path: root/CHANGES.SSLeay

This file contains the changes for the SSLeay library up to version
0.9.0b. For later changes, see the file "CHANGES".

  SSLeay CHANGES
  ______________

Changes between 0.8.x and 0.9.0b

10-Apr-1998

I said the next version would go out at easter, and so it shall.
I expect a 0.9.1 will follow with portability fixes in the next few weeks.

This is a quick, meet the deadline.  Look to ssl-users for comments on what
is new etc.

eric (about to go bushwalking for the 4 day easter break :-)

16-Mar-98
    - Patch for Cray T90 from Wayne Schroeder <schroede@SDSC.EDU>
    - Lots and lots of changes

29-Jan-98
    - ASN1_BIT_STRING_set_bit()/ASN1_BIT_STRING_get_bit() from
      Goetz Babin-Ebell <babinebell@trustcenter.de>.
    - SSL_version() now returns SSL2_VERSION, SSL3_VERSION or
      TLS1_VERSION.

7-Jan-98
    - Finally reworked the cipher string to ciphers again, so it
      works correctly
    - All the app_data stuff is now ex_data with funcion calls to access.
      The index is supplied by a function and 'methods' can be setup
      for the types that are called on XXX_new/XXX_free.  This lets
      applications get notified on creation and destruction.  Some of
      the RSA methods could be implemented this way and I may do so.
    - Oh yes, SSL under perl5 is working at the basic level.

15-Dec-97
    - Warning - the gethostbyname cache is not fully thread safe,
      but it should work well enough.
    - Major internal reworking of the app_data stuff.  More functions
      but if you were accessing ->app_data directly, things will
      stop working.
    - The perlv5 stuff is working.  Currently on message digests,
      ciphers and the bignum library.

9-Dec-97
    - Modified re-negotiation so that server initated re-neg
      will cause a SSL_read() to return -1 should retry.
      The danger otherwise was that the server and the
      client could end up both trying to read when using non-blocking
      sockets.

4-Dec-97
    - Lots of small changes
    - Fix for binaray mode in Windows for the FILE BIO, thanks to
      Bob Denny <rdenny@dc3.com>

17-Nov-97
    - Quite a few internal cleanups, (removal of errno, and using macros
      defined in e_os.h).
    - A bug in ca.c, pointed out by yasuyuki-ito@d-cruise.co.jp, where
      the automactic naming out output files was being stuffed up.

29-Oct-97
    - The Cast5 cipher has been added.  MD5 and SHA-1 are now in assember
      for x86.

21-Oct-97
    - Fixed a bug in the BIO_gethostbyname() cache.

15-Oct-97
    - cbc mode for blowfish/des/3des is now in assember.  Blowfish asm
      has also been improved.  At this point in time, on the pentium,
      md5 is %80 faster, the unoptimesed sha-1 is %79 faster,
      des-cbc is %28 faster, des-ede3-cbc is %9 faster and blowfish-cbc
      is %62 faster.

12-Oct-97
    - MEM_BUF_grow() has been fixed so that it always sets the buf->length
      to the value we are 'growing' to.  Think of MEM_BUF_grow() as the
      way to set the length value correctly.

10-Oct-97
    - I now hash for certificate lookup on the raw DER encoded RDN (md5).
      This breaks things again :-(.  This is efficent since I cache
      the DER encoding of the RDN.
    - The text DN now puts in the numeric OID instead of UNKNOWN.
    - req can now process arbitary OIDs in the config file.
    - I've been implementing md5 in x86 asm, much faster :-).
    - Started sha1 in x86 asm, needs more work.
    - Quite a few speedups in the BN stuff.  RSA public operation
      has been made faster by caching the BN_MONT_CTX structure.
      The calulating of the Ai where A*Ai === 1 mod m was rather
      expensive.  Basically a 40-50% speedup on public operations.
      The RSA speedup is now 15% on pentiums and %20 on pentium
      pro.

30-Sep-97
    - After doing some profiling, I added x86 adm for bn_add_words(),
      which just adds 2 arrays of longs together.  A %10 speedup
      for 512 and 1024 bit RSA on the pentium pro.

29-Sep-97
    - Converted the x86 bignum assembler to us the perl scripts
      for generation.

23-Sep-97
    - If SSL_set_session() is passed a NULL session, it now clears the
      current session-id.

