diff --git a/.cvsignore b/.cvsignore new file mode 100644 index 0000000000000000000000000000000000000000..a7a20fcf09bf59e05e7e4112f8135f5c0b573b8c --- /dev/null +++ b/.cvsignore @@ -0,0 +1,18 @@ +openssl.pc +MINFO +makefile.one +tmp +out +outinc +rehash.time +testlog +make.log +maketest.log +cctest +cctest.c +cctest.a +libcrypto.so.* +libssl.so.* +*.flc +semantic.cache +Makefile diff --git a/CHANGES b/CHANGES new file mode 100644 index 0000000000000000000000000000000000000000..3d90e111017c010c67e589ba85997c6883a60180 --- /dev/null +++ b/CHANGES @@ -0,0 +1,7900 @@ + + OpenSSL CHANGES + _______________ + + Changes between 0.9.8e and 0.9.8f [xx XXX xxxx] + + *) In the SSL/TLS server implementation, be strict about session ID + context matching (which matters if an application uses a single + external cache for different purposes). Previously, + out-of-context reuse was forbidden only if SSL_VERIFY_PEER was + set. This did ensure strict client verification, but meant that, + with applications using a single external cache for quite + different requirements, clients could circumvent ciphersuite + restrictions for a given session ID context by starting a session + in a different context. + [Bodo Moeller] + + *) Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that + a ciphersuite string such as "DEFAULT:RSA" cannot enable + authentication-only ciphersuites. + [Bodo Moeller] + + Changes between 0.9.8d and 0.9.8e [23 Feb 2007] + + *) Since AES128 and AES256 (and similarly Camellia128 and + Camellia256) share a single mask bit in the logic of + ssl/ssl_ciph.c, the code for masking out disabled ciphers needs a + kludge to work properly if AES128 is available and AES256 isn't + (or if Camellia128 is available and Camellia256 isn't). + [Victor Duchovni] + + *) Fix the BIT STRING encoding generated by crypto/ec/ec_asn1.c + (within i2d_ECPrivateKey, i2d_ECPKParameters, i2d_ECParameters): + When a point or a seed is encoded in a BIT STRING, we need to + prevent the removal of trailing zero bits to get the proper DER + encoding. (By default, crypto/asn1/a_bitstr.c assumes the case + of a NamedBitList, for which trailing 0 bits need to be removed.) + [Bodo Moeller] + + *) Have SSL/TLS server implementation tolerate "mismatched" record + protocol version while receiving ClientHello even if the + ClientHello is fragmented. (The server can't insist on the + particular protocol version it has chosen before the ServerHello + message has informed the client about his choice.) + [Bodo Moeller] + + *) Add RFC 3779 support. + [Rob Austein for ARIN, Ben Laurie] + + *) Load error codes if they are not already present instead of using a + static variable. This allows them to be cleanly unloaded and reloaded. + Improve header file function name parsing. + [Steve Henson] + + *) extend SMTP and IMAP protocol emulation in s_client to use EHLO + or CAPABILITY handshake as required by RFCs. + [Goetz Babin-Ebell] + + Changes between 0.9.8c and 0.9.8d [28 Sep 2006] + + *) Introduce limits to prevent malicious keys being able to + cause a denial of service. (CVE-2006-2940) + [Steve Henson, Bodo Moeller] + + *) Fix ASN.1 parsing of certain invalid structures that can result + in a denial of service. (CVE-2006-2937) [Steve Henson] + + *) Fix buffer overflow in SSL_get_shared_ciphers() function. + (CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team] + + *) Fix SSL client code which could crash if connecting to a + malicious SSLv2 server. (CVE-2006-4343) + [Tavis Ormandy and Will Drewry, Google Security Team] + + *) Since 0.9.8b, ciphersuite strings naming explicit ciphersuites + match only those. Before that, "AES256-SHA" would be interpreted + as a pattern and match "AES128-SHA" too (since AES128-SHA got + the same strength classification in 0.9.7h) as we currently only + have a single AES bit in the ciphersuite description bitmap. + That change, however, also applied to ciphersuite strings such as + "RC4-MD5" that intentionally matched multiple ciphersuites -- + namely, SSL 2.0 ciphersuites in addition to the more common ones + from SSL 3.0/TLS 1.0. + + So we change the selection algorithm again: Naming an explicit + ciphersuite selects this one ciphersuite, and any other similar + ciphersuite (same bitmap) from *other* protocol versions. + Thus, "RC4-MD5" again will properly select both the SSL 2.0 + ciphersuite and the SSL 3.0/TLS 1.0 ciphersuite. + + Since SSL 2.0 does not have any ciphersuites for which the + 128/256 bit distinction would be relevant, this works for now. + The proper fix will be to use different bits for AES128 and + AES256, which would have avoided the problems from the beginning; + however, bits are scarce, so we can only do this in a new release + (not just a patchlevel) when we can change the SSL_CIPHER + definition to split the single 'unsigned long mask' bitmap into + multiple values to extend the available space. + + [Bodo Moeller] + + Changes between 0.9.8b and 0.9.8c [05 Sep 2006] + + *) Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher + (CVE-2006-4339) [Ben Laurie and Google Security Team] + + *) Add AES IGE and biIGE modes. + [Ben Laurie] + + *) Change the Unix randomness entropy gathering to use poll() when + possible instead of select(), since the latter has some + undesirable limitations. + [Darryl Miles via Richard Levitte and Bodo Moeller] + + *) Disable "ECCdraft" ciphersuites more thoroughly. Now special + treatment in ssl/ssl_ciph.s makes sure that these ciphersuites + cannot be implicitly activated as part of, e.g., the "AES" alias. + However, please upgrade to OpenSSL 0.9.9[-dev] for + non-experimental use of the ECC ciphersuites to get TLS extension + support, which is required for curve and point format negotiation + to avoid potential handshake problems. + [Bodo Moeller] + + *) Disable rogue ciphersuites: + + - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5") + - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5") + - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5") + + The latter two were purportedly from + draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really + appear there. + + Also deactivate the remaining ciphersuites from + draft-ietf-tls-56-bit-ciphersuites-01.txt. These are just as + unofficial, and the ID has long expired. + [Bodo Moeller] + + *) Fix RSA blinding Heisenbug (problems sometimes occured on + dual-core machines) and other potential thread-safety issues. + [Bodo Moeller] + + *) Add the symmetric cipher Camellia (128-bit, 192-bit, 256-bit key + versions), which is now available for royalty-free use + (see http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html). + Also, add Camellia TLS ciphersuites from RFC 4132. + + To minimize changes between patchlevels in the OpenSSL 0.9.8 + series, Camellia remains excluded from compilation unless OpenSSL + is configured with 'enable-camellia'. + [NTT] + + *) Disable the padding bug check when compression is in use. The padding + bug check assumes the first packet is of even length, this is not + necessarily true if compresssion is enabled and can result in false + positives causing handshake failure. The actual bug test is ancient + code so it is hoped that implementations will either have fixed it by + now or any which still have the bug do not support compression. + [Steve Henson] + + Changes between 0.9.8a and 0.9.8b [04 May 2006] + + *) When applying a cipher rule check to see if string match is an explicit + cipher suite and only match that one cipher suite if it is. + [Steve Henson] + + *) Link in manifests for VC++ if needed. + [Austin Ziegler ] + + *) Update support for ECC-based TLS ciphersuites according to + draft-ietf-tls-ecc-12.txt with proposed changes (but without + TLS extensions, which are supported starting with the 0.9.9 + branch, not in the OpenSSL 0.9.8 branch). + [Douglas Stebila] + + *) New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free() to support + opaque EVP_CIPHER_CTX handling. + [Steve Henson] + + *) Fixes and enhancements to zlib compression code. We now only use + "zlib1.dll" and use the default __cdecl calling convention on Win32 + to conform with the standards mentioned here: + http://www.zlib.net/DLL_FAQ.txt + Static zlib linking now works on Windows and the new --with-zlib-include + --with-zlib-lib options to Configure can be used to supply the location + of the headers and library. Gracefully handle case where zlib library + can't be loaded. + [Steve Henson] + + *) Several fixes and enhancements to the OID generation code. The old code + sometimes allowed invalid OIDs (1.X for X >= 40 for example), couldn't + handle numbers larger than ULONG_MAX, truncated printing and had a + non standard OBJ_obj2txt() behaviour. + [Steve Henson] + + *) Add support for building of engines under engine/ as shared libraries + under VC++ build system. + [Steve Henson] + + *) Corrected the numerous bugs in the Win32 path splitter in DSO. + Hopefully, we will not see any false combination of paths any more. + [Richard Levitte] + + Changes between 0.9.8 and 0.9.8a [11 Oct 2005] + + *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING + (part of SSL_OP_ALL). This option used to disable the + countermeasure against man-in-the-middle protocol-version + rollback in the SSL 2.0 server implementation, which is a bad + idea. (CVE-2005-2969) + + [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center + for Information Security, National Institute of Advanced Industrial + Science and Technology [AIST], Japan)] + + *) Add two function to clear and return the verify parameter flags. + [Steve Henson] + + *) Keep cipherlists sorted in the source instead of sorting them at + runtime, thus removing the need for a lock. + [Nils Larsch] + + *) Avoid some small subgroup attacks in Diffie-Hellman. + [Nick Mathewson and Ben Laurie] + + *) Add functions for well-known primes. + [Nick Mathewson] + + *) Extended Windows CE support. + [Satoshi Nakamura and Andy Polyakov] + + *) Initialize SSL_METHOD structures at compile time instead of during + runtime, thus removing the need for a lock. + [Steve Henson] + + *) Make PKCS7_decrypt() work even if no certificate is supplied by + attempting to decrypt each encrypted key in turn. Add support to + smime utility. + [Steve Henson] + + Changes between 0.9.7h and 0.9.8 [05 Jul 2005] + + [NB: OpenSSL 0.9.7i and later 0.9.7 patch levels were released after + OpenSSL 0.9.8.] + + *) Add libcrypto.pc and libssl.pc for those who feel they need them. + [Richard Levitte] + + *) Change CA.sh and CA.pl so they don't bundle the CSR and the private + key into the same file any more. + [Richard Levitte] + + *) Add initial support for Win64, both IA64 and AMD64/x64 flavors. + [Andy Polyakov] + + *) Add -utf8 command line and config file option to 'ca'. + [Stefan and Geoff Thorpe] + + *) Add attribute functions to EVP_PKEY structure. Modify + PKCS12_create() to recognize a CSP name attribute and + use it. Make -CSP option work again in pkcs12 utility. + [Steve Henson] + + *) Add new functionality to the bn blinding code: + - automatic re-creation of the BN_BLINDING parameters after + a fixed number of uses (currently 32) + - add new function for parameter creation + - introduce flags to control the update behaviour of the + BN_BLINDING parameters + - hide BN_BLINDING structure + Add a second BN_BLINDING slot to the RSA structure to improve + performance when a single RSA object is shared among several + threads. + [Nils Larsch] + + *) Add support for DTLS. + [Nagendra Modadugu and Ben Laurie] + + *) Add support for DER encoded private keys (SSL_FILETYPE_ASN1) + to SSL_CTX_use_PrivateKey_file() and SSL_use_PrivateKey_file() + [Walter Goulet] + + *) Remove buggy and incompletet DH cert support from + ssl/ssl_rsa.c and ssl/s3_both.c + [Nils Larsch] + + *) Use SHA-1 instead of MD5 as the default digest algorithm for + the apps/openssl applications. + [Nils Larsch] + + *) Compile clean with "-Wall -Wmissing-prototypes + -Wstrict-prototypes -Wmissing-declarations -Werror". Currently + DEBUG_SAFESTACK must also be set. + [Ben Laurie] + + *) Change ./Configure so that certain algorithms can be disabled by default. + The new counterpiece to "no-xxx" is "enable-xxx". + + The patented RC5 and MDC2 algorithms will now be disabled unless + "enable-rc5" and "enable-mdc2", respectively, are specified. + + (IDEA remains enabled despite being patented. This is because IDEA + is frequently required for interoperability, and there is no license + fee for non-commercial use. As before, "no-idea" can be used to + avoid this algorithm.) + + [Bodo Moeller] + + *) Add processing of proxy certificates (see RFC 3820). This work was + sponsored by KTH (The Royal Institute of Technology in Stockholm) and + EGEE (Enabling Grids for E-science in Europe). + [Richard Levitte] + + *) RC4 performance overhaul on modern architectures/implementations, such + as Intel P4, IA-64 and AMD64. + [Andy Polyakov] + + *) New utility extract-section.pl. This can be used specify an alternative + section number in a pod file instead of having to treat each file as + a separate case in Makefile. This can be done by adding two lines to the + pod file: + + =for comment openssl_section:XXX + + The blank line is mandatory. + + [Steve Henson] + + *) New arguments -certform, -keyform and -pass for s_client and s_server + to allow alternative format key and certificate files and passphrase + sources. + [Steve Henson] + + *) New structure X509_VERIFY_PARAM which combines current verify parameters, + update associated structures and add various utility functions. + + Add new policy related verify parameters, include policy checking in + standard verify code. Enhance 'smime' application with extra parameters + to support policy checking and print out. + [Steve Henson] + + *) Add a new engine to support VIA PadLock ACE extensions in the VIA C3 + Nehemiah processors. These extensions support AES encryption in hardware + as well as RNG (though RNG support is currently disabled). + [Michal Ludvig , with help from Andy Polyakov] + + *) Deprecate BN_[get|set]_params() functions (they were ignored internally). + [Geoff Thorpe] + + *) New FIPS 180-2 algorithms, SHA-224/-256/-384/-512 are implemented. + [Andy Polyakov and a number of other people] + + *) Improved PowerPC platform support. Most notably BIGNUM assembler + implementation contributed by IBM. + [Suresh Chari, Peter Waltenberg, Andy Polyakov] + + *) The new 'RSA_generate_key_ex' function now takes a BIGNUM for the public + exponent rather than 'unsigned long'. There is a corresponding change to + the new 'rsa_keygen' element of the RSA_METHOD structure. + [Jelte Jansen, Geoff Thorpe] + + *) Functionality for creating the initial serial number file is now + moved from CA.pl to the 'ca' utility with a new option -create_serial. + + (Before OpenSSL 0.9.7e, CA.pl used to initialize the serial + number file to 1, which is bound to cause problems. To avoid + the problems while respecting compatibility between different 0.9.7 + patchlevels, 0.9.7e employed 'openssl x509 -next_serial' in + CA.pl for serial number initialization. With the new release 0.9.8, + we can fix the problem directly in the 'ca' utility.) + [Steve Henson] + + *) Reduced header interdepencies by declaring more opaque objects in + ossl_typ.h. As a consequence, including some headers (eg. engine.h) will + give fewer recursive includes, which could break lazy source code - so + this change is covered by the OPENSSL_NO_DEPRECATED symbol. As always, + developers should define this symbol when building and using openssl to + ensure they track the recommended behaviour, interfaces, [etc], but + backwards-compatible behaviour prevails when this isn't defined. + [Geoff Thorpe] + + *) New function X509_POLICY_NODE_print() which prints out policy nodes. + [Steve Henson] + + *) Add new EVP function EVP_CIPHER_CTX_rand_key and associated functionality. + This will generate a random key of the appropriate length based on the + cipher context. The EVP_CIPHER can provide its own random key generation + routine to support keys of a specific form. This is used in the des and + 3des routines to generate a key of the correct parity. Update S/MIME + code to use new functions and hence generate correct parity DES keys. + Add EVP_CHECK_DES_KEY #define to return an error if the key is not + valid (weak or incorrect parity). + [Steve Henson] + + *) Add a local set of CRLs that can be used by X509_verify_cert() as well + as looking them up. This is useful when the verified structure may contain + CRLs, for example PKCS#7 signedData. Modify PKCS7_verify() to use any CRLs + present unless the new PKCS7_NO_CRL flag is asserted. + [Steve Henson] + + *) Extend ASN1 oid configuration module. It now additionally accepts the + syntax: + + shortName = some long name, 1.2.3.4 + [Steve Henson] + + *) Reimplemented the BN_CTX implementation. There is now no more static + limitation on the number of variables it can handle nor the depth of the + "stack" handling for BN_CTX_start()/BN_CTX_end() pairs. The stack + information can now expand as required, and rather than having a single + static array of bignums, BN_CTX now uses a linked-list of such arrays + allowing it to expand on demand whilst maintaining the usefulness of + BN_CTX's "bundling". + [Geoff Thorpe] + + *) Add a missing BN_CTX parameter to the 'rsa_mod_exp' callback in RSA_METHOD + to allow all RSA operations to function using a single BN_CTX. + [Geoff Thorpe] + + *) Preliminary support for certificate policy evaluation and checking. This + is initially intended to pass the tests outlined in "Conformance Testing + of Relying Party Client Certificate Path Processing Logic" v1.07. + [Steve Henson] + + *) bn_dup_expand() has been deprecated, it was introduced in 0.9.7 and + remained unused and not that useful. A variety of other little bignum + tweaks and fixes have also been made continuing on from the audit (see + below). + [Geoff Thorpe] + + *) Constify all or almost all d2i, c2i, s2i and r2i functions, along with + associated ASN1, EVP and SSL functions and old ASN1 macros. + [Richard Levitte] + + *) BN_zero() only needs to set 'top' and 'neg' to zero for correct results, + and this should never fail. So the return value from the use of + BN_set_word() (which can fail due to needless expansion) is now deprecated; + if OPENSSL_NO_DEPRECATED is defined, BN_zero() is a void macro. + [Geoff Thorpe] + + *) BN_CTX_get() should return zero-valued bignums, providing the same + initialised value as BN_new(). + [Geoff Thorpe, suggested by Ulf Möller] + + *) Support for inhibitAnyPolicy certificate extension. + [Steve Henson] + + *) An audit of the BIGNUM code is underway, for which debugging code is + enabled when BN_DEBUG is defined. This makes stricter enforcements on what + is considered valid when processing BIGNUMs, and causes execution to + assert() when a problem is discovered. If BN_DEBUG_RAND is defined, + further steps are taken to deliberately pollute unused data in BIGNUM + structures to try and expose faulty code further on. For now, openssl will + (in its default mode of operation) continue to tolerate the inconsistent + forms that it has tolerated in the past, but authors and packagers should + consider trying openssl and their own applications when compiled with + these debugging symbols defined. It will help highlight potential bugs in + their own code, and will improve the test coverage for OpenSSL itself. At + some point, these tighter rules will become openssl's default to improve + maintainability, though the assert()s and other overheads will remain only + in debugging configurations. See bn.h for more details. + [Geoff Thorpe, Nils Larsch, Ulf Möller] + + *) BN_CTX_init() has been deprecated, as BN_CTX is an opaque structure + that can only be obtained through BN_CTX_new() (which implicitly + initialises it). The presence of this function only made it possible + to overwrite an existing structure (and cause memory leaks). + [Geoff Thorpe] + + *) Because of the callback-based approach for implementing LHASH as a + template type, lh_insert() adds opaque objects to hash-tables and + lh_doall() or lh_doall_arg() are typically used with a destructor callback + to clean up those corresponding objects before destroying the hash table + (and losing the object pointers). So some over-zealous constifications in + LHASH have been relaxed so that lh_insert() does not take (nor store) the + objects as "const" and the lh_doall[_arg] callback wrappers are not + prototyped to have "const" restrictions on the object pointers they are + given (and so aren't required to cast them away any more). + [Geoff Thorpe] + + *) The tmdiff.h API was so ugly and minimal that our own timing utility + (speed) prefers to use its own implementation. The two implementations + haven't been consolidated as yet (volunteers?) but the tmdiff API has had + its object type properly exposed (MS_TM) instead of casting to/from "char + *". This may still change yet if someone realises MS_TM and "ms_time_***" + aren't necessarily the greatest nomenclatures - but this is what was used + internally to the implementation so I've used that for now. + [Geoff Thorpe] + + *) Ensure that deprecated functions do not get compiled when + OPENSSL_NO_DEPRECATED is defined. Some "openssl" subcommands and a few of + the self-tests were still using deprecated key-generation functions so + these have been updated also. + [Geoff Thorpe] + + *) Reorganise PKCS#7 code to separate the digest location functionality + into PKCS7_find_digest(), digest addtion into PKCS7_bio_add_digest(). + New function PKCS7_set_digest() to set the digest type for PKCS#7 + digestedData type. Add additional code to correctly generate the + digestedData type and add support for this type in PKCS7 initialization + functions. + [Steve Henson] + + *) New function PKCS7_set0_type_other() this initializes a PKCS7 + structure of type "other". + [Steve Henson] + + *) Fix prime generation loop in crypto/bn/bn_prime.pl by making + sure the loop does correctly stop and breaking ("division by zero") + modulus operations are not performed. The (pre-generated) prime + table crypto/bn/bn_prime.h was already correct, but it could not be + re-generated on some platforms because of the "division by zero" + situation in the script. + [Ralf S. Engelschall] + + *) Update support for ECC-based TLS ciphersuites according to + draft-ietf-tls-ecc-03.txt: the KDF1 key derivation function with + SHA-1 now is only used for "small" curves (where the + representation of a field element takes up to 24 bytes); for + larger curves, the field element resulting from ECDH is directly + used as premaster secret. + [Douglas Stebila (Sun Microsystems Laboratories)] + + *) Add code for kP+lQ timings to crypto/ec/ectest.c, and add SEC2 + curve secp160r1 to the tests. + [Douglas Stebila (Sun Microsystems Laboratories)] + + *) Add the possibility to load symbols globally with DSO. + [Götz Babin-Ebell via Richard Levitte] + + *) Add the functions ERR_set_mark() and ERR_pop_to_mark() for better + control of the error stack. + [Richard Levitte] + + *) Add support for STORE in ENGINE. + [Richard Levitte] + + *) Add the STORE type. The intention is to provide a common interface + to certificate and key stores, be they simple file-based stores, or + HSM-type store, or LDAP stores, or... + NOTE: The code is currently UNTESTED and isn't really used anywhere. + [Richard Levitte] + + *) Add a generic structure called OPENSSL_ITEM. This can be used to + pass a list of arguments to any function as well as provide a way + for a function to pass data back to the caller. + [Richard Levitte] + + *) Add the functions BUF_strndup() and BUF_memdup(). BUF_strndup() + works like BUF_strdup() but can be used to duplicate a portion of + a string. The copy gets NUL-terminated. BUF_memdup() duplicates + a memory area. + [Richard Levitte] + + *) Add the function sk_find_ex() which works like sk_find(), but will + return an index to an element even if an exact match couldn't be + found. The index is guaranteed to point at the element where the + searched-for key would be inserted to preserve sorting order. + [Richard Levitte] + + *) Add the function OBJ_bsearch_ex() which works like OBJ_bsearch() but + takes an extra flags argument for optional functionality. Currently, + the following flags are defined: + + OBJ_BSEARCH_VALUE_ON_NOMATCH + This one gets OBJ_bsearch_ex() to return a pointer to the first + element where the comparing function returns a negative or zero + number. + + OBJ_BSEARCH_FIRST_VALUE_ON_MATCH + This one gets OBJ_bsearch_ex() to return a pointer to the first + element where the comparing function returns zero. This is useful + if there are more than one element where the comparing function + returns zero. + [Richard Levitte] + + *) Make it possible to create self-signed certificates with 'openssl ca' + in such a way that the self-signed certificate becomes part of the + CA database and uses the same mechanisms for serial number generation + as all other certificate signing. The new flag '-selfsign' enables + this functionality. Adapt CA.sh and CA.pl.in. + [Richard Levitte] + + *) Add functionality to check the public key of a certificate request + against a given private. This is useful to check that a certificate + request can be signed by that key (self-signing). + [Richard Levitte] + + *) Make it possible to have multiple active certificates with the same + subject in the CA index file. This is done only if the keyword + 'unique_subject' is set to 'no' in the main CA section (default + if 'CA_default') of the configuration file. The value is saved + with the database itself in a separate index attribute file, + named like the index file with '.attr' appended to the name. + [Richard Levitte] + + *) Generate muti valued AVAs using '+' notation in config files for + req and dirName. + [Steve Henson] + + *) Support for nameConstraints certificate extension. + [Steve Henson] + + *) Support for policyConstraints certificate extension. + [Steve Henson] + + *) Support for policyMappings certificate extension. + [Steve Henson] + + *) Make sure the default DSA_METHOD implementation only uses its + dsa_mod_exp() and/or bn_mod_exp() handlers if they are non-NULL, + and change its own handlers to be NULL so as to remove unnecessary + indirection. This lets alternative implementations fallback to the + default implementation more easily. + [Geoff Thorpe] + + *) Support for directoryName in GeneralName related extensions + in config files. + [Steve Henson] + + *) Make it possible to link applications using Makefile.shared. + Make that possible even when linking against static libraries! + [Richard Levitte] + + *) Support for single pass processing for S/MIME signing. This now + means that S/MIME signing can be done from a pipe, in addition + cleartext signing (multipart/signed type) is effectively streaming + and the signed data does not need to be all held in memory. + + This is done with a new flag PKCS7_STREAM. When this flag is set + PKCS7_sign() only initializes the PKCS7 structure and the actual signing + is done after the data is output (and digests calculated) in + SMIME_write_PKCS7(). + [Steve Henson] + + *) Add full support for -rpath/-R, both in shared libraries and + applications, at least on the platforms where it's known how + to do it. + [Richard Levitte] + + *) In crypto/ec/ec_mult.c, implement fast point multiplication with + precomputation, based on wNAF splitting: EC_GROUP_precompute_mult() + will now compute a table of multiples of the generator that + makes subsequent invocations of EC_POINTs_mul() or EC_POINT_mul() + faster (notably in the case of a single point multiplication, + scalar * generator). + [Nils Larsch, Bodo Moeller] + + *) IPv6 support for certificate extensions. The various extensions + which use the IP:a.b.c.d can now take IPv6 addresses using the + formats of RFC1884 2.2 . IPv6 addresses are now also displayed + correctly. + [Steve Henson] + + *) Added an ENGINE that implements RSA by performing private key + exponentiations with the GMP library. The conversions to and from + GMP's mpz_t format aren't optimised nor are any montgomery forms + cached, and on x86 it appears OpenSSL's own performance has caught up. + However there are likely to be other architectures where GMP could + provide a boost. This ENGINE is not built in by default, but it can be + specified at Configure time and should be accompanied by the necessary + linker additions, eg; + ./config -DOPENSSL_USE_GMP -lgmp + [Geoff Thorpe] + + *) "openssl engine" will not display ENGINE/DSO load failure errors when + testing availability of engines with "-t" - the old behaviour is + produced by increasing the feature's verbosity with "-tt". + [Geoff Thorpe] + + *) ECDSA routines: under certain error conditions uninitialized BN objects + could be freed. Solution: make sure initialization is performed early + enough. (Reported and fix supplied by Nils Larsch + via PR#459) + [Lutz Jaenicke] + + *) Key-generation can now be implemented in RSA_METHOD, DSA_METHOD + and DH_METHOD (eg. by ENGINE implementations) to override the normal + software implementations. For DSA and DH, parameter generation can + also be overriden by providing the appropriate method callbacks. + [Geoff Thorpe] + + *) Change the "progress" mechanism used in key-generation and + primality testing to functions that take a new BN_GENCB pointer in + place of callback/argument pairs. The new API functions have "_ex" + postfixes and the older functions are reimplemented as wrappers for + the new ones. The OPENSSL_NO_DEPRECATED symbol can be used to hide + declarations of the old functions to help (graceful) attempts to + migrate to the new functions. Also, the new key-generation API + functions operate on a caller-supplied key-structure and return + success/failure rather than returning a key or NULL - this is to + help make "keygen" another member function of RSA_METHOD etc. + + Example for using the new callback interface: + + int (*my_callback)(int a, int b, BN_GENCB *cb) = ...; + void *my_arg = ...; + BN_GENCB my_cb; + + BN_GENCB_set(&my_cb, my_callback, my_arg); + + return BN_is_prime_ex(some_bignum, BN_prime_checks, NULL, &cb); + /* For the meaning of a, b in calls to my_callback(), see the + * documentation of the function that calls the callback. + * cb will point to my_cb; my_arg can be retrieved as cb->arg. + * my_callback should return 1 if it wants BN_is_prime_ex() + * to continue, or 0 to stop. + */ + + [Geoff Thorpe] + + *) Change the ZLIB compression method to be stateful, and make it + available to TLS with the number defined in + draft-ietf-tls-compression-04.txt. + [Richard Levitte] + + *) Add the ASN.1 structures and functions for CertificatePair, which + is defined as follows (according to X.509_4thEditionDraftV6.pdf): + + CertificatePair ::= SEQUENCE { + forward [0] Certificate OPTIONAL, + reverse [1] Certificate OPTIONAL, + -- at least one of the pair shall be present -- } + + Also implement the PEM functions to read and write certificate + pairs, and defined the PEM tag as "CERTIFICATE PAIR". + + This needed to be defined, mostly for the sake of the LDAP + attribute crossCertificatePair, but may prove useful elsewhere as + well. + [Richard Levitte] + + *) Make it possible to inhibit symlinking of shared libraries in + Makefile.shared, for Cygwin's sake. + [Richard Levitte] + + *) Extend the BIGNUM API by creating a function + void BN_set_negative(BIGNUM *a, int neg); + and a macro that behave like + int BN_is_negative(const BIGNUM *a); + + to avoid the need to access 'a->neg' directly in applications. + [Nils Larsch] + + *) Implement fast modular reduction for pseudo-Mersenne primes + used in NIST curves (crypto/bn/bn_nist.c, crypto/ec/ecp_nist.c). + EC_GROUP_new_curve_GFp() will now automatically use this + if applicable. + [Nils Larsch ] + + *) Add new lock type (CRYPTO_LOCK_BN). + [Bodo Moeller] + + *) Change the ENGINE framework to automatically load engines + dynamically from specific directories unless they could be + found to already be built in or loaded. Move all the + current engines except for the cryptodev one to a new + directory engines/. + The engines in engines/ are built as shared libraries if + the "shared" options was given to ./Configure or ./config. + Otherwise, they are inserted in libcrypto.a. + /usr/local/ssl/engines is the default directory for dynamic + engines, but that can be overriden at configure time through + the usual use of --prefix and/or --openssldir, and at run + time with the environment variable OPENSSL_ENGINES. + [Geoff Thorpe and Richard Levitte] + + *) Add Makefile.shared, a helper makefile to build shared + libraries. Addapt Makefile.org. + [Richard Levitte] + + *) Add version info to Win32 DLLs. + [Peter 'Luna' Runestig" ] + + *) Add new 'medium level' PKCS#12 API. Certificates and keys + can be added using this API to created arbitrary PKCS#12 + files while avoiding the low level API. + + New options to PKCS12_create(), key or cert can be NULL and + will then be omitted from the output file. The encryption + algorithm NIDs can be set to -1 for no encryption, the mac + iteration count can be set to 0 to omit the mac. + + Enhance pkcs12 utility by making the -nokeys and -nocerts + options work when creating a PKCS#12 file. New option -nomac + to omit the mac, NONE can be set for an encryption algorithm. + New code is modified to use the enhanced PKCS12_create() + instead of the low level API. + [Steve Henson] + + *) Extend ASN1 encoder to support indefinite length constructed + encoding. This can output sequences tags and octet strings in + this form. Modify pk7_asn1.c to support indefinite length + encoding. This is experimental and needs additional code to + be useful, such as an ASN1 bio and some enhanced streaming + PKCS#7 code. + + Extend template encode functionality so that tagging is passed + down to the template encoder. + [Steve Henson] + + *) Let 'openssl req' fail if an argument to '-newkey' is not + recognized instead of using RSA as a default. + [Bodo Moeller] + + *) Add support for ECC-based ciphersuites from draft-ietf-tls-ecc-01.txt. + As these are not official, they are not included in "ALL"; + the "ECCdraft" ciphersuite group alias can be used to select them. + [Vipul Gupta and Sumit Gupta (Sun Microsystems Laboratories)] + + *) Add ECDH engine support. + [Nils Gura and Douglas Stebila (Sun Microsystems Laboratories)] + + *) Add ECDH in new directory crypto/ecdh/. + [Douglas Stebila (Sun Microsystems Laboratories)] + + *) Let BN_rand_range() abort with an error after 100 iterations + without success (which indicates a broken PRNG). + [Bodo Moeller] + + *) Change BN_mod_sqrt() so that it verifies that the input value + is really the square of the return value. (Previously, + BN_mod_sqrt would show GIGO behaviour.) + [Bodo Moeller] + + *) Add named elliptic curves over binary fields from X9.62, SECG, + and WAP/WTLS; add OIDs that were still missing. + + [Sheueling Chang Shantz and Douglas Stebila + (Sun Microsystems Laboratories)] + + *) Extend the EC library for elliptic curves over binary fields + (new files ec2_smpl.c, ec2_smpt.c, ec2_mult.c in crypto/ec/). + New EC_METHOD: + + EC_GF2m_simple_method + + New API functions: + + EC_GROUP_new_curve_GF2m + EC_GROUP_set_curve_GF2m + EC_GROUP_get_curve_GF2m + EC_POINT_set_affine_coordinates_GF2m + EC_POINT_get_affine_coordinates_GF2m + EC_POINT_set_compressed_coordinates_GF2m + + Point compression for binary fields is disabled by default for + patent reasons (compile with OPENSSL_EC_BIN_PT_COMP defined to + enable it). + + As binary polynomials are represented as BIGNUMs, various members + of the EC_GROUP and EC_POINT data structures can be shared + between the implementations for prime fields and binary fields; + the above ..._GF2m functions (except for EX_GROUP_new_curve_GF2m) + are essentially identical to their ..._GFp counterparts. + (For simplicity, the '..._GFp' prefix has been dropped from + various internal method names.) + + An internal 'field_div' method (similar to 'field_mul' and + 'field_sqr') has been added; this is used only for binary fields. + + [Sheueling Chang Shantz and Douglas Stebila + (Sun Microsystems Laboratories)] + + *) Optionally dispatch EC_POINT_mul(), EC_POINT_precompute_mult() + through methods ('mul', 'precompute_mult'). + + The generic implementations (now internally called 'ec_wNAF_mul' + and 'ec_wNAF_precomputed_mult') remain the default if these + methods are undefined. + + [Sheueling Chang Shantz and Douglas Stebila + (Sun Microsystems Laboratories)] + + *) New function EC_GROUP_get_degree, which is defined through + EC_METHOD. For curves over prime fields, this returns the bit + length of the modulus. + + [Sheueling Chang Shantz and Douglas Stebila + (Sun Microsystems Laboratories)] + + *) New functions EC_GROUP_dup, EC_POINT_dup. + (These simply call ..._new and ..._copy). + + [Sheueling Chang Shantz and Douglas Stebila + (Sun Microsystems Laboratories)] + + *) Add binary polynomial arithmetic software in crypto/bn/bn_gf2m.c. + Polynomials are represented as BIGNUMs (where the sign bit is not + used) in the following functions [macros]: + + BN_GF2m_add + BN_GF2m_sub [= BN_GF2m_add] + BN_GF2m_mod [wrapper for BN_GF2m_mod_arr] + BN_GF2m_mod_mul [wrapper for BN_GF2m_mod_mul_arr] + BN_GF2m_mod_sqr [wrapper for BN_GF2m_mod_sqr_arr] + BN_GF2m_mod_inv + BN_GF2m_mod_exp [wrapper for BN_GF2m_mod_exp_arr] + BN_GF2m_mod_sqrt [wrapper for BN_GF2m_mod_sqrt_arr] + BN_GF2m_mod_solve_quad [wrapper for BN_GF2m_mod_solve_quad_arr] + BN_GF2m_cmp [= BN_ucmp] + + (Note that only the 'mod' functions are actually for fields GF(2^m). + BN_GF2m_add() is misnomer, but this is for the sake of consistency.) + + For some functions, an the irreducible polynomial defining a + field can be given as an 'unsigned int[]' with strictly + decreasing elements giving the indices of those bits that are set; + i.e., p[] represents the polynomial + f(t) = t^p[0] + t^p[1] + ... + t^p[k] + where + p[0] > p[1] > ... > p[k] = 0. + This applies to the following functions: + + BN_GF2m_mod_arr + BN_GF2m_mod_mul_arr + BN_GF2m_mod_sqr_arr + BN_GF2m_mod_inv_arr [wrapper for BN_GF2m_mod_inv] + BN_GF2m_mod_div_arr [wrapper for BN_GF2m_mod_div] + BN_GF2m_mod_exp_arr + BN_GF2m_mod_sqrt_arr + BN_GF2m_mod_solve_quad_arr + BN_GF2m_poly2arr + BN_GF2m_arr2poly + + Conversion can be performed by the following functions: + + BN_GF2m_poly2arr + BN_GF2m_arr2poly + + bntest.c has additional tests for binary polynomial arithmetic. + + Two implementations for BN_GF2m_mod_div() are available. + The default algorithm simply uses BN_GF2m_mod_inv() and + BN_GF2m_mod_mul(). The alternative algorithm is compiled in only + if OPENSSL_SUN_GF2M_DIV is defined (patent pending; read the + copyright notice in crypto/bn/bn_gf2m.c before enabling it). + + [Sheueling Chang Shantz and Douglas Stebila + (Sun Microsystems Laboratories)] + + *) Add new error code 'ERR_R_DISABLED' that can be used when some + functionality is disabled at compile-time. + [Douglas Stebila ] + + *) Change default behaviour of 'openssl asn1parse' so that more + information is visible when viewing, e.g., a certificate: + + Modify asn1_parse2 (crypto/asn1/asn1_par.c) so that in non-'dump' + mode the content of non-printable OCTET STRINGs is output in a + style similar to