|
10219 | 10219 |
David Harris.
|
|
10236 | 10236 |
[Niels Poppe <niels@netbox.org>]
|
10237 | 10237 |
|
10238 | 10238 |
*) New Configure option no-<cipher> (rsa, idea, rc5, ...).
|
10239 | |
[Ulf Möller]
|
|
10239 |
[Ulf Möller]
|
10240 | 10240 |
|
10241 | 10241 |
*) Add the PKCS#12 API documentation to openssl.txt. Preliminary support for
|
10242 | 10242 |
extension adding in x509 utility.
|
10243 | 10243 |
[Steve Henson]
|
10244 | 10244 |
|
10245 | 10245 |
*) Remove NOPROTO sections and error code comments.
|
10246 | |
[Ulf Möller]
|
|
10246 |
[Ulf Möller]
|
10247 | 10247 |
|
10248 | 10248 |
*) Partial rewrite of the DEF file generator to now parse the ANSI
|
10249 | 10249 |
prototypes.
|
10250 | 10250 |
[Steve Henson]
|
10251 | 10251 |
|
10252 | 10252 |
*) New Configure options --prefix=DIR and --openssldir=DIR.
|
10253 | |
[Ulf Möller]
|
|
10253 |
[Ulf Möller]
|
10254 | 10254 |
|
10255 | 10255 |
*) Complete rewrite of the error code script(s). It is all now handled
|
10256 | 10256 |
by one script at the top level which handles error code gathering,
|
|
10279 | 10279 |
[Steve Henson]
|
10280 | 10280 |
|
10281 | 10281 |
*) Move the autogenerated header file parts to crypto/opensslconf.h.
|
10282 | |
[Ulf Möller]
|
|
10282 |
[Ulf Möller]
|
10283 | 10283 |
|
10284 | 10284 |
*) Fix new 56-bit DES export ciphersuites: they were using 7 bytes instead of
|
10285 | 10285 |
8 of keying material. Merlin has also confirmed interop with this fix
|
|
10297 | 10297 |
[Andy Polyakov <appro@fy.chalmers.se>]
|
10298 | 10298 |
|
10299 | 10299 |
*) Change functions to ANSI C.
|
10300 | |
[Ulf Möller]
|
|
10300 |
[Ulf Möller]
|
10301 | 10301 |
|
10302 | 10302 |
*) Fix typos in error codes.
|
10303 | |
[Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>, Ulf Möller]
|
|
10303 |
[Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>, Ulf Möller]
|
10304 | 10304 |
|
10305 | 10305 |
*) Remove defunct assembler files from Configure.
|
10306 | |
[Ulf Möller]
|
|
10306 |
[Ulf Möller]
|
10307 | 10307 |
|
10308 | 10308 |
*) SPARC v8 assembler BIGNUM implementation.
|
10309 | 10309 |
[Andy Polyakov <appro@fy.chalmers.se>]
|
|
10340 | 10340 |
[Steve Henson]
|
10341 | 10341 |
|
10342 | 10342 |
*) New Configure option "rsaref".
|
10343 | |
[Ulf Möller]
|
|
10343 |
[Ulf Möller]
|
10344 | 10344 |
|
10345 | 10345 |
*) Don't auto-generate pem.h.
|
10346 | 10346 |
[Bodo Moeller]
|
|
10388 | 10388 |
|
10389 | 10389 |
*) New functions DSA_do_sign and DSA_do_verify to provide access to
|
10390 | 10390 |
the raw DSA values prior to ASN.1 encoding.
|
10391 | |
[Ulf Möller]
|
|
10391 |
[Ulf Möller]
|
10392 | 10392 |
|
10393 | 10393 |
*) Tweaks to Configure
|
10394 | 10394 |
[Niels Poppe <niels@netbox.org>]
|
|
10398 | 10398 |
[Steve Henson]
|
10399 | 10399 |
|
10400 | 10400 |
*) New variables $(RANLIB) and $(PERL) in the Makefiles.
|
10401 | |
[Ulf Möller]
|
|
10401 |
[Ulf Möller]
|
10402 | 10402 |
|
10403 | 10403 |
*) New config option to avoid instructions that are illegal on the 80386.
|
10404 | 10404 |
The default code is faster, but requires at least a 486.
|
10405 | |
[Ulf Möller]
|
|
10405 |
[Ulf Möller]
|
10406 | 10406 |
|
10407 | 10407 |
*) Got rid of old SSL2_CLIENT_VERSION (inconsistently used) and
|
10408 | 10408 |
SSL2_SERVER_VERSION (not used at all) macros, which are now the
|
|
10941 | 10941 |
Hagino <itojun@kame.net>]
|
10942 | 10942 |
|
10943 | 10943 |
*) File was opened incorrectly in randfile.c.
|
10944 | |
[Ulf Möller <ulf@fitug.de>]
|
|
10944 |
[Ulf Möller <ulf@fitug.de>]
|
10945 | 10945 |
|
10946 | 10946 |
*) Beginning of support for GeneralizedTime. d2i, i2d, check and print
|
10947 | 10947 |
functions. Also ASN1_TIME suite which is a CHOICE of UTCTime or
|
|
10951 | 10951 |
[Steve Henson]
|
10952 | 10952 |
|
10953 | 10953 |
*) Correct Linux 1 recognition in config.
|
10954 | |
[Ulf Möller <ulf@fitug.de>]
|
|
10954 |
[Ulf Möller <ulf@fitug.de>]
|
10955 | 10955 |
|
10956 | 10956 |
*) Remove pointless MD5 hash when using DSA keys in ca.
|
10957 | 10957 |
[Anonymous <nobody@replay.com>]
|
|
11098 | 11098 |
|
11099 | 11099 |
*) Fix the RSA header declarations that hid a bug I fixed in 0.9.0b but
|
11100 | 11100 |
was already fixed by Eric for 0.9.1 it seems.
|
11101 | |
[Ben Laurie - pointed out by Ulf Möller <ulf@fitug.de>]
|
|
11101 |
[Ben Laurie - pointed out by Ulf Möller <ulf@fitug.de>]
|
11102 | 11102 |
|
11103 | 11103 |
*) Autodetect FreeBSD3.
|
11104 | 11104 |
[Ben Laurie]
|