22-Sep-97
    - Added a '-ss_cert file' to apps/ca.c.  This will sign selfsigned
      certificates.
    - Bug in crypto/evp/encode.c where by decoding of 65 base64
      encoded lines, one line at a time (via a memory BIO) would report
      EOF after the first line was decoded.
    - Fix in X509_find_by_issuer_and_serial() from
      Dr Stephen Henson <shenson@bigfoot.com>

19-Sep-97
    - NO_FP_API and NO_STDIO added.
    - Put in sh config command.  It auto runs Configure with the correct
      parameters.

18-Sep-97
    - Fix x509.c so if a DSA cert has different parameters to its parent,
      they are left in place.  Not tested yet.

16-Sep-97
    - ssl_create_cipher_list() had some bugs, fixes from
      Patrick Eisenacher <eisenach@stud.uni-frankfurt.de>
    - Fixed a bug in the Base64 BIO, where it would return 1 instead
      of -1 when end of input was encountered but should retry.
      Basically a Base64/Memory BIO interaction problem.
    - Added a HMAC set of functions in preporarion for TLS work.

15-Sep-97
    - Top level makefile tweak - Cameron Simpson <cs@zip.com.au>
    - Prime generation spead up %25 (512 bit prime, pentium pro linux)
      by using montgomery multiplication in the prime number test.

11-Sep-97
    - Ugly bug in ssl3_write_bytes().  Basically if application land
      does a SSL_write(ssl,buf,len) where len > 16k, the SSLv3 write code
      did not check the size and tried to copy the entire buffer.
      This would tend to cause memory overwrites since SSLv3 has
      a maximum packet size of 16k.  If your program uses
      buffers <= 16k, you would probably never see this problem.
    - Fixed a few errors that were cause by malloc() not returning
      0 initialised memory..
    - SSL_OP_NETSCAPE_CA_DN_BUG was being switched on when using
      SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL); which was a bad thing
      since this flags stops SSLeay being able to handle client
      cert requests correctly.

08-Sep-97
    - SSL_SESS_CACHE_NO_INTERNAL_LOOKUP option added.  When switched
      on, the SSL server routines will not use a SSL_SESSION that is
      held in it's cache.  This in intended to be used with the session-id
      callbacks so that while the session-ids are still stored in the
      cache, the decision to use them and how to look them up can be
      done by the callbacks.  The are the 'new', 'get' and 'remove'
      callbacks.  This can be used to determine the session-id
      to use depending on information like which port/host the connection
      is coming from.  Since the are also SSL_SESSION_set_app_data() and
      SSL_SESSION_get_app_data() functions, the application can hold
      information against the session-id as well.

03-Sep-97
    - Added lookup of CRLs to the by_dir method,
      X509_load_crl_file() also added.  Basically it means you can
      lookup CRLs via the same system used to lookup certificates.
    - Changed things so that the X509_NAME structure can contain
      ASN.1 BIT_STRINGS which is required for the unique
      identifier OID.
    - Fixed some problems with the auto flushing of the session-id
      cache.  It was not occuring on the server side.

02-Sep-97
    - Added SSL_CTX_sess_cache_size(SSL_CTX *ctx,unsigned long size)
      which is the maximum number of entries allowed in the
      session-id cache.  This is enforced with a simple FIFO list.
      The default size is 20*1024 entries which is rather large :-).
      The Timeout code is still always operating.

01-Sep-97
    - Added an argument to all the 'generate private key/prime`
      callbacks.  It is the last parameter so this should not
      break existing code but it is needed for C++.
    - Added the BIO_FLAGS_BASE64_NO_NL flag for the BIO_f_base64()
      BIO.  This lets the BIO read and write base64 encoded data
      without inserting or looking for '\n' characters.  The '-A'
      flag turns this on when using apps/enc.c.
    - RSA_NO_PADDING added to help BSAFE functionality.  This is a
      very dangerous thing to use, since RSA private key
      operations without random padding bytes (as PKCS#1 adds) can
      be attacked such that the private key can be revealed.
    - ASN.1 bug and rc2-40-cbc and rc4-40 added by
      Dr Stephen Henson <shenson@bigfoot.com>

31-Aug-97 (stuff added while I was away)    
    - Linux pthreads by Tim Hudson (tjh@cryptsoft.com).
    - RSA_flags() added allowing bypass of pub/priv match check
      in ssl/ssl_rsa.c - Tim Hudson.
    - A few minor bugs.

SSLeay 0.8.1 released.

19-Jul-97
    - Server side initated dynamic renegotiation is broken.  I will fix
      it when I get back from holidays.