INTEGERs, but with '[HEX DUMP]' prepended to + avoid the appearance of a printable string. + [Nils Larsch ] + + *) Add 'asn1_flag' and 'asn1_form' member to EC_GROUP with access + functions + EC_GROUP_set_asn1_flag() + EC_GROUP_get_asn1_flag() + EC_GROUP_set_point_conversion_form() + EC_GROUP_get_point_conversion_form() + These control ASN1 encoding details: + - Curves (i.e., groups) are encoded explicitly unless asn1_flag + has been set to OPENSSL_EC_NAMED_CURVE. + - Points are encoded in uncompressed form by default; options for + asn1_for are as for point2oct, namely + POINT_CONVERSION_COMPRESSED + POINT_CONVERSION_UNCOMPRESSED + POINT_CONVERSION_HYBRID + + Also add 'seed' and 'seed_len' members to EC_GROUP with access + functions + EC_GROUP_set_seed() + EC_GROUP_get0_seed() + EC_GROUP_get_seed_len() + This is used only for ASN1 purposes (so far). + [Nils Larsch ] + + *) Add 'field_type' member to EC_METHOD, which holds the NID + of the appropriate field type OID. The new function + EC_METHOD_get_field_type() returns this value. + [Nils Larsch ] + + *) Add functions + EC_POINT_point2bn() + EC_POINT_bn2point() + EC_POINT_point2hex() + EC_POINT_hex2point() + providing useful interfaces to EC_POINT_point2oct() and + EC_POINT_oct2point(). + [Nils Larsch ] + + *) Change internals of the EC library so that the functions + EC_GROUP_set_generator() + EC_GROUP_get_generator() + EC_GROUP_get_order() + EC_GROUP_get_cofactor() + are implemented directly in crypto/ec/ec_lib.c and not dispatched + to methods, which would lead to unnecessary code duplication when + adding different types of curves. + [Nils Larsch with input by Bodo Moeller] + + *) Implement compute_wNAF (crypto/ec/ec_mult.c) without BIGNUM + arithmetic, and such that modified wNAFs are generated + (which avoid length expansion in many cases). + [Bodo Moeller] + + *) Add a function EC_GROUP_check_discriminant() (defined via + EC_METHOD) that verifies that the curve discriminant is non-zero. + + Add a function EC_GROUP_check() that makes some sanity tests + on a EC_GROUP, its generator and order. This includes + EC_GROUP_check_discriminant(). + [Nils Larsch ] + + *) Add ECDSA in new directory crypto/ecdsa/. + + Add applications 'openssl ecparam' and 'openssl ecdsa' + (these are based on 'openssl dsaparam' and 'openssl dsa'). + + ECDSA support is also included in various other files across the + library. Most notably, + - 'openssl req' now has a '-newkey ecdsa:file' option; + - EVP_PKCS82PKEY (crypto/evp/evp_pkey.c) now can handle ECDSA; + - X509_PUBKEY_get (crypto/asn1/x_pubkey.c) and + d2i_PublicKey (crypto/asn1/d2i_pu.c) have been modified to make + them suitable for ECDSA where domain parameters must be + extracted before the specific public key; + - ECDSA engine support has been added. + [Nils Larsch ] + + *) Include some named elliptic curves, and add OIDs from X9.62, + SECG, and WAP/WTLS. Each curve can be obtained from the new + function + EC_GROUP_new_by_curve_name(), + and the list of available named curves can be obtained with + EC_get_builtin_curves(). + Also add a 'curve_name' member to EC_GROUP objects, which can be + accessed via + EC_GROUP_set_curve_name() + EC_GROUP_get_curve_name() + [Nils Larsch ] + + *) Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that + a ciphersuite string such as "DEFAULT:RSA" cannot enable + authentication-only ciphersuites. + [Bodo Moeller] + + *) Since AES128 and AES256 share a single mask bit in the logic of + ssl/ssl_ciph.c, the code for masking out disabled ciphers needs a + kludge to work properly if AES128 is available and AES256 isn't. + [Victor Duchovni] + + *) Expand security boundary to match 1.1.1 module. + [Steve Henson] + + *) Remove redundant features: hash file source, editing of test vectors + modify fipsld to use external fips_premain.c signature. + [Steve Henson] + + *) New perl script mkfipsscr.pl to create shell scripts or batch files to + run algorithm test programs. + [Steve Henson] + + *) Make algorithm test programs more tolerant of whitespace. + [Steve Henson] + + *) Have SSL/TLS server implementation tolerate "mismatched" record + protocol version while receiving ClientHello even if the + ClientHello is fragmented. (The server can't insist on the + particular protocol version it has chosen before the ServerHello + message has informed the client about his choice.) + [Bodo Moeller] + + *) Load error codes if they are not already present instead of using a + static variable. This allows them to be cleanly unloaded and reloaded. + [Steve Henson] + + Changes between 0.9.7k and 0.9.7l [28 Sep 2006] + + *) Introduce limits to prevent malicious keys being able to + cause a denial of service. (CVE-2006-2940) + [Steve Henson, Bodo Moeller] + + *) Fix ASN.1 parsing of certain invalid structures that can result + in a denial of service. (CVE-2006-2937) [Steve Henson] + + *) Fix buffer overflow in SSL_get_shared_ciphers() function. + (CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team] + + *) Fix SSL client code which could crash if connecting to a + malicious SSLv2 server. (CVE-2006-4343) + [Tavis Ormandy and Will Drewry, Google Security Team] + + *) Change ciphersuite string processing so that an explicit + ciphersuite selects this one ciphersuite (so that "AES256-SHA" + will no longer include "AES128-SHA"), and any other similar + ciphersuite (same bitmap) from *other* protocol versions (so that + "RC4-MD5" will still include both the SSL 2.0 ciphersuite and the + SSL 3.0/TLS 1.0 ciphersuite). This is a backport combining + changes from 0.9.8b and 0.9.8d. + [Bodo Moeller] + + Changes between 0.9.7j and 0.9.7k [05 Sep 2006] + + *) Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher + (CVE-2006-4339) [Ben Laurie and Google Security Team] + + *) Change the Unix randomness entropy gathering to use poll() when + possible instead of select(), since the latter has some + undesirable limitations. + [Darryl Miles via Richard Levitte and Bodo Moeller] + + *) Disable rogue ciphersuites: + + - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5") + - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5") + - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5") + + The latter two were purportedly from + draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really + appear there. + + Also deactive the remaining ciphersuites from + draft-ietf-tls-56-bit-ciphersuites-01.txt. These are just as + unofficial, and the ID has long expired. + [Bodo Moeller] + + *) Fix RSA blinding Heisenbug (problems sometimes occured on + dual-core machines) and other potential thread-safety issues. + [Bodo Moeller] + + Changes between 0.9.7i and 0.9.7j [04 May 2006] + + *) Adapt fipsld and the build system to link against the validated FIPS + module in FIPS mode. + [Steve Henson] + + *) Fixes for VC++ 2005 build under Windows. + [Steve Henson] + + *) Add new Windows build target VC-32-GMAKE for VC++. This uses GNU make + from a Windows bash shell such as MSYS. It is autodetected from the + "config" script when run from a VC++ environment. Modify standard VC++ + build to use fipscanister.o from the GNU make build. + [Steve Henson] + + Changes between 0.9.7h and 0.9.7i [14 Oct 2005] + + *) Wrapped the definition of EVP_MAX_MD_SIZE in a #ifdef OPENSSL_FIPS. + The value now differs depending on if you build for FIPS or not. + BEWARE! A program linked with a shared FIPSed libcrypto can't be + safely run with a non-FIPSed libcrypto, as it may crash because of + the difference induced by this change. + [Andy Polyakov] + + Changes between 0.9.7g and 0.9.7h [11 Oct 2005] + + *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING + (part of SSL_OP_ALL). This option used to disable the + countermeasure against man-in-the-middle protocol-version + rollback in the SSL 2.0 server implementation, which is a bad + idea. (CVE-2005-2969) + + [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center + for Information Security, National Institute of Advanced Industrial + Science and Technology [AIST], Japan)] + + *) Minimal support for X9.31 signatures and PSS padding modes. This is + mainly for FIPS compliance and not fully integrated at this stage. + [Steve Henson] + + *) For DSA signing, unless DSA_FLAG_NO_EXP_CONSTTIME is set, perform + the exponentiation using a fixed-length exponent. (Otherwise, + the information leaked through timing could expose the secret key + after many signatures; cf. Bleichenbacher's attack on DSA with + biased k.) + [Bodo Moeller] + + *) Make a new fixed-window mod_exp implementation the default for + RSA, DSA, and DH private-key operations so that the sequence of + squares and multiplies and the memory access pattern are + independent of the particular secret key. This will mitigate + cache-timing and potential related attacks. + + BN_mod_exp_mont_consttime() is the new exponentiation implementation, + and this is automatically used by BN_mod_exp_mont() if the new flag + BN_FLG_EXP_CONSTTIME is set for the exponent. RSA, DSA, and DH + will use this BN flag for private exponents unless the flag + RSA_FLAG_NO_EXP_CONSTTIME, DSA_FLAG_NO_EXP_CONSTTIME, or + DH_FLAG_NO_EXP_CONSTTIME, respectively, is set. + + [Matthew D Wood (Intel Corp), with some changes by Bodo Moeller] + + *) Change the client implementation for SSLv23_method() and + SSLv23_client_method() so that is uses the SSL 3.0/TLS 1.0 + Client Hello message format if the SSL_OP_NO_SSLv2 option is set. + (Previously, the SSL 2.0 backwards compatible Client Hello + message format would be used even with SSL_OP_NO_SSLv2.) + [Bodo Moeller] + + *) Add support for smime-type MIME parameter in S/MIME messages which some + clients need. + [Steve Henson] + + *) New function BN_MONT_CTX_set_locked() to set montgomery parameters in + a threadsafe manner. Modify rsa code to use new function and add calls + to dsa and dh code (which had race conditions before). + [Steve Henson] + + *) Include the fixed error library code in the C error file definitions + instead of fixing them up at runtime. This keeps the error code + structures constant. + [Steve Henson] + + Changes between 0.9.7f and 0.9.7g [11 Apr 2005] + + [NB: OpenSSL 0.9.7h and later 0.9.7 patch levels were released after + OpenSSL 0.9.8.] + + *) Fixes for newer kerberos headers. NB: the casts are needed because + the 'length' field is signed on one version and unsigned on another + with no (?) obvious way to tell the difference, without these VC++ + complains. Also the "definition" of FAR (blank) is no longer included + nor is the error ENOMEM. KRB5_PRIVATE has to be set to 1 to pick up + some needed definitions. + [Steve Henson] + + *) Undo Cygwin change. + [Ulf Möller] + + *) Added support for proxy certificates according to RFC 3820. + Because they may be a security thread to unaware applications, + they must be explicitely allowed in run-time. See + docs/HOWTO/proxy_certificates.txt for further information. + [Richard Levitte] + + Changes between 0.9.7e and 0.9.7f [22 Mar 2005] + + *) Use (SSL_RANDOM_VALUE - 4) bytes of pseudo random data when generating + server and client random values. Previously + (SSL_RANDOM_VALUE - sizeof(time_t)) would be used which would result in + less random data when sizeof(time_t) > 4 (some 64 bit platforms). + + This change has negligible security impact because: + + 1. Server and client random values still have 24 bytes of pseudo random + data. + + 2. Server and client random values are sent in the clear in the initial + handshake. + + 3. The master secret is derived using the premaster secret (48 bytes in + size for static RSA ciphersuites) as well as client server and random + values. + + The OpenSSL team would like to thank the UK NISCC for bringing this issue + to our attention. + + [Stephen Henson, reported by UK NISCC] + + *) Use Windows randomness collection on Cygwin. + [Ulf Möller] + + *) Fix hang in EGD/PRNGD query when communication socket is closed + prematurely by EGD/PRNGD. + [Darren Tucker via Lutz Jänicke, resolves #1014] + + *) Prompt for pass phrases when appropriate for PKCS12 input format. + [Steve Henson] + + *) Back-port of selected performance improvements from development + branch, as well as improved support for PowerPC platforms. + [Andy Polyakov] + + *) Add lots of checks for memory allocation failure, error codes to indicate + failure and freeing up memory if a failure occurs. + [Nauticus Networks SSL Team , Steve Henson] + + *) Add new -passin argument to dgst. + [Steve Henson] + + *) Perform some character comparisons of different types in X509_NAME_cmp: + this is needed for some certificates that reencode DNs into UTF8Strings + (in violation of RFC3280) and can't or wont issue name rollover + certificates. + [Steve Henson] + + *) Make an explicit check during certificate validation to see that + the CA setting in each certificate on the chain is correct. As a + side effect always do the following basic checks on extensions, + not just when there's an associated purpose to the check: + + - if there is an unhandled critical extension (unless the user + has chosen to ignore this fault) + - if the path length has been exceeded (if one is set at all) + - that certain extensions fit the associated purpose (if one has + been given) + [Richard Levitte] + + Changes between 0.9.7d and 0.9.7e [25 Oct 2004] + + *) Avoid a race condition when CRLs are checked in a multi threaded + environment. This would happen due to the reordering of the revoked + entries during signature checking and serial number lookup. Now the + encoding is cached and the serial number sort performed under a lock. + Add new STACK function sk_is_sorted(). + [Steve Henson] + + *) Add Delta CRL to the extension code. + [Steve Henson] + + *) Various fixes to s3_pkt.c so alerts are sent properly. + [David Holmes ] + + *) Reduce the chances of duplicate issuer name and serial numbers (in + violation of RFC3280) using the OpenSSL certificate creation utilities. + This is done by creating a random 64 bit value for the initial serial + number when a serial number file is created or when a self signed + certificate is created using 'openssl req -x509'. The initial serial + number file is created using 'openssl x509 -next_serial' in CA.pl + rather than being initialized to 1. + [Steve Henson] + + Changes between 0.9.7c and 0.9.7d [17 Mar 2004] + + *) Fix null-pointer assignment in do_change_cipher_spec() revealed + by using the Codenomicon TLS Test Tool (CVE-2004-0079) + [Joe Orton, Steve Henson] + + *) Fix flaw in SSL/TLS handshaking when using Kerberos ciphersuites + (CVE-2004-0112) + [Joe Orton, Steve Henson] + + *) Make it possible to have multiple active certificates with the same + subject in the CA index file. This is done only if the keyword + 'unique_subject' is set to 'no' in the main CA section (default + if 'CA_default') of the configuration file. The value is saved + with the database itself in a separate index attribute file, + named like the index file with '.attr' appended to the name. + [Richard Levitte] + + *) X509 verify fixes. Disable broken certificate workarounds when + X509_V_FLAGS_X509_STRICT is set. Check CRL issuer has cRLSign set if + keyUsage extension present. Don't accept CRLs with unhandled critical + extensions: since verify currently doesn't process CRL extensions this + rejects a CRL with *any* critical extensions. Add new verify error codes + for these cases. + [Steve Henson] + + *) When creating an OCSP nonce use an OCTET STRING inside the extnValue. + A clarification of RFC2560 will require the use of OCTET STRINGs and + some implementations cannot handle the current raw format. Since OpenSSL + copies and compares OCSP nonces as opaque blobs without any attempt at + parsing them this should not create any compatibility issues. + [Steve Henson] + + *) New md flag EVP_MD_CTX_FLAG_REUSE this allows md_data to be reused when + calling EVP_MD_CTX_copy_ex() to avoid calling OPENSSL_malloc(). Without + this HMAC (and other) operations are several times slower than OpenSSL + < 0.9.7. + [Steve Henson] + + *) Print out GeneralizedTime and UTCTime in ASN1_STRING_print_ex(). + [Peter Sylvester ] + + *) Use the correct content when signing type "other". + [Steve Henson] + + Changes between 0.9.7b and 0.9.7c [30 Sep 2003] + + *) Fix various bugs revealed by running the NISCC test suite: + + Stop out of bounds reads in the ASN1 code when presented with + invalid tags (CVE-2003-0543 and CVE-2003-0544). + + Free up ASN1_TYPE correctly if ANY type is invalid (CVE-2003-0545). + + If verify callback ignores invalid public key errors don't try to check + certificate signature with the NULL public key. + + [Steve Henson] + + *) New -ignore_err option in ocsp application to stop the server + exiting on the first error in a request. + [Steve Henson] + + *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate + if the server requested one: as stated in TLS 1.0 and SSL 3.0 + specifications. + [Steve Henson] + + *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional + extra data after the compression methods not only for TLS 1.0 + but also for SSL 3.0 (as required by the specification). + [Bodo Moeller; problem pointed out by Matthias Loepfe] + + *) Change X509_certificate_type() to mark the key as exported/exportable + when it's 512 *bits* long, not 512 bytes. + [Richard Levitte] + + *) Change AES_cbc_encrypt() so it outputs exact multiple of + blocks during encryption. + [Richard Levitte] + + *) Various fixes to base64 BIO and non blocking I/O. On write + flushes were not handled properly if the BIO retried. On read + data was not being buffered properly and had various logic bugs. + This also affects blocking I/O when the data being decoded is a + certain size. + [Steve Henson] + + *) Various S/MIME bugfixes and compatibility changes: + output correct application/pkcs7 MIME type if + PKCS7_NOOLDMIMETYPE is set. Tolerate some broken signatures. + Output CR+LF for EOL if PKCS7_CRLFEOL is set (this makes opening + of files as .eml work). Correctly handle very long lines in MIME + parser. + [Steve Henson] + + Changes between 0.9.7a and 0.9.7b [10 Apr 2003] + + *) Countermeasure against the Klima-Pokorny-Rosa extension of + Bleichbacher's attack on PKCS #1 v1.5 padding: treat + a protocol version number mismatch like a decryption error + in ssl3_get_client_key_exchange (ssl/s3_srvr.c). + [Bodo Moeller] + + *) Turn on RSA blinding by default in the default implementation + to avoid a timing attack. Applications that don't want it can call + RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING. + They would be ill-advised to do so in most cases. + [Ben Laurie, Steve Henson, Geoff Thorpe, Bodo Moeller] + + *) Change RSA blinding code so that it works when the PRNG is not + seeded (in this case, the secret RSA exponent is abused as + an unpredictable seed -- if it is not unpredictable, there + is no point in blinding anyway). Make RSA blinding thread-safe + by remembering the creator's thread ID in rsa->blinding and + having all other threads use local one-time blinding factors + (this requires more computation than sharing rsa->blinding, but + avoids excessive locking; and if an RSA object is not shared + between threads, blinding will still be very fast). + [Bodo Moeller] + + *) Fixed a typo bug that would cause ENGINE_set_default() to set an + ENGINE as defaults for all supported algorithms irrespective of + the 'flags' parameter. 'flags' is now honoured, so applications + should make sure they are passing it correctly. + [Geoff Thorpe] + + *) Target "mingw" now allows native Windows code to be generated in + the Cygwin environment as well as with the MinGW compiler. + [Ulf Moeller] + + Changes between 0.9.7 and 0.9.7a [19 Feb 2003] + + *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked + via timing by performing a MAC computation even if incorrrect + block cipher padding has been found. This is a countermeasure + against active attacks where the attacker has to distinguish + between bad padding and a MAC verification error. (CVE-2003-0078) + + [Bodo Moeller; problem pointed out by Brice Canvel (EPFL), + Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and + Martin Vuagnoux (EPFL, Ilion)] + + *) Make the no-err option work as intended. The intention with no-err + is not to have the whole error stack handling routines removed from + libcrypto, it's only intended to remove all the function name and + reason texts, thereby removing some of the footprint that may not + be interesting if those errors aren't displayed anyway. + + NOTE: it's still possible for any application or module to have it's + own set of error texts inserted. The routines are there, just not + used by default when no-err is given. + [Richard Levitte] + + *) Add support for FreeBSD on IA64. + [dirk.meyer@dinoex.sub.org via Richard Levitte, resolves #454] + + *) Adjust DES_cbc_cksum() so it returns the same value as the MIT + Kerberos function mit_des_cbc_cksum(). Before this change, + the value returned by DES_cbc_cksum() was like the one from + mit_des_cbc_cksum(), except the bytes were swapped. + [Kevin Greaney and Richard Levitte] + + *) Allow an application to disable the automatic SSL chain building. + Before this a rather primitive chain build was always performed in + ssl3_output_cert_chain(): an application had no way to send the + correct chain if the automatic operation produced an incorrect result. + + Now the chain builder is disabled if either: + + 1. Extra certificates are added via SSL_CTX_add_extra_chain_cert(). + + 2. The mode flag SSL_MODE_NO_AUTO_CHAIN is set. + + The reasoning behind this is that an application would not want the + auto chain building to take place if extra chain certificates are + present and it might also want a means of sending no additional + certificates (for example the chain has two certificates and the + root is omitted). + [Steve Henson] + + *) Add the possibility to build without the ENGINE framework. + [Steven Reddie via Richard Levitte] + + *) Under Win32 gmtime() can return NULL: check return value in + OPENSSL_gmtime(). Add error code for case where gmtime() fails. + [Steve Henson] + + *) DSA routines: under certain error conditions uninitialized BN objects + could be freed. Solution: make sure initialization is performed early + enough. (Reported and fix supplied by Ivan D Nestlerode , + Nils Larsch via PR#459) + [Lutz Jaenicke] + + *) Another fix for SSLv2 session ID handling: the session ID was incorrectly + checked on reconnect on the client side, therefore session resumption + could still fail with a "ssl session id is different" error. This + behaviour is masked when SSL_OP_ALL is used due to + SSL_OP_MICROSOFT_SESS_ID_BUG being set. + Behaviour observed by Crispin Flowerday as + followup to PR #377. + [Lutz Jaenicke] + + *) IA-32 assembler support enhancements: unified ELF targets, support + for SCO/Caldera platforms, fix for Cygwin shared build. + [Andy Polyakov] + + *) Add support for FreeBSD on sparc64. As a consequence, support for + FreeBSD on non-x86 processors is separate from x86 processors on + the config script, much like the NetBSD support. + [Richard Levitte & Kris Kennaway ] + + Changes between 0.9.6h and 0.9.7 [31 Dec 2002] + + [NB: OpenSSL 0.9.6i and later 0.9.6 patch levels were released after + OpenSSL 0.9.7.] + + *) Fix session ID handling in SSLv2 client code: the SERVER FINISHED + code (06) was taken as the first octet of the session ID and the last + octet was ignored consequently. As a result SSLv2 client side session + caching could not have worked due to the session ID mismatch between + client and server. + Behaviour observed by Crispin Flowerday as + PR #377. + [Lutz Jaenicke] + + *) Change the declaration of needed Kerberos libraries to use EX_LIBS + instead of the special (and badly supported) LIBKRB5. LIBKRB5 is + removed entirely. + [Richard Levitte] + + *) The hw_ncipher.c engine requires dynamic locks. Unfortunately, it + seems that in spite of existing for more than a year, many application + author have done nothing to provide the necessary callbacks, which + means that this particular engine will not work properly anywhere. + This is a very unfortunate situation which forces us, in the name + of usability, to give the hw_ncipher.c a static lock, which is part + of libcrypto. + NOTE: This is for the 0.9.7 series ONLY. This hack will never + appear in 0.9.8 or later. We EXPECT application authors to have + dealt properly with this when 0.9.8 is released (unless we actually + make such changes in the libcrypto locking code that changes will + have to be made anyway). + [Richard Levitte] + + *) In asn1_d2i_read_bio() repeatedly call BIO_read() until all content + octets have been read, EOF or an error occurs. Without this change + some truncated ASN1 structures will not produce an error. + [Steve Henson] + + *) Disable Heimdal support, since it hasn't been fully implemented. + Still give the possibility to force the use of Heimdal, but with + warnings and a request that patches get sent to openssl-dev. + [Richard Levitte] + + *) Add the VC-CE target, introduce the WINCE sysname, and add + INSTALL.WCE and appropriate conditionals to make it build. + [Steven Reddie via Richard Levitte] + + *) Change the DLL names for Cygwin to cygcrypto-x.y.z.dll and + cygssl-x.y.z.dll, where x, y and z are the major, minor and + edit numbers of the version. + [Corinna Vinschen and Richard Levitte] + + *) Introduce safe string copy and catenation functions + (BUF_strlcpy() and BUF_strlcat()). + [Ben Laurie (CHATS) and Richard Levitte] + + *) Avoid using fixed-size buffers for one-line DNs. + [Ben Laurie (CHATS)] + + *) Add BUF_MEM_grow_clean() to avoid information leakage when + resizing buffers containing secrets, and use where appropriate. + [Ben Laurie (CHATS)] + + *) Avoid using fixed size buffers for configuration file location. + [Ben Laurie (CHATS)] + + *) Avoid filename truncation for various CA files. + [Ben Laurie (CHATS)] + + *) Use sizeof in preference to magic numbers. + [Ben Laurie (CHATS)] + + *) Avoid filename truncation in cert requests. + [Ben Laurie (CHATS)] + + *) Add assertions to check for (supposedly impossible) buffer + overflows. + [Ben Laurie (CHATS)] + + *) Don't cache truncated DNS entries in the local cache (this could + potentially lead to a spoofing attack). + [Ben Laurie (CHATS)] + + *) Fix various buffers to be large enough for hex/decimal + representations in a platform independent manner. + [Ben Laurie (CHATS)] + + *) Add CRYPTO_realloc_clean() to avoid information leakage when + resizing buffers containing secrets, and use where appropriate. + [Ben Laurie (CHATS)] + + *) Add BIO_indent() to avoid much slightly worrying code to do + indents. + [Ben Laurie (CHATS)] + + *) Convert sprintf()/BIO_puts() to BIO_printf(). + [Ben Laurie (CHATS)] + + *) buffer_gets() could terminate with the buffer only half + full. Fixed. + [Ben Laurie (CHATS)] + + *) Add assertions to prevent user-supplied crypto functions from + overflowing internal buffers by having large block sizes, etc. + [Ben Laurie (CHATS)] + + *) New OPENSSL_assert() macro (similar to assert(), but enabled + unconditionally). + [Ben Laurie (CHATS)] + + *) Eliminate unused copy of key in RC4. + [Ben Laurie (CHATS)] + + *) Eliminate unused and incorrectly sized buffers for IV in pem.h. + [Ben Laurie (CHATS)] + + *) Fix off-by-one error in EGD path. + [Ben Laurie (CHATS)] + + *) If RANDFILE path is too long, ignore instead of truncating. + [Ben Laurie (CHATS)] + + *) Eliminate unused and incorrectly sized X.509 structure + CBCParameter. + [Ben Laurie (CHATS)] + + *) Eliminate unused and dangerous function knumber(). + [Ben Laurie (CHATS)] + + *) Eliminate unused and dangerous structure, KSSL_ERR. + [Ben Laurie (CHATS)] + + *) Protect against overlong session ID context length in an encoded + session object. Since these are local, this does not appear to be + exploitable. + [Ben Laurie (CHATS)] + + *) Change from security patch (see 0.9.6e below) that did not affect + the 0.9.6 release series: + + Remote buffer overflow in SSL3 protocol - an attacker could + supply an oversized master key in Kerberos-enabled versions. + (CVE-2002-0657) + [Ben Laurie (CHATS)] + + *) Change the SSL kerb5 codes to match RFC 2712. + [Richard Levitte] + + *) Make -nameopt work fully for req and add -reqopt switch. + [Michael Bell , Steve Henson] + + *) The "block size" for block ciphers in CFB and OFB mode should be 1. + [Steve Henson, reported by Yngve Nysaeter Pettersen ] + + *) Make sure tests can be performed even if the corresponding algorithms + have been removed entirely. This was also the last step to make + OpenSSL compilable with DJGPP under all reasonable conditions. + [Richard Levitte, Doug Kaufman ] + + *) Add cipher selection rules COMPLEMENTOFALL and COMPLEMENTOFDEFAULT + to allow version independent disabling of normally unselected ciphers, + which may be activated as a side-effect of selecting a single cipher. + + (E.g., cipher list string "RSA" enables ciphersuites that are left + out of "ALL" because they do not provide symmetric encryption. + "RSA:!COMPLEMEMENTOFALL" avoids these unsafe ciphersuites.) + [Lutz Jaenicke, Bodo Moeller] + + *) Add appropriate support for separate platform-dependent build + directories. The recommended way to make a platform-dependent + build directory is the following (tested on Linux), maybe with + some local tweaks: + + # Place yourself outside of the OpenSSL source tree. In + # this example, the environment variable OPENSSL_SOURCE + # is assumed to contain the absolute OpenSSL source directory. + mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`" + cd objtree/"`uname -s`-`uname -r`-`uname -m`" + (cd $OPENSSL_SOURCE; find . -type f) | while read F; do + mkdir -p `dirname $F` + ln -s $OPENSSL_SOURCE/$F $F + done + + To be absolutely sure not to disturb the source tree, a "make clean" + is a good thing. If it isn't successfull, don't worry about it, + it probably means the source directory is very clean. + [Richard Levitte] + + *) Make sure any ENGINE control commands make local copies of string + pointers passed to them whenever necessary. Otherwise it is possible + the caller may have overwritten (or deallocated) the original string + data when a later ENGINE operation tries to use the stored values. + [Götz Babin-Ebell ] + + *) Improve diagnostics in file reading and command-line digests. + [Ben Laurie aided and abetted by Solar Designer ] + + *) Add AES modes CFB and OFB to the object database. Correct an + error in AES-CFB decryption. + [Richard Levitte] + + *) Remove most calls to EVP_CIPHER_CTX_cleanup() in evp_enc.c, this + allows existing EVP_CIPHER_CTX structures to be reused after + calling EVP_*Final(). This behaviour is used by encryption + BIOs and some applications. This has the side effect that + applications must explicitly clean up cipher contexts with + EVP_CIPHER_CTX_cleanup() or they will leak memory. + [Steve Henson] + + *) Check the values of dna and dnb in bn_mul_recursive before calling + bn_mul_comba (a non zero value means the a or b arrays do not contain + n2 elements) and fallback to bn_mul_normal if either is not zero. + [Steve Henson] + + *) Fix escaping of non-ASCII characters when using the -subj option + of the "openssl req" command line tool. (Robert Joop ) + [Lutz Jaenicke] + + *) Make object definitions compliant to LDAP (RFC2256): SN is the short + form for "surname", serialNumber has no short form. + Use "mail" as the short name for "rfc822Mailbox" according to RFC2798; + therefore remove "mail" short name for "internet 7". + The OID for unique identifiers in X509 certificates is + x500UniqueIdentifier, not uniqueIdentifier. + Some more OID additions. (Michael Bell ) + [Lutz Jaenicke] + + *) Add an "init" command to the ENGINE config module and auto initialize + ENGINEs. Without any "init" command the ENGINE will be initialized + after all ctrl commands have been executed on it. If init=1 the + ENGINE is initailized at that point (ctrls before that point are run + on the uninitialized ENGINE and after on the initialized one). If + init=0 then the ENGINE will not be iniatialized at all. + [Steve Henson] + + *) Fix the 'app_verify_callback' interface so that the user-defined + argument is actually passed to the callback: In the + SSL_CTX_set_cert_verify_callback() prototype, the callback + declaration has been changed from + int (*cb)() + into + int (*cb)(X509_STORE_CTX *,void *); + in ssl_verify_cert_chain (ssl/ssl_cert.c), the call + i=s->ctx->app_verify_callback(&ctx) + has been changed into + i=s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg). + + To update applications using SSL_CTX_set_cert_verify_callback(), + a dummy argument can be added to their callback functions. + [D. K. Smetters ] + + *) Added the '4758cca' ENGINE to support IBM 4758 cards. + [Maurice Gittens , touchups by Geoff Thorpe] + + *) Add and OPENSSL_LOAD_CONF define which will cause + OpenSSL_add_all_algorithms() to load the openssl.cnf config file. + This allows older applications to transparently support certain + OpenSSL features: such as crypto acceleration and dynamic ENGINE loading. + Two new functions OPENSSL_add_all_algorithms_noconf() which will never + load the config file and OPENSSL_add_all_algorithms_conf() which will + always load it have also been added. + [Steve Henson] + + *) Add the OFB, CFB and CTR (all with 128 bit feedback) to AES. + Adjust NIDs and EVP layer. + [Stephen Sprunk and Richard Levitte] + + *) Config modules support in openssl utility. + + Most commands now load modules from the config file, + though in a few (such as version) this isn't done + because it couldn't be used for anything. + + In the case of ca and req the config file used is + the same as the utility itself: that is the -config + command line option can be used to specify an + alternative file. + [Steve Henson] + + *) Move default behaviour from OPENSSL_config(). If appname is NULL + use "openssl_conf" if filename is NULL use default openssl config file. + [Steve Henson] + + *) Add an argument to OPENSSL_config() to allow the use of an alternative + config section name. Add a new flag to tolerate a missing config file + and move code to CONF_modules_load_file(). + [Steve Henson] + + *) Support for crypto accelerator cards from Accelerated Encryption + Processing, www.aep.ie. (Use engine 'aep') + The support was copied from 0.9.6c [engine] and adapted/corrected + to work with the new engine framework. + [AEP Inc. and Richard Levitte] + + *) Support for SureWare crypto accelerator cards from Baltimore + Technologies. (Use engine 'sureware') + The support was copied from 0.9.6c [engine] and adapted + to work with the new engine framework. + [Richard Levitte] + + *) Have the CHIL engine fork-safe (as defined by nCipher) and actually + make the newer ENGINE framework commands for the CHIL engine work. + [Toomas Kiisk and Richard Levitte] + + *) Make it possible to produce shared libraries on ReliantUNIX. + [Robert Dahlem via Richard Levitte] + + *) Add the configuration target debug-linux-ppro. + Make 'openssl rsa' use the general key loading routines + implemented in apps.c, and make those routines able to + handle the key format FORMAT_NETSCAPE and the variant + FORMAT_IISSGC. + [Toomas Kiisk via Richard Levitte] + + *) Fix a crashbug and a logic bug in hwcrhk_load_pubkey(). + [Toomas Kiisk via Richard Levitte] + + *) Add -keyform to rsautl, and document -engine. + [Richard Levitte, inspired by Toomas Kiisk ] + + *) Change BIO_new_file (crypto/bio/bss_file.c) to use new + BIO_R_NO_SUCH_FILE error code rather than the generic + ERR_R_SYS_LIB error code if fopen() fails with ENOENT. + [Ben Laurie] + + *) Add new functions + ERR_peek_last_error + ERR_peek_last_error_line + ERR_peek_last_error_line_data. + These are similar to + ERR_peek_error + ERR_peek_error_line + ERR_peek_error_line_data, + but report on the latest error recorded rather than the first one + still in the error queue. + [Ben Laurie, Bodo Moeller] + + *) default_algorithms option in ENGINE config module. This allows things + like: + default_algorithms = ALL + default_algorithms = RSA, DSA, RAND, CIPHERS, DIGESTS + [Steve Henson] + + *) Prelminary ENGINE config module. + [Steve Henson] + + *) New experimental application configuration code. + [Steve Henson] + + *) Change the AES code to follow the same name structure as all other + symmetric ciphers, and behave the same way. Move everything to + the directory crypto/aes, thereby obsoleting crypto/rijndael. + [Stephen Sprunk and Richard Levitte] + + *) SECURITY: remove unsafe setjmp/signal interaction from ui_openssl.c. + [Ben Laurie and Theo de Raadt] + + *) Add option to output public keys in req command. + [Massimiliano Pala madwolf@openca.org] + + *) Use wNAFs in EC_POINTs_mul() for improved efficiency + (up to about 10% better than before for P-192 and P-224). + [Bodo Moeller] + + *) New functions/macros + + SSL_CTX_set_msg_callback(ctx, cb) + SSL_CTX_set_msg_callback_arg(ctx, arg) + SSL_set_msg_callback(ssl, cb) + SSL_set_msg_callback_arg(ssl, arg) + + to request calling a callback function + + void cb(int write_p, int version, int content_type, + const void *buf, size_t len, SSL *ssl, void *arg) + + whenever a protocol message has been completely received + (write_p == 0) or sent (write_p == 1). Here 'version' is the + protocol version according to which the SSL library interprets + the current protocol message (SSL2_VERSION, SSL3_VERSION, or + TLS1_VERSION). 