1: 2: NEWS 3: ==== 4: 5: This file gives a brief overview of the major changes between each OpenSSL 6: release. For more details please read the CHANGES file. 7: 8: Major changes between OpenSSL 0.9.8f and OpenSSL 0.9.8g: 9: 10: o Fixes for bugs introduced with 0.9.8f. 11: 12: Major changes between OpenSSL 0.9.8e and OpenSSL 0.9.8f: 13: 14: o Add gcc 4.2 support. 15: o Add support for AES and SSE2 assembly lanugauge optimization 16: for VC++ build. 17: o Support for RFC4507bis and server name extensions if explicitly 18: selected at compile time. 19: o DTLS improvements. 20: o RFC4507bis support. 21: o TLS Extensions support. 22: 23: Major changes between OpenSSL 0.9.8d and OpenSSL 0.9.8e: 24: 25: o Various ciphersuite selection fixes. 26: o RFC3779 support. 27: 28: Major changes between OpenSSL 0.9.8c and OpenSSL 0.9.8d: 29: 30: o Introduce limits to prevent malicious key DoS (CVE-2006-2940) 31: o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343) 32: o Changes to ciphersuite selection algorithm 33: 34: Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c: 35: 36: o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339 37: o New cipher Camellia 38: 39: Major changes between OpenSSL 0.9.8a and OpenSSL 0.9.8b: 40: 41: o Cipher string fixes. 42: o Fixes for VC++ 2005. 43: o Updated ECC cipher suite support. 44: o New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free(). 45: o Zlib compression usage fixes. 46: o Built in dynamic engine compilation support on Win32. 47: o Fixes auto dynamic engine loading in Win32. 48: 49: Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a: 50: 51: o Fix potential SSL 2.0 rollback, CVE-2005-2969 52: o Extended Windows CE support 53: 54: Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8: 55: 56: o Major work on the BIGNUM library for higher efficiency and to 57: make operations more streamlined and less contradictory. This 58: is the result of a major audit of the BIGNUM library. 59: o Addition of BIGNUM functions for fields GF(2^m) and NIST 60: curves, to support the Elliptic Crypto functions. 61: o Major work on Elliptic Crypto; ECDH and ECDSA added, including 62: the use through EVP, X509 and ENGINE. 63: o New ASN.1 mini-compiler that's usable through the OpenSSL 64: configuration file. 65: o Added support for ASN.1 indefinite length constructed encoding. 66: o New PKCS#12 'medium level' API to manipulate PKCS#12 files. 67: o Complete rework of shared library construction and linking 68: programs with shared or static libraries, through a separate 69: Makefile.shared. 70: o Rework of the passing of parameters from one Makefile to another. 71: o Changed ENGINE framework to load dynamic engine modules 72: automatically from specifically given directories. 73: o New structure and ASN.1 functions for CertificatePair. 74: o Changed the ZLIB compression method to be stateful. 75: o Changed the key-generation and primality testing "progress" 76: mechanism to take a structure that contains the ticker 77: function and an argument. 78: o New engine module: GMP (performs private key exponentiation). 79: o New engine module: VIA PadLOck ACE extension in VIA C3 80: Nehemiah processors. 81: o Added support for IPv6 addresses in certificate extensions. 82: See RFC 1884, section 2.2. 83: o Added support for certificate policy mappings, policy 84: constraints and name constraints. 85: o Added support for multi-valued AVAs in the OpenSSL 86: configuration file. 87: o Added support for multiple certificates with the same subject 88: in the 'openssl ca' index file. 89: o Make it possible to create self-signed certificates using 90: 'openssl ca -selfsign'. 91: o Make it possible to generate a serial number file with 92: 'openssl ca -create_serial'. 93: o New binary search functions with extended functionality. 94: o New BUF functions. 95: o New STORE structure and library to provide an interface to all 96: sorts of data repositories. Supports storage of public and 97: private keys, certificates, CRLs, numbers and arbitrary blobs. 98: This library is unfortunately unfinished and unused withing 99: OpenSSL. 