15-Jul-97
    - Quite a few small changes.
    - INVALID_SOCKET usage cleanups from Alex Kiernan <alex@hisoft.co.uk>

09-Jul-97
    - Added 2 new values to the SSL info callback.
      SSL_CB_START which is passed when the SSL protocol is started
      and SSL_CB_DONE when it has finished sucsessfully.

08-Jul-97
    - Fixed a few bugs problems in apps/req.c and crypto/asn1/x_pkey.c
      that related to DSA public/private keys.
    - Added all the relevent PEM and normal IO functions to support
      reading and writing RSAPublic keys.
    - Changed makefiles to use ${AR} instead of 'ar r'

07-Jul-97
    - Error in ERR_remove_state() that would leave a dangling reference
      to a free()ed location - thanks to Alex Kiernan <alex@hisoft.co.uk>
    - s_client now prints the X509_NAMEs passed from the server
      when requesting a client cert.
    - Added a ssl->type, which is one of SSL_ST_CONNECT or
      SSL_ST_ACCEPT.  I had to add it so I could tell if I was
      a connect or an accept after the handshake had finished.
    - SSL_get_client_CA_list(SSL *s) now returns the CA names
      passed by the server if called by a client side SSL.

05-Jul-97
    - Bug in X509_NAME_get_text_by_OBJ(), looking starting at index
      0, not -1 :-(  Fix from Tim Hudson (tjh@cryptsoft.com).

04-Jul-97
    - Fixed some things in X509_NAME_add_entry(), thanks to
      Matthew Donald <matthew@world.net>.
    - I had a look at the cipher section and though that it was a
      bit confused, so I've changed it.
    - I was not setting up the RC4-64-MD5 cipher correctly.  It is
      a MS special that appears in exported MS Money.
    - Error in all my DH ciphers.  Section 7.6.7.3 of the SSLv3
      spec.  I was missing the two byte length header for the
      ClientDiffieHellmanPublic value.  This is a packet sent from
      the client to the server.  The SSL_OP_SSLEAY_080_CLIENT_DH_BUG
      option will enable SSLeay server side SSLv3 accept either
      the correct or my 080 packet format.
    - Fixed a few typos in crypto/pem.org.

02-Jul-97
    - Alias mapping for EVP_get_(digest|cipher)byname is now
      performed before a lookup for actual cipher.  This means
      that an alias can be used to 're-direct' a cipher or a
      digest.
    - ASN1_read_bio() had a bug that only showed up when using a
      memory BIO.  When EOF is reached in the memory BIO, it is
      reported as a -1 with BIO_should_retry() set to true.

01-Jul-97
    - Fixed an error in X509_verify_cert() caused by my
      miss-understanding how 'do { contine } while(0);' works.
      Thanks to Emil Sit <sit@mit.edu> for educating me :-)

30-Jun-97
    - Base64 decoding error.  If the last data line did not end with
      a '=', sometimes extra data would be returned.
    - Another 'cut and paste' bug in x509.c related to setting up the
      STDout BIO.

27-Jun-97
    - apps/ciphers.c was not printing due to an editing error.
    - Alex Kiernan <alex@hisoft.co.uk> send in a nice fix for
      a library build error in util/mk1mf.pl

26-Jun-97
    - Still did not have the auto 'experimental' code removal
      script correct.
    - A few header tweaks for Watcom 11.0 under Win32 from
      Rolf Lindemann <Lindemann@maz-hh.de>
    - 0 length OCTET_STRING bug in asn1_parse
    - A minor fix with an non-existent function in the MS .def files.
    - A few changes to the PKCS7 stuff.

25-Jun-97
    SSLeay 0.8.0 finally it gets released.

24-Jun-97
    Added a SSL_OP_EPHEMERAL_RSA option which causes all SSLv3 RSA keys to
    use a temporary RSA key.  This is experimental and needs some more work.
    Fixed a few Win16 build problems.

23-Jun-97
    SSLv3 bug. I was not doing the 'lookup' of the CERT structure
    correctly. I was taking the SSL->ctx->default_cert when I should
    have been using SSL->cert. The bug was in ssl/s3_srvr.c

20-Jun-97
    X509_ATTRIBUTES were being encoded wrongly by apps/reg.c and the
    rest of the library. Even though I had the code required to do
    it correctly, apps/req.c was doing the wrong thing.  I have fixed
    and tested everything.

    Missing a few #ifdef FIONBIO sections in crypto/bio/bss_acpt.c.