'content_type' is 0 in the case of SSL 2.0, or + the content type as defined in the SSL 3.0/TLS 1.0 protocol + specification (change_cipher_spec(20), alert(21), handshake(22)). + 'buf' and 'len' point to the actual message, 'ssl' to the + SSL object, and 'arg' is the application-defined value set by + SSL[_CTX]_set_msg_callback_arg(). + + 'openssl s_client' and 'openssl s_server' have new '-msg' options + to enable a callback that displays all protocol messages. + [Bodo Moeller] + + *) Change the shared library support so shared libraries are built as + soon as the corresponding static library is finished, and thereby get + openssl and the test programs linked against the shared library. + This still only happens when the keyword "shard" has been given to + the configuration scripts. + + NOTE: shared library support is still an experimental thing, and + backward binary compatibility is still not guaranteed. + ["Maciej W. Rozycki" and Richard Levitte] + + *) Add support for Subject Information Access extension. + [Peter Sylvester ] + + *) Make BUF_MEM_grow() behaviour more consistent: Initialise to zero + additional bytes when new memory had to be allocated, not just + when reusing an existing buffer. + [Bodo Moeller] + + *) New command line and configuration option 'utf8' for the req command. + This allows field values to be specified as UTF8 strings. + [Steve Henson] + + *) Add -multi and -mr options to "openssl speed" - giving multiple parallel + runs for the former and machine-readable output for the latter. + [Ben Laurie] + + *) Add '-noemailDN' option to 'openssl ca'. This prevents inclusion + of the e-mail address in the DN (i.e., it will go into a certificate + extension only). The new configuration file option 'email_in_dn = no' + has the same effect. + [Massimiliano Pala madwolf@openca.org] + + *) Change all functions with names starting with des_ to be starting + with DES_ instead. Add wrappers that are compatible with libdes, + but are named _ossl_old_des_*. Finally, add macros that map the + des_* symbols to the corresponding _ossl_old_des_* if libdes + compatibility is desired. If OpenSSL 0.9.6c compatibility is + desired, the des_* symbols will be mapped to DES_*, with one + exception. + + Since we provide two compatibility mappings, the user needs to + define the macro OPENSSL_DES_LIBDES_COMPATIBILITY if libdes + compatibility is desired. The default (i.e., when that macro + isn't defined) is OpenSSL 0.9.6c compatibility. + + There are also macros that enable and disable the support of old + des functions altogether. Those are OPENSSL_ENABLE_OLD_DES_SUPPORT + and OPENSSL_DISABLE_OLD_DES_SUPPORT. If none or both of those + are defined, the default will apply: to support the old des routines. + + In either case, one must include openssl/des.h to get the correct + definitions. Do not try to just include openssl/des_old.h, that + won't work. + + NOTE: This is a major break of an old API into a new one. Software + authors are encouraged to switch to the DES_ style functions. Some + time in the future, des_old.h and the libdes compatibility functions + will be disable (i.e. OPENSSL_DISABLE_OLD_DES_SUPPORT will be the + default), and then completely removed. + [Richard Levitte] + + *) Test for certificates which contain unsupported critical extensions. + If such a certificate is found during a verify operation it is + rejected by default: this behaviour can be overridden by either + handling the new error X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION or + by setting the verify flag X509_V_FLAG_IGNORE_CRITICAL. A new function + X509_supported_extension() has also been added which returns 1 if a + particular extension is supported. + [Steve Henson] + + *) Modify the behaviour of EVP cipher functions in similar way to digests + to retain compatibility with existing code. + [Steve Henson] + + *) Modify the behaviour of EVP_DigestInit() and EVP_DigestFinal() to retain + compatibility with existing code. In particular the 'ctx' parameter does + not have to be to be initialized before the call to EVP_DigestInit() and + it is tidied up after a call to EVP_DigestFinal(). New function + EVP_DigestFinal_ex() which does not tidy up the ctx. Similarly function + EVP_MD_CTX_copy() changed to not require the destination to be + initialized valid and new function EVP_MD_CTX_copy_ex() added which + requires the destination to be valid. + + Modify all the OpenSSL digest calls to use EVP_DigestInit_ex(), + EVP_DigestFinal_ex() and EVP_MD_CTX_copy_ex(). + [Steve Henson] + + *) Change ssl3_get_message (ssl/s3_both.c) and the functions using it + so that complete 'Handshake' protocol structures are kept in memory + instead of overwriting 'msg_type' and 'length' with 'body' data. + [Bodo Moeller] + + *) Add an implementation of SSL_add_dir_cert_subjects_to_stack for Win32. + [Massimo Santin via Richard Levitte] + + *) Major restructuring to the underlying ENGINE code. This includes + reduction of linker bloat, separation of pure "ENGINE" manipulation + (initialisation, etc) from functionality dealing with implementations + of specific crypto iterfaces. This change also introduces integrated + support for symmetric ciphers and digest implementations - so ENGINEs + can now accelerate these by providing EVP_CIPHER and EVP_MD + implementations of their own. This is detailed in crypto/engine/README + as it couldn't be adequately described here. However, there are a few + API changes worth noting - some RSA, DSA, DH, and RAND functions that + were changed in the original introduction of ENGINE code have now + reverted back - the hooking from this code to ENGINE is now a good + deal more passive and at run-time, operations deal directly with + RSA_METHODs, DSA_METHODs (etc) as they did before, rather than + dereferencing through an ENGINE pointer any more. Also, the ENGINE + functions dealing with BN_MOD_EXP[_CRT] handlers have been removed - + they were not being used by the framework as there is no concept of a + BIGNUM_METHOD and they could not be generalised to the new + 'ENGINE_TABLE' mechanism that underlies the new code. Similarly, + ENGINE_cpy() has been removed as it cannot be consistently defined in + the new code. + [Geoff Thorpe] + + *) Change ASN1_GENERALIZEDTIME_check() to allow fractional seconds. + [Steve Henson] + + *) Change mkdef.pl to sort symbols that get the same entry number, + and make sure the automatically generated functions ERR_load_* + become part of libeay.num as well. + [Richard Levitte] + + *) New function SSL_renegotiate_pending(). This returns true once + renegotiation has been requested (either SSL_renegotiate() call + or HelloRequest/ClientHello receveived from the peer) and becomes + false once a handshake has been completed. + (For servers, SSL_renegotiate() followed by SSL_do_handshake() + sends a HelloRequest, but does not ensure that a handshake takes + place. SSL_renegotiate_pending() is useful for checking if the + client has followed the request.) + [Bodo Moeller] + + *) New SSL option SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION. + By default, clients may request session resumption even during + renegotiation (if session ID contexts permit); with this option, + session resumption is possible only in the first handshake. + + SSL_OP_ALL is now 0x00000FFFL instead of 0x000FFFFFL. This makes + more bits available for options that should not be part of + SSL_OP_ALL (such as SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION). + [Bodo Moeller] + + *) Add some demos for certificate and certificate request creation. + [Steve Henson] + + *) Make maximum certificate chain size accepted from the peer application + settable (SSL*_get/set_max_cert_list()), as proposed by + "Douglas E. Engert" . + [Lutz Jaenicke] + + *) Add support for shared libraries for Unixware-7 + (Boyd Lynn Gerber ). + [Lutz Jaenicke] + + *) Add a "destroy" handler to ENGINEs that allows structural cleanup to + be done prior to destruction. Use this to unload error strings from + ENGINEs that load their own error strings. NB: This adds two new API + functions to "get" and "set" this destroy handler in an ENGINE. + [Geoff Thorpe] + + *) Alter all existing ENGINE implementations (except "openssl" and + "openbsd") to dynamically instantiate their own error strings. This + makes them more flexible to be built both as statically-linked ENGINEs + and self-contained shared-libraries loadable via the "dynamic" ENGINE. + Also, add stub code to each that makes building them as self-contained + shared-libraries easier (see README.ENGINE). + [Geoff Thorpe] + + *) Add a "dynamic" ENGINE that provides a mechanism for binding ENGINE + implementations into applications that are completely implemented in + self-contained shared-libraries. The "dynamic" ENGINE exposes control + commands that can be used to configure what shared-library to load and + to control aspects of the way it is handled. Also, made an update to + the README.ENGINE file that brings its information up-to-date and + provides some information and instructions on the "dynamic" ENGINE + (ie. how to use it, how to build "dynamic"-loadable ENGINEs, etc). + [Geoff Thorpe] + + *) Make it possible to unload ranges of ERR strings with a new + "ERR_unload_strings" function. + [Geoff Thorpe] + + *) Add a copy() function to EVP_MD. + [Ben Laurie] + + *) Make EVP_MD routines take a context pointer instead of just the + md_data void pointer. + [Ben Laurie] + + *) Add flags to EVP_MD and EVP_MD_CTX. EVP_MD_FLAG_ONESHOT indicates + that the digest can only process a single chunk of data + (typically because it is provided by a piece of + hardware). EVP_MD_CTX_FLAG_ONESHOT indicates that the application + is only going to provide a single chunk of data, and hence the + framework needn't accumulate the data for oneshot drivers. + [Ben Laurie] + + *) As with "ERR", make it possible to replace the underlying "ex_data" + functions. This change also alters the storage and management of global + ex_data state - it's now all inside ex_data.c and all "class" code (eg. + RSA, BIO, SSL_CTX, etc) no longer stores its own STACKS and per-class + index counters. The API functions that use this state have been changed + to take a "class_index" rather than pointers to the class's local STACK + and counter, and there is now an API function to dynamically create new + classes. This centralisation allows us to (a) plug a lot of the + thread-safety problems that existed, and (b) makes it possible to clean + up all allocated state using "CRYPTO_cleanup_all_ex_data()". W.r.t. (b) + such data would previously have always leaked in application code and + workarounds were in place to make the memory debugging turn a blind eye + to it. Application code that doesn't use this new function will still + leak as before, but their memory debugging output will announce it now + rather than letting it slide. + + Besides the addition of CRYPTO_cleanup_all_ex_data(), another API change + induced by the "ex_data" overhaul is that X509_STORE_CTX_init() now + has a return value to indicate success or failure. + [Geoff Thorpe] + + *) Make it possible to replace the underlying "ERR" functions such that the + global state (2 LHASH tables and 2 locks) is only used by the "default" + implementation. This change also adds two functions to "get" and "set" + the implementation prior to it being automatically set the first time + any other ERR function takes place. Ie. an application can call "get", + pass the return value to a module it has just loaded, and that module + can call its own "set" function using that value. This means the + module's "ERR" operations will use (and modify) the error state in the + application and not in its own statically linked copy of OpenSSL code. + [Geoff Thorpe] + + *) Give DH, DSA, and RSA types their own "**_up_ref()" function to increment + reference counts. This performs normal REF_PRINT/REF_CHECK macros on + the operation, and provides a more encapsulated way for external code + (crypto/evp/ and ssl/) to do this. Also changed the evp and ssl code + to use these functions rather than manually incrementing the counts. + + Also rename "DSO_up()" function to more descriptive "DSO_up_ref()". + [Geoff Thorpe] + + *) Add EVP test program. + [Ben Laurie] + + *) Add symmetric cipher support to ENGINE. Expect the API to change! + [Ben Laurie] + + *) New CRL functions: X509_CRL_set_version(), X509_CRL_set_issuer_name() + X509_CRL_set_lastUpdate(), X509_CRL_set_nextUpdate(), X509_CRL_sort(), + X509_REVOKED_set_serialNumber(), and X509_REVOKED_set_revocationDate(). + These allow a CRL to be built without having to access X509_CRL fields + directly. Modify 'ca' application to use new functions. + [Steve Henson] + + *) Move SSL_OP_TLS_ROLLBACK_BUG out of the SSL_OP_ALL list of recommended + bug workarounds. Rollback attack detection is a security feature. + The problem will only arise on OpenSSL servers when TLSv1 is not + available (sslv3_server_method() or SSL_OP_NO_TLSv1). + Software authors not wanting to support TLSv1 will have special reasons + for their choice and can explicitly enable this option. + [Bodo Moeller, Lutz Jaenicke] + + *) Rationalise EVP so it can be extended: don't include a union of + cipher/digest structures, add init/cleanup functions for EVP_MD_CTX + (similar to those existing for EVP_CIPHER_CTX). + Usage example: + + EVP_MD_CTX md; + + EVP_MD_CTX_init(&md); /* new function call */ + EVP_DigestInit(&md, EVP_sha1()); + EVP_DigestUpdate(&md, in, len); + EVP_DigestFinal(&md, out, NULL); + EVP_MD_CTX_cleanup(&md); /* new function call */ + + [Ben Laurie] + + *) Make DES key schedule conform to the usual scheme, as well as + correcting its structure. This means that calls to DES functions + now have to pass a pointer to a des_key_schedule instead of a + plain des_key_schedule (which was actually always a pointer + anyway): E.g., + + des_key_schedule ks; + + des_set_key_checked(..., &ks); + des_ncbc_encrypt(..., &ks, ...); + + (Note that a later change renames 'des_...' into 'DES_...'.) + [Ben Laurie] + + *) Initial reduction of linker bloat: the use of some functions, such as + PEM causes large amounts of unused functions to be linked in due to + poor organisation. For example pem_all.c contains every PEM function + which has a knock on effect of linking in large amounts of (unused) + ASN1 code. Grouping together similar functions and splitting unrelated + functions prevents this. + [Steve Henson] + + *) Cleanup of EVP macros. + [Ben Laurie] + + *) Change historical references to {NID,SN,LN}_des_ede and ede3 to add the + correct _ecb suffix. + [Ben Laurie] + + *) Add initial OCSP responder support to ocsp application. The + revocation information is handled using the text based index + use by the ca application. The responder can either handle + requests generated internally, supplied in files (for example + via a CGI script) or using an internal minimal server. + [Steve Henson] + + *) Add configuration choices to get zlib compression for TLS. + [Richard Levitte] + + *) Changes to Kerberos SSL for RFC 2712 compliance: + 1. Implemented real KerberosWrapper, instead of just using + KRB5 AP_REQ message. [Thanks to Simon Wilkinson ] + 2. Implemented optional authenticator field of KerberosWrapper. + + Added openssl-style ASN.1 macros for Kerberos ticket, ap_req, + and authenticator structs; see crypto/krb5/. + + Generalized Kerberos calls to support multiple Kerberos libraries. + [Vern Staats , + Jeffrey Altman + via Richard Levitte] + + *) Cause 'openssl speed' to use fully hard-coded DSA keys as it + already does with RSA. testdsa.h now has 'priv_key/pub_key' + values for each of the key sizes rather than having just + parameters (and 'speed' generating keys each time). + [Geoff Thorpe] + + *) Speed up EVP routines. + Before: +encrypt +type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes +des-cbc 4408.85k 5560.51k 5778.46k 5862.20k 5825.16k +des-cbc 4389.55k 5571.17k 5792.23k 5846.91k 5832.11k +des-cbc 4394.32k 5575.92k 5807.44k 5848.37k 5841.30k +decrypt +des-cbc 3482.66k 5069.49k 5496.39k 5614.16k 5639.28k +des-cbc 3480.74k 5068.76k 5510.34k 5609.87k 5635.52k +des-cbc 3483.72k 5067.62k 5504.60k 5708.01k 5724.80k + After: +encrypt +des-cbc 4660.16k 5650.19k 5807.19k 5827.13k 5783.32k +decrypt +des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k + [Ben Laurie] + + *) Added the OS2-EMX target. + ["Brian Havard" and Richard Levitte] + + *) Rewrite apps to use NCONF routines instead of the old CONF. New functions + to support NCONF routines in extension code. New function CONF_set_nconf() + to allow functions which take an NCONF to also handle the old LHASH + structure: this means that the old CONF compatible routines can be + retained (in particular wrt extensions) without having to duplicate the + code. New function X509V3_add_ext_nconf_sk to add extensions to a stack. + [Steve Henson] + + *) Enhance the general user interface with mechanisms for inner control + and with possibilities to have yes/no kind of prompts. + [Richard Levitte] + + *) Change all calls to low level digest routines in the library and + applications to use EVP. Add missing calls to HMAC_cleanup() and + don't assume HMAC_CTX can be copied using memcpy(). + [Verdon Walker , Steve Henson] + + *) Add the possibility to control engines through control names but with + arbitrary arguments instead of just a string. + Change the key loaders to take a UI_METHOD instead of a callback + function pointer. NOTE: this breaks binary compatibility with earlier + versions of OpenSSL [engine]. + Adapt the nCipher code for these new conditions and add a card insertion + callback. + [Richard Levitte] + + *) Enhance the general user interface with mechanisms to better support + dialog box interfaces, application-defined prompts, the possibility + to use defaults (for example default passwords from somewhere else) + and interrupts/cancellations. + [Richard Levitte] + + *) Tidy up PKCS#12 attribute handling. Add support for the CSP name + attribute in PKCS#12 files, add new -CSP option to pkcs12 utility. + [Steve Henson] + + *) Fix a memory leak in 'sk_dup()' in the case reallocation fails. (Also + tidy up some unnecessarily weird code in 'sk_new()'). + [Geoff, reported by Diego Tartara ] + + *) Change the key loading routines for ENGINEs to use the same kind + callback (pem_password_cb) as all other routines that need this + kind of callback. + [Richard Levitte] + + *) Increase ENTROPY_NEEDED to 32 bytes, as Rijndael can operate with + 256 bit (=32 byte) keys. Of course seeding with more entropy bytes + than this minimum value is recommended. + [Lutz Jaenicke] + + *) New random seeder for OpenVMS, using the system process statistics + that are easily reachable. + [Richard Levitte] + + *) Windows apparently can't transparently handle global + variables defined in DLLs. Initialisations such as: + + const ASN1_ITEM *it = &ASN1_INTEGER_it; + + wont compile. This is used by the any applications that need to + declare their own ASN1 modules. This was fixed by adding the option + EXPORT_VAR_AS_FN to all Win32 platforms, although this isn't strictly + needed for static libraries under Win32. + [Steve Henson] + + *) New functions X509_PURPOSE_set() and X509_TRUST_set() to handle + setting of purpose and trust fields. New X509_STORE trust and + purpose functions and tidy up setting in other SSL functions. + [Steve Henson] + + *) Add copies of X509_STORE_CTX fields and callbacks to X509_STORE + structure. These are inherited by X509_STORE_CTX when it is + initialised. This allows various defaults to be set in the + X509_STORE structure (such as flags for CRL checking and custom + purpose or trust settings) for functions which only use X509_STORE_CTX + internally such as S/MIME. + + Modify X509_STORE_CTX_purpose_inherit() so it only sets purposes and + trust settings if they are not set in X509_STORE. This allows X509_STORE + purposes and trust (in S/MIME for example) to override any set by default. + + Add command line options for CRL checking to smime, s_client and s_server + applications. + [Steve Henson] + + *) Initial CRL based revocation checking. If the CRL checking flag(s) + are set then the CRL is looked up in the X509_STORE structure and + its validity and signature checked, then if the certificate is found + in the CRL the verify fails with a revoked error. + + Various new CRL related callbacks added to X509_STORE_CTX structure. + + Command line options added to 'verify' application to support this. + + This needs some additional work, such as being able to handle multiple + CRLs with different times, extension based lookup (rather than just + by subject name) and ultimately more complete V2 CRL extension + handling. + [Steve Henson] + + *) Add a general user interface API (crypto/ui/). This is designed + to replace things like des_read_password and friends (backward + compatibility functions using this new API are provided). + The purpose is to remove prompting functions from the DES code + section as well as provide for prompting through dialog boxes in + a window system and the like. + [Richard Levitte] + + *) Add "ex_data" support to ENGINE so implementations can add state at a + per-structure level rather than having to store it globally. + [Geoff] + + *) Make it possible for ENGINE structures to be copied when retrieved by + ENGINE_by_id() if the ENGINE specifies a new flag: ENGINE_FLAGS_BY_ID_COPY. + This causes the "original" ENGINE structure to act like a template, + analogous to the RSA vs. RSA_METHOD type of separation. Because of this + operational state can be localised to each ENGINE structure, despite the + fact they all share the same "methods". New ENGINE structures returned in + this case have no functional references and the return value is the single + structural reference. This matches the single structural reference returned + by ENGINE_by_id() normally, when it is incremented on the pre-existing + ENGINE structure. + [Geoff] + + *) Fix ASN1 decoder when decoding type ANY and V_ASN1_OTHER: since this + needs to match any other type at all we need to manually clear the + tag cache. + [Steve Henson] + + *) Changes to the "openssl engine" utility to include; + - verbosity levels ('-v', '-vv', and '-vvv') that provide information + about an ENGINE's available control commands. + - executing control commands from command line arguments using the + '-pre' and '-post' switches. '-post' is only used if '-t' is + specified and the ENGINE is successfully initialised. The syntax for + the individual commands are colon-separated, for example; + openssl engine chil -pre FORK_CHECK:0 -pre SO_PATH:/lib/test.so + [Geoff] + + *) New dynamic control command support for ENGINEs. ENGINEs can now + declare their own commands (numbers), names (strings), descriptions, + and input types for run-time discovery by calling applications. A + subset of these commands are implicitly classed as "executable" + depending on their input type, and only these can be invoked through + the new string-based API function ENGINE_ctrl_cmd_string(). (Eg. this + can be based on user input, config files, etc). The distinction is + that "executable" commands cannot return anything other than a boolean + result and can only support numeric or string input, whereas some + discoverable commands may only be for direct use through + ENGINE_ctrl(), eg. supporting the exchange of binary data, function + pointers, or other custom uses. The "executable" commands are to + support parameterisations of ENGINE behaviour that can be + unambiguously defined by ENGINEs and used consistently across any + OpenSSL-based application. Commands have been added to all the + existing hardware-supporting ENGINEs, noticeably "SO_PATH" to allow + control over shared-library paths without source code alterations. + [Geoff] + + *) Changed all ENGINE implementations to dynamically allocate their + ENGINEs rather than declaring them statically. Apart from this being + necessary with the removal of the ENGINE_FLAGS_MALLOCED distinction, + this also allows the implementations to compile without using the + internal engine_int.h header. + [Geoff] + + *) Minor adjustment to "rand" code. RAND_get_rand_method() now returns a + 'const' value. Any code that should be able to modify a RAND_METHOD + should already have non-const pointers to it (ie. they should only + modify their own ones). + [Geoff] + + *) Made a variety of little tweaks to the ENGINE code. + - "atalla" and "ubsec" string definitions were moved from header files + to C code. "nuron" string definitions were placed in variables + rather than hard-coded - allowing parameterisation of these values + later on via ctrl() commands. + - Removed unused "#if 0"'d code. + - Fixed engine list iteration code so it uses ENGINE_free() to release + structural references. + - Constified the RAND_METHOD element of ENGINE structures. + - Constified various get/set functions as appropriate and added + missing functions (including a catch-all ENGINE_cpy that duplicates + all ENGINE values onto a new ENGINE except reference counts/state). + - Removed NULL parameter checks in get/set functions. Setting a method + or function to NULL is a way of cancelling out a previously set + value. Passing a NULL ENGINE parameter is just plain stupid anyway + and doesn't justify the extra error symbols and code. + - Deprecate the ENGINE_FLAGS_MALLOCED define and move the area for + flags from engine_int.h to engine.h. + - Changed prototypes for ENGINE handler functions (init(), finish(), + ctrl(), key-load functions, etc) to take an (ENGINE*) parameter. + [Geoff] + + *) Implement binary inversion algorithm for BN_mod_inverse in addition + to the algorithm using long division. The binary algorithm can be + used only if the modulus is odd. On 32-bit systems, it is faster + only for relatively small moduli (roughly 20-30% for 128-bit moduli, + roughly 5-15% for 256-bit moduli), so we use it only for moduli + up to 450 bits. In 64-bit environments, the binary algorithm + appears to be advantageous for much longer moduli; here we use it + for moduli up to 2048 bits. + [Bodo Moeller] + + *) Rewrite CHOICE field setting in ASN1_item_ex_d2i(). The old code + could not support the combine flag in choice fields. + [Steve Henson] + + *) Add a 'copy_extensions' option to the 'ca' utility. This copies + extensions from a certificate request to the certificate. + [Steve Henson] + + *) Allow multiple 'certopt' and 'nameopt' options to be separated + by commas. Add 'namopt' and 'certopt' options to the 'ca' config + file: this allows the display of the certificate about to be + signed to be customised, to allow certain fields to be included + or excluded and extension details. The old system didn't display + multicharacter strings properly, omitted fields not in the policy + and couldn't display additional details such as extensions. + [Steve Henson] + + *) Function EC_POINTs_mul for multiple scalar multiplication + of an arbitrary number of elliptic curve points + \sum scalars[i]*points[i], + optionally including the generator defined for the EC_GROUP: + scalar*generator + \sum scalars[i]*points[i]. + + EC_POINT_mul is a simple wrapper function for the typical case + that the point list has just one item (besides the optional + generator). + [Bodo Moeller] + + *) First EC_METHODs for curves over GF(p): + + EC_GFp_simple_method() uses the basic BN_mod_mul and BN_mod_sqr + operations and provides various method functions that can also + operate with faster implementations of modular arithmetic. + + EC_GFp_mont_method() reuses most functions that are part of + EC_GFp_simple_method, but uses Montgomery arithmetic. + + [Bodo Moeller; point addition and point doubling + implementation directly derived from source code provided by + Lenka Fibikova ] + + *) Framework for elliptic curves (crypto/ec/ec.h, crypto/ec/ec_lcl.h, + crypto/ec/ec_lib.c): + + Curves are EC_GROUP objects (with an optional group generator) + based on EC_METHODs that are built into the library. + + Points are EC_POINT objects based on EC_GROUP objects. + + Most of the framework would be able to handle curves over arbitrary + finite fields, but as there are no obvious types for fields other + than GF(p), some functions are limited to that for now. + [Bodo Moeller] + + *) Add the -HTTP option to s_server. It is similar to -WWW, but requires + that the file contains a complete HTTP response. + [Richard Levitte] + + *) Add the ec directory to mkdef.pl and mkfiles.pl. In mkdef.pl + change the def and num file printf format specifier from "%-40sXXX" + to "%-39s XXX". The latter will always guarantee a space after the + field while the former will cause them to run together if the field + is 40 of more characters long. + [Steve Henson] + + *) Constify the cipher and digest 'method' functions and structures + and modify related functions to take constant EVP_MD and EVP_CIPHER + pointers. + [Steve Henson] + + *) Hide BN_CTX structure details in bn_lcl.h instead of publishing them + in . Also further increase BN_CTX_NUM to 32. + [Bodo Moeller] + + *) Modify EVP_Digest*() routines so they now return values. Although the + internal software routines can never fail additional hardware versions + might. + [Steve Henson] + + *) Clean up crypto/err/err.h and change some error codes to avoid conflicts: + + Previously ERR_R_FATAL was too small and coincided with ERR_LIB_PKCS7 + (= ERR_R_PKCS7_LIB); it is now 64 instead of 32. + + ASN1 error codes + ERR_R_NESTED_ASN1_ERROR + ... + ERR_R_MISSING_ASN1_EOS + were 4 .. 9, conflicting with + ERR_LIB_RSA (= ERR_R_RSA_LIB) + ... + ERR_LIB_PEM (= ERR_R_PEM_LIB). + They are now 58 .. 63 (i.e., just below ERR_R_FATAL). + + Add new error code 'ERR_R_INTERNAL_ERROR'. + [Bodo Moeller] + + *) Don't overuse locks in crypto/err/err.c: For data retrieval, CRYPTO_r_lock + suffices. + [Bodo Moeller] + + *) New option '-subj arg' for 'openssl req' and 'openssl ca'. This + sets the subject name for a new request or supersedes the + subject name in a given request. Formats that can be parsed are + 'CN=Some Name, OU=myOU, C=IT' + and + 'CN=Some Name/OU=myOU/C=IT'. + + Add options '-batch' and '-verbose' to 'openssl req'. + [Massimiliano Pala ] + + *) Introduce the possibility to access global variables through + functions on platform were that's the best way to handle exporting + global variables in shared libraries. To enable this functionality, + one must configure with "EXPORT_VAR_AS_FN" or defined the C macro + "OPENSSL_EXPORT_VAR_AS_FUNCTION" in crypto/opensslconf.h (the latter + is normally done by Configure or something similar). + + To implement a global variable, use the macro OPENSSL_IMPLEMENT_GLOBAL + in the source file (foo.c) like this: + + OPENSSL_IMPLEMENT_GLOBAL(int,foo)=1; + OPENSSL_IMPLEMENT_GLOBAL(double,bar); + + To declare a global variable, use the macros OPENSSL_DECLARE_GLOBAL + and OPENSSL_GLOBAL_REF in the header file (foo.h) like this: + + OPENSSL_DECLARE_GLOBAL(int,foo); + #define foo OPENSSL_GLOBAL_REF(foo) + OPENSSL_DECLARE_GLOBAL(double,bar); + #define bar OPENSSL_GLOBAL_REF(bar) + + The #defines are very important, and therefore so is including the + header file everywhere where the defined globals are used. + + The macro OPENSSL_EXPORT_VAR_AS_FUNCTION also affects the definition + of ASN.1 items, but that structure is a bit different. + + The largest change is in util/mkdef.pl which has been enhanced with + better and easier to understand logic to choose which symbols should + go into the Windows .def files as well as a number of fixes and code + cleanup (among others, algorithm keywords are now sorted + lexicographically to avoid constant rewrites). + [Richard Levitte] + + *) In BN_div() keep a copy of the sign of 'num' before writing the + result to 'rm' because if rm==num the value will be overwritten + and produce the wrong result if 'num' is negative: this caused + problems with BN_mod() and BN_nnmod(). + [Steve Henson] + + *) Function OCSP_request_verify(). This checks the signature on an + OCSP request and verifies the signer certificate. The signer + certificate is just checked for a generic purpose and OCSP request + trust settings. + [Steve Henson] + + *) Add OCSP_check_validity() function to check the validity of OCSP + responses. OCSP responses are prepared in real time and may only + be a few seconds old. Simply checking that the current time lies + between thisUpdate and nextUpdate max reject otherwise valid responses + caused by either OCSP responder or client clock inaccuracy. Instead + we allow thisUpdate and nextUpdate to fall within a certain period of + the current time. The age of the response can also optionally be + checked. Two new options -validity_period and -status_age added to + ocsp utility. + [Steve Henson] + + *) If signature or public key algorithm is unrecognized print out its + OID rather that just UNKNOWN. + [Steve Henson] + + *) Change OCSP_cert_to_id() to tolerate a NULL subject certificate and + OCSP_cert_id_new() a NULL serialNumber. This allows a partial certificate + ID to be generated from the issuer certificate alone which can then be + passed to OCSP_id_issuer_cmp(). + [Steve Henson] + + *) New compilation option ASN1_ITEM_FUNCTIONS. This causes the new + ASN1 modules to export functions returning ASN1_ITEM pointers + instead of the ASN1_ITEM structures themselves. This adds several + new macros which allow the underlying ASN1 function/structure to + be accessed transparently. As a result code should not use ASN1_ITEM + references directly (such as &X509_it) but instead use the relevant + macros (such as ASN1_ITEM_rptr(X509)). This option is to allow + use of the new ASN1 code on platforms where exporting structures + is problematical (for example in shared libraries) but exporting + functions returning pointers to structures is not. + [Steve Henson] + + *) Add support for overriding the generation of SSL/TLS session IDs. + These callbacks can be registered either in an SSL_CTX or per SSL. + The purpose of this is to allow applications to control, if they wish, + the arbitrary values chosen for use as session IDs, particularly as it + can be useful for session caching in multiple-server environments. A + command-line switch for testing this (and any client code that wishes + to use such a feature) has been added to "s_server". + [Geoff Thorpe, Lutz Jaenicke] + + *) Modify mkdef.pl to recognise and parse preprocessor conditionals + of the form '#if defined(...) || defined(...) || ...' and + '#if !defined(...) && !defined(...) && ...'. This also avoids + the growing number of special cases it was previously handling. + [Richard Levitte] + + *) Make all configuration macros available for application by making + sure they are available in opensslconf.h, by giving them names starting + with "OPENSSL_" to avoid conflicts with other packages and by making + sure e_os2.h will cover all platform-specific cases together with + opensslconf.h. + Additionally, it is now possible to define configuration/platform- + specific names (called "system identities"). In the C code, these + are prefixed with "OPENSSL_SYSNAME_". e_os2.h will create another + macro with the name beginning with "OPENSSL_SYS_", which is determined + from "OPENSSL_SYSNAME_*" or compiler-specific macros depending on + what is available. + [Richard Levitte] + + *) New option -set_serial to 'req' and 'x509' this allows the serial + number to use to be specified on the command line. Previously self + signed certificates were hard coded with serial number 0 and the + CA options of 'x509' had to use a serial number in a file which was + auto incremented. + [Steve Henson] + + *) New options to 'ca' utility to support V2 CRL entry extensions. + Currently CRL reason, invalidity date and hold instruction are + supported. Add new CRL extensions to V3 code and some new objects. + [Steve Henson] + + *) New function EVP_CIPHER_CTX_set_padding() this is used to + disable standard block padding (aka PKCS#5 padding) in the EVP + API, which was previously mandatory. This means that the data is + not padded in any way and so the total length much be a multiple + of the block size, otherwise an error occurs. + [Steve Henson] + + *) Initial (incomplete) OCSP SSL support. + [Steve Henson] + + *) New function OCSP_parse_url(). This splits up a URL into its host, + port and path components: primarily to parse OCSP URLs. New -url + option to ocsp utility. + [Steve Henson] + + *) New nonce behavior. The return value of OCSP_check_nonce() now + reflects the various checks performed. Applications can decide + whether to tolerate certain situations such as an absent nonce + in a response when one was present in a request: the ocsp application + just prints out a warning. New function OCSP_add1_basic_nonce() + this is to allow responders to include a nonce in a response even if + the request is nonce-less. + [Steve Henson] + + *) Disable stdin buffering in load_cert (apps/apps.c) so that no certs are + skipped when using openssl x509 multiple times on a single input file, + e.g. "(openssl x509 -out cert1; openssl x509 -out cert2) ] + + *) New OCSP verify flag OCSP_TRUSTOTHER. When set the "other" certificates + passed by the function are trusted implicitly. If any of them signed the + response then it is assumed to be valid and is not verified. + [Steve Henson] + + *) In PKCS7_set_type() initialise content_type in PKCS7_ENC_CONTENT + to data. This was previously part of the PKCS7 ASN1 code. This + was causing problems with OpenSSL created PKCS#12 and PKCS#7 structures. + [Steve Henson, reported by Kenneth R. Robinette + ] + + *) Add CRYPTO_push_info() and CRYPTO_pop_info() calls to new ASN1 + routines: without these tracing memory leaks is very painful. + Fix leaks in PKCS12 and PKCS7 routines. + [Steve Henson] + + *) Make X509_time_adj() cope with the new behaviour of ASN1_TIME_new(). + Previously it initialised the 'type' argument to V_ASN1_UTCTIME which + effectively meant GeneralizedTime would never be used. Now it + is initialised to -1 but X509_time_adj() now has to check the value + and use ASN1_TIME_set() if the value is not V_ASN1_UTCTIME or + V_ASN1_GENERALIZEDTIME, without this it always uses GeneralizedTime. + [Steve Henson, reported by Kenneth R. Robinette + ] + + *) Fixes to BN_to_ASN1_INTEGER when bn is zero. This would previously + result in a zero length in the ASN1_INTEGER structure which was + not consistent with the structure when d2i_ASN1_INTEGER() was used + and would cause ASN1_INTEGER_cmp() to fail. Enhance s2i_ASN1_INTEGER() + to cope with hex and negative integers. Fix bug in i2a_ASN1_INTEGER() + where it did not print out a minus for negative ASN1_INTEGER. + [Steve Henson] + + *) Add summary printout to ocsp utility. The various functions which + convert status values to strings have been renamed to: + OCSP_response_status_str(), OCSP_cert_status_str() and + OCSP_crl_reason_str() and are no longer static. New options + to verify nonce values and to disable verification. OCSP response + printout format cleaned up. + [Steve Henson] + + *) Add additional OCSP certificate checks. These are those specified + in RFC2560. This consists of two separate checks: the CA of the + certificate being checked must either be the OCSP signer certificate + or the issuer of the OCSP signer certificate. In the latter case the + OCSP signer certificate must contain the OCSP signing extended key + usage. This check is performed by attempting to match the OCSP + signer or the OCSP signer CA to the issuerNameHash and issuerKeyHash + in the OCSP_CERTID structures of the response. + [Steve Henson] + + *) Initial OCSP certificate verification added to OCSP_basic_verify() + and related routines. This uses the standard OpenSSL certificate + verify routines to perform initial checks (just CA validity) and + to obtain the certificate chain. Then additional checks will be + performed on the chain. Currently the root CA is checked to see + if it is explicitly trusted for OCSP signing. This is used to set + a root CA as a global signing root: that is any certificate that + chains to that CA is an acceptable OCSP signing certificate. + [Steve Henson] + + *) New '-extfile ...' option to 'openssl ca' for reading X.509v3 + extensions from a separate configuration file. + As when reading extensions from the main configuration file, + the '-extensions ...' option may be used for specifying the + section to use. + [Massimiliano Pala ] + + *) New OCSP utility. Allows OCSP requests to be generated or + read. The request can be sent to a responder and the output + parsed, outputed or printed in text form. Not complete yet: + still needs to check the OCSP response validity. + [Steve Henson] + + *) New subcommands for 'openssl ca': + 'openssl ca -status ' prints the status of the cert with + the given serial number (according to the index file). + 'openssl ca -updatedb' updates the expiry status of certificates + in the index file. + [Massimiliano Pala ] + + *) New '-newreq-nodes' command option to CA.pl. This is like + '-newreq', but calls 'openssl req' with the '-nodes' option + so that the resulting key is not encrypted. + [Damien Miller ] + + *) New configuration for the GNU Hurd. + [Jonathan Bartlett via Richard Levitte] + + *) Initial code to