100: o New control functions for the error stack. 101: o Changed the PKCS#7 library to support one-pass S/MIME 102: processing. 103: o Added the possibility to compile without old deprecated 104: functionality with the OPENSSL_NO_DEPRECATED macro or the 105: 'no-deprecated' argument to the config and Configure scripts. 106: o Constification of all ASN.1 conversion functions, and other 107: affected functions. 108: o Improved platform support for PowerPC. 109: o New FIPS 180-2 algorithms (SHA-224, -256, -384 and -512). 110: o New X509_VERIFY_PARAM structure to support parametrisation 111: of X.509 path validation. 112: o Major overhaul of RC4 performance on Intel P4, IA-64 and 113: AMD64. 114: o Changed the Configure script to have some algorithms disabled 115: by default. Those can be explicitely enabled with the new 116: argument form 'enable-xxx'. 117: o Change the default digest in 'openssl' commands from MD5 to 118: SHA-1. 119: o Added support for DTLS. 120: o New BIGNUM blinding. 121: o Added support for the RSA-PSS encryption scheme 122: o Added support for the RSA X.931 padding. 123: o Added support for BSD sockets on NetWare. 124: o Added support for files larger than 2GB. 125: o Added initial support for Win64. 126: o Added alternate pkg-config files. 127: 128: Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l: 129: 130: o Introduce limits to prevent malicious key DoS (CVE-2006-2940) 131: o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343) 132: 133: Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k: 134: 135: o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339 136: 137: Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j: 138: 139: o Visual C++ 2005 fixes. 140: o Update Windows build system for FIPS. 141: 142: Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i: 143: 144: o Give EVP_MAX_MD_SIZE it's old value, except for a FIPS build. 145: 146: Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h: 147: 148: o Fix SSL 2.0 Rollback, CVE-2005-2969 149: o Allow use of fixed-length exponent on DSA signing 150: o Default fixed-window RSA, DSA, DH private-key operations 151: 152: Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g: 153: 154: o More compilation issues fixed. 155: o Adaptation to more modern Kerberos API. 156: o Enhanced or corrected configuration for Solaris64, Mingw and Cygwin. 157: o Enhanced x86_64 assembler BIGNUM module. 158: o More constification. 159: o Added processing of proxy certificates (RFC 3820). 160: 161: Major changes between OpenSSL 0.9.7e and OpenSSL 0.9.7f: 162: 163: o Several compilation issues fixed. 164: o Many memory allocation failure checks added. 165: o Improved comparison of X509 Name type. 166: o Mandatory basic checks on certificates. 167: o Performance improvements. 168: 169: Major changes between OpenSSL 0.9.7d and OpenSSL 0.9.7e: 170: 171: o Fix race condition in CRL checking code. 172: o Fixes to PKCS#7 (S/MIME) code. 173: 174: Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d: 175: 176: o Security: Fix Kerberos ciphersuite SSL/TLS handshaking bug 177: o Security: Fix null-pointer assignment in do_change_cipher_spec() 178: o Allow multiple active certificates with same subject in CA index 179: o Multiple X509 verification fixes 180: o Speed up HMAC and other operations 181: 182: Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c: 183: 184: o Security: fix various ASN1 parsing bugs. 185: o New -ignore_err option to OCSP utility. 186: o Various interop and bug fixes in S/MIME code. 187: o SSL/TLS protocol fix for unrequested client certificates. 188: 189: Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b: 190: 191: o Security: counter the Klima-Pokorny-Rosa extension of 192: Bleichbacher's attack 193: o Security: make RSA blinding default. 194: o Configuration: Irix fixes, AIX fixes, better mingw support. 195: o Support for new platforms: linux-ia64-ecc. 196: o Build: shared library support fixes. 197: o ASN.1: treat domainComponent correctly. 198: o Documentation: fixes and additions. 199: 200: Major changes between OpenSSL 0.9.7 and OpenSSL 0.9.7a: 201: 202: o Security: Important security related bugfixes. 