19-Jun-97
    Fixed a bug in the SSLv2 server side first packet handling. When
    using the non-blocking test BIO, the ssl->s2->first_packet flag
    was being reset when a would-block failure occurred when reading
    the first 5 bytes of the first packet. This caused the checking
    logic to run at the wrong time and cause an error.

    Fixed a problem with specifying cipher. If RC4-MD5 were used,
    only the SSLv3 version would be picked up.  Now this will pick
    up both SSLv2 and SSLv3 versions. This required changing the
    SSL_CIPHER->mask values so that they only mask the ciphers,
    digests, authentication, export type and key-exchange algorithms.

    I found that when a SSLv23 session is established, a reused
    session, of type SSLv3 was attempting to write the SSLv2 
    ciphers, which were invalid. The SSL_METHOD->put_cipher_by_char 
    method has been modified so it will only write out cipher which
    that method knows about.  


 Changes between 0.8.0 and 0.8.1

  *) Mostly bug fixes. 
     There is an Ephemeral DH cipher problem which is fixed.

 SSLeay 0.8.0

This version of SSLeay has quite a lot of things different from the
previous version.

Basically check all callback parameters, I will be producing documentation
about how to use things in th future.  Currently I'm just getting 080 out
the door.  Please not that there are several ways to do everything, and
most of the applications in the apps directory are hybrids, some using old
methods and some using new methods.

Have a look in demos/bio for some very simple programs and
apps/s_client.c and apps/s_server.c for some more advanced versions.
Notes are definitly needed but they are a week or so away.

Anyway, some quick nots from Tim Hudson (tjh@cryptsoft.com)
---
Quick porting notes for moving from SSLeay-0.6.x to SSLeay-0.8.x to
get those people that want to move to using the new code base off to
a quick start.

Note that Eric has tidied up a lot of the areas of the API that were
less than desirable and renamed quite a few things (as he had to break
the API in lots of places anyrate). There are a whole pile of additional
functions for making dealing with (and creating) certificates a lot
cleaner.

01-Jul-97
Tim Hudson
tjh@cryptsoft.com

---8<---

To maintain code that uses both SSLeay-0.6.x and SSLeay-0.8.x you could
use something like the following (assuming you #include "crypto.h" which
is something that you really should be doing).

#if SSLEAY_VERSION_NUMBER >= 0x0800
#define SSLEAY8
#endif

buffer.h -> splits into buffer.h and bio.h so you need to include bio.h
            too if you are working with BIO internal stuff (as distinct
        from simply using the interface in an opaque manner)

#include "bio.h"    - required along with "buffer.h" if you write
              your own BIO routines as the buffer and bio
              stuff that was intermixed has been separated
              out 
            
envelope.h -> evp.h  (which should have been done ages ago)

Initialisation ... don't forget these or you end up with code that
is missing the bits required to do useful things (like ciphers):

SSLeay_add_ssl_algorithms()
(probably also want SSL_load_error_strings() too but you should have
 already had that call in place)

SSL_CTX_new()   - requires an extra method parameter
              SSL_CTX_new(SSLv23_method()) 
              SSL_CTX_new(SSLv2_method()) 
              SSL_CTX_new(SSLv3_method()) 

          OR to only have the server or the client code
              SSL_CTX_new(SSLv23_server_method()) 
              SSL_CTX_new(SSLv2_server_method()) 
              SSL_CTX_new(SSLv3_server_method()) 
          or  
              SSL_CTX_new(SSLv23_client_method()) 
              SSL_CTX_new(SSLv2_client_method()) 
              SSL_CTX_new(SSLv3_client_method()) 

SSL_set_default_verify_paths() ... renamed to the more appropriate
SSL_CTX_set_default_verify_paths()

If you want to use client certificates then you have to add in a bit
of extra stuff in that a SSLv3 server sends a list of those CAs that
it will accept certificates from ... so you have to provide a list to
SSLeay otherwise certain browsers will not send client certs.

SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file));


X509_NAME_oneline(X)    -> X509_NAME_oneline(X,NULL,0)  
               or provide a buffer and size to copy the
               result into

X509_add_cert ->  X509_STORE_add_cert (and you might want to read the
          notes on X509_NAME structure changes too)


VERIFICATION CODE
=================

The codes have all be renamed from VERIFY_ERR_* to X509_V_ERR_* to
more accurately reflect things.

The verification callback args are now packaged differently so that
extra fields for verification can be added easily in future without
having to break things by adding extra parameters each release :-)

X509_cert_verify_error_string -> X509_verify_cert_error_string


BIO INTERNALS
=============

Eric has fixed things so that extra flags can be introduced in
the BIO layer in future without having to play with all the BIO
modules by adding in some macros.