implement OCSP basic response verify. This + is currently incomplete. Currently just finds the signer's + certificate and verifies the signature on the response. + [Steve Henson] + + *) New SSLeay_version code SSLEAY_DIR to determine the compiled-in + value of OPENSSLDIR. This is available via the new '-d' option + to 'openssl version', and is also included in 'openssl version -a'. + [Bodo Moeller] + + *) Allowing defining memory allocation callbacks that will be given + file name and line number information in additional arguments + (a const char* and an int). The basic functionality remains, as + well as the original possibility to just replace malloc(), + realloc() and free() by functions that do not know about these + additional arguments. To register and find out the current + settings for extended allocation functions, the following + functions are provided: + + CRYPTO_set_mem_ex_functions + CRYPTO_set_locked_mem_ex_functions + CRYPTO_get_mem_ex_functions + CRYPTO_get_locked_mem_ex_functions + + These work the same way as CRYPTO_set_mem_functions and friends. + CRYPTO_get_[locked_]mem_functions now writes 0 where such an + extended allocation function is enabled. + Similarly, CRYPTO_get_[locked_]mem_ex_functions writes 0 where + a conventional allocation function is enabled. + [Richard Levitte, Bodo Moeller] + + *) Finish off removing the remaining LHASH function pointer casts. + There should no longer be any prototype-casting required when using + the LHASH abstraction, and any casts that remain are "bugs". See + the callback types and macros at the head of lhash.h for details + (and "OBJ_cleanup" in crypto/objects/obj_dat.c as an example). + [Geoff Thorpe] + + *) Add automatic query of EGD sockets in RAND_poll() for the unix variant. + If /dev/[u]random devices are not available or do not return enough + entropy, EGD style sockets (served by EGD or PRNGD) will automatically + be queried. + The locations /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool, and + /etc/entropy will be queried once each in this sequence, quering stops + when enough entropy was collected without querying more sockets. + [Lutz Jaenicke] + + *) Change the Unix RAND_poll() variant to be able to poll several + random devices, as specified by DEVRANDOM, until a sufficient amount + of data has been collected. We spend at most 10 ms on each file + (select timeout) and read in non-blocking mode. DEVRANDOM now + defaults to the list "/dev/urandom", "/dev/random", "/dev/srandom" + (previously it was just the string "/dev/urandom"), so on typical + platforms the 10 ms delay will never occur. + Also separate out the Unix variant to its own file, rand_unix.c. + For VMS, there's a currently-empty rand_vms.c. + [Richard Levitte] + + *) Move OCSP client related routines to ocsp_cl.c. These + provide utility functions which an application needing + to issue a request to an OCSP responder and analyse the + response will typically need: as opposed to those which an + OCSP responder itself would need which will be added later. + + OCSP_request_sign() signs an OCSP request with an API similar + to PKCS7_sign(). OCSP_response_status() returns status of OCSP + response. OCSP_response_get1_basic() extracts basic response + from response. OCSP_resp_find_status(): finds and extracts status + information from an OCSP_CERTID structure (which will be created + when the request structure is built). These are built from lower + level functions which work on OCSP_SINGLERESP structures but + wont normally be used unless the application wishes to examine + extensions in the OCSP response for example. + + Replace nonce routines with a pair of functions. + OCSP_request_add1_nonce() adds a nonce value and optionally + generates a random value. OCSP_check_nonce() checks the + validity of the nonce in an OCSP response. + [Steve Henson] + + *) Change function OCSP_request_add() to OCSP_request_add0_id(). + This doesn't copy the supplied OCSP_CERTID and avoids the + need to free up the newly created id. Change return type + to OCSP_ONEREQ to return the internal OCSP_ONEREQ structure. + This can then be used to add extensions to the request. + Deleted OCSP_request_new(), since most of its functionality + is now in OCSP_REQUEST_new() (and the case insensitive name + clash) apart from the ability to set the request name which + will be added elsewhere. + [Steve Henson] + + *) Update OCSP API. Remove obsolete extensions argument from + various functions. Extensions are now handled using the new + OCSP extension code. New simple OCSP HTTP function which + can be used to send requests and parse the response. + [Steve Henson] + + *) Fix the PKCS#7 (S/MIME) code to work with new ASN1. Two new + ASN1_ITEM structures help with sign and verify. PKCS7_ATTR_SIGN + uses the special reorder version of SET OF to sort the attributes + and reorder them to match the encoded order. This resolves a long + standing problem: a verify on a PKCS7 structure just after signing + it used to fail because the attribute order did not match the + encoded order. PKCS7_ATTR_VERIFY does not reorder the attributes: + it uses the received order. This is necessary to tolerate some broken + software that does not order SET OF. This is handled by encoding + as a SEQUENCE OF but using implicit tagging (with UNIVERSAL class) + to produce the required SET OF. + [Steve Henson] + + *) Have mk1mf.pl generate the macros OPENSSL_BUILD_SHLIBCRYPTO and + OPENSSL_BUILD_SHLIBSSL and use them appropriately in the header + files to get correct declarations of the ASN.1 item variables. + [Richard Levitte] + + *) Rewrite of PKCS#12 code to use new ASN1 functionality. Replace many + PKCS#12 macros with real functions. Fix two unrelated ASN1 bugs: + asn1_check_tlen() would sometimes attempt to use 'ctx' when it was + NULL and ASN1_TYPE was not dereferenced properly in asn1_ex_c2i(). + New ASN1 macro: DECLARE_ASN1_ITEM() which just declares the relevant + ASN1_ITEM and no wrapper functions. + [Steve Henson] + + *) New functions or ASN1_item_d2i_fp() and ASN1_item_d2i_bio(). These + replace the old function pointer based I/O routines. Change most of + the *_d2i_bio() and *_d2i_fp() functions to use these. + [Steve Henson] + + *) Enhance mkdef.pl to be more accepting about spacing in C preprocessor + lines, recognice more "algorithms" that can be deselected, and make + it complain about algorithm deselection that isn't recognised. + [Richard Levitte] + + *) New ASN1 functions to handle dup, sign, verify, digest, pack and + unpack operations in terms of ASN1_ITEM. Modify existing wrappers + to use new functions. Add NO_ASN1_OLD which can be set to remove + some old style ASN1 functions: this can be used to determine if old + code will still work when these eventually go away. + [Steve Henson] + + *) New extension functions for OCSP structures, these follow the + same conventions as certificates and CRLs. + [Steve Henson] + + *) New function X509V3_add1_i2d(). This automatically encodes and + adds an extension. Its behaviour can be customised with various + flags to append, replace or delete. Various wrappers added for + certifcates and CRLs. + [Steve Henson] + + *) Fix to avoid calling the underlying ASN1 print routine when + an extension cannot be parsed. Correct a typo in the + OCSP_SERVICELOC extension. Tidy up print OCSP format. + [Steve Henson] + + *) Make mkdef.pl parse some of the ASN1 macros and add apropriate + entries for variables. + [Steve Henson] + + *) Add functionality to apps/openssl.c for detecting locking + problems: As the program is single-threaded, all we have + to do is register a locking callback using an array for + storing which locks are currently held by the program. + [Bodo Moeller] + + *) Use a lock around the call to CRYPTO_get_ex_new_index() in + SSL_get_ex_data_X509_STORE_idx(), which is used in + ssl_verify_cert_chain() and thus can be called at any time + during TLS/SSL handshakes so that thread-safety is essential. + Unfortunately, the ex_data design is not at all suited + for multi-threaded use, so it probably should be abolished. + [Bodo Moeller] + + *) Added Broadcom "ubsec" ENGINE to OpenSSL. + [Broadcom, tweaked and integrated by Geoff Thorpe] + + *) Move common extension printing code to new function + X509V3_print_extensions(). Reorganise OCSP print routines and + implement some needed OCSP ASN1 functions. Add OCSP extensions. + [Steve Henson] + + *) New function X509_signature_print() to remove duplication in some + print routines. + [Steve Henson] + + *) Add a special meaning when SET OF and SEQUENCE OF flags are both + set (this was treated exactly the same as SET OF previously). This + is used to reorder the STACK representing the structure to match the + encoding. This will be used to get round a problem where a PKCS7 + structure which was signed could not be verified because the STACK + order did not reflect the encoded order. + [Steve Henson] + + *) Reimplement the OCSP ASN1 module using the new code. + [Steve Henson] + + *) Update the X509V3 code to permit the use of an ASN1_ITEM structure + for its ASN1 operations. The old style function pointers still exist + for now but they will eventually go away. + [Steve Henson] + + *) Merge in replacement ASN1 code from the ASN1 branch. This almost + completely replaces the old ASN1 functionality with a table driven + encoder and decoder which interprets an ASN1_ITEM structure describing + the ASN1 module. Compatibility with the existing ASN1 API (i2d,d2i) is + largely maintained. Almost all of the old asn1_mac.h macro based ASN1 + has also been converted to the new form. + [Steve Henson] + + *) Change BN_mod_exp_recp so that negative moduli are tolerated + (the sign is ignored). Similarly, ignore the sign in BN_MONT_CTX_set + so that BN_mod_exp_mont and BN_mod_exp_mont_word work + for negative moduli. + [Bodo Moeller] + + *) Fix BN_uadd and BN_usub: Always return non-negative results instead + of not touching the result's sign bit. + [Bodo Moeller] + + *) BN_div bugfix: If the result is 0, the sign (res->neg) must not be + set. + [Bodo Moeller] + + *) Changed the LHASH code to use prototypes for callbacks, and created + macros to declare and implement thin (optionally static) functions + that provide type-safety and avoid function pointer casting for the + type-specific callbacks. + [Geoff Thorpe] + + *) Added Kerberos Cipher Suites to be used with TLS, as written in + RFC 2712. + [Veers Staats , + Jeffrey Altman , via Richard Levitte] + + *) Reformat the FAQ so the different questions and answers can be divided + in sections depending on the subject. + [Richard Levitte] + + *) Have the zlib compression code load ZLIB.DLL dynamically under + Windows. + [Richard Levitte] + + *) New function BN_mod_sqrt for computing square roots modulo a prime + (using the probabilistic Tonelli-Shanks algorithm unless + p == 3 (mod 4) or p == 5 (mod 8), which are cases that can + be handled deterministically). + [Lenka Fibikova , Bodo Moeller] + + *) Make BN_mod_inverse faster by explicitly handling small quotients + in the Euclid loop. (Speed gain about 20% for small moduli [256 or + 512 bits], about 30% for larger ones [1024 or 2048 bits].) + [Bodo Moeller] + + *) New function BN_kronecker. + [Bodo Moeller] + + *) Fix BN_gcd so that it works on negative inputs; the result is + positive unless both parameters are zero. + Previously something reasonably close to an infinite loop was + possible because numbers could be growing instead of shrinking + in the implementation of Euclid's algorithm. + [Bodo Moeller] + + *) Fix BN_is_word() and BN_is_one() macros to take into account the + sign of the number in question. + + Fix BN_is_word(a,w) to work correctly for w == 0. + + The old BN_is_word(a,w) macro is now called BN_abs_is_word(a,w) + because its test if the absolute value of 'a' equals 'w'. + Note that BN_abs_is_word does *not* handle w == 0 reliably; + it exists mostly for use in the implementations of BN_is_zero(), + BN_is_one(), and BN_is_word(). + [Bodo Moeller] + + *) New function BN_swap. + [Bodo Moeller] + + *) Use BN_nnmod instead of BN_mod in crypto/bn/bn_exp.c so that + the exponentiation functions are more likely to produce reasonable + results on negative inputs. + [Bodo Moeller] + + *) Change BN_mod_mul so that the result is always non-negative. + Previously, it could be negative if one of the factors was negative; + I don't think anyone really wanted that behaviour. + [Bodo Moeller] + + *) Move BN_mod_... functions into new file crypto/bn/bn_mod.c + (except for exponentiation, which stays in crypto/bn/bn_exp.c, + and BN_mod_mul_reciprocal, which stays in crypto/bn/bn_recp.c) + and add new functions: + + BN_nnmod + BN_mod_sqr + BN_mod_add + BN_mod_add_quick + BN_mod_sub + BN_mod_sub_quick + BN_mod_lshift1 + BN_mod_lshift1_quick + BN_mod_lshift + BN_mod_lshift_quick + + These functions always generate non-negative results. + + BN_nnmod otherwise is like BN_mod (if BN_mod computes a remainder r + such that |m| < r < 0, BN_nnmod will output rem + |m| instead). + + BN_mod_XXX_quick(r, a, [b,] m) generates the same result as + BN_mod_XXX(r, a, [b,] m, ctx), but requires that a [and b] + be reduced modulo m. + [Lenka Fibikova , Bodo Moeller] + +#if 0 + The following entry accidentily appeared in the CHANGES file + distributed with OpenSSL 0.9.7. The modifications described in + it do *not* apply to OpenSSL 0.9.7. + + *) Remove a few calls to bn_wexpand() in BN_sqr() (the one in there + was actually never needed) and in BN_mul(). The removal in BN_mul() + required a small change in bn_mul_part_recursive() and the addition + of the functions bn_cmp_part_words(), bn_sub_part_words() and + bn_add_part_words(), which do the same thing as bn_cmp_words(), + bn_sub_words() and bn_add_words() except they take arrays with + differing sizes. + [Richard Levitte] +#endif + + *) In 'openssl passwd', verify passwords read from the terminal + unless the '-salt' option is used (which usually means that + verification would just waste user's time since the resulting + hash is going to be compared with some given password hash) + or the new '-noverify' option is used. + + This is an incompatible change, but it does not affect + non-interactive use of 'openssl passwd' (passwords on the command + line, '-stdin' option, '-in ...' option) and thus should not + cause any problems. + [Bodo Moeller] + + *) Remove all references to RSAref, since there's no more need for it. + [Richard Levitte] + + *) Make DSO load along a path given through an environment variable + (SHLIB_PATH) with shl_load(). + [Richard Levitte] + + *) Constify the ENGINE code as a result of BIGNUM constification. + Also constify the RSA code and most things related to it. In a + few places, most notable in the depth of the ASN.1 code, ugly + casts back to non-const were required (to be solved at a later + time) + [Richard Levitte] + + *) Make it so the openssl application has all engines loaded by default. + [Richard Levitte] + + *) Constify the BIGNUM routines a little more. + [Richard Levitte] + + *) Add the following functions: + + ENGINE_load_cswift() + ENGINE_load_chil() + ENGINE_load_atalla() + ENGINE_load_nuron() + ENGINE_load_builtin_engines() + + That way, an application can itself choose if external engines that + are built-in in OpenSSL shall ever be used or not. The benefit is + that applications won't have to be linked with libdl or other dso + libraries unless it's really needed. + + Changed 'openssl engine' to load all engines on demand. + Changed the engine header files to avoid the duplication of some + declarations (they differed!). + [Richard Levitte] + + *) 'openssl engine' can now list capabilities. + [Richard Levitte] + + *) Better error reporting in 'openssl engine'. + [Richard Levitte] + + *) Never call load_dh_param(NULL) in s_server. + [Bodo Moeller] + + *) Add engine application. It can currently list engines by name and + identity, and test if they are actually available. + [Richard Levitte] + + *) Improve RPM specification file by forcing symbolic linking and making + sure the installed documentation is also owned by root.root. + [Damien Miller ] + + *) Give the OpenSSL applications more possibilities to make use of + keys (public as well as private) handled by engines. + [Richard Levitte] + + *) Add OCSP code that comes from CertCo. + [Richard Levitte] + + *) Add VMS support for the Rijndael code. + [Richard Levitte] + + *) Added untested support for Nuron crypto accelerator. + [Ben Laurie] + + *) Add support for external cryptographic devices. This code was + previously distributed separately as the "engine" branch. + [Geoff Thorpe, Richard Levitte] + + *) Rework the filename-translation in the DSO code. It is now possible to + have far greater control over how a "name" is turned into a filename + depending on the operating environment and any oddities about the + different shared library filenames on each system. + [Geoff Thorpe] + + *) Support threads on FreeBSD-elf in Configure. + [Richard Levitte] + + *) Fix for SHA1 assembly problem with MASM: it produces + warnings about corrupt line number information when assembling + with debugging information. This is caused by the overlapping + of two sections. + [Bernd Matthes , Steve Henson] + + *) NCONF changes. + NCONF_get_number() has no error checking at all. As a replacement, + NCONF_get_number_e() is defined (_e for "error checking") and is + promoted strongly. The old NCONF_get_number is kept around for + binary backward compatibility. + Make it possible for methods to load from something other than a BIO, + by providing a function pointer that is given a name instead of a BIO. + For example, this could be used to load configuration data from an + LDAP server. + [Richard Levitte] + + *) Fix for non blocking accept BIOs. Added new I/O special reason + BIO_RR_ACCEPT to cover this case. Previously use of accept BIOs + with non blocking I/O was not possible because no retry code was + implemented. Also added new SSL code SSL_WANT_ACCEPT to cover + this case. + [Steve Henson] + + *) Added the beginnings of Rijndael support. + [Ben Laurie] + + *) Fix for bug in DirectoryString mask setting. Add support for + X509_NAME_print_ex() in 'req' and X509_print_ex() function + to allow certificate printing to more controllable, additional + 'certopt' option to 'x509' to allow new printing options to be + set. + [Steve Henson] + + *) Clean old EAY MD5 hack from e_os.h. + [Richard Levitte] + + Changes between 0.9.6l and 0.9.6m [17 Mar 2004] + + *) Fix null-pointer assignment in do_change_cipher_spec() revealed + by using the Codenomicon TLS Test Tool (CVE-2004-0079) + [Joe Orton, Steve Henson] + + Changes between 0.9.6k and 0.9.6l [04 Nov 2003] + + *) Fix additional bug revealed by the NISCC test suite: + + Stop bug triggering large recursion when presented with + certain ASN.1 tags (CVE-2003-0851) + [Steve Henson] + + Changes between 0.9.6j and 0.9.6k [30 Sep 2003] + + *) Fix various bugs revealed by running the NISCC test suite: + + Stop out of bounds reads in the ASN1 code when presented with + invalid tags (CVE-2003-0543 and CVE-2003-0544). + + If verify callback ignores invalid public key errors don't try to check + certificate signature with the NULL public key. + + [Steve Henson] + + *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate + if the server requested one: as stated in TLS 1.0 and SSL 3.0 + specifications. + [Steve Henson] + + *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional + extra data after the compression methods not only for TLS 1.0 + but also for SSL 3.0 (as required by the specification). + [Bodo Moeller; problem pointed out by Matthias Loepfe] + + *) Change X509_certificate_type() to mark the key as exported/exportable + when it's 512 *bits* long, not 512 bytes. + [Richard Levitte] + + Changes between 0.9.6i and 0.9.6j [10 Apr 2003] + + *) Countermeasure against the Klima-Pokorny-Rosa extension of + Bleichbacher's attack on PKCS #1 v1.5 padding: treat + a protocol version number mismatch like a decryption error + in ssl3_get_client_key_exchange (ssl/s3_srvr.c). + [Bodo Moeller] + + *) Turn on RSA blinding by default in the default implementation + to avoid a timing attack. Applications that don't want it can call + RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING. + They would be ill-advised to do so in most cases. + [Ben Laurie, Steve Henson, Geoff Thorpe, Bodo Moeller] + + *) Change RSA blinding code so that it works when the PRNG is not + seeded (in this case, the secret RSA exponent is abused as + an unpredictable seed -- if it is not unpredictable, there + is no point in blinding anyway). Make RSA blinding thread-safe + by remembering the creator's thread ID in rsa->blinding and + having all other threads use local one-time blinding factors + (this requires more computation than sharing rsa->blinding, but + avoids excessive locking; and if an RSA object is not shared + between threads, blinding will still be very fast). + [Bodo Moeller] + + Changes between 0.9.6h and 0.9.6i [19 Feb 2003] + + *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked + via timing by performing a MAC computation even if incorrrect + block cipher padding has been found. This is a countermeasure + against active attacks where the attacker has to distinguish + between bad padding and a MAC verification error. (CVE-2003-0078) + + [Bodo Moeller; problem pointed out by Brice Canvel (EPFL), + Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and + Martin Vuagnoux (EPFL, Ilion)] + + Changes between 0.9.6g and 0.9.6h [5 Dec 2002] + + *) New function OPENSSL_cleanse(), which is used to cleanse a section of + memory from it's contents. This is done with a counter that will + place alternating values in each byte. This can be used to solve + two issues: 1) the removal of calls to memset() by highly optimizing + compilers, and 2) cleansing with other values than 0, since those can + be read through on certain media, for example a swap space on disk. + [Geoff Thorpe] + + *) Bugfix: client side session caching did not work with external caching, + because the session->cipher setting was not restored when reloading + from the external cache. This problem was masked, when + SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (part of SSL_OP_ALL) was set. + (Found by Steve Haslam .) + [Lutz Jaenicke] + + *) Fix client_certificate (ssl/s2_clnt.c): The permissible total + length of the REQUEST-CERTIFICATE message is 18 .. 34, not 17 .. 33. + [Zeev Lieber ] + + *) Undo an undocumented change introduced in 0.9.6e which caused + repeated calls to OpenSSL_add_all_ciphers() and + OpenSSL_add_all_digests() to be ignored, even after calling + EVP_cleanup(). + [Richard Levitte] + + *) Change the default configuration reader to deal with last line not + being properly terminated. + [Richard Levitte] + + *) Change X509_NAME_cmp() so it applies the special rules on handling + DN values that are of type PrintableString, as well as RDNs of type + emailAddress where the value has the type ia5String. + [stefank@valicert.com via Richard Levitte] + + *) Add a SSL_SESS_CACHE_NO_INTERNAL_STORE flag to take over half + the job SSL_SESS_CACHE_NO_INTERNAL_LOOKUP was inconsistently + doing, define a new flag (SSL_SESS_CACHE_NO_INTERNAL) to be + the bitwise-OR of the two for use by the majority of applications + wanting this behaviour, and update the docs. The documented + behaviour and actual behaviour were inconsistent and had been + changing anyway, so this is more a bug-fix than a behavioural + change. + [Geoff Thorpe, diagnosed by Nadav Har'El] + + *) Don't impose a 16-byte length minimum on session IDs in ssl/s3_clnt.c + (the SSL 3.0 and TLS 1.0 specifications allow any length up to 32 bytes). + [Bodo Moeller] + + *) Fix initialization code race conditions in + SSLv23_method(), SSLv23_client_method(), SSLv23_server_method(), + SSLv2_method(), SSLv2_client_method(), SSLv2_server_method(), + SSLv3_method(), SSLv3_client_method(), SSLv3_server_method(), + TLSv1_method(), TLSv1_client_method(), TLSv1_server_method(), + ssl2_get_cipher_by_char(), + ssl3_get_cipher_by_char(). + [Patrick McCormick , Bodo Moeller] + + *) Reorder cleanup sequence in SSL_CTX_free(): only remove the ex_data after + the cached sessions are flushed, as the remove_cb() might use ex_data + contents. Bug found by Sam Varshavchik + (see [openssl.org #212]). + [Geoff Thorpe, Lutz Jaenicke] + + *) Fix typo in OBJ_txt2obj which incorrectly passed the content + length, instead of the encoding length to d2i_ASN1_OBJECT. + [Steve Henson] + + Changes between 0.9.6f and 0.9.6g [9 Aug 2002] + + *) [In 0.9.6g-engine release:] + Fix crypto/engine/vendor_defns/cswift.h for WIN32 (use '_stdcall'). + [Lynn Gazis ] + + Changes between 0.9.6e and 0.9.6f [8 Aug 2002] + + *) Fix ASN1 checks. Check for overflow by comparing with LONG_MAX + and get fix the header length calculation. + [Florian Weimer , + Alon Kantor (and others), + Steve Henson] + + *) Use proper error handling instead of 'assertions' in buffer + overflow checks added in 0.9.6e. This prevents DoS (the + assertions could call abort()). + [Arne Ansper , Bodo Moeller] + + Changes between 0.9.6d and 0.9.6e [30 Jul 2002] + + *) Add various sanity checks to asn1_get_length() to reject + the ASN1 length bytes if they exceed sizeof(long), will appear + negative or the content length exceeds the length of the + supplied buffer. + [Steve Henson, Adi Stav , James Yonan ] + + *) Fix cipher selection routines: ciphers without encryption had no flags + for the cipher strength set and where therefore not handled correctly + by the selection routines (PR #130). + [Lutz Jaenicke] + + *) Fix EVP_dsa_sha macro. + [Nils Larsch] + + *) New option + SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS + for disabling the SSL 3.0/TLS 1.0 CBC vulnerability countermeasure + that was added in OpenSSL 0.9.6d. + + As the countermeasure turned out to be incompatible with some + broken SSL implementations, the new option is part of SSL_OP_ALL. + SSL_OP_ALL is usually employed when compatibility with weird SSL + implementations is desired (e.g. '-bugs' option to 's_client' and + 's_server'), so the new option is automatically set in many + applications. + [Bodo Moeller] + + *) Changes in security patch: + + Changes marked "(CHATS)" were sponsored by the Defense Advanced + Research Projects Agency (DARPA) and Air Force Research Laboratory, + Air Force Materiel Command, USAF, under agreement number + F30602-01-2-0537. + + *) Add various sanity checks to asn1_get_length() to reject + the ASN1 length bytes if they exceed sizeof(long), will appear + negative or the content length exceeds the length of the + supplied buffer. (CVE-2002-0659) + [Steve Henson, Adi Stav , James Yonan ] + + *) Assertions for various potential buffer overflows, not known to + happen in practice. + [Ben Laurie (CHATS)] + + *) Various temporary buffers to hold ASCII versions of integers were + too small for 64 bit platforms. (CVE-2002-0655) + [Matthew Byng-Maddick and Ben Laurie (CHATS)> + + *) Remote buffer overflow in SSL3 protocol - an attacker could + supply an oversized session ID to a client. (CVE-2002-0656) + [Ben Laurie (CHATS)] + + *) Remote buffer overflow in SSL2 protocol - an attacker could + supply an oversized client master key. (CVE-2002-0656) + [Ben Laurie (CHATS)] + + Changes between 0.9.6c and 0.9.6d [9 May 2002] + + *) Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not + encoded as NULL) with id-dsa-with-sha1. + [Nils Larsch ; problem pointed out by Bodo Moeller] + + *) Check various X509_...() return values in apps/req.c. + [Nils Larsch ] + + *) Fix BASE64 decode (EVP_DecodeUpdate) for data with CR/LF ended lines: + an end-of-file condition would erronously be flagged, when the CRLF + was just at the end of a processed block. The bug was discovered when + processing data through a buffering memory BIO handing the data to a + BASE64-decoding BIO. Bug fund and patch submitted by Pavel Tsekov + and Nedelcho Stanev. + [Lutz Jaenicke] + + *) Implement a countermeasure against a vulnerability recently found + in CBC ciphersuites in SSL 3.0/TLS 1.0: Send an empty fragment + before application data chunks to avoid the use of known IVs + with data potentially chosen by the attacker. + [Bodo Moeller] + + *) Fix length checks in ssl3_get_client_hello(). + [Bodo Moeller] + + *) TLS/SSL library bugfix: use s->s3->in_read_app_data differently + to prevent ssl3_read_internal() from incorrectly assuming that + ssl3_read_bytes() found application data while handshake + processing was enabled when in fact s->s3->in_read_app_data was + merely automatically cleared during the initial handshake. + [Bodo Moeller; problem pointed out by Arne Ansper ] + + *) Fix object definitions for Private and Enterprise: they were not + recognized in their shortname (=lowercase) representation. Extend + obj_dat.pl to issue an error when using undefined keywords instead + of silently ignoring the problem (Svenning Sorensen + ). + [Lutz Jaenicke] + + *) Fix DH_generate_parameters() so that it works for 'non-standard' + generators, i.e. generators other than 2 and 5. (Previously, the + code did not properly initialise the 'add' and 'rem' values to + BN_generate_prime().) + + In the new general case, we do not insist that 'generator' is + actually a primitive root: This requirement is rather pointless; + a generator of the order-q subgroup is just as good, if not + better. + [Bodo Moeller] + + *) Map new X509 verification errors to alerts. Discovered and submitted by + Tom Wu . + [Lutz Jaenicke] + + *) Fix ssl3_pending() (ssl/s3_lib.c) to prevent SSL_pending() from + returning non-zero before the data has been completely received + when using non-blocking I/O. + [Bodo Moeller; problem pointed out by John Hughes] + + *) Some of the ciphers missed the strength entry (SSL_LOW etc). + [Ben Laurie, Lutz Jaenicke] + + *) Fix bug in SSL_clear(): bad sessions were not removed (found by + Yoram Zahavi ). + [Lutz Jaenicke] + + *) Add information about CygWin 1.3 and on, and preserve proper + configuration for the versions before that. + [Corinna Vinschen and Richard Levitte] + + *) Make removal from session cache (SSL_CTX_remove_session()) more robust: + check whether we deal with a copy of a session and do not delete from + the cache in this case. Problem reported by "Izhar Shoshani Levi" + . + [Lutz Jaenicke] + + *) Do not store session data into the internal session cache, if it + is never intended to be looked up (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP + flag is set). Proposed by Aslam . + [Lutz Jaenicke] + + *) Have ASN1_BIT_STRING_set_bit() really clear a bit when the requested + value is 0. + [Richard Levitte] + + *) [In 0.9.6d-engine release:] + Fix a crashbug and a logic bug in hwcrhk_load_pubkey(). + [Toomas Kiisk via Richard Levitte] + + *) Add the configuration target linux-s390x. + [Neale Ferguson via Richard Levitte] + + *) The earlier bugfix for the SSL3_ST_SW_HELLO_REQ_C case of + ssl3_accept (ssl/s3_srvr.c) incorrectly used a local flag + variable as an indication that a ClientHello message has been + received. As the flag value will be lost between multiple + invocations of ssl3_accept when using non-blocking I/O, the + function may not be aware that a handshake has actually taken + place, thus preventing a new session from being added to the + session cache. + + To avoid this problem, we now set s->new_session to 2 instead of + using a local variable. + [Lutz Jaenicke, Bodo Moeller] + + *) Bugfix: Return -1 from ssl3_get_server_done (ssl3/s3_clnt.c) + if the SSL_R_LENGTH_MISMATCH error is detected. + [Geoff Thorpe, Bodo Moeller] + + *) New 'shared_ldflag' column in Configure platform table. + [Richard Levitte] + + *) Fix EVP_CIPHER_mode macro. + ["Dan S. Camper" ] + + *) Fix ssl3_read_bytes (ssl/s3_pkt.c): To ignore messages of unknown + type, we must throw them away by setting rr->length to 0. + [D P Chang ] + + Changes between 0.9.6b and 0.9.6c [21 dec 2001] + + *) Fix BN_rand_range bug pointed out by Dominikus Scherkl + . (The previous implementation + worked incorrectly for those cases where range = 10..._2 and + 3*range is two bits longer than range.) + [Bodo Moeller] + + *) Only add signing time to PKCS7 structures if it is not already + present. + [Steve Henson] + + *) Fix crypto/objects/objects.h: "ld-ce" should be "id-ce", + OBJ_ld_ce should be OBJ_id_ce. + Also some ip-pda OIDs in crypto/objects/objects.txt were + incorrect (cf. RFC 3039). + [Matt Cooper, Frederic Giudicelli, Bodo Moeller] + + *) Release CRYPTO_LOCK_DYNLOCK when CRYPTO_destroy_dynlockid() + returns early because it has nothing to do. + [Andy Schneider ] + + *) [In 0.9.6c-engine release:] + Fix mutex callback return values in crypto/engine/hw_ncipher.c. + [Andy Schneider ] + + *) [In 0.9.6c-engine release:] + Add support for Cryptographic Appliance's keyserver technology. + (Use engine 'keyclient') + [Cryptographic Appliances and Geoff Thorpe] + + *) Add a configuration entry for OS/390 Unix. The C compiler 'c89' + is called via tools/c89.sh because arguments have to be + rearranged (all '-L' options must appear before the first object + modules). + [Richard Shapiro ] + + *) [In 0.9.6c-engine release:] + Add support for Broadcom crypto accelerator cards, backported + from 0.9.7. + [Broadcom, Nalin Dahyabhai , Mark Cox] + + *) [In 0.9.6c-engine release:] + Add support for SureWare crypto accelerator cards from + Baltimore Technologies. (Use engine 'sureware') + [Baltimore Technologies and Mark Cox] + + *) [In 0.9.6c-engine release:] + Add support for crypto accelerator cards from Accelerated + Encryption Processing, www.aep.ie. (Use engine 'aep') + [AEP Inc. and Mark Cox] + + *) Add a configuration entry for gcc on UnixWare. + [Gary Benson ] + + *) Change ssl/s2_clnt.c and ssl/s2_srvr.c so that received handshake + messages are stored in a single piece (fixed-length part and + variable-length part combined) and fix various bugs found on the way. + [Bodo Moeller] + + *) Disable caching in BIO_gethostbyname(), directly use gethostbyname() + instead. BIO_gethostbyname() does not know what timeouts are + appropriate, so entries would stay in cache even when they have + become invalid. + [Bodo Moeller; problem pointed out by Rich Salz + + *) Change ssl23_get_client_hello (ssl/s23_srvr.c) behaviour when + faced with a pathologically small ClientHello fragment that does + not contain client_version: Instead of aborting with an error, + simply choose the highest available protocol version (i.e., + TLS 1.0 unless it is disabled). In practice, ClientHello + messages are never sent like this, but this change gives us + strictly correct behaviour at least for TLS. + [Bodo Moeller] + + *) Fix SSL handshake functions and SSL_clear() such that SSL_clear() + never resets s->method to s->ctx->method when called from within + one of the SSL handshake functions. + [Bodo Moeller; problem pointed out by Niko Baric] + + *) In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert + (sent using the client's version number) if client_version is + smaller than the protocol version in use. Also change + ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0 if + the client demanded SSL 3.0 but only TLS 1.0 is enabled; then + the client will at least see that alert. + [Bodo Moeller] + + *) Fix ssl3_get_message (ssl/s3_both.c) to handle message fragmentation + correctly. + [Bodo Moeller] + + *) Avoid infinite loop in ssl3_get_message (ssl/s3_both.c) if a + client receives HelloRequest while in a handshake. + [Bodo Moeller; bug noticed by Andy Schneider ] + + *) Bugfix in ssl3_accept (ssl/s3_srvr.c): Case SSL3_ST_SW_HELLO_REQ_C + should end in 'break', not 'goto end' which circuments various + cleanups done in state SSL_ST_OK. But session related stuff + must be disabled for SSL_ST_OK in the case that we just sent a + HelloRequest. + + Also avoid some overhead by not calling ssl_init_wbio_buffer() + before just sending a HelloRequest. + [Bodo Moeller, Eric Rescorla ] + + *) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't + reveal whether illegal block cipher padding was found or a MAC + verification error occured. (Neither SSLerr() codes nor alerts + are directly visible to potential attackers, but the information + may leak via logfiles.) + + Similar changes are not required for the SSL 2.0 implementation + because the number of padding bytes is sent in clear for SSL 2.0, + and the extra bytes are just ignored. However ssl/s2_pkt.c + failed to verify that the purported number of padding bytes is in + the legal range. + [Bodo Moeller] + + *) Add OpenUNIX-8 support including shared libraries + (Boyd Lynn Gerber ). + [Lutz Jaenicke] + + *) Improve RSA_padding_check_PKCS1_OAEP() check again to avoid + 'wristwatch attack' using huge encoding parameters (cf. + James H. Manger's CRYPTO 2001 paper). Note that the + RSA_PKCS1_OAEP_PADDING case of RSA_private_decrypt() does not use + encoding parameters and hence was not vulnerable. + [Bodo Moeller] + + *) BN_sqr() bug fix. + [Ulf Möller, reported by Jim Ellis ] + + *) Rabin-Miller test analyses assume uniformly distributed witnesses, + so use BN_pseudo_rand_range() instead of using BN_pseudo_rand() + followed by modular reduction. + [Bodo Moeller; pointed out by Adam Young ] + + *) Add BN_pseudo_rand_range() with obvious functionality: BN_rand_range() + equivalent based on BN_pseudo_rand() instead of BN_rand(). + [Bodo Moeller] + + *) s3_srvr.c: allow sending of large client certificate lists (> 16 kB). + This function was broken, as the check for a new client hello message + to handle SGC did not allow these large messages. + (Tracked down by "Douglas E. Engert" .) + [Lutz Jaenicke] + + *) Add alert descriptions for TLSv1 to SSL_alert_desc_string[_long](). + [Lutz Jaenicke] + + *) Fix buggy behaviour of BIO_get_num_renegotiates() and BIO_ctrl() + for BIO_C_GET_WRITE_BUF_SIZE ("Stephen Hinton" ). + [Lutz Jaenicke] + + *) Rework the configuration and shared library support for Tru64 Unix. + The configuration part makes use of modern compiler features and + still retains old compiler behavior for those that run older versions + of the OS. The shared library support part includes a variant that + uses the RPATH feature, and is available through the special + configuration target "alpha-cc-rpath", which will never be selected + automatically. + [Tim Mooney via Richard Levitte] + + *) In ssl3_get_key_exchange (ssl/s3_clnt.c), call ssl3_get_message() + with the same message size as in ssl3_get_certificate_request(). + Otherwise, if no ServerKeyExchange message occurs, CertificateRequest + messages might inadvertently be reject as too long. + [Petr Lampa ] + + *) Enhanced support for IA-64 Unix platforms (well, Linux and HP-UX). + [Andy Polyakov] + + *) Modified SSL library such that the verify_callback that has been set + specificly for an SSL object with SSL_set_verify() is actually being + used. Before the change, a verify_callback set with this function was + ignored and the verify_callback() set in the SSL_CTX at the time of + the call was used. New function X509_STORE_CTX_set_verify_cb() introduced + to allow the necessary settings. + [Lutz Jaenicke] + + *) Initialize static variable in crypto/dsa/dsa_lib.c and crypto/dh/dh_lib.c + explicitly to NULL, as at least on Solaris 8 this seems not always to be + done automatically (in contradiction