OpenSSL CHANGES
_______________
- Changes between 0.9.5a and 0.9.6 [xx XXX 2000]
+ Changes between 0.9.5a and 0.9.6 [24 Sep 2000]
*) In ssl23_get_client_hello, generate an error message when faced
with an initial SSL 3.0/TLS record that is too small to contain the
by the Finished messages.
[Bodo Moeller]
+ *) More robust randomness gathering functions for Windows.
+ [Jeffrey Altman <jaltman@columbia.edu>]
+
*) For compatibility reasons if the flag X509_V_FLAG_ISSUER_CHECK is
not set then we don't setup the error code for issuer check errors
to avoid possibly overwriting other errors which the callback does
*) New BIO_shutdown_wr macro, which invokes the BIO_C_SHUTDOWN_WR
BIO_ctrl (for BIO pairs).
+ [Bodo Möller]
*) Add DSO method for VMS.
[Richard Levitte]
[Steve Henson]
*) Changes needed for Tandem NSK.
- [Scott Uroff scott@xypro.com]
+ [Scott Uroff <scott@xypro.com>]
*) Fix SSL 2.0 rollback checking: Due to an off-by-one error in
RSA_padding_check_SSLv23(), special padding was never detected
* Which is the current version of OpenSSL?
The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.5a was released on April 1st, 2000.
+OpenSSL 0.9.6 was released on September 24th, 2000.
In addition to the current stable release, you can also access daily
snapshots of the OpenSSL development version at <URL:
* Compiler installation:
- Mingw32 is available from <ftp://ftp.xraylith.wisc.edu/pub/khan/gnu-win32/
- mingw32/egcs-1.1.2/egcs-1.1.2-mingw32.zip>. GNU make is at
+ Mingw32 is available from <ftp://ftp.xraylith.wisc.edu/pub/khan/
+ gnu-win32/mingw32/gcc-2.95.2/gcc-2.95.2-msvcrt.exe>. GNU make is at
<ftp://agnes.dida.physik.uni-essen.de/home/janjaap/mingw32/binaries/
make-3.76.1.zip>. Install both of them in C:\egcs-1.1.2 and run
C:\egcs-1.1.2\mingw32.bat to set the PATH.
o New 'rsautl' application, low level RSA utility.
o MD4 now included.
o Bugfix for SSL rollback padding check.
- o Support for external crypto device[1].
- o Enhanced EVP interafce.
+ o Support for external crypto devices [1].
+ o Enhanced EVP interface.
[1] The support for external crypto devices is currently a separate
distribution. See the file README.ENGINE.
- OpenSSL 0.9.6-beta3 [engine] (Final beta) 21 Sep 2000
+ OpenSSL 0.9.6 [engine] 24 Sep 2000
Copyright (c) 1998-2000 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
device, or the built-in crypto routines will be used, just as in the
default OpenSSL distribution.
+
+ PROBLEMS
+ ========
+
+ It seems like the ENGINE part doesn't work too well with Cryptoswift on
+ Win32. A quick test done right before the release showed that trying
+ "openssl speed -engine cswift" generated errors. If the DSO gets enabled,
+ an attempt is made to write at memory address 0x00000002.
+
OpenSSL STATUS Last modified at
- ______________ $Date: 2000/09/24 09:50:28 $
+ ______________ $Date: 2000/09/24 16:04:33 $
DEVELOPMENT STATE
- o OpenSSL 0.9.6: Under development (in release cycle)...
- Proposed release date September 24, 2000
- 0.9.6-beta1 is available:
- OpenBSD-x86 2.7 - failed
- ftime not supported [FIXED]
- hpux-parisc-cc 10.20 - passed
- hpux-parisc-gcc 10.20 - passed
- hpux-parisc-gcc 11.00 - passed
- hpux-gcc - passed
- hpux-brokengcc - failed
- BN_sqr fails in test
- linux-elf - passed
- linux-sparcv7 - passed
- linux-ppc - passed
- Solaris [engine] - failed
- speed cswift gives odd errors [FIXED]
- solaris-sparcv8-gcc - passed
- solaris-sparcv9-gcc - passed
- solaris-sparcv9-cc - passed
- solaris64-sparcv9-cc - passed
- sco5-gcc - passed
- sco5-cc - passed
- FreeBSD - passed
- Win32 VC++ - failed
- PCURSORINFO not defined unless Win2000 [FIXED]
- RAND_poll() problem on Win2000 [FIXED]
- DSO method always DSO_METHOD_null [FIXED]
- CygWin32 - test failed
- MingW32 - failed
- thelp32.h
- aix-gcc (AIX 4.3.2) - passed
- VMS/Alpha - failed
- Some things were missing [FIXED]
- 0.9.6-beta2 is available:
- linux/openbsd (all platforms?) - mod_exp bug
- sunos-gcc - passed
- aix-gcc - passed
- Win32 w/ VC6 or Mingw32 - failed
- RAND_poll(), a few uninitialised vars [FIXED]
- RAND_poll() should used LoadLibrary instead of
- GetModuleHandle [FIXED]
- Major compilation problem with VC6 on NT.