203: o Enhanced compatibility with MIT Kerberos. 204: o Can be built without the ENGINE framework. 205: o IA32 assembler enhancements. 206: o Support for new platforms: FreeBSD/IA64 and FreeBSD/Sparc64. 207: o Configuration: the no-err option now works properly. 208: o SSL/TLS: now handles manual certificate chain building. 209: o SSL/TLS: certain session ID malfunctions corrected. 210: 211: Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7: 212: 213: o New library section OCSP. 214: o Complete rewrite of ASN1 code. 215: o CRL checking in verify code and openssl utility. 216: o Extension copying in 'ca' utility. 217: o Flexible display options in 'ca' utility. 218: o Provisional support for international characters with UTF8. 219: o Support for external crypto devices ('engine') is no longer 220: a separate distribution. 221: o New elliptic curve library section. 222: o New AES (Rijndael) library section. 223: o Support for new platforms: Windows CE, Tandem OSS, A/UX, AIX 64-bit, 224: Linux x86_64, Linux 64-bit on Sparc v9 225: o Extended support for some platforms: VxWorks 226: o Enhanced support for shared libraries. 227: o Now only builds PIC code when shared library support is requested. 228: o Support for pkg-config. 229: o Lots of new manuals. 230: o Makes symbolic links to or copies of manuals to cover all described 231: functions. 232: o Change DES API to clean up the namespace (some applications link also 233: against libdes providing similar functions having the same name). 234: Provide macros for backward compatibility (will be removed in the 235: future). 236: o Unify handling of cryptographic algorithms (software and engine) 237: to be available via EVP routines for asymmetric and symmetric ciphers. 238: o NCONF: new configuration handling routines. 239: o Change API to use more 'const' modifiers to improve error checking 240: and help optimizers. 241: o Finally remove references to RSAref. 242: o Reworked parts of the BIGNUM code. 243: o Support for new engines: Broadcom ubsec, Accelerated Encryption 244: Processing, IBM 4758. 245: o A few new engines added in the demos area. 246: o Extended and corrected OID (object identifier) table. 247: o PRNG: query at more locations for a random device, automatic query for 248: EGD style random sources at several locations. 249: o SSL/TLS: allow optional cipher choice according to server's preference. 250: o SSL/TLS: allow server to explicitly set new session ids. 251: o SSL/TLS: support Kerberos cipher suites (RFC2712). 252: Only supports MIT Kerberos for now. 253: o SSL/TLS: allow more precise control of renegotiations and sessions. 254: o SSL/TLS: add callback to retrieve SSL/TLS messages. 255: o SSL/TLS: support AES cipher suites (RFC3268). 256: 257: Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k: 258: 259: o Security: fix various ASN1 parsing bugs. 260: o SSL/TLS protocol fix for unrequested client certificates. 261: 262: Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j: 263: 264: o Security: counter the Klima-Pokorny-Rosa extension of 265: Bleichbacher's attack 266: o Security: make RSA blinding default. 267: o Build: shared library support fixes. 268: 269: Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i: 270: 271: o Important security related bugfixes. 272: 273: Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h: 274: 275: o New configuration targets for Tandem OSS and A/UX. 276: o New OIDs for Microsoft attributes. 277: o Better handling of SSL session caching. 278: o Better comparison of distinguished names. 279: o Better handling of shared libraries in a mixed GNU/non-GNU environment. 280: o Support assembler code with Borland C. 281: o Fixes for length problems. 282: o Fixes for uninitialised variables. 283: o Fixes for memory leaks, some unusual crashes and some race conditions. 284: o Fixes for smaller building problems. 285: o Updates of manuals, FAQ and other instructive documents. 286: 287: Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g: 288: 289: o Important building fixes on Unix. 290: 291: Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f: 292: 293: o Various important bugfixes. 