to the requirements of the C + standard). This made problems when used from OpenSSH. + [Lutz Jaenicke] + + *) In OpenSSL 0.9.6a and 0.9.6b, crypto/dh/dh_key.c ignored + dh->length and always used + + BN_rand_range(priv_key, dh->p). + + BN_rand_range() is not necessary for Diffie-Hellman, and this + specific range makes Diffie-Hellman unnecessarily inefficient if + dh->length (recommended exponent length) is much smaller than the + length of dh->p. We could use BN_rand_range() if the order of + the subgroup was stored in the DH structure, but we only have + dh->length. + + So switch back to + + BN_rand(priv_key, l, ...) + + where 'l' is dh->length if this is defined, or BN_num_bits(dh->p)-1 + otherwise. + [Bodo Moeller] + + *) In + + RSA_eay_public_encrypt + RSA_eay_private_decrypt + RSA_eay_private_encrypt (signing) + RSA_eay_public_decrypt (signature verification) + + (default implementations for RSA_public_encrypt, + RSA_private_decrypt, RSA_private_encrypt, RSA_public_decrypt), + always reject numbers >= n. + [Bodo Moeller] + + *) In crypto/rand/md_rand.c, use a new short-time lock CRYPTO_LOCK_RAND2 + to synchronize access to 'locking_thread'. This is necessary on + systems where access to 'locking_thread' (an 'unsigned long' + variable) is not atomic. + [Bodo Moeller] + + *) In crypto/rand/md_rand.c, set 'locking_thread' to current thread's ID + *before* setting the 'crypto_lock_rand' flag. The previous code had + a race condition if 0 is a valid thread ID. + [Travis Vitek ] + + *) Add support for shared libraries under Irix. + [Albert Chin-A-Young ] + + *) Add configuration option to build on Linux on both big-endian and + little-endian MIPS. + [Ralf Baechle ] + + *) Add the possibility to create shared libraries on HP-UX. + [Richard Levitte] + + Changes between 0.9.6a and 0.9.6b [9 Jul 2001] + + *) Change ssleay_rand_bytes (crypto/rand/md_rand.c) + to avoid a SSLeay/OpenSSL PRNG weakness pointed out by + Markku-Juhani O. Saarinen : + PRNG state recovery was possible based on the output of + one PRNG request appropriately sized to gain knowledge on + 'md' followed by enough consecutive 1-byte PRNG requests + to traverse all of 'state'. + + 1. When updating 'md_local' (the current thread's copy of 'md') + during PRNG output generation, hash all of the previous + 'md_local' value, not just the half used for PRNG output. + + 2. Make the number of bytes from 'state' included into the hash + independent from the number of PRNG bytes requested. + + The first measure alone would be sufficient to avoid + Markku-Juhani's attack. (Actually it had never occurred + to me that the half of 'md_local' used for chaining was the + half from which PRNG output bytes were taken -- I had always + assumed that the secret half would be used.) The second + measure makes sure that additional data from 'state' is never + mixed into 'md_local' in small portions; this heuristically + further strengthens the PRNG. + [Bodo Moeller] + + *) Fix crypto/bn/asm/mips3.s. + [Andy Polyakov] + + *) When only the key is given to "enc", the IV is undefined. Print out + an error message in this case. + [Lutz Jaenicke] + + *) Handle special case when X509_NAME is empty in X509 printing routines. + [Steve Henson] + + *) In dsa_do_verify (crypto/dsa/dsa_ossl.c), verify that r and s are + positive and less than q. + [Bodo Moeller] + + *) Don't change *pointer in CRYPTO_add_lock() is add_lock_callback is + used: it isn't thread safe and the add_lock_callback should handle + that itself. + [Paul Rose ] + + *) Verify that incoming data obeys the block size in + ssl3_enc (ssl/s3_enc.c) and tls1_enc (ssl/t1_enc.c). + [Bodo Moeller] + + *) Fix OAEP check. + [Ulf Möller, Bodo Möller] + + *) The countermeasure against Bleichbacher's attack on PKCS #1 v1.5 + RSA encryption was accidentally removed in s3_srvr.c in OpenSSL 0.9.5 + when fixing the server behaviour for backwards-compatible 'client + hello' messages. (Note that the attack is impractical against + SSL 3.0 and TLS 1.0 anyway because length and version checking + means that the probability of guessing a valid ciphertext is + around 2^-40; see section 5 in Bleichenbacher's CRYPTO '98 + paper.) + + Before 0.9.5, the countermeasure (hide the error by generating a + random 'decryption result') did not work properly because + ERR_clear_error() was missing, meaning that SSL_get_error() would + detect the supposedly ignored error. + + Both problems are now fixed. + [Bodo Moeller] + + *) In crypto/bio/bf_buff.c, increase DEFAULT_BUFFER_SIZE to 4096 + (previously it was 1024). + [Bodo Moeller] + + *) Fix for compatibility mode trust settings: ignore trust settings + unless some valid trust or reject settings are present. + [Steve Henson] + + *) Fix for blowfish EVP: its a variable length cipher. + [Steve Henson] + + *) Fix various bugs related to DSA S/MIME verification. Handle missing + parameters in DSA public key structures and return an error in the + DSA routines if parameters are absent. + [Steve Henson] + + *) In versions up to 0.9.6, RAND_file_name() resorted to file ".rnd" + in the current directory if neither $RANDFILE nor $HOME was set. + RAND_file_name() in 0.9.6a returned NULL in this case. This has + caused some confusion to Windows users who haven't defined $HOME. + Thus RAND_file_name() is changed again: e_os.h can define a + DEFAULT_HOME, which will be used if $HOME is not set. + For Windows, we use "C:"; on other platforms, we still require + environment variables. + + *) Move 'if (!initialized) RAND_poll()' into regions protected by + CRYPTO_LOCK_RAND. This is not strictly necessary, but avoids + having multiple threads call RAND_poll() concurrently. + [Bodo Moeller] + + *) In crypto/rand/md_rand.c, replace 'add_do_not_lock' flag by a + combination of a flag and a thread ID variable. + Otherwise while one thread is in ssleay_rand_bytes (which sets the + flag), *other* threads can enter ssleay_add_bytes without obeying + the CRYPTO_LOCK_RAND lock (and may even illegally release the lock + that they do not hold after the first thread unsets add_do_not_lock). + [Bodo Moeller] + + *) Change bctest again: '-x' expressions are not available in all + versions of 'test'. + [Bodo Moeller] + + Changes between 0.9.6 and 0.9.6a [5 Apr 2001] + + *) Fix a couple of memory leaks in PKCS7_dataDecode() + [Steve Henson, reported by Heyun Zheng ] + + *) Change Configure and Makefiles to provide EXE_EXT, which will contain + the default extension for executables, if any. Also, make the perl + scripts that use symlink() to test if it really exists and use "cp" + if it doesn't. All this made OpenSSL compilable and installable in + CygWin. + [Richard Levitte] + + *) Fix for asn1_GetSequence() for indefinite length constructed data. + If SEQUENCE is length is indefinite just set c->slen to the total + amount of data available. + [Steve Henson, reported by shige@FreeBSD.org] + [This change does not apply to 0.9.7.] + + *) Change bctest to avoid here-documents inside command substitution + (workaround for FreeBSD /bin/sh bug). + For compatibility with Ultrix, avoid shell functions (introduced + in the bctest version that searches along $PATH). + [Bodo Moeller] + + *) Rename 'des_encrypt' to 'des_encrypt1'. This avoids the clashes + with des_encrypt() defined on some operating systems, like Solaris + and UnixWare. + [Richard Levitte] + + *) Check the result of RSA-CRT (see D. Boneh, R. DeMillo, R. Lipton: + On the Importance of Eliminating Errors in Cryptographic + Computations, J. Cryptology 14 (2001) 2, 101-119, + http://theory.stanford.edu/~dabo/papers/faults.ps.gz). + [Ulf Moeller] + + *) MIPS assembler BIGNUM division bug fix. + [Andy Polyakov] + + *) Disabled incorrect Alpha assembler code. + [Richard Levitte] + + *) Fix PKCS#7 decode routines so they correctly update the length + after reading an EOC for the EXPLICIT tag. + [Steve Henson] + [This change does not apply to 0.9.7.] + + *) Fix bug in PKCS#12 key generation routines. This was triggered + if a 3DES key was generated with a 0 initial byte. Include + PKCS12_BROKEN_KEYGEN compilation option to retain the old + (but broken) behaviour. + [Steve Henson] + + *) Enhance bctest to search for a working bc along $PATH and print + it when found. + [Tim Rice via Richard Levitte] + + *) Fix memory leaks in err.c: free err_data string if necessary; + don't write to the wrong index in ERR_set_error_data. + [Bodo Moeller] + + *) Implement ssl23_peek (analogous to ssl23_read), which previously + did not exist. + [Bodo Moeller] + + *) Replace rdtsc with _emit statements for VC++ version 5. + [Jeremy Cooper ] + + *) Make it possible to reuse SSLv2 sessions. + [Richard Levitte] + + *) In copy_email() check for >= 0 as a return value for + X509_NAME_get_index_by_NID() since 0 is a valid index. + [Steve Henson reported by Massimiliano Pala ] + + *) Avoid coredump with unsupported or invalid public keys by checking if + X509_get_pubkey() fails in PKCS7_verify(). Fix memory leak when + PKCS7_verify() fails with non detached data. + [Steve Henson] + + *) Don't use getenv in library functions when run as setuid/setgid. + New function OPENSSL_issetugid(). + [Ulf Moeller] + + *) Avoid false positives in memory leak detection code (crypto/mem_dbg.c) + due to incorrect handling of multi-threading: + + 1. Fix timing glitch in the MemCheck_off() portion of CRYPTO_mem_ctrl(). + + 2. Fix logical glitch in is_MemCheck_on() aka CRYPTO_is_mem_check_on(). + + 3. Count how many times MemCheck_off() has been called so that + nested use can be treated correctly. This also avoids + inband-signalling in the previous code (which relied on the + assumption that thread ID 0 is impossible). + [Bodo Moeller] + + *) Add "-rand" option also to s_client and s_server. + [Lutz Jaenicke] + + *) Fix CPU detection on Irix 6.x. + [Kurt Hockenbury and + "Bruce W. Forsberg" ] + + *) Fix X509_NAME bug which produced incorrect encoding if X509_NAME + was empty. + [Steve Henson] + [This change does not apply to 0.9.7.] + + *) Use the cached encoding of an X509_NAME structure rather than + copying it. This is apparently the reason for the libsafe "errors" + but the code is actually correct. + [Steve Henson] + + *) Add new function BN_rand_range(), and fix DSA_sign_setup() to prevent + Bleichenbacher's DSA attack. + Extend BN_[pseudo_]rand: As before, top=1 forces the highest two bits + to be set and top=0 forces the highest bit to be set; top=-1 is new + and leaves the highest bit random. + [Ulf Moeller, Bodo Moeller] + + *) In the NCONF_...-based implementations for CONF_... queries + (crypto/conf/conf_lib.c), if the input LHASH is NULL, avoid using + a temporary CONF structure with the data component set to NULL + (which gives segmentation faults in lh_retrieve). + Instead, use NULL for the CONF pointer in CONF_get_string and + CONF_get_number (which may use environment variables) and directly + return NULL from CONF_get_section. + [Bodo Moeller] + + *) Fix potential buffer overrun for EBCDIC. + [Ulf Moeller] + + *) Tolerate nonRepudiation as being valid for S/MIME signing and certSign + keyUsage if basicConstraints absent for a CA. + [Steve Henson] + + *) Make SMIME_write_PKCS7() write mail header values with a format that + is more generally accepted (no spaces before the semicolon), since + some programs can't parse those values properly otherwise. Also make + sure BIO's that break lines after each write do not create invalid + headers. + [Richard Levitte] + + *) Make the CRL encoding routines work with empty SEQUENCE OF. The + macros previously used would not encode an empty SEQUENCE OF + and break the signature. + [Steve Henson] + [This change does not apply to 0.9.7.] + + *) Zero the premaster secret after deriving the master secret in + DH ciphersuites. + [Steve Henson] + + *) Add some EVP_add_digest_alias registrations (as found in + OpenSSL_add_all_digests()) to SSL_library_init() + aka OpenSSL_add_ssl_algorithms(). This provides improved + compatibility with peers using X.509 certificates + with unconventional AlgorithmIdentifier OIDs. + [Bodo Moeller] + + *) Fix for Irix with NO_ASM. + ["Bruce W. Forsberg" ] + + *) ./config script fixes. + [Ulf Moeller, Richard Levitte] + + *) Fix 'openssl passwd -1'. + [Bodo Moeller] + + *) Change PKCS12_key_gen_asc() so it can cope with non null + terminated strings whose length is passed in the passlen + parameter, for example from PEM callbacks. This was done + by adding an extra length parameter to asc2uni(). + [Steve Henson, reported by ] + + *) Fix C code generated by 'openssl dsaparam -C': If a BN_bin2bn + call failed, free the DSA structure. + [Bodo Moeller] + + *) Fix to uni2asc() to cope with zero length Unicode strings. + These are present in some PKCS#12 files. + [Steve Henson] + + *) Increase s2->wbuf allocation by one byte in ssl2_new (ssl/s2_lib.c). + Otherwise do_ssl_write (ssl/s2_pkt.c) will write beyond buffer limits + when writing a 32767 byte record. + [Bodo Moeller; problem reported by Eric Day ] + + *) In RSA_eay_public_{en,ed}crypt and RSA_eay_mod_exp (rsa_eay.c), + obtain lock CRYPTO_LOCK_RSA before setting rsa->_method_mod_{n,p,q}. + + (RSA objects have a reference count access to which is protected + by CRYPTO_LOCK_RSA [see rsa_lib.c, s3_srvr.c, ssl_cert.c, ssl_rsa.c], + so they are meant to be shared between threads.) + [Bodo Moeller, Geoff Thorpe; original patch submitted by + "Reddie, Steven" ] + + *) Fix a deadlock in CRYPTO_mem_leaks(). + [Bodo Moeller] + + *) Use better test patterns in bntest. + [Ulf Möller] + + *) rand_win.c fix for Borland C. + [Ulf Möller] + + *) BN_rshift bugfix for n == 0. + [Bodo Moeller] + + *) Add a 'bctest' script that checks for some known 'bc' bugs + so that 'make test' does not abort just because 'bc' is broken. + [Bodo Moeller] + + *) Store verify_result within SSL_SESSION also for client side to + avoid potential security hole. (Re-used sessions on the client side + always resulted in verify_result==X509_V_OK, not using the original + result of the server certificate verification.) + [Lutz Jaenicke] + + *) Fix ssl3_pending: If the record in s->s3->rrec is not of type + SSL3_RT_APPLICATION_DATA, return 0. + Similarly, change ssl2_pending to return 0 if SSL_in_init(s) is true. + [Bodo Moeller] + + *) Fix SSL_peek: + Both ssl2_peek and ssl3_peek, which were totally broken in earlier + releases, have been re-implemented by renaming the previous + implementations of ssl2_read and ssl3_read to ssl2_read_internal + and ssl3_read_internal, respectively, and adding 'peek' parameters + to them. The new ssl[23]_{read,peek} functions are calls to + ssl[23]_read_internal with the 'peek' flag set appropriately. + A 'peek' parameter has also been added to ssl3_read_bytes, which + does the actual work for ssl3_read_internal. + [Bodo Moeller] + + *) Initialise "ex_data" member of RSA/DSA/DH structures prior to calling + the method-specific "init()" handler. Also clean up ex_data after + calling the method-specific "finish()" handler. Previously, this was + happening the other way round. + [Geoff Thorpe] + + *) Increase BN_CTX_NUM (the number of BIGNUMs in a BN_CTX) to 16. + The previous value, 12, was not always sufficient for BN_mod_exp(). + [Bodo Moeller] + + *) Make sure that shared libraries get the internal name engine with + the full version number and not just 0. This should mark the + shared libraries as not backward compatible. Of course, this should + be changed again when we can guarantee backward binary compatibility. + [Richard Levitte] + + *) Fix typo in get_cert_by_subject() in by_dir.c + [Jean-Marc Desperrier ] + + *) Rework the system to generate shared libraries: + + - Make note of the expected extension for the shared libraries and + if there is a need for symbolic links from for example libcrypto.so.0 + to libcrypto.so.0.9.7. There is extended info in Configure for + that. + + - Make as few rebuilds of the shared libraries as possible. + + - Still avoid linking the OpenSSL programs with the shared libraries. + + - When installing, install the shared libraries separately from the + static ones. + [Richard Levitte] + + *) Fix SSL_CTX_set_read_ahead macro to actually use its argument. + + Copy SSL_CTX's read_ahead flag to SSL object directly in SSL_new + and not in SSL_clear because the latter is also used by the + accept/connect functions; previously, the settings made by + SSL_set_read_ahead would be lost during the handshake. + [Bodo Moeller; problems reported by Anders Gertz ] + + *) Correct util/mkdef.pl to be selective about disabled algorithms. + Previously, it would create entries for disableed algorithms no + matter what. + [Richard Levitte] + + *) Added several new manual pages for SSL_* function. + [Lutz Jaenicke] + + Changes between 0.9.5a and 0.9.6 [24 Sep 2000] + + *) In ssl23_get_client_hello, generate an error message when faced + with an initial SSL 3.0/TLS record that is too small to contain the + first two bytes of the ClientHello message, i.e. client_version. + (Note that this is a pathologic case that probably has never happened + in real life.) The previous approach was to use the version number + from the record header as a substitute; but our protocol choice + should not depend on that one because it is not authenticated + by the Finished messages. + [Bodo Moeller] + + *) More robust randomness gathering functions for Windows. + [Jeffrey Altman ] + + *) For compatibility reasons if the flag X509_V_FLAG_ISSUER_CHECK is + not set then we don't setup the error code for issuer check errors + to avoid possibly overwriting other errors which the callback does + handle. If an application does set the flag then we assume it knows + what it is doing and can handle the new informational codes + appropriately. + [Steve Henson] + + *) Fix for a nasty bug in ASN1_TYPE handling. ASN1_TYPE is used for + a general "ANY" type, as such it should be able to decode anything + including tagged types. However it didn't check the class so it would + wrongly interpret tagged types in the same way as their universal + counterpart and unknown types were just rejected. Changed so that the + tagged and unknown types are handled in the same way as a SEQUENCE: + that is the encoding is stored intact. There is also a new type + "V_ASN1_OTHER" which is used when the class is not universal, in this + case we have no idea what the actual type is so we just lump them all + together. + [Steve Henson] + + *) On VMS, stdout may very well lead to a file that is written to + in a record-oriented fashion. That means that every write() will + write a separate record, which will be read separately by the + programs trying to read from it. This can be very confusing. + + The solution is to put a BIO filter in the way that will buffer + text until a linefeed is reached, and then write everything a + line at a time, so every record written will be an actual line, + not chunks of lines and not (usually doesn't happen, but I've + seen it once) several lines in one record. BIO_f_linebuffer() is + the answer. + + Currently, it's a VMS-only method, because that's where it has + been tested well enough. + [Richard Levitte] + + *) Remove 'optimized' squaring variant in BN_mod_mul_montgomery, + it can return incorrect results. + (Note: The buggy variant was not enabled in OpenSSL 0.9.5a, + but it was in 0.9.6-beta[12].) + [Bodo Moeller] + + *) Disable the check for content being present when verifying detached + signatures in pk7_smime.c. Some versions of Netscape (wrongly) + include zero length content when signing messages. + [Steve Henson] + + *) New BIO_shutdown_wr macro, which invokes the BIO_C_SHUTDOWN_WR + BIO_ctrl (for BIO pairs). + [Bodo Möller] + + *) Add DSO method for VMS. + [Richard Levitte] + + *) Bug fix: Montgomery multiplication could produce results with the + wrong sign. + [Ulf Möller] + + *) Add RPM specification openssl.spec and modify it to build three + packages. The default package contains applications, application + documentation and run-time libraries. The devel package contains + include files, static libraries and function documentation. The + doc package contains the contents of the doc directory. The original + openssl.spec was provided by Damien Miller . + [Richard Levitte] + + *) Add a large number of documentation files for many SSL routines. + [Lutz Jaenicke ] + + *) Add a configuration entry for Sony News 4. + [NAKAJI Hiroyuki ] + + *) Don't set the two most significant bits to one when generating a + random number < q in the DSA library. + [Ulf Möller] + + *) New SSL API mode 'SSL_MODE_AUTO_RETRY'. This disables the default + behaviour that SSL_read may result in SSL_ERROR_WANT_READ (even if + the underlying transport is blocking) if a handshake took place. + (The default behaviour is needed by applications such as s_client + and s_server that use select() to determine when to use SSL_read; + but for applications that know in advance when to expect data, it + just makes things more complicated.) + [Bodo Moeller] + + *) Add RAND_egd_bytes(), which gives control over the number of bytes read + from EGD. + [Ben Laurie] + + *) Add a few more EBCDIC conditionals that make `req' and `x509' + work better on such systems. + [Martin Kraemer ] + + *) Add two demo programs for PKCS12_parse() and PKCS12_create(). + Update PKCS12_parse() so it copies the friendlyName and the + keyid to the certificates aux info. + [Steve Henson] + + *) Fix bug in PKCS7_verify() which caused an infinite loop + if there was more than one signature. + [Sven Uszpelkat ] + + *) Major change in util/mkdef.pl to include extra information + about each symbol, as well as presentig variables as well + as functions. This change means that there's n more need + to rebuild the .num files when some algorithms are excluded. + [Richard Levitte] + + *) Allow the verify time to be set by an application, + rather than always using the current time. + [Steve Henson] + + *) Phase 2 verify code reorganisation. The certificate + verify code now looks up an issuer certificate by a + number of criteria: subject name, authority key id + and key usage. It also verifies self signed certificates + by the same criteria. The main comparison function is + X509_check_issued() which performs these checks. + + Lot of changes were necessary in order to support this + without completely rewriting the lookup code. + + Authority and subject key identifier are now cached. + + The LHASH 'certs' is X509_STORE has now been replaced + by a STACK_OF(X509_OBJECT). This is mainly because an + LHASH can't store or retrieve multiple objects with + the same hash value. + + As a result various functions (which were all internal + use only) have changed to handle the new X509_STORE + structure. This will break anything that messed round + with X509_STORE internally. + + The functions X509_STORE_add_cert() now checks for an + exact match, rather than just subject name. + + The X509_STORE API doesn't directly support the retrieval + of multiple certificates matching a given criteria, however + this can be worked round by performing a lookup first + (which will fill the cache with candidate certificates) + and then examining the cache for matches. This is probably + the best we can do without throwing out X509_LOOKUP + entirely (maybe later...). + + The X509_VERIFY_CTX structure has been enhanced considerably. + + All certificate lookup operations now go via a get_issuer() + callback. Although this currently uses an X509_STORE it + can be replaced by custom lookups. This is a simple way + to bypass the X509_STORE hackery necessary to make this + work and makes it possible to use more efficient techniques + in future. A very simple version which uses a simple + STACK for its trusted certificate store is also provided + using X509_STORE_CTX_trusted_stack(). + + The verify_cb() and verify() callbacks now have equivalents + in the X509_STORE_CTX structure. + + X509_STORE_CTX also has a 'flags' field which can be used + to customise the verify behaviour. + [Steve Henson] + + *) Add new PKCS#7 signing option PKCS7_NOSMIMECAP which + excludes S/MIME capabilities. + [Steve Henson] + + *) When a certificate request is read in keep a copy of the + original encoding of the signed data and use it when outputing + again. Signatures then use the original encoding rather than + a decoded, encoded version which may cause problems if the + request is improperly encoded. + [Steve Henson] + + *) For consistency with other BIO_puts implementations, call + buffer_write(b, ...) directly in buffer_puts instead of calling + BIO_write(b, ...). + + In BIO_puts, increment b->num_write as in BIO_write. + [Peter.Sylvester@EdelWeb.fr] + + *) Fix BN_mul_word for the case where the word is 0. (We have to use + BN_zero, we may not return a BIGNUM with an array consisting of + words set to zero.) + [Bodo Moeller] + + *) Avoid calling abort() from within the library when problems are + detected, except if preprocessor symbols have been defined + (such as REF_CHECK, BN_DEBUG etc.). + [Bodo Moeller] + + *) New openssl application 'rsautl'. This utility can be + used for low level RSA operations. DER public key + BIO/fp routines also added. + [Steve Henson] + + *) New Configure entry and patches for compiling on QNX 4. + [Andreas Schneider ] + + *) A demo state-machine implementation was sponsored by + Nuron (http://www.nuron.com/) and is now available in + demos/state_machine. + [Ben Laurie] + + *) New options added to the 'dgst' utility for signature + generation and verification. + [Steve Henson] + + *) Unrecognized PKCS#7 content types are now handled via a + catch all ASN1_TYPE structure. This allows unsupported + types to be stored as a "blob" and an application can + encode and decode it manually. + [Steve Henson] + + *) Fix various signed/unsigned issues to make a_strex.c + compile under VC++. + [Oscar Jacobsson ] + + *) ASN1 fixes. i2d_ASN1_OBJECT was not returning the correct + length if passed a buffer. ASN1_INTEGER_to_BN failed + if passed a NULL BN and its argument was negative. + [Steve Henson, pointed out by Sven Heiberg ] + + *) Modification to PKCS#7 encoding routines to output definite + length encoding. Since currently the whole structures are in + memory there's not real point in using indefinite length + constructed encoding. However if OpenSSL is compiled with + the flag PKCS7_INDEFINITE_ENCODING the old form is used. + [Steve Henson] + + *) Added BIO_vprintf() and BIO_vsnprintf(). + [Richard Levitte] + + *) Added more prefixes to parse for in the the strings written + through a logging bio, to cover all the levels that are available + through syslog. The prefixes are now: + + PANIC, EMERG, EMR => LOG_EMERG + ALERT, ALR => LOG_ALERT + CRIT, CRI => LOG_CRIT + ERROR, ERR => LOG_ERR + WARNING, WARN, WAR => LOG_WARNING + NOTICE, NOTE, NOT => LOG_NOTICE + INFO, INF => LOG_INFO + DEBUG, DBG => LOG_DEBUG + + and as before, if none of those prefixes are present at the + beginning of the string, LOG_ERR is chosen. + + On Win32, the LOG_* levels are mapped according to this: + + LOG_EMERG, LOG_ALERT, LOG_CRIT, LOG_ERR => EVENTLOG_ERROR_TYPE + LOG_WARNING => EVENTLOG_WARNING_TYPE + LOG_NOTICE, LOG_INFO, LOG_DEBUG => EVENTLOG_INFORMATION_TYPE + + [Richard Levitte] + + *) Made it possible to reconfigure with just the configuration + argument "reconf" or "reconfigure". The command line arguments + are stored in Makefile.ssl in the variable CONFIGURE_ARGS, + and are retrieved from there when reconfiguring. + [Richard Levitte] + + *) MD4 implemented. + [Assar Westerlund , Richard Levitte] + + *) Add the arguments -CAfile and -CApath to the pkcs12 utility. + [Richard Levitte] + + *) The obj_dat.pl script was messing up the sorting of object + names. The reason was that it compared the quoted version + of strings as a result "OCSP" > "OCSP Signing" because + " > SPACE. Changed script to store unquoted versions of + names and add quotes on output. It was also omitting some + names from the lookup table if they were given a default + value (that is if SN is missing it is given the same + value as LN and vice versa), these are now added on the + grounds that if an object has a name we should be able to + look it up. Finally added warning output when duplicate + short or long names are found. + [Steve Henson] + + *) Changes needed for Tandem NSK. + [Scott Uroff ] + + *) Fix SSL 2.0 rollback checking: Due to an off-by-one error in + RSA_padding_check_SSLv23(), special padding was never detected + and thus the SSL 3.0/TLS 1.0 countermeasure against protocol + version rollback attacks was not effective. + + In s23_clnt.c, don't use special rollback-attack detection padding + (RSA_SSLV23_PADDING) if SSL 2.0 is the only protocol enabled in the + client; similarly, in s23_srvr.c, don't do the rollback check if + SSL 2.0 is the only protocol enabled in the server. + [Bodo Moeller] + + *) Make it possible to get hexdumps of unprintable data with 'openssl + asn1parse'. By implication, the functions ASN1_parse_dump() and + BIO_dump_indent() are added. + [Richard Levitte] + + *) New functions ASN1_STRING_print_ex() and X509_NAME_print_ex() + these print out strings and name structures based on various + flags including RFC2253 support and proper handling of + multibyte characters. Added options to the 'x509' utility + to allow the various flags to be set. + [Steve Henson] + + *) Various fixes to use ASN1_TIME instead of ASN1_UTCTIME. + Also change the functions X509_cmp_current_time() and + X509_gmtime_adj() work with an ASN1_TIME structure, + this will enable certificates using GeneralizedTime in validity + dates to be checked. + [Steve Henson] + + *) Make the NEG_PUBKEY_BUG code (which tolerates invalid + negative public key encodings) on by default, + NO_NEG_PUBKEY_BUG can be set to disable it. + [Steve Henson] + + *) New function c2i_ASN1_OBJECT() which acts on ASN1_OBJECT + content octets. An i2c_ASN1_OBJECT is unnecessary because + the encoding can be trivially obtained from the structure. + [Steve Henson] + + *) crypto/err.c locking bugfix: Use write locks (CRYPTO_w_[un]lock), + not read locks (CRYPTO_r_[un]lock). + [Bodo Moeller] + + *) A first attempt at creating official support for shared + libraries through configuration. I've kept it so the + default is static libraries only, and the OpenSSL programs + are always statically linked for now, but there are + preparations for dynamic linking in place. + This has been tested on Linux and Tru64. + [Richard Levitte] + + *) Randomness polling function for Win9x, as described in: + Peter Gutmann, Software Generation of Practically Strong + Random Numbers. + [Ulf Möller] + + *) Fix so PRNG is seeded in req if using an already existing + DSA key. + [Steve Henson] + + *) New options to smime application. -inform and -outform + allow alternative formats for the S/MIME message including + PEM and DER. The -content option allows the content to be + specified separately. This should allow things like Netscape + form signing output easier to verify. + [Steve Henson] + + *) Fix the ASN1 encoding of tags using the 'long form'. + [Steve Henson] + + *) New ASN1 functions, i2c_* and c2i_* for INTEGER and BIT + STRING types. These convert content octets to and from the + underlying type. The actual tag and length octets are + already assumed to have been read in and checked. These + are needed because all other string types have virtually + identical handling apart from the tag. By having versions + of the ASN1 functions that just operate on content octets + IMPLICIT tagging can be handled properly. It also allows + the ASN1_ENUMERATED code to be cut down because ASN1_ENUMERATED + and ASN1_INTEGER are identical apart from the tag. + [Steve Henson] + + *) Change the handling of OID objects as follows: + + - New object identifiers are inserted in objects.txt, following + the syntax given in objects.README. + - objects.pl is used to process obj_mac.num and create a new + obj_mac.h. + - obj_dat.pl is used to create a new obj_dat.h, using the data in + obj_mac.h. + + This is currently kind of a hack, and the perl code in objects.pl + isn't very elegant, but it works as I intended. The simplest way + to check that it worked correctly is to look in obj_dat.h and + check the array nid_objs and make sure the objects haven't moved + around (this is important!). Additions are OK, as well as + consistent name changes. + [Richard Levitte] + + *) Add BSD-style MD5-based passwords to 'openssl passwd' (option '-1'). + [Bodo Moeller] + + *) Addition of the command line parameter '-rand file' to 'openssl req'. + The given file adds to whatever has already been seeded into the + random pool through the RANDFILE configuration file option or + environment variable, or the default random state file. + [Richard Levitte] + + *) mkstack.pl now sorts each macro group into lexical order. + Previously the output order depended on the order the files + appeared in the directory, resulting in needless rewriting + of safestack.h . + [Steve Henson] + + *) Patches to make OpenSSL compile under Win32 again. Mostly + work arounds for the VC++ problem that it treats func() as + func(void). Also stripped out the parts of mkdef.pl that + added extra typesafe functions: these no longer exist. + [Steve Henson] + + *) Reorganisation of the stack code. The macros are now all + collected in safestack.h . Each macro is defined in terms of + a "stack macro" of the form SKM_(type, a, b). The + DEBUG_SAFESTACK is now handled in terms of function casts, + this has the advantage of retaining type safety without the + use of additional functions. If DEBUG_SAFESTACK is not defined + then the non typesafe macros are used instead. Also modified the + mkstack.pl script to handle the new form. Needs testing to see + if which (if any) compilers it chokes and maybe make DEBUG_SAFESTACK + the default if no major problems. Similar behaviour for ASN1_SET_OF + and PKCS12_STACK_OF. + [Steve Henson] + + *) When some versions of IIS use the 'NET' form of private key the + key derivation algorithm is different. Normally MD5(password) is + used as a 128 bit RC4 key. In the modified case + MD5(MD5(password) + "SGCKEYSALT") is used insted. Added some + new functions i2d_RSA_NET(), d2i_RSA_NET() etc which are the same + as the old Netscape_RSA functions except they have an additional + 'sgckey' parameter which uses the modified algorithm. Also added + an -sgckey command line option to the rsa utility. Thanks to + Adrian Peck for posting details of the modified + algorithm to openssl-dev. + [Steve Henson] + + *) The evp_local.h macros were using 'c.