diff options
Diffstat (limited to 'HISTORY')
| -rw-r--r-- | HISTORY | 316 |
1 files changed, 0 insertions, 316 deletions
diff --git a/HISTORY b/HISTORY deleted file mode 100644 index 7712100038..0000000000 --- a/HISTORY +++ /dev/null @@ -1,316 +0,0 @@ -16-Mar-98 - - Patch for Cray T90 from Wayne Schroeder <schroede@SDSC.EDU> - - Lots and lots of changes - -29-Jan-98 - - ASN1_BIT_STRING_set_bit()/ASN1_BIT_STRING_get_bit() from - Goetz Babin-Ebell <babinebell@trustcenter.de>. - - SSL_version() now returns SSL2_VERSION, SSL3_VERSION or - TLS1_VERSION. - -7-Jan-98 - - Finally reworked the cipher string to ciphers again, so it - works correctly - - All the app_data stuff is now ex_data with funcion calls to access. - The index is supplied by a function and 'methods' can be setup - for the types that are called on XXX_new/XXX_free. This lets - applications get notified on creation and destruction. Some of - the RSA methods could be implemented this way and I may do so. - - Oh yes, SSL under perl5 is working at the basic level. - -15-Dec-97 - - Warning - the gethostbyname cache is not fully thread safe, - but it should work well enough. - - Major internal reworking of the app_data stuff. More functions - but if you were accessing ->app_data directly, things will - stop working. - - The perlv5 stuff is working. Currently on message digests, - ciphers and the bignum library. - -9-Dec-97 - - Modified re-negotiation so that server initated re-neg - will cause a SSL_read() to return -1 should retry. - The danger otherwise was that the server and the - client could end up both trying to read when using non-blocking - sockets. - -4-Dec-97 - - Lots of small changes - - Fix for binaray mode in Windows for the FILE BIO, thanks to - Bob Denny <rdenny@dc3.com> - -17-Nov-97 - - Quite a few internal cleanups, (removal of errno, and using macros - defined in e_os.h). - - A bug in ca.c, pointed out by yasuyuki-ito@d-cruise.co.jp, where - the automactic naming out output files was being stuffed up. - -29-Oct-97 - - The Cast5 cipher has been added. MD5 and SHA-1 are now in assember - for x86. - -21-Oct-97 - - Fixed a bug in the BIO_gethostbyname() cache. - -15-Oct-97 - - cbc mode for blowfish/des/3des is now in assember. Blowfish asm - has also been improved. At this point in time, on the pentium, - md5 is %80 faster, the unoptimesed sha-1 is %79 faster, - des-cbc is %28 faster, des-ede3-cbc is %9 faster and blowfish-cbc - is %62 faster. - -12-Oct-97 - - MEM_BUF_grow() has been fixed so that it always sets the buf->length - to the value we are 'growing' to. Think of MEM_BUF_grow() as the - way to set the length value correctly. - -10-Oct-97 - - I now hash for certificate lookup on the raw DER encoded RDN (md5). - This breaks things again :-(. This is efficent since I cache - the DER encoding of the RDN. - - The text DN now puts in the numeric OID instead of UNKNOWN. - - req can now process arbitary OIDs in the config file. - - I've been implementing md5 in x86 asm, much faster :-). - - Started sha1 in x86 asm, needs more work. - - Quite a few speedups in the BN stuff. RSA public operation - has been made faster by caching the BN_MONT_CTX structure. - The calulating of the Ai where A*Ai === 1 mod m was rather - expensive. Basically a 40-50% speedup on public operations. - The RSA speedup is now 15% on pentiums and %20 on pentium - pro. - -30-Sep-97 - - After doing some profiling, I added x86 adm for bn_add_words(), - which just adds 2 arrays of longs together. A %10 speedup - for 512 and 1024 bit RSA on the pentium pro. - -29-Sep-97 - - Converted the x86 bignum assembler to us the perl scripts - for generation. - -23-Sep-97 - - If SSL_set_session() is passed a NULL session, it now clears the - current session-id. - -22-Sep-97 - - Added a '-ss_cert file' to apps/ca.c. This will sign selfsigned - certificates. - - Bug in crypto/evp/encode.c where by decoding of 65 base64 - encoded lines, one line at a time (via a memory BIO) would report - EOF after the first line was decoded. - - Fix in X509_find_by_issuer_and_serial() from - Dr Stephen Henson <shenson@bigfoot.com> - -19-Sep-97 - - NO_FP_API and NO_STDIO added. - - Put in sh config command. It auto runs Configure with the correct - parameters. - -18-Sep-97 - - Fix x509.c so if a DSA cert has different parameters to its parent, - they are left in place. Not tested yet. - -16-Sep-97 - - ssl_create_cipher_list() had some bugs, fixes from - Patrick Eisenacher <eisenach@stud.uni-frankfurt.de> - - Fixed a bug in the Base64 BIO, where it would return 1 instead - of -1 when end of input was encountered but should retry. - Basically a Base64/Memory BIO interaction problem. - - Added a HMAC set of functions in preporarion for TLS work. - -15-Sep-97 - - Top level makefile tweak - Cameron Simpson <cs@zip.com.au> - - Prime generation spead up %25 (512 bit prime, pentium pro linux) - by using montgomery multiplication in the prime number test. - -11-Sep-97 - - Ugly bug in ssl3_write_bytes(). Basically if application land - does a SSL_write(ssl,buf,len) where len > 16k, the SSLv3 write code - did not check the size and tried to copy the entire buffer. - This would tend to cause memory overwrites since SSLv3 has - a maximum packet size of 16k. If your program uses - buffers <= 16k, you would probably never see this problem. - - Fixed a new errors that were cause by malloc() not returning - 0 initialised memory.. - - SSL_OP_NETSCAPE_CA_DN_BUG was being switched on when using - SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL); which was a bad thing - since this flags stops SSLeay being able to handle client - cert requests correctly. - -08-Sep-97 - - SSL_SESS_CACHE_NO_INTERNAL_LOOKUP option added. When switched - on, the SSL server routines will not use a SSL_SESSION that is - held in it's cache. This in intended to be used with the session-id - callbacks so that while the session-ids are still stored in the - cache, the decision to use them and how to look them up can be - done by the callbacks. The are the 'new', 'get' and 'remove' - callbacks. This can be used to determine the session-id - to use depending on information like which port/host the connection - is coming from. Since the are also SSL_SESSION_set_app_data() and - SSL_SESSION_get_app_data() functions, the application can hold - information against the session-id as well. - -03-Sep-97 - - Added lookup of CRLs to the by_dir method, - X509_load_crl_file() also added. Basically it means you can - lookup CRLs via the same system used to lookup certificates. - - Changed things so that the X509_NAME structure can contain - ASN.1 BIT_STRINGS which is required for the unique - identifier OID. - - Fixed some problems with the auto flushing of the session-id - cache. It was not occuring on the server side. - -02-Sep-97 - - Added SSL_CTX_sess_cache_size(SSL_CTX *ctx,unsigned long size) - which is the maximum number of entries allowed in the - session-id cache. This is enforced with a simple FIFO list. - The default size is 20*1024 entries which is rather large :-). - The Timeout code is still always operating. - -01-Sep-97 - - Added an argument to all the 'generate private key/prime` - callbacks. It is the last parameter so this should not - break existing code but it is needed for C++. - - Added the BIO_FLAGS_BASE64_NO_NL flag for the BIO_f_base64() - BIO. This lets the BIO read and write base64 encoded data - without inserting or looking for '\n' characters. The '-A' - flag turns this on when using apps/enc.c. - - RSA_NO_PADDING added to help BSAFE functionality. This is a - very dangerous thing to use, since RSA private key - operations without random padding bytes (as PKCS#1 adds) can - be attacked such that the private key can be revealed. - - ASN.1 bug and rc2-40-cbc and rc4-40 added by - Dr Stephen Henson <shenson@bigfoot.com> - -31-Aug-97 (stuff added while I was away) - - Linux pthreads by Tim Hudson (tjh@cryptsoft.com). - - RSA_flags() added allowing bypass of pub/priv match check - in ssl/ssl_rsa.c - Tim Hudson. - - A few minor bugs. - -SSLeay 0.8.1 released. - -19-Jul-97 - - Server side initated dynamic renegotiation is broken. I will fix - it when I get back from holidays. - -15-Jul-97 - - Quite a few small changes. - - INVALID_SOCKET usage cleanups from Alex Kiernan <alex@hisoft.co.uk> - -09-Jul-97 - - Added 2 new values to the SSL info callback. - SSL_CB_START which is passed when the SSL protocol is started - and SSL_CB_DONE when it has finished sucsessfully. - -08-Jul-97 - - Fixed a few bugs problems in apps/req.c and crypto/asn1/x_pkey.c - that related to DSA public/private keys. - - Added all the relevent PEM and normal IO functions to support - reading and writing RSAPublic keys. - - Changed makefiles to use ${AR} instead of 'ar r' - -07-Jul-97 - - Error in ERR_remove_state() that would leave a dangling reference - to a free()ed location - thanks to Alex Kiernan <alex@hisoft.co.uk> - - s_client now prints the X509_NAMEs passed from the server - when requesting a client cert. - - Added a ssl->type, which is one of SSL_ST_CONNECT or - SSL_ST_ACCEPT. I had to add it so I could tell if I was - a connect or an accept after the handshake had finished. - - SSL_get_client_CA_list(SSL *s) now returns the CA names - passed by the server if called by a client side SSL. - -05-Jul-97 - - Bug in X509_NAME_get_text_by_OBJ(), looking starting at index - 0, not -1 :-( Fix from Tim Hudson (tjh@cryptsoft.com). - -04-Jul-97 - - Fixed some things in X509_NAME_add_entry(), thanks to - Matthew Donald <matthew@world.net>. - - I had a look at the cipher section and though that it was a - bit confused, so I've changed it. - - I was not setting up the RC4-64-MD5 cipher correctly. It is - a MS special that appears in exported MS Money. - - Error in all my DH ciphers. Section 7.6.7.3 of the SSLv3 - spec. I was missing the two byte length header for the - ClientDiffieHellmanPublic value. This is a packet sent from - the client to the server. The SSL_OP_SSLEAY_080_CLIENT_DH_BUG - option will enable SSLeay server side SSLv3 accept either - the correct or my 080 packet format. - - Fixed a few typos in crypto/pem.org. - -02-Jul-97 - - Alias mapping for EVP_get_(digest|cipher)byname is now - performed before a lookup for actual cipher. This means - that an alias can be used to 're-direct' a cipher or a - digest. - - ASN1_read_bio() had a bug that only showed up when using a - memory BIO. When EOF is reached in the memory BIO, it is - reported as a -1 with BIO_should_retry() set to true. - -01-Jul-97 - - Fixed an error in X509_verify_cert() caused by my - miss-understanding how 'do { contine } while(0);' works. - Thanks to Emil Sit <sit@mit.edu> for educating me :-) - -30-Jun-97 - - Base64 decoding error. If the last data line did not end with - a '=', sometimes extra data would be returned. - - Another 'cut and paste' bug in x509.c related to setting up the - STDout BIO. - -27-Jun-97 - - apps/ciphers.c was not printing due to an editing error. - - Alex Kiernan <alex@hisoft.co.uk> send in a nice fix for - a library build error in util/mk1mf.pl - -26-Jun-97 - - Still did not have the auto 'experimental' code removal - script correct. - - A few header tweaks for Watcom 11.0 under Win32 from - Rolf Lindemann <Lindemann@maz-hh.de> - - 0 length OCTET_STRING bug in asn1_parse - - A minor fix with an non-existent function in the MS .def files. - - A few changes to the PKCS7 stuff. - -25-Jun-97 - SSLeay 0.8.0 finally it gets released. - -24-Jun-97 - Added a SSL_OP_EPHEMERAL_RSA option which causes all SSLv3 RSA keys to - use a temporary RSA key. This is experimental and needs some more work. - Fixed a few Win16 build problems. - -23-Jun-97 - SSLv3 bug. I was not doing the 'lookup' of the CERT structure - correctly. I was taking the SSL->ctx->default_cert when I should - have been using SSL->cert. The bug was in ssl/s3_srvr.c - -20-Jun-97 - X509_ATTRIBUTES were being encoded wrongly by apps/reg.c and the - rest of the library. Even though I had the code required to do - it correctly, apps/req.c was doing the wrong thing. I have fixed - and tested everything. - - Missing a few #ifdef FIONBIO sections in crypto/bio/bss_acpt.c. - -19-Jun-97 - Fixed a bug in the SSLv2 server side first packet handling. When - using the non-blocking test BIO, the ssl->s2->first_packet flag - was being reset when a would-block failure occurred when reading - the first 5 bytes of the first packet. This caused the checking - logic to run at the wrong time and cause an error. - - Fixed a problem with specifying cipher. If RC4-MD5 were used, - only the SSLv3 version would be picked up. Now this will pick - up both SSLv2 and SSLv3 versions. This required changing the - SSL_CIPHER->mask values so that they only mask the ciphers, - digests, authentication, export type and key-exchange algorithms. - - I found that when a SSLv23 session is established, a reused - session, of type SSLv3 was attempting to write the SSLv2 - ciphers, which were invalid. The SSL_METHOD->put_cipher_by_char - method has been modified so it will only write out cipher which - that method knows about. - |