294: 295: Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e: 296: 297: o Important security related bugfixes. 298: o Various SSL/TLS library bugfixes. 299: 300: Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d: 301: 302: o Various SSL/TLS library bugfixes. 303: o Fix DH parameter generation for 'non-standard' generators. 304: 305: Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c: 306: 307: o Various SSL/TLS library bugfixes. 308: o BIGNUM library fixes. 309: o RSA OAEP and random number generation fixes. 310: o Object identifiers corrected and added. 311: o Add assembler BN routines for IA64. 312: o Add support for OS/390 Unix, UnixWare with gcc, OpenUNIX 8, 313: MIPS Linux; shared library support for Irix, HP-UX. 314: o Add crypto accelerator support for AEP, Baltimore SureWare, 315: Broadcom and Cryptographic Appliance's keyserver 316: [in 0.9.6c-engine release]. 317: 318: Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b: 319: 320: o Security fix: PRNG improvements. 321: o Security fix: RSA OAEP check. 322: o Security fix: Reinsert and fix countermeasure to Bleichbacher's 323: attack. 324: o MIPS bug fix in BIGNUM. 325: o Bug fix in "openssl enc". 326: o Bug fix in X.509 printing routine. 327: o Bug fix in DSA verification routine and DSA S/MIME verification. 328: o Bug fix to make PRNG thread-safe. 329: o Bug fix in RAND_file_name(). 330: o Bug fix in compatibility mode trust settings. 331: o Bug fix in blowfish EVP. 332: o Increase default size for BIO buffering filter. 333: o Compatibility fixes in some scripts. 334: 335: Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a: 336: 337: o Security fix: change behavior of OpenSSL to avoid using 338: environment variables when running as root. 339: o Security fix: check the result of RSA-CRT to reduce the 340: possibility of deducing the private key from an incorrectly 341: calculated signature. 342: o Security fix: prevent Bleichenbacher's DSA attack. 343: o Security fix: Zero the premaster secret after deriving the 344: master secret in DH ciphersuites. 345: o Reimplement SSL_peek(), which had various problems. 346: o Compatibility fix: the function des_encrypt() renamed to 347: des_encrypt1() to avoid clashes with some Unixen libc. 348: o Bug fixes for Win32, HP/UX and Irix. 349: o Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and 350: memory checking routines. 351: o Bug fixes for RSA operations in threaded environments. 352: o Bug fixes in misc. openssl applications. 353: o Remove a few potential memory leaks. 354: o Add tighter checks of BIGNUM routines. 355: o Shared library support has been reworked for generality. 356: o More documentation. 357: o New function BN_rand_range(). 358: o Add "-rand" option to openssl s_client and s_server. 359: 360: Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6: 361: 362: o Some documentation for BIO and SSL libraries. 363: o Enhanced chain verification using key identifiers. 364: o New sign and verify options to 'dgst' application. 365: o Support for DER and PEM encoded messages in 'smime' application. 366: o New 'rsautl' application, low level RSA utility. 367: o MD4 now included. 368: o Bugfix for SSL rollback padding check. 369: o Support for external crypto devices [1]. 370: o Enhanced EVP interface. 371: 372: [1] The support for external crypto devices is currently a separate 373: distribution. See the file README.ENGINE. 374: 375: Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a: 376: 377: o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8 378: o Shared library support for HPUX and Solaris-gcc 379: o Support of Linux/IA64 380: o Assembler support for Mingw32 381: o New 'rand' application 382: o New way to check for existence of algorithms from scripts 383: 384: Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5: 385: 386: o S/MIME support in new 'smime' command 387: o Documentation for the OpenSSL command line application 388: o Automation of 'req' application 389: o Fixes to make s_client, s_server work under Windows 390: o Support for multiple fieldnames in