- [FIXED]
- Mingw32 says "175: parse error before `DWORD'"
- [FIXED?]
- Win32 w/ CygWin - success?
- VMS/Alpha 7.1 (CPQ C 5.6-003, TCP/IP 5.0) - success
- Just a small warning in dso_vms.c [FIXED]
- VMS/Alpha 7.2-1 (CPQ 5.6-003, TCP/IP 5.0A) - success
- VMS/VAX 7.2-1 (CPQ 5.2-003, TCP/IP 5.0) - success
- hpux-parisc-cc (HP-UX B.11.00) - success
- hpux-parisc2-cc (11.00) - success
- hpux64-parisc2-cc (11.00) - success
- hpux-parisc1_1-cc (11.00) - success
- hpux-parisc-cc (10.20 w/ -ldld) - success
- hpux-parisc-gcc (10.20 w/ -ldld) - success
- hpux-parisc-cc [engine] (10.20 w/ -ldld)- success
- hpux-parisc-gcc [endine] (10.20 w/ -ldld)- success
- All hpux 10.20 targets succeeded provided -ldl
- has been changed to -ldld.
- solaris-sparcv9-gcc (2.6/ultra5) - success
- [ solaris-sparcv9-cc (SunOS 5.7 SC3.0) - failed ]
- [ Complaints about a number of -x parameters to ]
- [ the compiler and failed to compile an ]
- [ assembler file. Maybe a too old ]
- [ compiler? (Yes, apparently:) ]
- solaris-sparcv9-cc (SunOS 5.6 SC4.2) - success
- FreeBSD (2.2.5-RELEASE) - success
- alpha-cc [engine] (OSF1 5.0A) - success
- irix-mips3-cc [engine] (Irix 6.2) - success
- One has to do the same as for OpenBSD in
- speed.c [FIXED]
- aix-cc (3.2.5, cc 1.3.0.44) - success
- aix-gcc (3.2.5, gcc 2.8.1) - success
- Both first failed to compiled due to ftime().
- [FIXED]
- alpha-cc (V4.0E) - success
- alpha-gcc (V4.0E, gcc 2.8.1) - success
- ultrix-cc (V4.5) - success
- ultrix-gcc (V4.5, gcc 2.8.1) - success
- 0.9.6-beta3 is available:
- aix-cc (4.3) - success
- aix-cc [engine] (4.3) - success
- linux-elf (RedHat 5.2, gcc 2.7.2.3) - success
- linux-elf (RedHat 6.2) - success
- linux-elf [engine] (RedHat 6.2) - success
- solaris-sparcv9-gcc (5.7, gcc 2.95.2) - success
- solaris-sparcv9-gcc (5.6, gcc 2.95.2) - success
- solaris-sparcv9-cc (5.6, SunWS C 4.2) - success
- solaris-sparcv9-cc [engine] (5.6, SunWS C 4.2)- success
- VC-WIN32 (NT4 SP6, VC6 SP2) - success
- VC-WIN32 (NT4 SP6, Cygwin) - success
- The files used for testing must have CR/LF
- as line endings.
- VC-WIN32 (NT4 SP6, Mingw32) - failed
- mingw32a.mak contains a few lines that
- generate an error.
- VC-NT static libs (NT4 SP6, VC6 SP4) - failed
- Complains about unresolved external symbol
- __imp__RegQueryValueEx. This only
- happens when building the static
- libraries. Tests pass as soon as
- you make sure advapi32.lib gets
- linked in. [FIXED]
- VC-NT dynamic libs (NT4 SP6, VC6 SP4) - success
- VC-WIN32 (W2K Pro SP1, VC6 SP3, PSDK Jul2000)- success
- hpux-parisc-gcc (B.10.20, gcc 2.95.2) - success
- hpux-parisc-cc (B.10.20, cc A.10.32.30) - success
- hpux-parisc-gcc [engine] (B.10.20, gcc 2.95.2)- success
- hpux-parisc-cc [engine] (B.10.20, cc A.10.32.30)- success
- hpux-parisc2-cc (B.11.11) - success
- hpux64-parisc2-cc (B.11.11) - success
- Kevin Steves also mentions that "All the new
- targets look good on my end with hp-ux 11.0."
- MPE/iX-gcc - success
- FreeBSD (2.2.5) - failed
- Only having USE_TOD made speed.c issue an
- error. [FIXED]
- FreeBSD-alpha (4.1, gcc 2.95.2) - success
- The USE_TOD fix needed to be applied.
- There were warnings about -O3 triggering
- known optimizer bugs on that
- platform. [FIXED]
- OpenBSD-x86 (2.7, gcc 2.95.2) - success
- alpha-cc (OSF1 V4.0) - success
- solaris-x86-gcc (5.8, gcc 2.95.2) - success
- o OpenSSL 0.9.5a: Released on April 1st, 2000
- o OpenSSL 0.9.5: Released on February 28th, 2000
- o OpenSSL 0.9.4: Released on August 09th, 1999
- o OpenSSL 0.9.3a: Released on May 29th, 1999
- o OpenSSL 0.9.3: Released on May 25th, 1999
- o OpenSSL 0.9.2b: Released on March 22th, 1999
- o OpenSSL 0.9.1c: Released on December 23th, 1998
+ o OpenSSL 0.9.6: Released on September 24th, 2000
+ o OpenSSL 0.9.5a: Released on April 1st, 2000
+ o OpenSSL 0.9.5: Released on February 28th, 2000
+ o OpenSSL 0.9.4: Released on August 09th, 1999
+ o OpenSSL 0.9.3a: Released on May 29th, 1999
+ o OpenSSL 0.9.3: Released on May 25th, 1999
+ o OpenSSL 0.9.2b: Released on March 22th, 1999
+ o OpenSSL 0.9.1c: Released on December 23th, 1998
RELEASE SHOWSTOPPERS
*** FreeBSD-alpha
$cc = gcc
-$cflags = -DTERMIOS -O3 -fomit-frame-pointer
+$cflags = -DTERMIOS -O -fomit-frame-pointer
$unistd =
$thread_cflag = (unknown)
$lflags =
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-#define OPENSSL_VERSION_NUMBER 0x00906003L
-#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6-beta3 [engine] 21 Sep 2000"
+#define OPENSSL_VERSION_NUMBER 0x0090600fL
+#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6 [engine] 24 Sep 2000"
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
=head1 SEE ALSO
-L<evp(3)|evp(3)>,L<rand(3)|rand(3)>
+L<evp(3)|evp(3)>, L<rand(3)|rand(3)>,
L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>,
L<EVP_SealInit(3)|EVP_SealInit(3)>
=head1 SEE ALSO
-L<evp(3)|evp(3)>,L<rand(3)|rand(3)>
+L<evp(3)|evp(3)>, L<rand(3)|rand(3)>,
L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>,
L<EVP_OpenInit(3)|EVP_OpenInit(3)>
=head1 SEE ALSO
+L<evp(3)|evp(3)>,
L<EVP_SignInit(3)|EVP_SignInit(3)>,
L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
void BF_encrypt(BF_LONG *data,const BF_KEY *key);
void BF_decrypt(BF_LONG *data,const BF_KEY *key);
-
+
=head1 DESCRIPTION
This library implements the Blowfish cipher, which is invented and described
L<openssl(1)|openssl(1)>, L<crypto(3)|crypto(3)>,
L<SSL_accept(3)|SSL_accept(3)>, L<SSL_clear(3)|SSL_clear(3)>,
-L<SSL_connect(3)|SSL_connect(3)>, L<SSL_free(3)|SSL_free(3)>,
+L<SSL_connect(3)|SSL_connect(3)>, L<SSL_CTX_new(3)|SSL_CTX_new(3)>,
+L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)>,
+L<SSL_get_ciphers(3)|SSL_get_ciphers(3)>,
L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_get_fd(3)|SSL_get_fd(3)>,
+L<SSL_get_peer_cert_chain(3)|SSL_get_peer_cert_chain(3)>,
L<SSL_get_rbio(3)|SSL_get_rbio(3)>,
-L<SSL_get_session(3)|SSL_get_session(3)>, L<SSL_new(3)|SSL_new(3)>,
+L<SSL_get_session(3)|SSL_get_session(3)>,
+L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>,
+L<SSL_library_init(3)|SSL_library_init(3)>, L<SSL_new(3)|SSL_new(3)>,
L<SSL_read(3)|SSL_read(3)>, L<SSL_set_bio(3)|SSL_set_bio(3)>,
-L<SSL_set_fd(3)|SSL_set_fd(3)>,
+L<SSL_set_fd(3)|SSL_set_fd(3)>, L<SSL_pending(3)|SSL_pending(3)>,
L<SSL_set_session(3)|SSL_set_session(3)>,
L<SSL_shutdown(3)|SSL_shutdown(3)>, L<SSL_write(3)|SSL_write(3)>,
L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>
make -f ms/mingw32f.mak\r
echo You can ignore the error messages above\r
\r
+copy ms\tlhelp32.h outinc\r
+\r
echo Building the libraries\r
make -f ms/mingw32a.mak\r
if errorlevel 1 goto end\r
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, fully featured, and Open Source toolkit implementing the
Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
-protocols with full-strength cryptography world-wide. The project is
-managed by a worldwide community of volunteers that use the Internet to
-communicate, plan, and develop the OpenSSL tookit and its related
+protocols as well as a full-strength general purpose cryptography library.