##kname' which resulted in + invalid expansion on some systems (SCO 5.0.5 for example). + Corrected to 'c.kname'. + [Phillip Porch ] + + *) New X509_get1_email() and X509_REQ_get1_email() functions that return + a STACK of email addresses from a certificate or request, these look + in the subject name and the subject alternative name extensions and + omit any duplicate addresses. + [Steve Henson] + + *) Re-implement BN_mod_exp2_mont using independent (and larger) windows. + This makes DSA verification about 2 % faster. + [Bodo Moeller] + + *) Increase maximum window size in BN_mod_exp_... to 6 bits instead of 5 + (meaning that now 2^5 values will be precomputed, which is only 4 KB + plus overhead for 1024 bit moduli). + This makes exponentiations about 0.5 % faster for 1024 bit + exponents (as measured by "openssl speed rsa2048"). + [Bodo Moeller] + + *) Rename memory handling macros to avoid conflicts with other + software: + Malloc => OPENSSL_malloc + Malloc_locked => OPENSSL_malloc_locked + Realloc => OPENSSL_realloc + Free => OPENSSL_free + [Richard Levitte] + + *) New function BN_mod_exp_mont_word for small bases (roughly 15% + faster than BN_mod_exp_mont, i.e. 7% for a full DH exchange). + [Bodo Moeller] + + *) CygWin32 support. + [John Jarvie ] + + *) The type-safe stack code has been rejigged. It is now only compiled + in when OpenSSL is configured with the DEBUG_SAFESTACK option and + by default all type-specific stack functions are "#define"d back to + standard stack functions. This results in more streamlined output + but retains the type-safety checking possibilities of the original + approach. + [Geoff Thorpe] + + *) The STACK code has been cleaned up, and certain type declarations + that didn't make a lot of sense have been brought in line. This has + also involved a cleanup of sorts in safestack.h to more correctly + map type-safe stack functions onto their plain stack counterparts. + This work has also resulted in a variety of "const"ifications of + lots of the code, especially "_cmp" operations which should normally + be prototyped with "const" parameters anyway. + [Geoff Thorpe] + + *) When generating bytes for the first time in md_rand.c, 'stir the pool' + by seeding with STATE_SIZE dummy bytes (with zero entropy count). + (The PRNG state consists of two parts, the large pool 'state' and 'md', + where all of 'md' is used each time the PRNG is used, but 'state' + is used only indexed by a cyclic counter. As entropy may not be + well distributed from the beginning, 'md' is important as a + chaining variable. However, the output function chains only half + of 'md', i.e. 80 bits. ssleay_rand_add, on the other hand, chains + all of 'md', and seeding with STATE_SIZE dummy bytes will result + in all of 'state' being rewritten, with the new values depending + on virtually all of 'md'. This overcomes the 80 bit limitation.) + [Bodo Moeller] + + *) In ssl/s2_clnt.c and ssl/s3_clnt.c, call ERR_clear_error() when + the handshake is continued after ssl_verify_cert_chain(); + otherwise, if SSL_VERIFY_NONE is set, remaining error codes + can lead to 'unexplainable' connection aborts later. + [Bodo Moeller; problem tracked down by Lutz Jaenicke] + + *) Major EVP API cipher revision. + Add hooks for extra EVP features. This allows various cipher + parameters to be set in the EVP interface. Support added for variable + key length ciphers via the EVP_CIPHER_CTX_set_key_length() function and + setting of RC2 and RC5 parameters. + + Modify EVP_OpenInit() and EVP_SealInit() to cope with variable key length + ciphers. + + Remove lots of duplicated code from the EVP library. For example *every* + cipher init() function handles the 'iv' in the same way according to the + cipher mode. They also all do nothing if the 'key' parameter is NULL and + for CFB and OFB modes they zero ctx->num. + + New functionality allows removal of S/MIME code RC2 hack. + + Most of the routines have the same form and so can be declared in terms + of macros. + + By shifting this to the top level EVP_CipherInit() it can be removed from + all individual ciphers. If the cipher wants to handle IVs or keys + differently it can set the EVP_CIPH_CUSTOM_IV or EVP_CIPH_ALWAYS_CALL_INIT + flags. + + Change lots of functions like EVP_EncryptUpdate() to now return a + value: although software versions of the algorithms cannot fail + any installed hardware versions can. + [Steve Henson] + + *) Implement SSL_OP_TLS_ROLLBACK_BUG: In ssl3_get_client_key_exchange, if + this option is set, tolerate broken clients that send the negotiated + protocol version number instead of the requested protocol version + number. + [Bodo Moeller] + + *) Call dh_tmp_cb (set by ..._TMP_DH_CB) with correct 'is_export' flag; + i.e. non-zero for export ciphersuites, zero otherwise. + Previous versions had this flag inverted, inconsistent with + rsa_tmp_cb (..._TMP_RSA_CB). + [Bodo Moeller; problem reported by Amit Chopra] + + *) Add missing DSA library text string. Work around for some IIS + key files with invalid SEQUENCE encoding. + [Steve Henson] + + *) Add a document (doc/standards.txt) that list all kinds of standards + and so on that are implemented in OpenSSL. + [Richard Levitte] + + *) Enhance c_rehash script. Old version would mishandle certificates + with the same subject name hash and wouldn't handle CRLs at all. + Added -fingerprint option to crl utility, to support new c_rehash + features. + [Steve Henson] + + *) Eliminate non-ANSI declarations in crypto.h and stack.h. + [Ulf Möller] + + *) Fix for SSL server purpose checking. Server checking was + rejecting certificates which had extended key usage present + but no ssl client purpose. + [Steve Henson, reported by Rene Grosser ] + + *) Make PKCS#12 code work with no password. The PKCS#12 spec + is a little unclear about how a blank password is handled. + Since the password in encoded as a BMPString with terminating + double NULL a zero length password would end up as just the + double NULL. However no password at all is different and is + handled differently in the PKCS#12 key generation code. NS + treats a blank password as zero length. MSIE treats it as no + password on export: but it will try both on import. We now do + the same: PKCS12_parse() tries zero length and no password if + the password is set to "" or NULL (NULL is now a valid password: + it wasn't before) as does the pkcs12 application. + [Steve Henson] + + *) Bugfixes in apps/x509.c: Avoid a memory leak; and don't use + perror when PEM_read_bio_X509_REQ fails, the error message must + be obtained from the error queue. + [Bodo Moeller] + + *) Avoid 'thread_hash' memory leak in crypto/err/err.c by freeing + it in ERR_remove_state if appropriate, and change ERR_get_state + accordingly to avoid race conditions (this is necessary because + thread_hash is no longer constant once set). + [Bodo Moeller] + + *) Bugfix for linux-elf makefile.one. + [Ulf Möller] + + *) RSA_get_default_method() will now cause a default + RSA_METHOD to be chosen if one doesn't exist already. + Previously this was only set during a call to RSA_new() + or RSA_new_method(NULL) meaning it was possible for + RSA_get_default_method() to return NULL. + [Geoff Thorpe] + + *) Added native name translation to the existing DSO code + that will convert (if the flag to do so is set) filenames + that are sufficiently small and have no path information + into a canonical native form. Eg. "blah" converted to + "libblah.so" or "blah.dll" etc. + [Geoff Thorpe] + + *) New function ERR_error_string_n(e, buf, len) which is like + ERR_error_string(e, buf), but writes at most 'len' bytes + including the 0 terminator. For ERR_error_string_n, 'buf' + may not be NULL. + [Damien Miller , Bodo Moeller] + + *) CONF library reworked to become more general. A new CONF + configuration file reader "class" is implemented as well as a + new functions (NCONF_*, for "New CONF") to handle it. The now + old CONF_* functions are still there, but are reimplemented to + work in terms of the new functions. Also, a set of functions + to handle the internal storage of the configuration data is + provided to make it easier to write new configuration file + reader "classes" (I can definitely see something reading a + configuration file in XML format, for example), called _CONF_*, + or "the configuration storage API"... + + The new configuration file reading functions are: + + NCONF_new, NCONF_free, NCONF_load, NCONF_load_fp, NCONF_load_bio, + NCONF_get_section, NCONF_get_string, NCONF_get_numbre + + NCONF_default, NCONF_WIN32 + + NCONF_dump_fp, NCONF_dump_bio + + NCONF_default and NCONF_WIN32 are method (or "class") choosers, + NCONF_new creates a new CONF object. This works in the same way + as other interfaces in OpenSSL, like the BIO interface. + NCONF_dump_* dump the internal storage of the configuration file, + which is useful for debugging. All other functions take the same + arguments as the old CONF_* functions wth the exception of the + first that must be a `CONF *' instead of a `LHASH *'. + + To make it easer to use the new classes with the old CONF_* functions, + the function CONF_set_default_method is provided. + [Richard Levitte] + + *) Add '-tls1' option to 'openssl ciphers', which was already + mentioned in the documentation but had not been implemented. + (This option is not yet really useful because even the additional + experimental TLS 1.0 ciphers are currently treated as SSL 3.0 ciphers.) + [Bodo Moeller] + + *) Initial DSO code added into libcrypto for letting OpenSSL (and + OpenSSL-based applications) load shared libraries and bind to + them in a portable way. + [Geoff Thorpe, with contributions from Richard Levitte] + + Changes between 0.9.5 and 0.9.5a [1 Apr 2000] + + *) Make sure _lrotl and _lrotr are only used with MSVC. + + *) Use lock CRYPTO_LOCK_RAND correctly in ssleay_rand_status + (the default implementation of RAND_status). + + *) Rename openssl x509 option '-crlext', which was added in 0.9.5, + to '-clrext' (= clear extensions), as intended and documented. + [Bodo Moeller; inconsistency pointed out by Michael Attili + ] + + *) Fix for HMAC. It wasn't zeroing the rest of the block if the key length + was larger than the MD block size. + [Steve Henson, pointed out by Yost William ] + + *) Modernise PKCS12_parse() so it uses STACK_OF(X509) for its ca argument + fix a leak when the ca argument was passed as NULL. Stop X509_PUBKEY_set() + using the passed key: if the passed key was a private key the result + of X509_print(), for example, would be to print out all the private key + components. + [Steve Henson] + + *) des_quad_cksum() byte order bug fix. + [Ulf Möller, using the problem description in krb4-0.9.7, where + the solution is attributed to Derrick J Brashear ] + + *) Fix so V_ASN1_APP_CHOOSE works again: however its use is strongly + discouraged. + [Steve Henson, pointed out by Brian Korver ] + + *) For easily testing in shell scripts whether some command + 'openssl XXX' exists, the new pseudo-command 'openssl no-XXX' + returns with exit code 0 iff no command of the given name is available. + 'no-XXX' is printed in this case, 'XXX' otherwise. In both cases, + the output goes to stdout and nothing is printed to stderr. + Additional arguments are always ignored. + + Since for each cipher there is a command of the same name, + the 'no-cipher' compilation switches can be tested this way. + + ('openssl no-XXX' is not able to detect pseudo-commands such + as 'quit', 'list-XXX-commands', or 'no-XXX' itself.) + [Bodo Moeller] + + *) Update test suite so that 'make test' succeeds in 'no-rsa' configuration. + [Bodo Moeller] + + *) For SSL_[CTX_]set_tmp_dh, don't create a DH key if SSL_OP_SINGLE_DH_USE + is set; it will be thrown away anyway because each handshake creates + its own key. + ssl_cert_dup, which is used by SSL_new, now copies DH keys in addition + to parameters -- in previous versions (since OpenSSL 0.9.3) the + 'default key' from SSL_CTX_set_tmp_dh would always be lost, meanining + you effectivly got SSL_OP_SINGLE_DH_USE when using this macro. + [Bodo Moeller] + + *) New s_client option -ign_eof: EOF at stdin is ignored, and + 'Q' and 'R' lose their special meanings (quit/renegotiate). + This is part of what -quiet does; unlike -quiet, -ign_eof + does not suppress any output. + [Richard Levitte] + + *) Add compatibility options to the purpose and trust code. The + purpose X509_PURPOSE_ANY is "any purpose" which automatically + accepts a certificate or CA, this was the previous behaviour, + with all the associated security issues. + + X509_TRUST_COMPAT is the old trust behaviour: only and + automatically trust self signed roots in certificate store. A + new trust setting X509_TRUST_DEFAULT is used to specify that + a purpose has no associated trust setting and it should instead + use the value in the default purpose. + [Steve Henson] + + *) Fix the PKCS#8 DSA private key code so it decodes keys again + and fix a memory leak. + [Steve Henson] + + *) In util/mkerr.pl (which implements 'make errors'), preserve + reason strings from the previous version of the .c file, as + the default to have only downcase letters (and digits) in + automatically generated reasons codes is not always appropriate. + [Bodo Moeller] + + *) In ERR_load_ERR_strings(), build an ERR_LIB_SYS error reason table + using strerror. Previously, ERR_reason_error_string() returned + library names as reason strings for SYSerr; but SYSerr is a special + case where small numbers are errno values, not library numbers. + [Bodo Moeller] + + *) Add '-dsaparam' option to 'openssl dhparam' application. This + converts DSA parameters into DH parameters. (When creating parameters, + DSA_generate_parameters is used.) + [Bodo Moeller] + + *) Include 'length' (recommended exponent length) in C code generated + by 'openssl dhparam -C'. + [Bodo Moeller] + + *) The second argument to set_label in perlasm was already being used + so couldn't be used as a "file scope" flag. Moved to third argument + which was free. + [Steve Henson] + + *) In PEM_ASN1_write_bio and some other functions, use RAND_pseudo_bytes + instead of RAND_bytes for encryption IVs and salts. + [Bodo Moeller] + + *) Include RAND_status() into RAND_METHOD instead of implementing + it only for md_rand.c Otherwise replacing the PRNG by calling + RAND_set_rand_method would be impossible. + [Bodo Moeller] + + *) Don't let DSA_generate_key() enter an infinite loop if the random + number generation fails. + [Bodo Moeller] + + *) New 'rand' application for creating pseudo-random output. + [Bodo Moeller] + + *) Added configuration support for Linux/IA64 + [Rolf Haberrecker ] + + *) Assembler module support for Mingw32. + [Ulf Möller] + + *) Shared library support for HPUX (in shlib/). + [Lutz Jaenicke and Anonymous] + + *) Shared library support for Solaris gcc. + [Lutz Behnke ] + + Changes between 0.9.4 and 0.9.5 [28 Feb 2000] + + *) PKCS7_encrypt() was adding text MIME headers twice because they + were added manually and by SMIME_crlf_copy(). + [Steve Henson] + + *) In bntest.c don't call BN_rand with zero bits argument. + [Steve Henson, pointed out by Andrew W. Gray ] + + *) BN_mul bugfix: In bn_mul_part_recursion() only the a>a[n] && b>b[n] + case was implemented. This caused BN_div_recp() to fail occasionally. + [Ulf Möller] + + *) Add an optional second argument to the set_label() in the perl + assembly language builder. If this argument exists and is set + to 1 it signals that the assembler should use a symbol whose + scope is the entire file, not just the current function. This + is needed with MASM which uses the format label:: for this scope. + [Steve Henson, pointed out by Peter Runestig ] + + *) Change the ASN1 types so they are typedefs by default. Before + almost all types were #define'd to ASN1_STRING which was causing + STACK_OF() problems: you couldn't declare STACK_OF(ASN1_UTF8STRING) + for example. + [Steve Henson] + + *) Change names of new functions to the new get1/get0 naming + convention: After 'get1', the caller owns a reference count + and has to call ..._free; 'get0' returns a pointer to some + data structure without incrementing reference counters. + (Some of the existing 'get' functions increment a reference + counter, some don't.) + Similarly, 'set1' and 'add1' functions increase reference + counters or duplicate objects. + [Steve Henson] + + *) Allow for the possibility of temp RSA key generation failure: + the code used to assume it always worked and crashed on failure. + [Steve Henson] + + *) Fix potential buffer overrun problem in BIO_printf(). + [Ulf Möller, using public domain code by Patrick Powell; problem + pointed out by David Sacerdote ] + + *) Support EGD . New functions + RAND_egd() and RAND_status(). In the command line application, + the EGD socket can be specified like a seed file using RANDFILE + or -rand. + [Ulf Möller] + + *) Allow the string CERTIFICATE to be tolerated in PKCS#7 structures. + Some CAs (e.g. Verisign) distribute certificates in this form. + [Steve Henson] + + *) Remove the SSL_ALLOW_ADH compile option and set the default cipher + list to exclude them. This means that no special compilation option + is needed to use anonymous DH: it just needs to be included in the + cipher list. + [Steve Henson] + + *) Change the EVP_MD_CTX_type macro so its meaning consistent with + EVP_MD_type. The old functionality is available in a new macro called + EVP_MD_md(). Change code that uses it and update docs. + [Steve Henson] + + *) ..._ctrl functions now have corresponding ..._callback_ctrl functions + where the 'void *' argument is replaced by a function pointer argument. + Previously 'void *' was abused to point to functions, which works on + many platforms, but is not correct. As these functions are usually + called by macros defined in OpenSSL header files, most source code + should work without changes. + [Richard Levitte] + + *) (which is created by Configure) now contains + sections with information on -D... compiler switches used for + compiling the library so that applications can see them. To enable + one of these sections, a pre-processor symbol OPENSSL_..._DEFINES + must be defined. E.g., + #define OPENSSL_ALGORITHM_DEFINES + #include + defines all pertinent NO_ symbols, such as NO_IDEA, NO_RSA, etc. + [Richard Levitte, Ulf and Bodo Möller] + + *) Bugfix: Tolerate fragmentation and interleaving in the SSL 3/TLS + record layer. + [Bodo Moeller] + + *) Change the 'other' type in certificate aux info to a STACK_OF + X509_ALGOR. Although not an AlgorithmIdentifier as such it has + the required ASN1 format: arbitrary types determined by an OID. + [Steve Henson] + + *) Add some PEM_write_X509_REQ_NEW() functions and a command line + argument to 'req'. This is not because the function is newer or + better than others it just uses the work 'NEW' in the certificate + request header lines. Some software needs this. + [Steve Henson] + + *) Reorganise password command line arguments: now passwords can be + obtained from various sources. Delete the PEM_cb function and make + it the default behaviour: i.e. if the callback is NULL and the + usrdata argument is not NULL interpret it as a null terminated pass + phrase. If usrdata and the callback are NULL then the pass phrase + is prompted for as usual. + [Steve Henson] + + *) Add support for the Compaq Atalla crypto accelerator. If it is installed, + the support is automatically enabled. The resulting binaries will + autodetect the card and use it if present. + [Ben Laurie and Compaq Inc.] + + *) Work around for Netscape hang bug. This sends certificate request + and server done in one record. Since this is perfectly legal in the + SSL/TLS protocol it isn't a "bug" option and is on by default. See + the bugs/SSLv3 entry for more info. + [Steve Henson] + + *) HP-UX tune-up: new unified configs, HP C compiler bug workaround. + [Andy Polyakov] + + *) Add -rand argument to smime and pkcs12 applications and read/write + of seed file. + [Steve Henson] + + *) New 'passwd' tool for crypt(3) and apr1 password hashes. + [Bodo Moeller] + + *) Add command line password options to the remaining applications. + [Steve Henson] + + *) Bug fix for BN_div_recp() for numerators with an even number of + bits. + [Ulf Möller] + + *) More tests in bntest.c, and changed test_bn output. + [Ulf Möller] + + *) ./config recognizes MacOS X now. + [Andy Polyakov] + + *) Bug fix for BN_div() when the first words of num and divsor are + equal (it gave wrong results if (rem=(n1-q*d0)&BN_MASK2) < d0). + [Ulf Möller] + + *) Add support for various broken PKCS#8 formats, and command line + options to produce them. + [Steve Henson] + + *) New functions BN_CTX_start(), BN_CTX_get() and BT_CTX_end() to + get temporary BIGNUMs from a BN_CTX. + [Ulf Möller] + + *) Correct return values in BN_mod_exp_mont() and BN_mod_exp2_mont() + for p == 0. + [Ulf Möller] + + *) Change the SSLeay_add_all_*() functions to OpenSSL_add_all_*() and + include a #define from the old name to the new. The original intent + was that statically linked binaries could for example just call + SSLeay_add_all_ciphers() to just add ciphers to the table and not + link with digests. This never worked becayse SSLeay_add_all_digests() + and SSLeay_add_all_ciphers() were in the same source file so calling + one would link with the other. They are now in separate source files. + [Steve Henson] + + *) Add a new -notext option to 'ca' and a -pubkey option to 'spkac'. + [Steve Henson] + + *) Use a less unusual form of the Miller-Rabin primality test (it used + a binary algorithm for exponentiation integrated into the Miller-Rabin + loop, our standard modexp algorithms are faster). + [Bodo Moeller] + + *) Support for the EBCDIC character set completed. + [Martin Kraemer ] + + *) Source code cleanups: use const where appropriate, eliminate casts, + use void * instead of char * in lhash. + [Ulf Möller] + + *) Bugfix: ssl3_send_server_key_exchange was not restartable + (the state was not changed to SSL3_ST_SW_KEY_EXCH_B, and because of + this the server could overwrite ephemeral keys that the client + has already seen). + [Bodo Moeller] + + *) Turn DSA_is_prime into a macro that calls BN_is_prime, + using 50 iterations of the Rabin-Miller test. + + DSA_generate_parameters now uses BN_is_prime_fasttest (with 50 + iterations of the Rabin-Miller test as required by the appendix + to FIPS PUB 186[-1]) instead of DSA_is_prime. + As BN_is_prime_fasttest includes trial division, DSA parameter + generation becomes much faster. + + This implies a change for the callback functions in DSA_is_prime + and DSA_generate_parameters: The callback function is called once + for each positive witness in the Rabin-Miller test, not just + occasionally in the inner loop; and the parameters to the + callback function now provide an iteration count for the outer + loop rather than for the current invocation of the inner loop. + DSA_generate_parameters additionally can call the callback + function with an 'iteration count' of -1, meaning that a + candidate has passed the trial division test (when q is generated + from an application-provided seed, trial division is skipped). + [Bodo Moeller] + + *) New function BN_is_prime_fasttest that optionally does trial + division before starting the Rabin-Miller test and has + an additional BN_CTX * argument (whereas BN_is_prime always + has to allocate at least one BN_CTX). + 'callback(1, -1, cb_arg)' is called when a number has passed the + trial division stage. + [Bodo Moeller] + + *) Fix for bug in CRL encoding. The validity dates weren't being handled + as ASN1_TIME. + [Steve Henson] + + *) New -pkcs12 option to CA.pl script to write out a PKCS#12 file. + [Steve Henson] + + *) New function BN_pseudo_rand(). + [Ulf Möller] + + *) Clean up BN_mod_mul_montgomery(): replace the broken (and unreadable) + bignum version of BN_from_montgomery() with the working code from + SSLeay 0.9.0 (the word based version is faster anyway), and clean up + the comments. + [Ulf Möller] + + *) Avoid a race condition in s2_clnt.c (function get_server_hello) that + made it impossible to use the same SSL_SESSION data structure in + SSL2 clients in multiple threads. + [Bodo Moeller] + + *) The return value of RAND_load_file() no longer counts bytes obtained + by stat(). RAND_load_file(..., -1) is new and uses the complete file + to seed the PRNG (previously an explicit byte count was required). + [Ulf Möller, Bodo Möller] + + *) Clean up CRYPTO_EX_DATA functions, some of these didn't have prototypes + used (char *) instead of (void *) and had casts all over the place. + [Steve Henson] + + *) Make BN_generate_prime() return NULL on error if ret!=NULL. + [Ulf Möller] + + *) Retain source code compatibility for BN_prime_checks macro: + BN_is_prime(..., BN_prime_checks, ...) now uses + BN_prime_checks_for_size to determine the appropriate number of + Rabin-Miller iterations. + [Ulf Möller] + + *) Diffie-Hellman uses "safe" primes: DH_check() return code renamed to + DH_CHECK_P_NOT_SAFE_PRIME. + (Check if this is true? OpenPGP calls them "strong".) + [Ulf Möller] + + *) Merge the functionality of "dh" and "gendh" programs into a new program + "dhparam". The old programs are retained for now but will handle DH keys + (instead of parameters) in future. + [Steve Henson] + + *) Make the ciphers, s_server and s_client programs check the return values + when a new cipher list is set. + [Steve Henson] + + *) Enhance the SSL/TLS cipher mechanism to correctly handle the TLS 56bit + ciphers. Before when the 56bit ciphers were enabled the sorting was + wrong. + + The syntax for the cipher sorting has been extended to support sorting by + cipher-strength (using the strength_bits hard coded in the tables). + The new command is "@STRENGTH" (see also doc/apps/ciphers.pod). + + Fix a bug in the cipher-command parser: when supplying a cipher command + string with an "undefined" symbol (neither command nor alphanumeric + [A-Za-z0-9], ssl_set_cipher_list used to hang in an endless loop. Now + an error is flagged. + + Due to the strength-sorting extension, the code of the + ssl_create_cipher_list() function was completely rearranged. I hope that + the readability was also increased :-) + [Lutz Jaenicke ] + + *) Minor change to 'x509' utility. The -CAcreateserial option now uses 1 + for the first serial number and places 2 in the serial number file. This + avoids problems when the root CA is created with serial number zero and + the first user certificate has the same issuer name and serial number + as the root CA. + [Steve Henson] + + *) Fixes to X509_ATTRIBUTE utilities, change the 'req' program so it uses + the new code. Add documentation for this stuff. + [Steve Henson] + + *) Changes to X509_ATTRIBUTE utilities. These have been renamed from + X509_*() to X509at_*() on the grounds that they don't handle X509 + structures and behave in an analagous way to the X509v3 functions: + they shouldn't be called directly but wrapper functions should be used + instead. + + So we also now have some wrapper functions that call the X509at functions + when passed certificate requests. (TO DO: similar things can be done with + PKCS#7 signed and unsigned attributes, PKCS#12 attributes and a few other + things. Some of these need some d2i or i2d and print functionality + because they handle more complex structures.) + [Steve Henson] + + *) Add missing #ifndefs that caused missing symbols when building libssl + as a shared library without RSA. Use #ifndef NO_SSL2 instead of + NO_RSA in ssl/s2*.c. + [Kris Kennaway , modified by Ulf Möller] + + *) Precautions against using the PRNG uninitialized: RAND_bytes() now + has a return value which indicates the quality of the random data + (1 = ok, 0 = not seeded). Also an error is recorded on the thread's + error queue. New function RAND_pseudo_bytes() generates output that is + guaranteed to be unique but not unpredictable. RAND_add is like + RAND_seed, but takes an extra argument for an entropy estimate + (RAND_seed always assumes full entropy). + [Ulf Möller] + + *) Do more iterations of Rabin-Miller probable prime test (specifically, + 3 for 1024-bit primes, 6 for 512-bit primes, 12 for 256-bit primes + instead of only 2 for all lengths; see BN_prime_checks_for_size definition + in crypto/bn/bn_prime.c for the complete table). This guarantees a + false-positive rate of at most 2^-80 for random input. + [Bodo Moeller] + + *) Rewrite ssl3_read_n (ssl/s3_pkt.c) avoiding a couple of bugs. + [Bodo Moeller] + + *) New function X509_CTX_rget_chain() (renamed to X509_CTX_get1_chain + in the 0.9.5 release), this returns the chain + from an X509_CTX structure with a dup of the stack and all + the X509 reference counts upped: so the stack will exist + after X509_CTX_cleanup() has been called. Modify pkcs12.c + to use this. + + Also make SSL_SESSION_print() print out the verify return + code. + [Steve Henson] + + *) Add manpage for the pkcs12 command. Also change the default + behaviour so MAC iteration counts are used unless the new + -nomaciter option is used. This improves file security and + only older versions of MSIE (4.0 for example) need it. + [Steve Henson] + + *) Honor the no-xxx Configure options when creating .DEF files. + [Ulf Möller] + + *) Add PKCS#10 attributes to field table: challengePassword, + unstructuredName and unstructuredAddress. These are taken from + draft PKCS#9 v2.0 but are compatible with v1.2 provided no + international characters are used. + + More changes to X509_ATTRIBUTE code: allow the setting of types + based on strings. Remove the 'loc' parameter when adding + attributes because these will be a SET OF encoding which is sorted + in ASN1 order. + [Steve Henson] + + *) Initial changes to the 'req' utility to allow request generation + automation. This will allow an application to just generate a template + file containing all the field values and have req construct the + request. + + Initial support for X509_ATTRIBUTE handling. Stacks of these are + used all over the place including certificate requests and PKCS#7 + structures. They are currently handled manually where necessary with + some primitive wrappers for PKCS#7. The new functions behave in a + manner analogous to the X509 extension functions: they allow + attributes to be looked up by NID and added. + + Later something similar to the X509V3 code would be desirable to + automatically handle the encoding, decoding and printing of the + more complex types. The string types like challengePassword can + be handled by the string table functions. + + Also modified the multi byte string table handling. Now there is + a 'global mask' which masks out certain types. The table itself + can use the flag STABLE_NO_MASK to ignore the mask setting: this + is useful when for example there is only one permissible type + (as in countryName) and using the mask might result in no valid + types at all. + [Steve Henson] + + *) Clean up 'Finished' handling, and add functions SSL_get_finished and + SSL_get_peer_finished to allow applications to obtain the latest + Finished messages sent to the peer or expected from the peer, + respectively. (SSL_get_peer_finished is usually the Finished message + actually received from the peer, otherwise the protocol will be aborted.) + + As the Finished message are message digests of the complete handshake + (with a total of 192 bits for TLS 1.0 and more for SSL 3.0), they can + be used for external authentication procedures when the authentication + provided by SSL/TLS is not desired or is not enough. + [Bodo Moeller] + + *) Enhanced support for Alpha Linux is added. Now ./config checks if + the host supports BWX extension and if Compaq C is present on the + $PATH. Just exploiting of the BWX extension results in 20-30% + performance kick for some algorithms, e.g. DES and RC4 to mention + a couple. Compaq C in turn generates ~20% faster code for MD5 and + SHA1. + [Andy Polyakov] + + *) Add support for MS "fast SGC". This is arguably a violation of the + SSL3/TLS protocol. Netscape SGC does two handshakes: the first with + weak crypto and after checking the certificate is SGC a second one + with strong crypto. MS SGC stops the first handshake after receiving + the server certificate message and sends a second client hello. Since + a server will typically do all the time consuming operations before + expecting any further messages from the client (server key exchange + is the most expensive) there is little difference between the two. + + To get OpenSSL to support MS SGC we have to permit a second client + hello message after we have sent server done. In addition we have to + reset the MAC if we do get this second client hello. + [Steve Henson] + + *) Add a function 'd2i_AutoPrivateKey()' this will automatically decide + if a DER encoded private key is RSA or DSA traditional format. Changed + d2i_PrivateKey_bio() to use it. This is only needed for the "traditional" + format DER encoded private key. Newer code should use PKCS#8 format which + has the key type encoded in the ASN1 structure. Added DER private key + support to pkcs8 application. + [Steve Henson] + + *) SSL 3/TLS 1 servers now don't request certificates when an anonymous + ciphersuites has been selected (as required by the SSL 3/TLS 1 + specifications). Exception: When SSL_VERIFY_FAIL_IF_NO_PEER_CERT + is set, we interpret this as a request to violate the specification + (the worst that can happen is a handshake failure, and 'correct' + behaviour would result in a handshake failure anyway). + [Bodo Moeller] + + *) In SSL_CTX_add_session, take into account that there might be multiple + SSL_SESSION structures with the same session ID (e.g. when two threads + concurrently obtain them from an external cache). + The internal cache can handle only one SSL_SESSION with a given ID, + so if there's a conflict, we now throw out the old one to achieve + consistency. + [Bodo Moeller] + + *) Add OIDs for idea and blowfish in CBC mode. This will allow both + to be used in PKCS#5 v2.0 and S/MIME. Also add checking to + some routines that use cipher OIDs: some ciphers do not have OIDs + defined and so they cannot be used for S/MIME and PKCS#5 v2.0 for + example. + [Steve Henson] + + *) Simplify the trust setting structure and code. Now we just have + two sequences of OIDs for trusted and rejected settings. These will + typically have values the same as the extended key usage extension + and any application specific purposes. + + The trust checking code now has a default behaviour: it will just + check for an object with the same NID as the passed id. Functions can + be provided to override either the default behaviour or the behaviour + for a given id. SSL client, server and email already have functions + in place for compatibility: they check the NID and also return "trusted" + if the certificate is self signed. + [Steve Henson] + + *) Add d2i,i2d bio/fp functions for PrivateKey: these convert the + traditional format into an EVP_PKEY structure. + [Steve Henson] + + *) Add a password callback function PEM_cb() which either prompts for + a password if usr_data is NULL or otherwise assumes it is a null + terminated password. Allow passwords to be passed on command line + environment or config files in a few more utilities. + [Steve Henson] + + *) Add a bunch of DER and PEM functions to handle PKCS#8 format private + keys. Add some short names for PKCS#8 PBE algorithms and allow them + to be specified on the command line for the pkcs8 and pkcs12 utilities. + Update documentation. + [Steve Henson] + + *) Support for ASN1 "NULL" type. This could be handled before by using + ASN1_TYPE but there wasn't any function that would try to read a NULL + and produce an error if it couldn't. For compatibility we also have + ASN1_NULL_new() and ASN1_NULL_free() functions but these are faked and + don't allocate anything because they don't need to. + [Steve Henson] + + *) Initial support for MacOS is now provided. Examine INSTALL.MacOS + for details. + [Andy Polyakov, Roy Woods ] + + *) Rebuild of the memory allocation routines used by OpenSSL code and + possibly others as well. The purpose is to make an interface that + provide hooks so anyone can build a separate set of allocation and + deallocation routines to be used by OpenSSL, for example memory + pool implementations, or something else, which was previously hard + since Malloc(), Realloc() and Free() were defined as macros having + the values malloc, realloc and free, respectively (except for Win32 + compilations). The same is provided for memory debugging code. + OpenSSL already comes with functionality to find memory leaks, but + this gives people a chance to debug other memory problems. + + With these changes, a new set of functions and macros have appeared: + + CRYPTO_set_mem_debug_functions() [F] + CRYPTO_get_mem_debug_functions() [F] + CRYPTO_dbg_set_options() [F] + CRYPTO_dbg_get_options() [F] + CRYPTO_malloc_debug_init() [M] + + The memory debug functions are NULL by default, unless the library + is compiled with CRYPTO_MDEBUG or friends is defined. If someone + wants to debug memory anyway, CRYPTO_malloc_debug_init() (which + gives the standard debugging functions that come with OpenSSL) or + CRYPTO_set_mem_debug_functions() (tells OpenSSL to use functions + provided by the library user) must be used. When the standard + debugging functions are used, CRYPTO_dbg_set_options can be used to + request additional information: + CRYPTO_dbg_set_options(V_CYRPTO_MDEBUG_xxx) corresponds to setting + the CRYPTO_MDEBUG_xxx macro when compiling the library. + + Also, things like CRYPTO_set_mem_functions will always give the + expected result (the new set of functions is used for allocation + and deallocation) at all times, regardless of platform and compiler + options. + + To finish it up, some functions that were never use in any other + way than through macros have a new API and new semantic: + + CRYPTO_dbg_malloc() + CRYPTO_dbg_realloc() + CRYPTO_dbg_free() + + All macros of value have retained their old syntax. + [Richard Levitte and Bodo Moeller] + + *) Some S/MIME fixes. The OID for SMIMECapabilities was wrong, the + ordering of SMIMECapabilities wasn't in "strength order" and there + was a missing NULL in the AlgorithmIdentifier for the SHA1 signature + algorithm. + [Steve Henson] + + *) Some ASN1 types with illegal zero length encoding (INTEGER, + ENUMERATED and OBJECT IDENTIFIER) choked the ASN1 routines. + [Frans Heymans , modified by Steve Henson] + + *) Merge in my S/MIME library for OpenSSL. This provides a simple + S/MIME API on top of the PKCS#7 code, a MIME parser (with enough + functionality to handle multipart/signed properly) and a utility + called 'smime' to call all this stuff. This is based on code I + originally wrote for Celo who have kindly allowed it to be + included in OpenSSL. + [Steve Henson] + + *) Add variants des_set_key_checked and des_set_key_unchecked of + des_set_key (aka des_key_sched). Global variable des_check_key + decides which of these is called by des_set_key; this way + des_check_key behaves as it always did, but applications and + the library itself, which was buggy for des_check_key == 1, + have a cleaner way to pick the version they need. + [Bodo Moeller] + + *) New function PKCS12_newpass() which changes the password of a + PKCS12 structure. + [Steve Henson] + + *) Modify X509_TRUST and X509_PURPOSE so it also uses a static and + dynamic mix. In both cases the ids can be used as an index into the + table. Also modified the X509_TRUST_add() and X509_PURPOSE_add() + functions so they accept a list of the field values and the + application doesn't need to directly manipulate the X509_TRUST + structure. + [Steve Henson] + + *) Modify the ASN1_STRING_TABLE stuff so it also uses bsearch and doesn't + need initialising. + [Steve Henson] + + *) Modify the way the V3 extension code looks up extensions. This now + works in a similar way to the object code: we have some "standard" + extensions in a static table which is searched with OBJ_bsearch() + and the application can add dynamic ones if needed. The file + crypto/x509v3/ext_dat.h now has the info: this file needs to be + updated whenever a new extension is added to the core code and kept + in ext_nid order. There is a simple program 'tabtest.c' which checks + this. New extensions are not added too often so this file can readily + be maintained manually. + + There are two big advantages in doing things this way. The extensions + can be looked up immediately and no longer need to be "added" using + X509V3_add_standard_extensions(): this function now does nothing. + [Side note: I get *lots* of email saying the extension code doesn't + work because people forget to call this function] + Also no dynamic allocation is done unless new extensions are added: + so if we don't add custom extensions there is no need to call + X509V3_EXT_cleanup(). + [Steve Henson] + + *) Modify enc utility's salting as follows: make salting the default. Add a + magic header, so unsalted files fail gracefully instead of just decrypting + to garbage. This is because not salting is a big security hole, so people + should be discouraged from doing it. + [Ben Laurie] + + *) Fixes and enhancements to the 'x509' utility. It allowed a message + digest to be passed on the command line but it only used this + parameter when signing a certificate. Modified so all relevant + operations are affected by the digest parameter including the + -fingerprint and -x509toreq options. Also -x509toreq choked if a + DSA key was used because it didn't fix the digest. + [Steve Henson] + + *) Initial certificate chain verify code. Currently tests the untrusted + certificates for consistency with the verify purpose (which is set + when the X509_STORE_CTX structure is set up) and checks the pathlength. + + There is a NO_CHAIN_VERIFY compilation option to keep the old behaviour: + this is because it will reject chains with invalid extensions whereas + every previous version of OpenSSL and SSLeay made no checks at all. + + Trust code: checks the root CA for the relevant trust settings. Trust + settings have an initial value consistent with the verify purpose: e.g. + if the verify purpose is for SSL client use it expects the CA to be + trusted for SSL client use. However the default value can be changed to + permit custom trust settings: one example of this would be to only trust + certificates from a specific "secure" set of CAs. + + Also added X509_STORE_CTX_new() and X509_STORE_CTX_free() functions + which should be used for version portability: especially since the + verify structure is likely to change more often now. + + SSL integration. Add purpose and trust to SSL_CTX and SSL and functions + to set them. If not set then assume SSL clients will verify SSL servers + and vice versa. + + Two new options to the verify program: -untrusted allows a set of + untrusted certificates to be passed in and -purpose which sets the + intended purpose of the certificate. If a purpose is set then the + new chain verify code is used to check extension consistency. + [Steve Henson] + + *) Support for the authority information access extension. + [Steve Henson] + + *) Modify RSA and DSA PEM read routines to transparently handle + PKCS#8 format private keys. New *_PUBKEY_* functions that handle + public keys in a format compatible with certificate + SubjectPublicKeyInfo structures. Unfortunately there were already + functions called *_PublicKey_* which used various odd formats so + these are retained for compatibility: however the DSA variants were + never in a public release so they have been deleted. Changed dsa/rsa + utilities to handle the new format: note no releases ever handled public + keys so we should be OK. + + The primary motivation for this change is to avoid the same fiasco + that dogs private keys: there are several incompatible private key + formats some of which are standard and some OpenSSL specific and + require various evil hacks to allow partial transparent handling and + even then it doesn't work with DER formats. Given the option anything + other than PKCS#8 should be dumped: but the other formats have to + stay in the name of compatibility. + + With public keys and the benefit of hindsight one standard format + is