SPKACs 391: o New SPKAC command line utilty and associated library functions 392: o Options to allow passwords to be obtained from various sources 393: o New public key PEM format and options to handle it 394: o Many other fixes and enhancements to command line utilities 395: o Usable certificate chain verification 396: o Certificate purpose checking 397: o Certificate trust settings 398: o Support of authority information access extension 399: o Extensions in certificate requests 400: o Simplified X509 name and attribute routines 401: o Initial (incomplete) support for international character sets 402: o New DH_METHOD, DSA_METHOD and enhanced RSA_METHOD 403: o Read only memory BIOs and simplified creation function 404: o TLS/SSL protocol bugfixes: Accept TLS 'client hello' in SSL 3.0 405: record; allow fragmentation and interleaving of handshake and other 406: data 407: o TLS/SSL code now "tolerates" MS SGC 408: o Work around for Netscape client certificate hang bug 409: o RSA_NULL option that removes RSA patent code but keeps other 410: RSA functionality 411: o Memory leak detection now allows applications to add extra information 412: via a per-thread stack 413: o PRNG robustness improved 414: o EGD support 415: o BIGNUM library bug fixes 416: o Faster DSA parameter generation 417: o Enhanced support for Alpha Linux 418: o Experimental MacOS support 419: 420: Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4: 421: 422: o Transparent support for PKCS#8 format private keys: these are used 423: by several software packages and are more secure than the standard 424: form 425: o PKCS#5 v2.0 implementation 426: o Password callbacks have a new void * argument for application data 427: o Avoid various memory leaks 428: o New pipe-like BIO that allows using the SSL library when actual I/O 429: must be handled by the application (BIO pair) 430: 431: Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3: 432: o Lots of enhancements and cleanups to the Configuration mechanism 433: o RSA OEAP related fixes 434: o Added `openssl ca -revoke' option for revoking a certificate 435: o Source cleanups: const correctness, type-safe stacks and ASN.1 SETs 436: o Source tree cleanups: removed lots of obsolete files 437: o Thawte SXNet, certificate policies and CRL distribution points 438: extension support 439: o Preliminary (experimental) S/MIME support 440: o Support for ASN.1 UTF8String and VisibleString 441: o Full integration of PKCS#12 code 442: o Sparc assembler bignum implementation, optimized hash functions 443: o Option to disable selected ciphers 444: 445: Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b: 446: o Fixed a security hole related to session resumption 447: o Fixed RSA encryption routines for the p < q case 448: o "ALL" in cipher lists now means "everything except NULL ciphers" 449: o Support for Triple-DES CBCM cipher 450: o Support of Optimal Asymmetric Encryption Padding (OAEP) for RSA 451: o First support for new TLSv1 ciphers 452: o Added a few new BIOs (syslog BIO, reliable BIO) 453: o Extended support for DSA certificate/keys. 454: o Extended support for Certificate Signing Requests (CSR) 455: o Initial support for X.509v3 extensions 456: o Extended support for compression inside the SSL record layer 457: o Overhauled Win32 builds 458: o Cleanups and fixes to the Big Number (BN) library 459: o Support for ASN.1 GeneralizedTime 460: o Splitted ASN.1 SETs from SEQUENCEs 461: o ASN1 and PEM support for Netscape Certificate Sequences 462: o Overhauled Perl interface 463: o Lots of source tree cleanups. 464: o Lots of memory leak fixes. 465: o Lots of bug fixes. 466: 467: Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c: 468: o Integration of the popular NO_RSA/NO_DSA patches 469: o Initial support for compression inside the SSL record layer 470: o Added BIO proxy and filtering functionality 471: o Extended Big Number (BN) library 472: o Added RIPE MD160 message digest 473: o Addeed support for RC2/64bit cipher 474: o Extended ASN.1 parser routines 475: o Adjustations of the source tree for CVS 476: o Support for various new platforms 477: