diff options
author | Ralf S. Engelschall <rse@openssl.org> | 1998-12-22 15:04:48 +0000 |
---|---|---|
committer | Ralf S. Engelschall <rse@openssl.org> | 1998-12-22 15:04:48 +0000 |
commit | 651d0aff98d28e2db146afa1790e9e22f3ef22db (patch) | |
tree | 064b04a2d7eddda845048c0278df8bbb068622f5 /HISTORY.066 | |
parent | 31b8d8684441e6cd5138832bb1b2ddb10acd6ba6 (diff) | |
download | openssl-651d0aff98d28e2db146afa1790e9e22f3ef22db.tar.gz |
Various cleanups and fixed by Marc and Ralf to start the OpenTLS project
Diffstat (limited to 'HISTORY.066')
-rw-r--r-- | HISTORY.066 | 443 |
1 files changed, 0 insertions, 443 deletions
diff --git a/HISTORY.066 b/HISTORY.066 deleted file mode 100644 index f85224977a..0000000000 --- a/HISTORY.066 +++ /dev/null @@ -1,443 +0,0 @@ -SSLeay 0.6.5 - -After quite some time (3 months), the new release. I have been very busy -for the last few months and so this is mostly bug fixes and improvments. - -The main additions are - -- assember for x86 DES. For all those gcc based systems, this is a big - improvement. From 117,000 DES operation a second on a pentium 100, - I now get 191,000. I have also reworked the C version so it - now gives 148,000 DESs per second. -- As mentioned above, the inner DES macros now have some more variant that - sometimes help, sometimes hinder performance. There are now 3 options - DES_PTR (ptr vs array lookup), DES_UNROLL (full vs partial loop unrolling) - and DES_RISC (a more register intensive version of the inner macro). - The crypto/des/des_opts.c program, when compiled and run, will give - an indication of the correct options to use. -- The BIO stuff has been improved. Read doc/bio.doc. There are now - modules for encryption and base64 encoding and a BIO_printf() function. -- The CA program will accept simple one line X509v3 extensions in the - ssleay.cnf file. Have a look at the example. Currently this just - puts the text into the certificate as an OCTET_STRING so currently - the more advanced X509v3 data types are not handled but this is enough - for the netscape extensions. -- There is the start of a nicer higher level interface to the X509 - strucutre. -- Quite a lot of bug fixes. -- CRYPTO_malloc_init() (or CRYPTO_set_mem_functions()) can be used - to define the malloc(), free() and realloc() routines to use - (look in crypto/crypto.h). This is mostly needed for Windows NT/95 when - using DLLs and mixing CRT libraries. - -In general, read the 'VERSION' file for changes and be aware that some of -the new stuff may not have been tested quite enough yet, so don't just plonk -in SSLeay 0.6.5 when 0.6.4 used to work and expect nothing to break. - -SSLeay 0.6.4 30/08/96 eay - -I've just finished some test builds on Windows NT, Windows 3.1, Solaris 2.3, -Solaris 2.5, Linux, IRIX, HPUX 10 and everthing seems to work :-). - -The main changes in this release - -- Thread safe. have a read of doc/threads.doc and play in the mt directory. - For anyone using 0.6.3 with threads, I found 2 major errors so consider - moving to 0.6.4. I have a test program that builds under NT and - solaris. -- The get session-id callback has changed. Have a read of doc/callback.doc. -- The X509_cert_verify callback (the SSL_verify callback) now - has another argument. Have a read of doc/callback.doc -- 'ca -preserve', sign without re-ordering the DN. Not tested much. -- VMS support. -- Compile time memory leak detection can now be built into SSLeay. - Read doc/memory.doc -- CONF routines now understand '\', '\n', '\r' etc. What this means is that - the SPKAC object mentioned in doc/ns-ca.doc can be on multiple lines. -- 'ssleay ciphers' added, lists the default cipher list for SSLeay. -- RC2 key setup is now compatable with Netscape. -- Modifed server side of SSL implementation, big performance difference when - using session-id reuse. - -0.6.3 - -Bug fixes and the addition of some nice stuff to the 'ca' program. -Have a read of doc/ns-ca.doc for how hit has been modified so -it can be driven from a CGI script. The CGI script is not provided, -but that is just being left as an excersize for the reader :-). - -0.6.2 - -This is most bug fixes and functionality improvements. - -Additions are -- More thread debugging patches, the thread stuff is still being - tested, but for those keep to play with stuff, have a look in - crypto/cryptlib.c. The application needs to define 1 (or optionaly - a second) callback that is used to implement locking. Compiling - with LOCK_DEBUG spits out lots of locking crud :-). - This is what I'm currently working on. -- SSL_CTX_set_default_passwd_cb() can be used to define the callback - function used in the SSL*_file() functions used to load keys. I was - always of the opinion that people should call - PEM_read_RSAPrivateKey() and pass the callback they want to use, but - it appears they just want to use the SSL_*_file() function() :-(. -- 'enc' now has a -kfile so a key can be read from a file. This is - mostly used so that the passwd does not appear when using 'ps', - which appears imposible to stop under solaris. -- X509v3 certificates now work correctly. I even have more examples - in my tests :-). There is now a X509_EXTENSION type that is used in - X509v3 certificates and CRLv2. -- Fixed that signature type error :-( -- Fixed quite a few potential memory leaks and problems when reusing - X509, CRL and REQ structures. -- EVP_set_pw_prompt() now sets the library wide default password - prompt. -- The 'pkcs7' command will now, given the -print_certs flag, output in - pem format, all certificates and CRL contained within. This is more - of a pre-emtive thing for the new verisign distribution method. I - should also note, that this also gives and example in code, of how - to do this :-), or for that matter, what is involved in going the - other way (list of certs and crl -> pkcs7). -- Added RSA's DESX to the DES library. It is also available via the - EVP_desx_cbc() method and via 'enc desx'. - -SSLeay 0.6.1 - -The main functional changes since 0.6.0 are as follows -- Bad news, the Microsoft 060 DLL's are not compatable, but the good news is - that from now on, I'll keep the .def numbers the same so they will be. -- RSA private key operations are about 2 times faster that 0.6.0 -- The SSL_CTX now has more fields so default values can be put against - it. When an SSL structure is created, these default values are used - but can be overwritten. There are defaults for cipher, certificate, - private key, verify mode and callback. This means SSL session - creation can now be - ssl=SSL_new() - SSL_set_fd(ssl,sock); - SSL_accept(ssl) - .... - All the other uglyness with having to keep a global copy of the - private key and certificate/verify mode in the server is now gone. -- ssl/ssltest.c - one process talking SSL to its self for testing. -- Storage of Session-id's can be controled via a session_cache_mode - flag. There is also now an automatic default flushing of - old session-id's. -- The X509_cert_verify() function now has another parameter, this - should not effect most people but it now means that the reason for - the failure to verify is now available via SSL_get_verify_result(ssl). - You don't have to use a global variable. -- SSL_get_app_data() and SSL_set_app_data() can be used to keep some - application data against the SSL structure. It is upto the application - to free the data. I don't use it, but it is available. -- SSL_CTX_set_cert_verify_callback() can be used to specify a - verify callback function that completly replaces my certificate - verification code. Xcert should be able to use this :-). - The callback is of the form int app_verify_callback(arg,ssl,cert). - This needs to be documented more. -- I have started playing with shared library builds, have a look in - the shlib directory. It is very simple. If you need a numbered - list of functions, have a look at misc/crypto.num and misc/ssl.num. -- There is some stuff to do locking to make the library thread safe. - I have only started this stuff and have not finished. If anyone is - keen to do so, please send me the patches when finished. - -So I have finally made most of the additions to the SSL interface that -I thought were needed. - -There will probably be a pause before I make any non-bug/documentation -related changes to SSLeay since I'm feeling like a bit of a break. - -eric - 12 Jul 1996 -I saw recently a comment by some-one that we now seem to be entering -the age of perpetual Beta software. -Pioneered by packages like linux but refined to an art form by -netscape. - -I too wish to join this trend with the anouncement of SSLeay 0.6.0 :-). - -There are quite a large number of sections that are 'works in -progress' in this package. I will also list the major changes and -what files you should read. - -BIO - this is the new IO structure being used everywhere in SSLeay. I -started out developing this because of microsoft, I wanted a mechanism -to callback to the application for all IO, so Windows 3.1 DLL -perversion could be hidden from me and the 15 different ways to write -to a file under NT would also not be dictated by me at library build -time. What the 'package' is is an API for a data structure containing -functions. IO interfaces can be written to conform to the -specification. This in not intended to hide the underlying data type -from the application, but to hide it from SSLeay :-). -I have only really finished testing the FILE * and socket/fd modules. -There are also 'filter' BIO's. Currently I have only implemented -message digests, and it is in use in the dgst application. This -functionality will allow base64/encrypto/buffering modules to be -'push' into a BIO without it affecting the semantics. I'm also -working on an SSL BIO which will hide the SSL_accept()/SLL_connet() -from an event loop which uses the interface. -It is also possible to 'attach' callbacks to a BIO so they get called -before and after each operation, alowing extensive debug output -to be generated (try running dgst with -d). - -Unfortunaly in the conversion from 0.5.x to 0.6.0, quite a few -functions that used to take FILE *, now take BIO *. -The wrappers are easy to write - -function_fp(fp,x) -FILE *fp; - { - BIO *b; - int ret; - - if ((b=BIO_new(BIO_s_file())) == NULL) error..... - BIO_set_fp(b,fp,BIO_NOCLOSE); - ret=function_bio(b,x); - BIO_free(b); - return(ret); - } -Remember, there are no functions that take FILE * in SSLeay when -compiled for Windows 3.1 DLL's. - --- -I have added a general EVP_PKEY type that can hold a public/private -key. This is now what is used by the EVP_ functions and is passed -around internally. I still have not done the PKCS#8 stuff, but -X509_PKEY is defined and waiting :-) - --- -For a full function name listings, have a look at ms/crypt32.def and -ms/ssl32.def. These are auto-generated but are complete. -Things like ASN1_INTEGER_get() have been added and are in here if you -look. I have renamed a few things, again, have a look through the -function list and you will probably find what you are after. I intend -to at least put a one line descrition for each one..... - --- -Microsoft - thats what this release is about, read the MICROSOFT file. - --- -Multi-threading support. I have started hunting through the code and -flaging where things need to be done. In a state of work but high on -the list. - --- -For random numbers, edit e_os.h and set DEVRANDOM (it's near the top) -be be you random data device, otherwise 'RFILE' in e_os.h -will be used, in your home directory. It will be updated -periodically. The environment variable RANDFILE will override this -choice and read/write to that file instead. DEVRANDOM is used in -conjunction to the RFILE/RANDFILE. If you wish to 'seed' the random -number generator, pick on one of these files. - --- - -The list of things to read and do - -dgst -d -s_client -state (this uses a callback placed in the SSL state loop and - will be used else-where to help debug/monitor what - is happening.) - -doc/why.doc -doc/bio.doc <- hmmm, needs lots of work. -doc/bss_file.doc <- one that is working :-) -doc/session.doc <- it has changed -doc/speed.doc - also play with ssleay version -a. I have now added a SSLeay() - function that returns a version number, eg 0600 for this release - which is primarily to be used to check DLL version against the - application. -util/* Quite a few will not interest people, but some may, like - mk1mf.pl, mkdef.pl, -util/do_ms.sh - -try -cc -Iinclude -Icrypto -c crypto/crypto.c -cc -Iinclude -Issl -c ssl/ssl.c -You have just built the SSLeay libraries as 2 object files :-) - -Have a general rummage around in the bin stall directory and look at -what is in there, like CA.sh and c_rehash - -There are lots more things but it is 12:30am on a Friday night and I'm -heading home :-). - -eric 22-Jun-1996 -This version has quite a few major bug fixes and improvements. It DOES NOT -do SSLv3 yet. - -The main things changed -- A Few days ago I added the s_mult application to ssleay which is - a demo of an SSL server running in an event loop type thing. - It supports non-blocking IO, I have finally gotten it right, SSL_accept() - can operate in non-blocking IO mode, look at the code to see how :-). - Have a read of doc/s_mult as well. This program leaks memory and - file descriptors everywhere but I have not cleaned it up yet. - This is a demo of how to do non-blocking IO. -- The SSL session management has been 'worked over' and there is now - quite an expansive set of functions to manipulate them. Have a read of - doc/session.doc for some-things I quickly whipped up about how it now works. - This assume you know the SSLv2 protocol :-) -- I can now read/write the netscape certificate format, use the - -inform/-outform 'net' options to the x509 command. I have not put support - for this type in the other demo programs, but it would be easy to add. -- asn1parse and 'enc' have been modified so that when reading base64 - encoded files (pem format), they do not require '-----BEGIN' header lines. - The 'enc' program had a buffering bug fixed, it can be used as a general - base64 -> binary -> base64 filter by doing 'enc -a -e' and 'enc -a -d' - respecivly. Leaving out the '-a' flag in this case makes the 'enc' command - into a form of 'cat'. -- The 'x509' and 'req' programs have been fixed and modified a little so - that they generate self-signed certificates correctly. The test - script actually generates a 'CA' certificate and then 'signs' a - 'user' certificate. Have a look at this shell script (test/sstest) - to see how things work, it tests most possible combinations of what can - be done. -- The 'SSL_set_pref_cipher()' function has been 'fixed' and the prefered name - of SSL_set_cipher_list() is now the correct API (stops confusion :-). - If this function is used in the client, only the specified ciphers can - be used, with preference given to the order the ciphers were listed. - For the server, if this is used, only the specified ciphers will be used - to accept connections. If this 'option' is not used, a default set of - ciphers will be used. The SSL_CTX_set_cipher_list(SSL_CTX *ctx) sets this - list for all ciphers started against the SSL_CTX. So the order is - SSL cipher_list, if not present, SSL_CTX cipher list, if not - present, then the library default. - What this means is that normally ciphers like - NULL-MD5 will never be used. The only way this cipher can be used - for both ends to specify to use it. - To enable or disable ciphers in the library at build time, modify the - first field for the cipher in the ssl_ciphers array in ssl/ssl_lib.c. - This file also contains the 'pref_cipher' list which is the default - cipher preference order. -- I'm not currently sure if the 'rsa -inform net' and the 'rsa -outform net' - options work. They should, and they enable loading and writing the - netscape rsa private key format. I will be re-working this section of - SSLeay for the next version. What is currently in place is a quick and - dirty hack. -- I've re-written parts of the bignum library. This gives speedups - for all platforms. I now provide assembler for use under Windows NT. - I have not tested the Windows 3.1 assembler but it is quite simple code. - This gives RSAprivate_key operation encryption times of 0.047s (512bit key) - and 0.230s (1024bit key) on a pentium 100 which I consider reasonable. - Basically the times available under linux/solaris x86 can be achieve under - Windows NT. I still don't know how these times compare to RSA's BSAFE - library but I have been emailing with people and with their help, I should - be able to get my library's quite a bit faster still (more algorithm changes). - The object file crypto/bn/asm/x86-32.obj should be used when linking - under NT. -- 'make makefile.one' in the top directory will generate a single makefile - called 'makefile.one' This makefile contains no perl references and - will build the SSLeay library into the 'tmp' and 'out' directories. - util/mk1mf.pl >makefile.one is how this makefile is - generated. The mk1mf.pl command take several option to generate the - makefile for use with cc, gcc, Visual C++ and Borland C++. This is - still under development. I have only build .lib's for NT and MSDOS - I will be working on this more. I still need to play with the - correct compiler setups for these compilers and add some more stuff but - basically if you just want to compile the library - on a 'non-unix' platform, this is a very very good file to start with :-). - Have a look in the 'microsoft' directory for my current makefiles. - I have not yet modified things to link with sockets under Windows NT. - You guys should be able to do this since this is actually outside of the - SSLeay scope :-). I will be doing it for myself soon. - util/mk1mf.pl takes quite a few options including no-rc, rsaref and no-sock - to build without RC2/RC4, to require RSAref for linking, and to - build with no socket code. - -- Oh yes, the cipher that was reported to be compatible with RSA's RC2 cipher - that was posted to sci.crypt has been added to the library and SSL. - I take the view that if RC2 is going to be included in a standard, - I'll include the cipher to make my package complete. - There are NO_RC2, NO_RC4 and NO_IDEA macros to remove these ciphers - at compile time. I have not tested this recently but it should all work - and if you are in the USA and don't want RSA threatening to sue you, - you could probably remove the RC4/RC2 code inside these sections. - I may in the future include a perl script that does this code - removal automatically for those in the USA :-). -- I have removed all references to sed in the makefiles. So basically, - the development environment requires perl and sh. The build environment - does not (use the makefile.one makefile). - The Configure script still requires perl, this will probably stay that way - since I have perl for Windows NT :-). - -eric (03-May-1996) - -PS Have a look in the VERSION file for more details on the changes and - bug fixes. -I have fixed a few bugs, added alpha and x86 assembler and generally cleaned -things up. This version will be quite stable, mostly because I'm on -holidays until 10-March-1996. For any problems in the interum, send email -to Tim Hudson <tjh@mincom.oz.au>. - -SSLeay 0.5.0 - -12-12-95 -This is going out before it should really be released. - -I leave for 11 weeks holidays on the 22-12-95 and so I either sit on -this for 11 weeks or get things out. It is still going to change a -lot in the next week so if you do grab this version, please test and -give me feed back ASAP, inculuding questions on how to do things with -the library. This will prompt me to write documentation so I don't -have to answer the same question again :-). - -This 'pre' release version is for people who are interested in the -library. The applications will have to be changed to use -the new version of the SSL interface. I intend to finish more -documentation before I leave but until then, look at the programs in -the apps directory. As far as code goes, it is much much nicer than -the old version. - -The current library works, has no memory leaks (as far as I can tell) -and is far more bug free that 0.4.5d. There are no global variable of -consequence (I believe) and I will produce some documentation that -tell where to look for those people that do want to do multi-threaded -stuff. - -There should be more documentation. Have a look in the -doc directory. I'll be adding more before I leave, it is a start -by mostly documents the crypto library. Tim Hudson will update -the web page ASAP. The spelling and grammar are crap but -it is better than nothing :-) - -Reasons to start playing with version 0.5.0 -- All the programs in the apps directory build into one ssleay binary. -- There is a new version of the 'req' program that generates certificate - requests, there is even documentation for this one :-) -- There is a demo certification authorithy program. Currently it will - look at the simple database and update it. It will generate CRL from - the data base. You need to edit the database by hand to revoke a - certificate, it is my aim to use perl5/Tk but I don't have time to do - this right now. It will generate the certificates but the management - scripts still need to be written. This is not a hard task. -- Things have been cleaned up alot. -- Have a look at the enc and dgst programs in the apps directory. -- It supports v3 of x509 certiticates. - - -Major things missing. -- I have been working on (and thinging about) the distributed x509 - hierachy problem. I have not had time to put my solution in place. - It will have to wait until I come back. -- I have not put in CRL checking in the certificate verification but - it would not be hard to do. I was waiting until I could generate my - own CRL (which has only been in the last week) and I don't have time - to put it in correctly. -- Montgomery multiplication need to be implemented. I know the - algorithm, just ran out of time. -- PKCS#7. I can load and write the DER version. I need to re-work - things to support BER (if that means nothing, read the ASN1 spec :-). -- Testing of the higher level digital envelope routines. I have not - played with the *_seal() and *_open() type functions. They are - written but need testing. The *_sign() and *_verify() functions are - rock solid. -- PEM. Doing this and PKCS#7 have been dependant on the distributed - x509 heirachy problem. I started implementing my ideas, got - distracted writing a CA program and then ran out of time. I provide - the functionality of RSAref at least. -- Re work the asm. code for the x86. I've changed by low level bignum - interface again, so I really need to tweak the x86 stuff. gcc is - good enough for the other boxes. - |