used which works with EVP_PKEY, RSA or DSA structures: though + it clearly returns an error if you try to read the wrong kind of key. + + Added a -pubkey option to the 'x509' utility to output the public key. + Also rename the EVP_PKEY_get_*() to EVP_PKEY_rget_*() + (renamed to EVP_PKEY_get1_*() in the OpenSSL 0.9.5 release) and add + EVP_PKEY_rset_*() functions (renamed to EVP_PKEY_set1_*()) + that do the same as the EVP_PKEY_assign_*() except they up the + reference count of the added key (they don't "swallow" the + supplied key). + [Steve Henson] + + *) Fixes to crypto/x509/by_file.c the code to read in certificates and + CRLs would fail if the file contained no certificates or no CRLs: + added a new function to read in both types and return the number + read: this means that if none are read it will be an error. The + DER versions of the certificate and CRL reader would always fail + because it isn't possible to mix certificates and CRLs in DER format + without choking one or the other routine. Changed this to just read + a certificate: this is the best we can do. Also modified the code + in apps/verify.c to take notice of return codes: it was previously + attempting to read in certificates from NULL pointers and ignoring + any errors: this is one reason why the cert and CRL reader seemed + to work. It doesn't check return codes from the default certificate + routines: these may well fail if the certificates aren't installed. + [Steve Henson] + + *) Code to support otherName option in GeneralName. + [Steve Henson] + + *) First update to verify code. Change the verify utility + so it warns if it is passed a self signed certificate: + for consistency with the normal behaviour. X509_verify + has been modified to it will now verify a self signed + certificate if *exactly* the same certificate appears + in the store: it was previously impossible to trust a + single self signed certificate. This means that: + openssl verify ss.pem + now gives a warning about a self signed certificate but + openssl verify -CAfile ss.pem ss.pem + is OK. + [Steve Henson] + + *) For servers, store verify_result in SSL_SESSION data structure + (and add it to external session representation). + This is needed when client certificate verifications fails, + but an application-provided verification callback (set by + SSL_CTX_set_cert_verify_callback) allows accepting the session + anyway (i.e. leaves x509_store_ctx->error != X509_V_OK + but returns 1): When the session is reused, we have to set + ssl->verify_result to the appropriate error code to avoid + security holes. + [Bodo Moeller, problem pointed out by Lutz Jaenicke] + + *) Fix a bug in the new PKCS#7 code: it didn't consider the + case in PKCS7_dataInit() where the signed PKCS7 structure + didn't contain any existing data because it was being created. + [Po-Cheng Chen , slightly modified by Steve Henson] + + *) Add a salt to the key derivation routines in enc.c. This + forms the first 8 bytes of the encrypted file. Also add a + -S option to allow a salt to be input on the command line. + [Steve Henson] + + *) New function X509_cmp(). Oddly enough there wasn't a function + to compare two certificates. We do this by working out the SHA1 + hash and comparing that. X509_cmp() will be needed by the trust + code. + [Steve Henson] + + *) SSL_get1_session() is like SSL_get_session(), but increments + the reference count in the SSL_SESSION returned. + [Geoff Thorpe ] + + *) Fix for 'req': it was adding a null to request attributes. + Also change the X509_LOOKUP and X509_INFO code to handle + certificate auxiliary information. + [Steve Henson] + + *) Add support for 40 and 64 bit RC2 and RC4 algorithms: document + the 'enc' command. + [Steve Henson] + + *) Add the possibility to add extra information to the memory leak + detecting output, to form tracebacks, showing from where each + allocation was originated: CRYPTO_push_info("constant string") adds + the string plus current file name and line number to a per-thread + stack, CRYPTO_pop_info() does the obvious, CRYPTO_remove_all_info() + is like calling CYRPTO_pop_info() until the stack is empty. + Also updated memory leak detection code to be multi-thread-safe. + [Richard Levitte] + + *) Add options -text and -noout to pkcs7 utility and delete the + encryption options which never did anything. Update docs. + [Steve Henson] + + *) Add options to some of the utilities to allow the pass phrase + to be included on either the command line (not recommended on + OSes like Unix) or read from the environment. Update the + manpages and fix a few bugs. + [Steve Henson] + + *) Add a few manpages for some of the openssl commands. + [Steve Henson] + + *) Fix the -revoke option in ca. It was freeing up memory twice, + leaking and not finding already revoked certificates. + [Steve Henson] + + *) Extensive changes to support certificate auxiliary information. + This involves the use of X509_CERT_AUX structure and X509_AUX + functions. An X509_AUX function such as PEM_read_X509_AUX() + can still read in a certificate file in the usual way but it + will also read in any additional "auxiliary information". By + doing things this way a fair degree of compatibility can be + retained: existing certificates can have this information added + using the new 'x509' options. + + Current auxiliary information includes an "alias" and some trust + settings. The trust settings will ultimately be used in enhanced + certificate chain verification routines: currently a certificate + can only be trusted if it is self signed and then it is trusted + for all purposes. + [Steve Henson] + + *) Fix assembler for Alpha (tested only on DEC OSF not Linux or *BSD). + The problem was that one of the replacement routines had not been working + since SSLeay releases. For now the offending routine has been replaced + with non-optimised assembler. Even so, this now gives around 95% + performance improvement for 1024 bit RSA signs. + [Mark Cox] + + *) Hack to fix PKCS#7 decryption when used with some unorthodox RC2 + handling. Most clients have the effective key size in bits equal to + the key length in bits: so a 40 bit RC2 key uses a 40 bit (5 byte) key. + A few however don't do this and instead use the size of the decrypted key + to determine the RC2 key length and the AlgorithmIdentifier to determine + the effective key length. In this case the effective key length can still + be 40 bits but the key length can be 168 bits for example. This is fixed + by manually forcing an RC2 key into the EVP_PKEY structure because the + EVP code can't currently handle unusual RC2 key sizes: it always assumes + the key length and effective key length are equal. + [Steve Henson] + + *) Add a bunch of functions that should simplify the creation of + X509_NAME structures. Now you should be able to do: + X509_NAME_add_entry_by_txt(nm, "CN", MBSTRING_ASC, "Steve", -1, -1, 0); + and have it automatically work out the correct field type and fill in + the structures. The more adventurous can try: + X509_NAME_add_entry_by_txt(nm, field, MBSTRING_UTF8, str, -1, -1, 0); + and it will (hopefully) work out the correct multibyte encoding. + [Steve Henson] + + *) Change the 'req' utility to use the new field handling and multibyte + copy routines. Before the DN field creation was handled in an ad hoc + way in req, ca, and x509 which was rather broken and didn't support + BMPStrings or UTF8Strings. Since some software doesn't implement + BMPStrings or UTF8Strings yet, they can be enabled using the config file + using the dirstring_type option. See the new comment in the default + openssl.cnf for more info. + [Steve Henson] + + *) Make crypto/rand/md_rand.c more robust: + - Assure unique random numbers after fork(). + - Make sure that concurrent threads access the global counter and + md serializably so that we never lose entropy in them + or use exactly the same state in multiple threads. + Access to the large state is not always serializable because + the additional locking could be a performance killer, and + md should be large enough anyway. + [Bodo Moeller] + + *) New file apps/app_rand.c with commonly needed functionality + for handling the random seed file. + + Use the random seed file in some applications that previously did not: + ca, + dsaparam -genkey (which also ignored its '-rand' option), + s_client, + s_server, + x509 (when signing). + Except on systems with /dev/urandom, it is crucial to have a random + seed file at least for key creation, DSA signing, and for DH exchanges; + for RSA signatures we could do without one. + + gendh and gendsa (unlike genrsa) used to read only the first byte + of each file listed in the '-rand' option. The function as previously + found in genrsa is now in app_rand.c and is used by all programs + that support '-rand'. + [Bodo Moeller] + + *) In RAND_write_file, use mode 0600 for creating files; + don't just chmod when it may be too late. + [Bodo Moeller] + + *) Report an error from X509_STORE_load_locations + when X509_LOOKUP_load_file or X509_LOOKUP_add_dir failed. + [Bill Perry] + + *) New function ASN1_mbstring_copy() this copies a string in either + ASCII, Unicode, Universal (4 bytes per character) or UTF8 format + into an ASN1_STRING type. A mask of permissible types is passed + and it chooses the "minimal" type to use or an error if not type + is suitable. + [Steve Henson] + + *) Add function equivalents to the various macros in asn1.h. The old + macros are retained with an M_ prefix. Code inside the library can + use the M_ macros. External code (including the openssl utility) + should *NOT* in order to be "shared library friendly". + [Steve Henson] + + *) Add various functions that can check a certificate's extensions + to see if it usable for various purposes such as SSL client, + server or S/MIME and CAs of these types. This is currently + VERY EXPERIMENTAL but will ultimately be used for certificate chain + verification. Also added a -purpose flag to x509 utility to + print out all the purposes. + [Steve Henson] + + *) Add a CRYPTO_EX_DATA to X509 certificate structure and associated + functions. + [Steve Henson] + + *) New X509V3_{X509,CRL,REVOKED}_get_d2i() functions. These will search + for, obtain and decode and extension and obtain its critical flag. + This allows all the necessary extension code to be handled in a + single function call. + [Steve Henson] + + *) RC4 tune-up featuring 30-40% performance improvement on most RISC + platforms. See crypto/rc4/rc4_enc.c for further details. + [Andy Polyakov] + + *) New -noout option to asn1parse. This causes no output to be produced + its main use is when combined with -strparse and -out to extract data + from a file (which may not be in ASN.1 format). + [Steve Henson] + + *) Fix for pkcs12 program. It was hashing an invalid certificate pointer + when producing the local key id. + [Richard Levitte ] + + *) New option -dhparam in s_server. This allows a DH parameter file to be + stated explicitly. If it is not stated then it tries the first server + certificate file. The previous behaviour hard coded the filename + "server.pem". + [Steve Henson] + + *) Add -pubin and -pubout options to the rsa and dsa commands. These allow + a public key to be input or output. For example: + openssl rsa -in key.pem -pubout -out pubkey.pem + Also added necessary DSA public key functions to handle this. + [Steve Henson] + + *) Fix so PKCS7_dataVerify() doesn't crash if no certificates are contained + in the message. This was handled by allowing + X509_find_by_issuer_and_serial() to tolerate a NULL passed to it. + [Steve Henson, reported by Sampo Kellomaki ] + + *) Fix for bug in d2i_ASN1_bytes(): other ASN1 functions add an extra null + to the end of the strings whereas this didn't. This would cause problems + if strings read with d2i_ASN1_bytes() were later modified. + [Steve Henson, reported by Arne Ansper ] + + *) Fix for base64 decode bug. When a base64 bio reads only one line of + data and it contains EOF it will end up returning an error. This is + caused by input 46 bytes long. The cause is due to the way base64 + BIOs find the start of base64 encoded data. They do this by trying a + trial decode on each line until they find one that works. When they + do a flag is set and it starts again knowing it can pass all the + data directly through the decoder. Unfortunately it doesn't reset + the context it uses. This means that if EOF is reached an attempt + is made to pass two EOFs through the context and this causes the + resulting error. This can also cause other problems as well. As is + usual with these problems it takes *ages* to find and the fix is + trivial: move one line. + [Steve Henson, reported by ian@uns.ns.ac.yu (Ivan Nejgebauer) ] + + *) Ugly workaround to get s_client and s_server working under Windows. The + old code wouldn't work because it needed to select() on sockets and the + tty (for keypresses and to see if data could be written). Win32 only + supports select() on sockets so we select() with a 1s timeout on the + sockets and then see if any characters are waiting to be read, if none + are present then we retry, we also assume we can always write data to + the tty. This isn't nice because the code then blocks until we've + received a complete line of data and it is effectively polling the + keyboard at 1s intervals: however it's quite a bit better than not + working at all :-) A dedicated Windows application might handle this + with an event loop for example. + [Steve Henson] + + *) Enhance RSA_METHOD structure. Now there are two extra methods, rsa_sign + and rsa_verify. When the RSA_FLAGS_SIGN_VER option is set these functions + will be called when RSA_sign() and RSA_verify() are used. This is useful + if rsa_pub_dec() and rsa_priv_enc() equivalents are not available. + For this to work properly RSA_public_decrypt() and RSA_private_encrypt() + should *not* be used: RSA_sign() and RSA_verify() must be used instead. + This necessitated the support of an extra signature type NID_md5_sha1 + for SSL signatures and modifications to the SSL library to use it instead + of calling RSA_public_decrypt() and RSA_private_encrypt(). + [Steve Henson] + + *) Add new -verify -CAfile and -CApath options to the crl program, these + will lookup a CRL issuers certificate and verify the signature in a + similar way to the verify program. Tidy up the crl program so it + no longer accesses structures directly. Make the ASN1 CRL parsing a bit + less strict. It will now permit CRL extensions even if it is not + a V2 CRL: this will allow it to tolerate some broken CRLs. + [Steve Henson] + + *) Initialize all non-automatic variables each time one of the openssl + sub-programs is started (this is necessary as they may be started + multiple times from the "OpenSSL>" prompt). + [Lennart Bang, Bodo Moeller] + + *) Preliminary compilation option RSA_NULL which disables RSA crypto without + removing all other RSA functionality (this is what NO_RSA does). This + is so (for example) those in the US can disable those operations covered + by the RSA patent while allowing storage and parsing of RSA keys and RSA + key generation. + [Steve Henson] + + *) Non-copying interface to BIO pairs. + (still largely untested) + [Bodo Moeller] + + *) New function ANS1_tag2str() to convert an ASN1 tag to a descriptive + ASCII string. This was handled independently in various places before. + [Steve Henson] + + *) New functions UTF8_getc() and UTF8_putc() that parse and generate + UTF8 strings a character at a time. + [Steve Henson] + + *) Use client_version from client hello to select the protocol + (s23_srvr.c) and for RSA client key exchange verification + (s3_srvr.c), as required by the SSL 3.0/TLS 1.0 specifications. + [Bodo Moeller] + + *) Add various utility functions to handle SPKACs, these were previously + handled by poking round in the structure internals. Added new function + NETSCAPE_SPKI_print() to print out SPKAC and a new utility 'spkac' to + print, verify and generate SPKACs. Based on an original idea from + Massimiliano Pala but extensively modified. + [Steve Henson] + + *) RIPEMD160 is operational on all platforms and is back in 'make test'. + [Andy Polyakov] + + *) Allow the config file extension section to be overwritten on the + command line. Based on an original idea from Massimiliano Pala + . The new option is called -extensions + and can be applied to ca, req and x509. Also -reqexts to override + the request extensions in req and -crlexts to override the crl extensions + in ca. + [Steve Henson] + + *) Add new feature to the SPKAC handling in ca. Now you can include + the same field multiple times by preceding it by "XXXX." for example: + 1.OU="Unit name 1" + 2.OU="Unit name 2" + this is the same syntax as used in the req config file. + [Steve Henson] + + *) Allow certificate extensions to be added to certificate requests. These + are specified in a 'req_extensions' option of the req section of the + config file. They can be printed out with the -text option to req but + are otherwise ignored at present. + [Steve Henson] + + *) Fix a horrible bug in enc_read() in crypto/evp/bio_enc.c: if the first + data read consists of only the final block it would not decrypted because + EVP_CipherUpdate() would correctly report zero bytes had been decrypted. + A misplaced 'break' also meant the decrypted final block might not be + copied until the next read. + [Steve Henson] + + *) Initial support for DH_METHOD. Again based on RSA_METHOD. Also added + a few extra parameters to the DH structure: these will be useful if + for example we want the value of 'q' or implement X9.42 DH. + [Steve Henson] + + *) Initial support for DSA_METHOD. This is based on the RSA_METHOD and + provides hooks that allow the default DSA functions or functions on a + "per key" basis to be replaced. This allows hardware acceleration and + hardware key storage to be handled without major modification to the + library. Also added low level modexp hooks and CRYPTO_EX structure and + associated functions. + [Steve Henson] + + *) Add a new flag to memory BIOs, BIO_FLAG_MEM_RDONLY. This marks the BIO + as "read only": it can't be written to and the buffer it points to will + not be freed. Reading from a read only BIO is much more efficient than + a normal memory BIO. This was added because there are several times when + an area of memory needs to be read from a BIO. The previous method was + to create a memory BIO and write the data to it, this results in two + copies of the data and an O(n^2) reading algorithm. There is a new + function BIO_new_mem_buf() which creates a read only memory BIO from + an area of memory. Also modified the PKCS#7 routines to use read only + memory BIOs. + [Steve Henson] + + *) Bugfix: ssl23_get_client_hello did not work properly when called in + state SSL23_ST_SR_CLNT_HELLO_B, i.e. when the first 7 bytes of + a SSLv2-compatible client hello for SSLv3 or TLSv1 could be read, + but a retry condition occured while trying to read the rest. + [Bodo Moeller] + + *) The PKCS7_ENC_CONTENT_new() function was setting the content type as + NID_pkcs7_encrypted by default: this was wrong since this should almost + always be NID_pkcs7_data. Also modified the PKCS7_set_type() to handle + the encrypted data type: this is a more sensible place to put it and it + allows the PKCS#12 code to be tidied up that duplicated this + functionality. + [Steve Henson] + + *) Changed obj_dat.pl script so it takes its input and output files on + the command line. This should avoid shell escape redirection problems + under Win32. + [Steve Henson] + + *) Initial support for certificate extension requests, these are included + in things like Xenroll certificate requests. Included functions to allow + extensions to be obtained and added. + [Steve Henson] + + *) -crlf option to s_client and s_server for sending newlines as + CRLF (as required by many protocols). + [Bodo Moeller] + + Changes between 0.9.3a and 0.9.4 [09 Aug 1999] + + *) Install libRSAglue.a when OpenSSL is built with RSAref. + [Ralf S. Engelschall] + + *) A few more ``#ifndef NO_FP_API / #endif'' pairs for consistency. + [Andrija Antonijevic ] + + *) Fix -startdate and -enddate (which was missing) arguments to 'ca' + program. + [Steve Henson] + + *) New function DSA_dup_DH, which duplicates DSA parameters/keys as + DH parameters/keys (q is lost during that conversion, but the resulting + DH parameters contain its length). + + For 1024-bit p, DSA_generate_parameters followed by DSA_dup_DH is + much faster than DH_generate_parameters (which creates parameters + where p = 2*q + 1), and also the smaller q makes DH computations + much more efficient (160-bit exponentiation instead of 1024-bit + exponentiation); so this provides a convenient way to support DHE + ciphersuites in SSL/TLS servers (see ssl/ssltest.c). It is of + utter importance to use + SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE); + or + SSL_set_options(s_ctx, SSL_OP_SINGLE_DH_USE); + when such DH parameters are used, because otherwise small subgroup + attacks may become possible! + [Bodo Moeller] + + *) Avoid memory leak in i2d_DHparams. + [Bodo Moeller] + + *) Allow the -k option to be used more than once in the enc program: + this allows the same encrypted message to be read by multiple recipients. + [Steve Henson] + + *) New function OBJ_obj2txt(buf, buf_len, a, no_name), this converts + an ASN1_OBJECT to a text string. If the "no_name" parameter is set then + it will always use the numerical form of the OID, even if it has a short + or long name. + [Steve Henson] + + *) Added an extra RSA flag: RSA_FLAG_EXT_PKEY. Previously the rsa_mod_exp + method only got called if p,q,dmp1,dmq1,iqmp components were present, + otherwise bn_mod_exp was called. In the case of hardware keys for example + no private key components need be present and it might store extra data + in the RSA structure, which cannot be accessed from bn_mod_exp. + By setting RSA_FLAG_EXT_PKEY rsa_mod_exp will always be called for + private key operations. + [Steve Henson] + + *) Added support for SPARC Linux. + [Andy Polyakov] + + *) pem_password_cb function type incompatibly changed from + typedef int pem_password_cb(char *buf, int size, int rwflag); + to + ....(char *buf, int size, int rwflag, void *userdata); + so that applications can pass data to their callbacks: + The PEM[_ASN1]_{read,write}... functions and macros now take an + additional void * argument, which is just handed through whenever + the password callback is called. + [Damien Miller ; tiny changes by Bodo Moeller] + + New function SSL_CTX_set_default_passwd_cb_userdata. + + Compatibility note: As many C implementations push function arguments + onto the stack in reverse order, the new library version is likely to + interoperate with programs that have been compiled with the old + pem_password_cb definition (PEM_whatever takes some data that + happens to be on the stack as its last argument, and the callback + just ignores this garbage); but there is no guarantee whatsoever that + this will work. + + *) The -DPLATFORM="\"$(PLATFORM)\"" definition and the similar -DCFLAGS=... + (both in crypto/Makefile.ssl for use by crypto/cversion.c) caused + problems not only on Windows, but also on some Unix platforms. + To avoid problematic command lines, these definitions are now in an + auto-generated file crypto/buildinf.h (created by crypto/Makefile.ssl + for standard "make" builds, by util/mk1mf.pl for "mk1mf" builds). + [Bodo Moeller] + + *) MIPS III/IV assembler module is reimplemented. + [Andy Polyakov] + + *) More DES library cleanups: remove references to srand/rand and + delete an unused file. + [Ulf Möller] + + *) Add support for the the free Netwide assembler (NASM) under Win32, + since not many people have MASM (ml) and it can be hard to obtain. + This is currently experimental but it seems to work OK and pass all + the tests. Check out INSTALL.W32 for info. + [Steve Henson] + + *) Fix memory leaks in s3_clnt.c: All non-anonymous SSL3/TLS1 connections + without temporary keys kept an extra copy of the server key, + and connections with temporary keys did not free everything in case + of an error. + [Bodo Moeller] + + *) New function RSA_check_key and new openssl rsa option -check + for verifying the consistency of RSA keys. + [Ulf Moeller, Bodo Moeller] + + *) Various changes to make Win32 compile work: + 1. Casts to avoid "loss of data" warnings in p5_crpt2.c + 2. Change unsigned int to int in b_dump.c to avoid "signed/unsigned + comparison" warnings. + 3. Add sk__sort to DEF file generator and do make update. + [Steve Henson] + + *) Add a debugging option to PKCS#5 v2 key generation function: when + you #define DEBUG_PKCS5V2 passwords, salts, iteration counts and + derived keys are printed to stderr. + [Steve Henson] + + *) Copy the flags in ASN1_STRING_dup(). + [Roman E. Pavlov ] + + *) The x509 application mishandled signing requests containing DSA + keys when the signing key was also DSA and the parameters didn't match. + + It was supposed to omit the parameters when they matched the signing key: + the verifying software was then supposed to automatically use the CA's + parameters if they were absent from the end user certificate. + + Omitting parameters is no longer recommended. The test was also + the wrong way round! This was probably due to unusual behaviour in + EVP_cmp_parameters() which returns 1 if the parameters match. + This meant that parameters were omitted when they *didn't* match and + the certificate was useless. Certificates signed with 'ca' didn't have + this bug. + [Steve Henson, reported by Doug Erickson ] + + *) Memory leak checking (-DCRYPTO_MDEBUG) had some problems. + The interface is as follows: + Applications can use + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) aka MemCheck_start(), + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF) aka MemCheck_stop(); + "off" is now the default. + The library internally uses + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE) aka MemCheck_off(), + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE) aka MemCheck_on() + to disable memory-checking temporarily. + + Some inconsistent states that previously were possible (and were + even the default) are now avoided. + + -DCRYPTO_MDEBUG_TIME is new and additionally stores the current time + with each memory chunk allocated; this is occasionally more helpful + than just having a counter. + + -DCRYPTO_MDEBUG_THREAD is also new and adds the thread ID. + + -DCRYPTO_MDEBUG_ALL enables all of the above, plus any future + extensions. + [Bodo Moeller] + + *) Introduce "mode" for SSL structures (with defaults in SSL_CTX), + which largely parallels "options", but is for changing API behaviour, + whereas "options" are about protocol behaviour. + Initial "mode" flags are: + + SSL_MODE_ENABLE_PARTIAL_WRITE Allow SSL_write to report success when + a single record has been written. + SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER Don't insist that SSL_write + retries use the same buffer location. + (But all of the contents must be + copied!) + [Bodo Moeller] + + *) Bugfix: SSL_set_options ignored its parameter, only SSL_CTX_set_options + worked. + + *) Fix problems with no-hmac etc. + [Ulf Möller, pointed out by Brian Wellington ] + + *) New functions RSA_get_default_method(), RSA_set_method() and + RSA_get_method(). These allows replacement of RSA_METHODs without having + to mess around with the internals of an RSA structure. + [Steve Henson] + + *) Fix memory leaks in DSA_do_sign and DSA_is_prime. + Also really enable memory leak checks in openssl.c and in some + test programs. + [Chad C. Mulligan, Bodo Moeller] + + *) Fix a bug in d2i_ASN1_INTEGER() and i2d_ASN1_INTEGER() which can mess + up the length of negative integers. This has now been simplified to just + store the length when it is first determined and use it later, rather + than trying to keep track of where data is copied and updating it to + point to the end. + [Steve Henson, reported by Brien Wheeler + ] + + *) Add a new function PKCS7_signatureVerify. This allows the verification + of a PKCS#7 signature but with the signing certificate passed to the + function itself. This contrasts with PKCS7_dataVerify which assumes the + certificate is present in the PKCS#7 structure. This isn't always the + case: certificates can be omitted from a PKCS#7 structure and be + distributed by "out of band" means (such as a certificate database). + [Steve Henson] + + *) Complete the PEM_* macros with DECLARE_PEM versions to replace the + function prototypes in pem.h, also change util/mkdef.pl to add the + necessary function names. + [Steve Henson] + + *) mk1mf.pl (used by Windows builds) did not properly read the + options set by Configure in the top level Makefile, and Configure + was not even able to write more than one option correctly. + Fixed, now "no-idea no-rc5 -DCRYPTO_MDEBUG" etc. works as intended. + [Bodo Moeller] + + *) New functions CONF_load_bio() and CONF_load_fp() to allow a config + file to be loaded from a BIO or FILE pointer. The BIO version will + for example allow memory BIOs to contain config info. + [Steve Henson] + + *) New function "CRYPTO_num_locks" that returns CRYPTO_NUM_LOCKS. + Whoever hopes to achieve shared-library compatibility across versions + must use this, not the compile-time macro. + (Exercise 0.9.4: Which is the minimum library version required by + such programs?) + Note: All this applies only to multi-threaded programs, others don't + need locks. + [Bodo Moeller] + + *) Add missing case to s3_clnt.c state machine -- one of the new SSL tests + through a BIO pair triggered the default case, i.e. + SSLerr(...,SSL_R_UNKNOWN_STATE). + [Bodo Moeller] + + *) New "BIO pair" concept (crypto/bio/bss_bio.c) so that applications + can use the SSL library even if none of the specific BIOs is + appropriate. + [Bodo Moeller] + + *) Fix a bug in i2d_DSAPublicKey() which meant it returned the wrong value + for the encoded length. + [Jeon KyoungHo ] + + *) Add initial documentation of the X509V3 functions. + [Steve Henson] + + *) Add a new pair of functions PEM_write_PKCS8PrivateKey() and + PEM_write_bio_PKCS8PrivateKey() that are equivalent to + PEM_write_PrivateKey() and PEM_write_bio_PrivateKey() but use the more + secure PKCS#8 private key format with a high iteration count. + [Steve Henson] + + *) Fix determination of Perl interpreter: A perl or perl5 + _directory_ in $PATH was also accepted as the interpreter. + [Ralf S. Engelschall] + + *) Fix demos/sign/sign.c: well there wasn't anything strictly speaking + wrong with it but it was very old and did things like calling + PEM_ASN1_read() directly and used MD5 for the hash not to mention some + unusual formatting. + [Steve Henson] + + *) Fix demos/selfsign.c: it used obsolete and deleted functions, changed + to use the new extension code. + [Steve Henson] + + *) Implement the PEM_read/PEM_write functions in crypto/pem/pem_all.c + with macros. This should make it easier to change their form, add extra + arguments etc. Fix a few PEM prototypes which didn't have cipher as a + constant. + [Steve Henson] + + *) Add to configuration table a new entry that can specify an alternative + name for unistd.h (for pre-POSIX systems); we need this for NeXTstep, + according to Mark Crispin . + [Bodo Moeller] + +#if 0 + *) DES CBC did not update the IV. Weird. + [Ben Laurie] +#else + des_cbc_encrypt does not update the IV, but des_ncbc_encrypt does. + Changing the behaviour of the former might break existing programs -- + where IV updating is needed, des_ncbc_encrypt can be used. +#endif + + *) When bntest is run from "make test" it drives bc to check its + calculations, as well as internally checking them. If an internal check + fails, it needs to cause bc to give a non-zero result or make test carries + on without noticing the failure. Fixed. + [Ben Laurie] + + *) DES library cleanups. + [Ulf Möller] + + *) Add support for PKCS#5 v2.0 PBE algorithms. This will permit PKCS#8 to be + used with any cipher unlike PKCS#5 v1.5 which can at most handle 64 bit + ciphers. NOTE: although the key derivation function has been verified + against some published test vectors it has not been extensively tested + yet. Added a -v2 "cipher" option to pkcs8 application to allow the use + of v2.0. + [Steve Henson] + + *) Instead of "mkdir -p", which is not fully portable, use new + Perl script "util/mkdir-p.pl". + [Bodo Moeller] + + *) Rewrite the way password based encryption (PBE) is handled. It used to + assume that the ASN1 AlgorithmIdentifier parameter was a PBEParameter + structure. This was true for the PKCS#5 v1.5 and PKCS#12 PBE algorithms + but doesn't apply to PKCS#5 v2.0 where it can be something else. Now + the 'parameter' field of the AlgorithmIdentifier is passed to the + underlying key generation function so it must do its own ASN1 parsing. + This has also changed the EVP_PBE_CipherInit() function which now has a + 'parameter' argument instead of literal salt and iteration count values + and the function EVP_PBE_ALGOR_CipherInit() has been deleted. + [Steve Henson] + + *) Support for PKCS#5 v1.5 compatible password based encryption algorithms + and PKCS#8 functionality. New 'pkcs8' application linked to openssl. + Needed to change the PEM_STRING_EVP_PKEY value which was just "PRIVATE + KEY" because this clashed with PKCS#8 unencrypted string. Since this + value was just used as a "magic string" and not used directly its + value doesn't matter. + [Steve Henson] + + *) Introduce some semblance of const correctness to BN. Shame C doesn't + support mutable. + [Ben Laurie] + + *) "linux-sparc64" configuration (ultrapenguin). + [Ray Miller ] + "linux-sparc" configuration. + [Christian Forster ] + + *) config now generates no-xxx options for missing ciphers. + [Ulf Möller] + + *) Support the EBCDIC character set (work in progress). + File ebcdic.c not yet included because it has a different license. + [Martin Kraemer ] + + *) Support BS2000/OSD-POSIX. + [Martin Kraemer ] + + *) Make callbacks for key generation use void * instead of char *. + [Ben Laurie] + + *) Make S/MIME samples compile (not yet tested). + [Ben Laurie] + + *) Additional typesafe stacks. + [Ben Laurie] + + *) New configuration variants "bsdi-elf-gcc" (BSD/OS 4.x). + [Bodo Moeller] + + + Changes between 0.9.3 and 0.9.3a [29 May 1999] + + *) New configuration variant "sco5-gcc". + + *) Updated some demos. + [Sean O Riordain, Wade Scholine] + + *) Add missing BIO_free at exit of pkcs12 application. + [Wu Zhigang] + + *) Fix memory leak in conf.c. + [Steve Henson] + + *) Updates for Win32 to assembler version of MD5. + [Steve Henson] + + *) Set #! path to perl in apps/der_chop to where we found it + instead of using a fixed path. + [Bodo Moeller] + + *) SHA library changes for irix64-mips4-cc. + [Andy Polyakov] + + *) Improvements for VMS support. + [Richard Levitte] + + + Changes between 0.9.2b and 0.9.3 [24 May 1999] + + *) Bignum library bug fix. IRIX 6 passes "make test" now! + This also avoids the problems with SC4.2 and unpatched SC5. + [Andy Polyakov ] + + *) New functions sk_num, sk_value and sk_set to replace the previous macros. + These are required because of the typesafe stack would otherwise break + existing code. If old code used a structure member which used to be STACK + and is now STACK_OF (for example cert in a PKCS7_SIGNED structure) with + sk_num or sk_value it would produce an error because the num, data members + are not present in STACK_OF. Now it just produces a warning. sk_set + replaces the old method of assigning a value to sk_value + (e.g. sk_value(x, i) = y) which the library used in a few cases. Any code + that does this will no longer work (and should use sk_set instead) but + this could be regarded as a "questionable" behaviour anyway. + [Steve Henson] + + *) Fix most of the other PKCS#7 bugs. The "experimental" code can now + correctly handle encrypted S/MIME data. + [Steve Henson] + + *) Change type of various DES function arguments from des_cblock + (which means, in function argument declarations, pointer to char) + to des_cblock * (meaning pointer to array with 8 char elements), + which allows the compiler to do more typechecking; it was like + that back in SSLeay, but with lots of ugly casts. + + Introduce new type const_des_cblock. + [Bodo Moeller] + + *) Reorganise the PKCS#7 library and get rid of some of the more obvious + problems: find RecipientInfo structure that matches recipient certificate + and initialise the ASN1 structures properly based on passed cipher. + [Steve Henson] + + *) Belatedly make the BN tests actually check the results. + [Ben Laurie] + + *) Fix the encoding and decoding of negative ASN1 INTEGERS and conversion + to and from BNs: it was completely broken. New compilation option + NEG_PUBKEY_BUG to allow for some broken certificates that encode public + key elements as negative integers. + [Steve Henson] + + *) Reorganize and speed up MD5. + [Andy Polyakov ] + + *) VMS support. + [Richard Levitte ] + + *) New option -out to asn1parse to allow the parsed structure to be + output to a file. This is most useful when combined with the -strparse + option to examine the output of things like OCTET STRINGS. + [Steve Henson] + + *) Make SSL library a little more fool-proof by not requiring any longer + that SSL_set_{accept,connect}_state be called before + SSL_{accept,connect} may be used (SSL_set_..._state is omitted + in many applications because usually everything *appeared* to work as + intended anyway -- now it really works as intended). + [Bodo Moeller] + + *) Move openssl.cnf out of lib/. + [Ulf Möller] + + *) Fix various things to let OpenSSL even pass ``egcc -pipe -O2 -Wall + -Wshadow -Wpointer-arith -Wcast-align -Wmissing-prototypes + -Wmissing-declarations -Wnested-externs -Winline'' with EGCS 1.1.2+ + [Ralf S. Engelschall] + + *) Various fixes to the EVP and PKCS#7 code. It may now be able to + handle PKCS#7 enveloped data properly. + [Sebastian Akerman , modified by Steve] + + *) Create a duplicate of the SSL_CTX's CERT in SSL_new instead of + copying pointers. The cert_st handling is changed by this in + various ways (and thus what used to be known as ctx->default_cert + is now called ctx->cert, since we don't resort to s->ctx->[default_]cert + any longer when s->cert does not give us what we need). + ssl_cert_instantiate becomes obsolete by this change. + As soon as we've got the new code right (possibly it already is?), + we have solved a couple of bugs of the earlier code where s->cert + was used as if it could not have been shared with other SSL structures. + + Note that using the SSL API in certain dirty ways now will result + in different behaviour than observed with earlier library versions: + Changing settings for an SSL_CTX *ctx after having done s = SSL_new(ctx) + does not influence s as it used to. + + In order to clean up things more thoroughly, inside SSL_SESSION + we don't use CERT any longer, but a new structure SESS_CERT + that holds per-session data (if available); currently, this is + the peer's certificate chain and, for clients, the server's certificate + and temporary key. CERT holds only those values that can have + meaningful defaults in an SSL_CTX. + [Bodo Moeller] + + *) New function X509V3_EXT_i2d() to create an X509_EXTENSION structure + from the internal representation. Various PKCS#7 fixes: remove some + evil