+The project is managed by a worldwide community of volunteers that use the
+Internet to communicate, plan, and develop the OpenSSL tookit and its related
documentation.
OpenSSL is based on the excellent SSLeay library developed from Eric A.
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, fully featured, and Open Source toolkit implementing the
Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
-protocols with full-strength cryptography world-wide. The project is
-managed by a worldwide community of volunteers that use the Internet to
-communicate, plan, and develop the OpenSSL tookit and its related
+protocols as well as a full-strength general purpose cryptography library.
+The project is managed by a worldwide community of volunteers that use the
+Internet to communicate, plan, and develop the OpenSSL tookit and its related
documentation.
OpenSSL is based on the excellent SSLeay library developed from Eric A.
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, fully featured, and Open Source toolkit implementing the
Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
-protocols with full-strength cryptography world-wide. The project is
-managed by a worldwide community of volunteers that use the Internet to
-communicate, plan, and develop the OpenSSL tookit and its related
+protocols as well as a full-strength general purpose cryptography library.
+The project is managed by a worldwide community of volunteers that use the
+Internet to communicate, plan, and develop the OpenSSL tookit and its related
documentation.
OpenSSL is based on the excellent SSLeay library developed from Eric A.
$tmp_def="tmp32";
$inc_def="inc32";
#enable max error messages, disable most common warnings
-$cflags="-DWIN32_LEAN_AND_MEAN -q -w-aus -w-par -w-inl -c -tWC -tWM -DWINDOWS -DWIN32 -DL_ENDIAN ";
+$cflags="-DWIN32_LEAN_AND_MEAN -q -w-aus -w-par -w-inl -c -tWC -tWM -DWINDOWS -DWIN32 -DL_ENDIAN -DDSO_WIN32 ";
if ($debug)
{
$cflags.="-Od -y -v -vi- -D_DEBUG";
$cc='gcc';
if ($debug)
- { $cflags="-DL_ENDIAN -g2 -ggdb"; }
+ { $cflags="-DL_ENDIAN -DDSO_WIN32 -g2 -ggdb"; }
else
- { $cflags="-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall"; }
+ { $cflags="-DL_ENDIAN -DDSO_WIN32 -fomit-frame-pointer -O3 -m486 -Wall"; }
if ($gaswin and !$no_asm)
{
$cc='gcc';
if ($debug)
- { $cflags="-g2 -ggdb"; }
+ { $cflags="-g2 -ggdb -DDSO_WIN32"; }
else
- { $cflags="-O3 -fomit-frame-pointer"; }
+ { $cflags="-O3 -fomit-frame-pointer -DDSO_WIN32"; }
$obj='.o';
$ofile='-o ';
# C compiler stuff
$cc='cl';
-$cflags=' /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN';
+$cflags=' /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32';
$lflags="/nologo /subsystem:console /machine:I386 /opt:ref";
$mlflags='';
if ($debug)
{
- $cflags=" /MDd /W3 /WX /Zi /Yd /Od /nologo -DWIN32 -D_DEBUG -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -DDEBUG";
+ $cflags=" /MDd /W3 /WX /Zi /Yd /Od /nologo -DWIN32 -D_DEBUG -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -DDEBUG -DDSO_WIN32";
$lflags.=" /debug";
$mlflags.=' /debug';
}
projects / openssl / commitdiff