The ugly stuff using 
    b->flags ~= (BIO_FLAGS_RW|BIO_FLAGS_SHOULD_RETRY)
becomes
    BIO_clear_retry_flags(b)

    b->flags |= (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY)
becomes
    BIO_set_retry_read(b)

Also ... BIO_get_retry_flags(b), BIO_set_flags(b)



OTHER THINGS
============

X509_NAME has been altered so that it isn't just a STACK ... the STACK
is now in the "entries" field ... and there are a pile of nice functions
for getting at the details in a much cleaner manner.

SSL_CTX has been altered ... "cert" is no longer a direct member of this
structure ... things are now down under "cert_store" (see x509_vfy.h) and
things are no longer in a CERTIFICATE_CTX but instead in a X509_STORE.
If your code "knows" about this level of detail then it will need some 
surgery.

If you depending on the incorrect spelling of a number of the error codes
then you will have to change your code as these have been fixed.

ENV_CIPHER "type" got renamed to "nid" and as that is what it actually
has been all along so this makes things clearer.
ify_cert_error_string(ctx->error));

SSL_R_NO_CIPHER_WE_TRUST -> SSL_R_NO_CIPHER_LIST
            and SSL_R_REUSE_CIPHER_LIST_NOT_ZERO



 Changes between 0.7.x and 0.8.0
  
  *) There have been lots of changes, mostly the addition of SSLv3.
     There have been many additions from people and amongst
     others, C2Net has assisted greatly.
 
 Changes between 0.7.x and 0.7.x

  *) Internal development version only

SSLeay 0.6.6 13-Jan-1997

The main additions are

- assember for x86 DES improvments.
  From 191,000 per second on a pentium 100, I now get 281,000.  The inner
  loop and the IP/FP modifications are from
  Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>.  Many thanks for his
  contribution.
- The 'DES macros' introduced in 0.6.5 now have 3 types.
  DES_PTR1, DES_PTR2 and 'normal'.  As per before, des_opts reports which
  is best and there is a summery of mine in crypto/des/options.txt
- A few bug fixes.
- Added blowfish.  It is not used by SSL but all the other stuff that
  deals with ciphers can use it in either ecb, cbc, cfb64 or ofb64 modes.
  There are 3 options for optimising Blowfish.  BF_PTR, BF_PTR2 and 'normal'.
  BF_PTR2 is pentium/x86 specific.  The correct option is setup in
  the 'Configure' script.
- There is now a 'get client certificate' callback which can be
  'non-blocking'.  If more details are required, let me know.  It will
  documented more in SSLv3 when I finish it.
- Bug fixes from 0.6.5 including the infamous 'ca' bug.  The 'make test'
  now tests the ca program.
- Lots of little things modified and tweaked.

 SSLeay 0.6.5

After quite some time (3 months), the new release.  I have been very busy
for the last few months and so this is mostly bug fixes and improvments.

The main additions are

- assember for x86 DES.  For all those gcc based systems, this is a big
  improvement.  From 117,000 DES operation a second on a pentium 100,
  I now get 191,000.  I have also reworked the C version so it
  now gives 148,000 DESs per second.  
- As mentioned above, the inner DES macros now have some more variant that
  sometimes help, sometimes hinder performance.  There are now 3 options
  DES_PTR (ptr vs array lookup), DES_UNROLL (full vs partial loop unrolling)
  and DES_RISC (a more register intensive version of the inner macro).
  The crypto/des/des_opts.c program, when compiled and run, will give
  an indication of the correct options to use.
- The BIO stuff has been improved.  Read doc/bio.doc.  There are now
  modules for encryption and base64 encoding and a BIO_printf() function.
- The CA program will accept simple one line X509v3 extensions in the
  ssleay.cnf file.  Have a look at the example.  Currently this just
  puts the text into the certificate as an OCTET_STRING so currently
  the more advanced X509v3 data types are not handled but this is enough
  for the netscape extensions.
- There is the start of a nicer higher level interface to the X509
  strucutre.
- Quite a lot of bug fixes.
- CRYPTO_malloc_init()  (or CRYPTO_set_mem_functions()) can be used
  to define the malloc(), free() and realloc() routines to use
  (look in crypto/crypto.h).  This is mostly needed for Windows NT/95 when
  using DLLs and mixing CRT libraries.

In general, read the 'VERSION' file for changes and be aware that som