casts and set the enc_dig_alg field properly based on the signing + key type. + [Steve Henson] + + *) Allow PKCS#12 password to be set from the command line or the + environment. Let 'ca' get its config file name from the environment + variables "OPENSSL_CONF" or "SSLEAY_CONF" (for consistency with 'req' + and 'x509'). + [Steve Henson] + + *) Allow certificate policies extension to use an IA5STRING for the + organization field. This is contrary to the PKIX definition but + VeriSign uses it and IE5 only recognises this form. Document 'x509' + extension option. + [Steve Henson] + + *) Add PEDANTIC compiler flag to allow compilation with gcc -pedantic, + without disallowing inline assembler and the like for non-pedantic builds. + [Ben Laurie] + + *) Support Borland C++ builder. + [Janez Jere , modified by Ulf Möller] + + *) Support Mingw32. + [Ulf Möller] + + *) SHA-1 cleanups and performance enhancements. + [Andy Polyakov ] + + *) Sparc v8plus assembler for the bignum library. + [Andy Polyakov ] + + *) Accept any -xxx and +xxx compiler options in Configure. + [Ulf Möller] + + *) Update HPUX configuration. + [Anonymous] + + *) Add missing sk__unshift() function to safestack.h + [Ralf S. Engelschall] + + *) New function SSL_CTX_use_certificate_chain_file that sets the + "extra_cert"s in addition to the certificate. (This makes sense + only for "PEM" format files, as chains as a whole are not + DER-encoded.) + [Bodo Moeller] + + *) Support verify_depth from the SSL API. + x509_vfy.c had what can be considered an off-by-one-error: + Its depth (which was not part of the external interface) + was actually counting the number of certificates in a chain; + now it really counts the depth. + [Bodo Moeller] + + *) Bugfix in crypto/x509/x509_cmp.c: The SSLerr macro was used + instead of X509err, which often resulted in confusing error + messages since the error codes are not globally unique + (e.g. an alleged error in ssl3_accept when a certificate + didn't match the private key). + + *) New function SSL_CTX_set_session_id_context that allows to set a default + value (so that you don't need SSL_set_session_id_context for each + connection using the SSL_CTX). + [Bodo Moeller] + + *) OAEP decoding bug fix. + [Ulf Möller] + + *) Support INSTALL_PREFIX for package builders, as proposed by + David Harris. + [Bodo Moeller] + + *) New Configure options "threads" and "no-threads". For systems + where the proper compiler options are known (currently Solaris + and Linux), "threads" is the default. + [Bodo Moeller] + + *) New script util/mklink.pl as a faster substitute for util/mklink.sh. + [Bodo Moeller] + + *) Install various scripts to $(OPENSSLDIR)/misc, not to + $(INSTALLTOP)/bin -- they shouldn't clutter directories + such as /usr/local/bin. + [Bodo Moeller] + + *) "make linux-shared" to build shared libraries. + [Niels Poppe ] + + *) New Configure option no- (rsa, idea, rc5, ...). + [Ulf Möller] + + *) Add the PKCS#12 API documentation to openssl.txt. Preliminary support for + extension adding in x509 utility. + [Steve Henson] + + *) Remove NOPROTO sections and error code comments. + [Ulf Möller] + + *) Partial rewrite of the DEF file generator to now parse the ANSI + prototypes. + [Steve Henson] + + *) New Configure options --prefix=DIR and --openssldir=DIR. + [Ulf Möller] + + *) Complete rewrite of the error code script(s). It is all now handled + by one script at the top level which handles error code gathering, + header rewriting and C source file generation. It should be much better + than the old method: it now uses a modified version of Ulf's parser to + read the ANSI prototypes in all header files (thus the old K&R definitions + aren't needed for error creation any more) and do a better job of + translating function codes into names. The old 'ASN1 error code imbedded + in a comment' is no longer necessary and it doesn't use .err files which + have now been deleted. Also the error code call doesn't have to appear all + on one line (which resulted in some large lines...). + [Steve Henson] + + *) Change #include filenames from to . + [Bodo Moeller] + + *) Change behaviour of ssl2_read when facing length-0 packets: Don't return + 0 (which usually indicates a closed connection), but continue reading. + [Bodo Moeller] + + *) Fix some race conditions. + [Bodo Moeller] + + *) Add support for CRL distribution points extension. Add Certificate + Policies and CRL distribution points documentation. + [Steve Henson] + + *) Move the autogenerated header file parts to crypto/opensslconf.h. + [Ulf Möller] + + *) Fix new 56-bit DES export ciphersuites: they were using 7 bytes instead of + 8 of keying material. Merlin has also confirmed interop with this fix + between OpenSSL and Baltimore C/SSL 2.0 and J/SSL 2.0. + [Merlin Hughes ] + + *) Fix lots of warnings. + [Richard Levitte ] + + *) In add_cert_dir() in crypto/x509/by_dir.c, break out of the loop if + the directory spec didn't end with a LIST_SEPARATOR_CHAR. + [Richard Levitte ] + + *) Fix problems with sizeof(long) == 8. + [Andy Polyakov ] + + *) Change functions to ANSI C. + [Ulf Möller] + + *) Fix typos in error codes. + [Martin Kraemer , Ulf Möller] + + *) Remove defunct assembler files from Configure. + [Ulf Möller] + + *) SPARC v8 assembler BIGNUM implementation. + [Andy Polyakov ] + + *) Support for Certificate Policies extension: both print and set. + Various additions to support the r2i method this uses. + [Steve Henson] + + *) A lot of constification, and fix a bug in X509_NAME_oneline() that could + return a const string when you are expecting an allocated buffer. + [Ben Laurie] + + *) Add support for ASN1 types UTF8String and VISIBLESTRING, also the CHOICE + types DirectoryString and DisplayText. + [Steve Henson] + + *) Add code to allow r2i extensions to access the configuration database, + add an LHASH database driver and add several ctx helper functions. + [Steve Henson] + + *) Fix an evil bug in bn_expand2() which caused various BN functions to + fail when they extended the size of a BIGNUM. + [Steve Henson] + + *) Various utility functions to handle SXNet extension. Modify mkdef.pl to + support typesafe stack. + [Steve Henson] + + *) Fix typo in SSL_[gs]et_options(). + [Nils Frostberg ] + + *) Delete various functions and files that belonged to the (now obsolete) + old X509V3 handling code. + [Steve Henson] + + *) New Configure option "rsaref". + [Ulf Möller] + + *) Don't auto-generate pem.h. + [Bodo Moeller] + + *) Introduce type-safe ASN.1 SETs. + [Ben Laurie] + + *) Convert various additional casted stacks to type-safe STACK_OF() variants. + [Ben Laurie, Ralf S. Engelschall, Steve Henson] + + *) Introduce type-safe STACKs. This will almost certainly break lots of code + that links with OpenSSL (well at least cause lots of warnings), but fear + not: the conversion is trivial, and it eliminates loads of evil casts. A + few STACKed things have been converted already. Feel free to convert more. + In the fullness of time, I'll do away with the STACK type altogether. + [Ben Laurie] + + *) Add `openssl ca -revoke ' facility which revokes a certificate + specified in by updating the entry in the index.txt file. + This way one no longer has to edit the index.txt file manually for + revoking a certificate. The -revoke option does the gory details now. + [Massimiliano Pala , Ralf S. Engelschall] + + *) Fix `openssl crl -noout -text' combination where `-noout' killed the + `-text' option at all and this way the `-noout -text' combination was + inconsistent in `openssl crl' with the friends in `openssl x509|rsa|dsa'. + [Ralf S. Engelschall] + + *) Make sure a corresponding plain text error message exists for the + X509_V_ERR_CERT_REVOKED/23 error number which can occur when a + verify callback function determined that a certificate was revoked. + [Ralf S. Engelschall] + + *) Bugfix: In test/testenc, don't test "openssl " for + ciphers that were excluded, e.g. by -DNO_IDEA. Also, test + all available cipers including rc5, which was forgotten until now. + In order to let the testing shell script know which algorithms + are available, a new (up to now undocumented) command + "openssl list-cipher-commands" is used. + [Bodo Moeller] + + *) Bugfix: s_client occasionally would sleep in select() when + it should have checked SSL_pending() first. + [Bodo Moeller] + + *) New functions DSA_do_sign and DSA_do_verify to provide access to + the raw DSA values prior to ASN.1 encoding. + [Ulf Möller] + + *) Tweaks to Configure + [Niels Poppe ] + + *) Add support for PKCS#5 v2.0 ASN1 PBES2 structures. No other support, + yet... + [Steve Henson] + + *) New variables $(RANLIB) and $(PERL) in the Makefiles. + [Ulf Möller] + + *) New config option to avoid instructions that are illegal on the 80386. + The default code is faster, but requires at least a 486. + [Ulf Möller] + + *) Got rid of old SSL2_CLIENT_VERSION (inconsistently used) and + SSL2_SERVER_VERSION (not used at all) macros, which are now the + same as SSL2_VERSION anyway. + [Bodo Moeller] + + *) New "-showcerts" option for s_client. + [Bodo Moeller] + + *) Still more PKCS#12 integration. Add pkcs12 application to openssl + application. Various cleanups and fixes. + [Steve Henson] + + *) More PKCS#12 integration. Add new pkcs12 directory with Makefile.ssl and + modify error routines to work internally. Add error codes and PBE init + to library startup routines. + [Steve Henson] + + *) Further PKCS#12 integration. Added password based encryption, PKCS#8 and + packing functions to asn1 and evp. Changed function names and error + codes along the way. + [Steve Henson] + + *) PKCS12 integration: and so it begins... First of several patches to + slowly integrate PKCS#12 functionality into OpenSSL. Add PKCS#12 + objects to objects.h + [Steve Henson] + + *) Add a new 'indent' option to some X509V3 extension code. Initial ASN1 + and display support for Thawte strong extranet extension. + [Steve Henson] + + *) Add LinuxPPC support. + [Jeff Dubrule ] + + *) Get rid of redundant BN file bn_mulw.c, and rename bn_div64 to + bn_div_words in alpha.s. + [Hannes Reinecke and Ben Laurie] + + *) Make sure the RSA OAEP test is skipped under -DRSAref because + OAEP isn't supported when OpenSSL is built with RSAref. + [Ulf Moeller ] + + *) Move definitions of IS_SET/IS_SEQUENCE inside crypto/asn1/asn1.h + so they no longer are missing under -DNOPROTO. + [Soren S. Jorvang ] + + + Changes between 0.9.1c and 0.9.2b [22 Mar 1999] + + *) Make SSL_get_peer_cert_chain() work in servers. Unfortunately, it still + doesn't work when the session is reused. Coming soon! + [Ben Laurie] + + *) Fix a security hole, that allows sessions to be reused in the wrong + context thus bypassing client cert protection! All software that uses + client certs and session caches in multiple contexts NEEDS PATCHING to + allow session reuse! A fuller solution is in the works. + [Ben Laurie, problem pointed out by Holger Reif, Bodo Moeller (and ???)] + + *) Some more source tree cleanups (removed obsolete files + crypto/bf/asm/bf586.pl, test/test.txt and crypto/sha/asm/f.s; changed + permission on "config" script to be executable) and a fix for the INSTALL + document. + [Ulf Moeller ] + + *) Remove some legacy and erroneous uses of malloc, free instead of + Malloc, Free. + [Lennart Bang , with minor changes by Steve] + + *) Make rsa_oaep_test return non-zero on error. + [Ulf Moeller ] + + *) Add support for native Solaris shared libraries. Configure + solaris-sparc-sc4-pic, make, then run shlib/solaris-sc4.sh. It'd be nice + if someone would make that last step automatic. + [Matthias Loepfe ] + + *) ctx_size was not built with the right compiler during "make links". Fixed. + [Ben Laurie] + + *) Change the meaning of 'ALL' in the cipher list. It now means "everything + except NULL ciphers". This means the default cipher list will no longer + enable NULL ciphers. They need to be specifically enabled e.g. with + the string "DEFAULT:eNULL". + [Steve Henson] + + *) Fix to RSA private encryption routines: if p < q then it would + occasionally produce an invalid result. This will only happen with + externally generated keys because OpenSSL (and SSLeay) ensure p > q. + [Steve Henson] + + *) Be less restrictive and allow also `perl util/perlpath.pl + /path/to/bin/perl' in addition to `perl util/perlpath.pl /path/to/bin', + because this way one can also use an interpreter named `perl5' (which is + usually the name of Perl 5.xxx on platforms where an Perl 4.x is still + installed as `perl'). + [Matthias Loepfe ] + + *) Let util/clean-depend.pl work also with older Perl 5.00x versions. + [Matthias Loepfe ] + + *) Fix Makefile.org so CC,CFLAG etc are passed to 'make links' add + advapi32.lib to Win32 build and change the pem test comparision + to fc.exe (thanks to Ulrich Kroener for the + suggestion). Fix misplaced ASNI prototypes and declarations in evp.h + and crypto/des/ede_cbcm_enc.c. + [Steve Henson] + + *) DES quad checksum was broken on big-endian architectures. Fixed. + [Ben Laurie] + + *) Comment out two functions in bio.h that aren't implemented. Fix up the + Win32 test batch file so it (might) work again. The Win32 test batch file + is horrible: I feel ill.... + [Steve Henson] + + *) Move various #ifdefs around so NO_SYSLOG, NO_DIRENT etc are now selected + in e_os.h. Audit of header files to check ANSI and non ANSI + sections: 10 functions were absent from non ANSI section and not exported + from Windows DLLs. Fixed up libeay.num for new functions. + [Steve Henson] + + *) Make `openssl version' output lines consistent. + [Ralf S. Engelschall] + + *) Fix Win32 symbol export lists for BIO functions: Added + BIO_get_ex_new_index, BIO_get_ex_num, BIO_get_ex_data and BIO_set_ex_data + to ms/libeay{16,32}.def. + [Ralf S. Engelschall] + + *) Second round of fixing the OpenSSL perl/ stuff. It now at least compiled + fine under Unix and passes some trivial tests I've now added. But the + whole stuff is horribly incomplete, so a README.1ST with a disclaimer was + added to make sure no one expects that this stuff really works in the + OpenSSL 0.9.2 release. Additionally I've started to clean the XS sources + up and fixed a few little bugs and inconsistencies in OpenSSL.{pm,xs} and + openssl_bio.xs. + [Ralf S. Engelschall] + + *) Fix the generation of two part addresses in perl. + [Kenji Miyake , integrated by Ben Laurie] + + *) Add config entry for Linux on MIPS. + [John Tobey ] + + *) Make links whenever Configure is run, unless we are on Windoze. + [Ben Laurie] + + *) Permit extensions to be added to CRLs using crl_section in openssl.cnf. + Currently only issuerAltName and AuthorityKeyIdentifier make any sense + in CRLs. + [Steve Henson] + + *) Add a useful kludge to allow package maintainers to specify compiler and + other platforms details on the command line without having to patch the + Configure script everytime: One now can use ``perl Configure + :
'', i.e. platform ids are allowed to have details appended + to them (seperated by colons). This is treated as there would be a static + pre-configured entry in Configure's %table under key with value +
and ``perl Configure '' is called. So, when you want to + perform a quick test-compile under FreeBSD 3.1 with pgcc and without + assembler stuff you can use ``perl Configure "FreeBSD-elf:pgcc:-O6:::"'' + now, which overrides the FreeBSD-elf entry on-the-fly. + [Ralf S. Engelschall] + + *) Disable new TLS1 ciphersuites by default: they aren't official yet. + [Ben Laurie] + + *) Allow DSO flags like -fpic, -fPIC, -KPIC etc. to be specified + on the `perl Configure ...' command line. This way one can compile + OpenSSL libraries with Position Independent Code (PIC) which is needed + for linking it into DSOs. + [Ralf S. Engelschall] + + *) Remarkably, export ciphers were totally broken and no-one had noticed! + Fixed. + [Ben Laurie] + + *) Cleaned up the LICENSE document: The official contact for any license + questions now is the OpenSSL core team under openssl-core@openssl.org. + And add a paragraph about the dual-license situation to make sure people + recognize that _BOTH_ the OpenSSL license _AND_ the SSLeay license apply + to the OpenSSL toolkit. + [Ralf S. Engelschall] + + *) General source tree makefile cleanups: Made `making xxx in yyy...' + display consistent in the source tree and replaced `/bin/rm' by `rm'. + Additonally cleaned up the `make links' target: Remove unnecessary + semicolons, subsequent redundant removes, inline point.sh into mklink.sh + to speed processing and no longer clutter the display with confusing + stuff. Instead only the actually done links are displayed. + [Ralf S. Engelschall] + + *) Permit null encryption ciphersuites, used for authentication only. It used + to be necessary to set the preprocessor define SSL_ALLOW_ENULL to do this. + It is now necessary to set SSL_FORBID_ENULL to prevent the use of null + encryption. + [Ben Laurie] + + *) Add a bunch of fixes to the PKCS#7 stuff. It used to sometimes reorder + signed attributes when verifying signatures (this would break them), + the detached data encoding was wrong and public keys obtained using + X509_get_pubkey() weren't freed. + [Steve Henson] + + *) Add text documentation for the BUFFER functions. Also added a work around + to a Win95 console bug. This was triggered by the password read stuff: the + last character typed gets carried over to the next fread(). If you were + generating a new cert request using 'req' for example then the last + character of the passphrase would be CR which would then enter the first + field as blank. + [Steve Henson] + + *) Added the new `Includes OpenSSL Cryptography Software' button as + doc/openssl_button.{gif,html} which is similar in style to the old SSLeay + button and can be used by applications based on OpenSSL to show the + relationship to the OpenSSL project. + [Ralf S. Engelschall] + + *) Remove confusing variables in function signatures in files + ssl/ssl_lib.c and ssl/ssl.h. + [Lennart Bong ] + + *) Don't install bss_file.c under PREFIX/include/ + [Lennart Bong ] + + *) Get the Win32 compile working again. Modify mkdef.pl so it can handle + functions that return function pointers and has support for NT specific + stuff. Fix mk1mf.pl and VC-32.pl to support NT differences also. Various + #ifdef WIN32 and WINNTs sprinkled about the place and some changes from + unsigned to signed types: this was killing the Win32 compile. + [Steve Henson] + + *) Add new certificate file to stack functions, + SSL_add_dir_cert_subjects_to_stack() and + SSL_add_file_cert_subjects_to_stack(). These largely supplant + SSL_load_client_CA_file(), and can be used to add multiple certs easily + to a stack (usually this is then handed to SSL_CTX_set_client_CA_list()). + This means that Apache-SSL and similar packages don't have to mess around + to add as many CAs as they want to the preferred list. + [Ben Laurie] + + *) Experiment with doxygen documentation. Currently only partially applied to + ssl/ssl_lib.c. + See http://www.stack.nl/~dimitri/doxygen/index.html, and run doxygen with + openssl.doxy as the configuration file. + [Ben Laurie] + + *) Get rid of remaining C++-style comments which strict C compilers hate. + [Ralf S. Engelschall, pointed out by Carlos Amengual] + + *) Changed BN_RECURSION in bn_mont.c to BN_RECURSION_MONT so it is not + compiled in by default: it has problems with large keys. + [Steve Henson] + + *) Add a bunch of SSL_xxx() functions for configuring the temporary RSA and + DH private keys and/or callback functions which directly correspond to + their SSL_CTX_xxx() counterparts but work on a per-connection basis. This + is needed for applications which have to configure certificates on a + per-connection basis (e.g. Apache+mod_ssl) instead of a per-context basis + (e.g. s_server). + For the RSA certificate situation is makes no difference, but + for the DSA certificate situation this fixes the "no shared cipher" + problem where the OpenSSL cipher selection procedure failed because the + temporary keys were not overtaken from the context and the API provided + no way to reconfigure them. + The new functions now let applications reconfigure the stuff and they + are in detail: SSL_need_tmp_RSA, SSL_set_tmp_rsa, SSL_set_tmp_dh, + SSL_set_tmp_rsa_callback and SSL_set_tmp_dh_callback. Additionally a new + non-public-API function ssl_cert_instantiate() is used as a helper + function and also to reduce code redundancy inside ssl_rsa.c. + [Ralf S. Engelschall] + + *) Move s_server -dcert and -dkey options out of the undocumented feature + area because they are useful for the DSA situation and should be + recognized by the users. + [Ralf S. Engelschall] + + *) Fix the cipher decision scheme for export ciphers: the export bits are + *not* within SSL_MKEY_MASK or SSL_AUTH_MASK, they are within + SSL_EXP_MASK. So, the original variable has to be used instead of the + already masked variable. + [Richard Levitte ] + + *) Fix 'port' variable from `int' to `unsigned int' in crypto/bio/b_sock.c + [Richard Levitte ] + + *) Change type of another md_len variable in pk7_doit.c:PKCS7_dataFinal() + from `int' to `unsigned int' because it's a length and initialized by + EVP_DigestFinal() which expects an `unsigned int *'. + [Richard Levitte ] + + *) Don't hard-code path to Perl interpreter on shebang line of Configure + script. Instead use the usual Shell->Perl transition trick. + [Ralf S. Engelschall] + + *) Make `openssl x509 -noout -modulus' functional also for DSA certificates + (in addition to RSA certificates) to match the behaviour of `openssl dsa + -noout -modulus' as it's already the case for `openssl rsa -noout + -modulus'. For RSA the -modulus is the real "modulus" while for DSA + currently the public key is printed (a decision which was already done by + `openssl dsa -modulus' in the past) which serves a similar purpose. + Additionally the NO_RSA no longer completely removes the whole -modulus + option; it now only avoids using the RSA stuff. Same applies to NO_DSA + now, too. + [Ralf S. Engelschall] + + *) Add Arne Ansper's reliable BIO - this is an encrypted, block-digested + BIO. See the source (crypto/evp/bio_ok.c) for more info. + [Arne Ansper ] + + *) Dump the old yucky req code that tried (and failed) to allow raw OIDs + to be added. Now both 'req' and 'ca' can use new objects defined in the + config file. + [Steve Henson] + + *) Add cool BIO that does syslog (or event log on NT). + [Arne Ansper , integrated by Ben Laurie] + + *) Add support for new TLS ciphersuites, TLS_RSA_EXPORT56_WITH_RC4_56_MD5, + TLS_RSA_EXPORT56_WITH_RC2_CBC_56_MD5 and + TLS_RSA_EXPORT56_WITH_DES_CBC_SHA, as specified in "56-bit Export Cipher + Suites For TLS", draft-ietf-tls-56-bit-ciphersuites-00.txt. + [Ben Laurie] + + *) Add preliminary config info for new extension code. + [Steve Henson] + + *) Make RSA_NO_PADDING really use no padding. + [Ulf Moeller ] + + *) Generate errors when private/public key check is done. + [Ben Laurie] + + *) Overhaul for 'crl' utility. New function X509_CRL_print. Partial support + for some CRL extensions and new objects added. + [Steve Henson] + + *) Really fix the ASN1 IMPLICIT bug this time... Partial support for private + key usage extension and fuller support for authority key id. + [Steve Henson] + + *) Add OAEP encryption for the OpenSSL crypto library. OAEP is the improved + padding method for RSA, which is recommended for new applications in PKCS + #1 v2.0 (RFC 2437, October 1998). + OAEP (Optimal Asymmetric Encryption Padding) has better theoretical + foundations than the ad-hoc padding used in PKCS #1 v1.5. It is secure + against Bleichbacher's attack on RSA. + [Ulf Moeller , reformatted, corrected and integrated by + Ben Laurie] + + *) Updates to the new SSL compression code + [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)] + + *) Fix so that the version number in the master secret, when passed + via RSA, checks that if TLS was proposed, but we roll back to SSLv3 + (because the server will not accept higher), that the version number + is 0x03,0x01, not 0x03,0x00 + [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)] + + *) Run extensive memory leak checks on SSL apps. Fixed *lots* of memory + leaks in ssl/ relating to new X509_get_pubkey() behaviour. Also fixes + in apps/ and an unrelated leak in crypto/dsa/dsa_vrf.c + [Steve Henson] + + *) Support for RAW extensions where an arbitrary extension can be + created by including its DER encoding. See apps/openssl.cnf for + an example. + [Steve Henson] + + *) Make sure latest Perl versions don't interpret some generated C array + code as Perl array code in the crypto/err/err_genc.pl script. + [Lars Weber <3weber@informatik.uni-hamburg.de>] + + *) Modify ms/do_ms.bat to not generate assembly language makefiles since + not many people have the assembler. Various Win32 compilation fixes and + update to the INSTALL.W32 file with (hopefully) more accurate Win32 + build instructions. + [Steve Henson] + + *) Modify configure script 'Configure' to automatically create crypto/date.h + file under Win32 and also build pem.h from pem.org. New script + util/mkfiles.pl to create the MINFO file on environments that can't do a + 'make files': perl util/mkfiles.pl >MINFO should work. + [Steve Henson] + + *) Major rework of DES function declarations, in the pursuit of correctness + and purity. As a result, many evil casts evaporated, and some weirdness, + too. You may find this causes warnings in your code. Zapping your evil + casts will probably fix them. Mostly. + [Ben Laurie] + + *) Fix for a typo in asn1.h. Bug fix to object creation script + obj_dat.pl. It considered a zero in an object definition to mean + "end of object": none of the objects in objects.h have any zeros + so it wasn't spotted. + [Steve Henson, reported by Erwann ABALEA ] + + *) Add support for Triple DES Cipher Block Chaining with Output Feedback + Masking (CBCM). In the absence of test vectors, the best I have been able + to do is check that the decrypt undoes the encrypt, so far. Send me test + vectors if you have them. + [Ben Laurie] + + *) Correct calculation of key length for export ciphers (too much space was + allocated for null ciphers). This has not been tested! + [Ben Laurie] + + *) Modifications to the mkdef.pl for Win32 DEF file creation. The usage + message is now correct (it understands "crypto" and "ssl" on its + command line). There is also now an "update" option. This will update + the util/ssleay.num and util/libeay.num files with any new functions. + If you do a: + perl util/mkdef.pl crypto ssl update + it will update them. + [Steve Henson] + + *) Overhauled the Perl interface (perl/*): + - ported BN stuff to OpenSSL's different BN library + - made the perl/ source tree CVS-aware + - renamed the package from SSLeay to OpenSSL (the files still contain + their history because I've copied them in the repository) + - removed obsolete files (the test scripts will be replaced + by better Test::Harness variants in the future) + [Ralf S. Engelschall] + + *) First cut for a very conservative source tree cleanup: + 1. merge various obsolete readme texts into doc/ssleay.txt + where we collect the old documents and readme texts. + 2. remove the first part of files where I'm already sure that we no + longer need them because of three reasons: either they are just temporary + files which were left by Eric or they are preserved original files where + I've verified that the diff is also available in the CVS via "cvs diff + -rSSLeay_0_8_1b" or they were renamed (as it was definitely the case for + the crypto/md/ stuff). + [Ralf S. Engelschall] + + *) More extension code. Incomplete support for subject and issuer alt + name, issuer and authority key id. Change the i2v function parameters + and add an extra 'crl' parameter in the X509V3_CTX structure: guess + what that's for :-) Fix to ASN1 macro which messed up + IMPLICIT tag and add f_enum.c which adds a2i, i2a for ENUMERATED. + [Steve Henson] + + *) Preliminary support for ENUMERATED type. This is largely copied from the + INTEGER code. + [Steve Henson] + + *) Add new function, EVP_MD_CTX_copy() to replace frequent use of memcpy. + [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)] + + *) Make sure `make rehash' target really finds the `openssl' program. + [Ralf S. Engelschall, Matthias Loepfe ] + + *) Squeeze another 7% of speed out of MD5 assembler, at least on a P2. I'd + like to hear about it if this slows down other processors. + [Ben Laurie] + + *) Add CygWin32 platform information to Configure script. + [Alan Batie ] + + *) Fixed ms/32all.bat script: `no_asm' -> `no-asm' + [Rainer W. Gerling ] + + *) New program nseq to manipulate netscape certificate sequences + [Steve Henson] + + *) Modify crl2pkcs7 so it supports multiple -certfile arguments. Fix a + few typos. + [Steve Henson] + + *) Fixes to BN code. Previously the default was to define BN_RECURSION + but the BN code had some problems that would cause failures when + doing certificate verification and some other functions. + [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)] + + *) Add ASN1 and PEM code to support netscape certificate sequences. + [Steve Henson] + + *) Add ASN1 and PEM code to support netscape certificate sequences. + [Steve Henson] + + *) Add several PKIX and private extended key usage OIDs. + [Steve Henson] + + *) Modify the 'ca' program to handle the new extension code. Modify + openssl.cnf for new extension format, add comments. + [Steve Henson] + + *) More X509 V3 changes. Fix typo in v3_bitstr.c. Add support to 'req' + and add a sample to openssl.cnf so req -x509 now adds appropriate + CA extensions. + [Steve Henson] + + *) Continued X509 V3 changes. Add to other makefiles, integrate with the + error code, add initial support to X509_print() and x509 application. + [Steve Henson] + + *) Takes a deep breath and start addding X509 V3 extension support code. Add + files in crypto/x509v3. Move original stuff to crypto/x509v3/old. All this + stuff is currently isolated and isn't even compiled yet. + [Steve Henson] + + *) Continuing patches for GeneralizedTime. Fix up certificate and CRL + ASN1 to use ASN1_TIME and modify print routines to use ASN1_TIME_print. + Removed the versions check from X509 routines when loading extensions: + this allows certain broken certificates that don't set the version + properly to be processed. + [Steve Henson] + + *) Deal with irritating shit to do with dependencies, in YAAHW (Yet Another + Ad Hoc Way) - Makefile.ssls now all contain local dependencies, which + can still be regenerated with "make depend". + [Ben Laurie] + + *) Spelling mistake in C version of CAST-128. + [Ben Laurie, reported by Jeremy Hylton ] + + *) Changes to the error generation code. The perl script err-code.pl + now reads in the old error codes and retains the old numbers, only + adding new ones if necessary. It also only changes the .err files if new + codes are added. The makefiles have been modified to only insert errors + when needed (to avoid needlessly modifying header files). This is done + by only inserting errors if the .err file is newer than the auto generated + C file. To rebuild all the error codes from scratch (the old behaviour) + either modify crypto/Makefile.ssl to pass the -regen flag to err_code.pl + or delete all the .err files. + [Steve Henson] + + *) CAST-128 was incorrectly implemented for short keys. The C version has + been fixed, but is untested. The assembler versions are also fixed, but + new assembler HAS NOT BEEN GENERATED FOR WIN32 - the Makefile needs fixing + to regenerate it if needed. + [Ben Laurie, reported (with fix for C version) by Jun-ichiro itojun + Hagino ] + + *) File was opened incorrectly in randfile.c. + [Ulf Möller ] + + *) Beginning of support for GeneralizedTime. d2i, i2d, check and print + functions. Also ASN1_TIME suite which is a CHOICE of UTCTime or + GeneralizedTime. ASN1_TIME is the proper type used in certificates et + al: it's just almost always a UTCTime. Note this patch adds new error + codes so do a "make errors" if there are problems. + [Steve Henson] + + *) Correct Linux 1 recognition in config. + [Ulf Möller ] + + *) Remove pointless MD5 hash when using DSA keys in ca. + [Anonymous ] + + *) Generate an error if given an empty string as a cert directory. Also + generate an error if handed NULL (previously returned 0 to indicate an + error, but didn't set one). + [Ben Laurie, reported by Anonymous ] + + *) Add prototypes to SSL methods. Make SSL_write's buffer const, at last. + [Ben Laurie] + + *) Fix the dummy function BN_ref_mod_exp() in rsaref.c to have the correct + parameters. This was causing a warning which killed off the Win32 compile. + [Steve Henson] + + *) Remove C++ style comments from crypto/bn/bn_local.h. + [Neil Costigan ] + + *) The function OBJ_txt2nid was broken. It was supposed to return a nid + based on a text string, looking up short and long names and finally + "dot" format. The "dot" format stuff didn't work. Added new function + OBJ_txt2obj to do the same but return an ASN1_OBJECT and rewrote + OBJ_txt2nid to use it. OBJ_txt2obj can also return objects even if the + OID is not part of the table. + [Steve Henson] + + *) Add prototypes to X509 lookup/verify methods, fixing a bug in + X509_LOOKUP_by_alias(). + [Ben Laurie] + + *) Sort openssl functions by name. + [Ben Laurie] + + *) Get the gendsa program working (hopefully) and add it to app list. Remove + encryption from sample DSA keys (in case anyone is interested the password + was "1234"). + [Steve Henson] + + *) Make _all_ *_free functions accept a NULL pointer. + [Frans Heymans ] + + *) If a DH key is generated in s3_srvr.c, don't blow it by trying to use + NULL pointers. + [Anonymous ] + + *) s_server should send the CAfile as acceptable CAs, not its own cert. + [Bodo Moeller <3moeller@informatik.uni-hamburg.de>] + + *) Don't blow it for numeric -newkey arguments to apps/req. + [Bodo Moeller <3moeller@informatik.uni-hamburg.de>] + + *) Temp key "for export" tests were wrong in s3_srvr.c. + [Anonymous ] + + *) Add prototype for temp key callback functions + SSL_CTX_set_tmp_{rsa,dh}_callback(). + [Ben Laurie] + + *) Make DH_free() tolerate being passed a NULL pointer (like RSA_free() and + DSA_free()). Make X509_PUBKEY_set() check for errors in d2i_PublicKey(). + [Steve Henson] + + *) X509_name_add_entry() freed the wrong thing after an error. + [Arne Ansper ] + + *) rsa_eay.c would attempt to free a NULL context. + [Arne Ansper ] + + *) BIO_s_socket() had a broken should_retry() on Windoze. + [Arne Ansper ] + + *) BIO_f_buffer() didn't pass on BIO_CTRL_FLUSH. + [Arne Ansper ] + + *) Make sure the already existing X509_STORE->depth variable is initialized + in X509_STORE_new(), but document the fact that this variable is still + unused in the certificate verification process. + [Ralf S. Engelschall] + + *) Fix the various library and apps files to free up pkeys obtained from + X509_PUBKEY_get() et al. Also allow x509.c to handle netscape extensions. + [Steve Henson] + + *) Fix reference counting in X509_PUBKEY_get(). This makes + demos/maurice/example2.c work, amongst others, probably. + [Steve Henson and Ben Laurie] + + *) First cut of a cleanup for apps/. First the `ssleay' program is now named + `openssl' and second, the shortcut symlinks for the `openssl ' + are no longer created. This way we have a single and consistent command + line interface `openssl ', similar to `cvs '. + [Ralf S. Engelschall, Paul Sutton and Ben Laurie] + + *) ca.c: move test for DSA keys inside #ifndef NO_DSA. Make pubkey + BIT STRING wrapper always have zero unused bits. + [Steve Henson] + + *) Add CA.pl, perl version of CA.sh, add extended key usage OID. + [Steve Henson] + + *) Make the top-level INSTALL documentation easier to understand. + [Paul Sutton] + + *) Makefiles updated to exit if an error occurs in a sub-directory + make (including if user presses ^C) [Paul Sutton] + + *) Make Montgomery context stuff explicit in RSA data structure. + [Ben Laurie] + + *) Fix build order of pem and err to allow for generated pem.h. + [Ben Laurie] + + *) Fix renumbering bug in X509_NAME_delete_entry(). + [Ben Laurie] + + *) Enhanced the err-ins.pl script so it makes the error library number + global and can add a library name. This is needed for external ASN1 and + other error libraries. + [Steve Henson] + + *) Fixed sk_insert which never worked properly. + [Steve Henson] + + *) Fix ASN1 macros so they can handle indefinite length construted + EXPLICIT tags. Some non standard certificates use these: they can now + be read in. + [Steve Henson] + + *) Merged the various old/obsolete SSLeay documentation files (doc/xxx.doc) + into a single doc/ssleay.txt bundle. This way the information is still + preserved but no longer messes up this directory. Now it's new room for + the new set of documenation files. + [Ralf S. Engelschall] + + *) SETs were incorrectly DER encoded. This was a major pain, because they + shared code with SEQUENCEs, which aren't coded the same. This means that + almost everything to do with SETs or SEQUENCEs has either changed name or + number of arguments. + [Ben Laurie, based on a partial fix by GP Jayan ] + + *) Fix test data to work with the above. + [Ben Laurie] + + *) Fix the RSA header declarations that hid a bug I fixed in 0.9.0b but + was already fixed by Eric for 0.9.1 it seems. + [Ben Laurie - pointed out by Ulf Möller ] + + *) Autodetect FreeBSD3. + [Ben Laurie] + + *) Fix various bugs in Configure. This affects the following platforms: + nextstep + ncr-scde + unixware-2.0 + unixware-2.0-pentium + sco5-cc. + [Ben Laurie] + + *) Eliminate generated files from CVS. Reorder tests to regenerate files + before they are needed. + [Ben Laurie] + + *) Generate Makefile.ssl from Makefile.org (to keep CVS happy). + [Ben Laurie] + + + Changes between 0.9.1b and 0.9.1c [23-Dec-1998] + + *) Added OPENSSL_VERSION_NUMBER to crypto/crypto.h and + changed SSLeay to OpenSSL in version strings. + [Ralf S. Engelschall] + + *) Some fixups to the top-level documents. + [Paul Sutton] + + *) Fixed the nasty bug where rsaref.h was not found under compile-time + because the symlink to include/ was missing. + [Ralf S. Engelschall] + + *) Incorporated the popular no-RSA/DSA-only patches + which allow to compile a RSA-free SSLeay. + [Andrew Cooke / Interrader Ldt., Ralf S. Engelschall] + + *) Fixed nasty rehash problem under `make -f Makefile.ssl links' + when "ssleay" is still not found. + [Ralf S. Engelschall] + + *) Added more platforms to Configure: Cray T3E, HPUX 11, + [Ralf S. Engelschall, Beckmann ] + + *) Updated the README file. + [Ralf S. Engelschall] + + *) Added various .cvsignore files in the CVS repository subdirs + to make a "cvs update" really silent. + [Ralf S. Engelschall] + + *) Recompiled the error-definition header files and added + missing symbols to the Win32 linker tables. + [Ralf S. Engelschall] + + *) Cleaned up the top-level documents; + o new files: CHANGES and LICENSE + o merged VERSION, HISTORY* and README* files a CHANGES.SSLeay + o merged COPYRIGHT into LICENSE + o removed obsolete TODO file + o renamed MICROSOFT to INSTALL.W32 + [Ralf S. Engelschall] + + *) Removed dummy files from the 0.9.1b source tree: + crypto/asn1/x crypto/bio/cd crypto/bio/fg crypto/bio/grep crypto/bio/vi + crypto/bn/asm/......add.c crypto/bn/asm/a.out crypto/dsa/f crypto/md5/f + crypto/pem/gmon.out crypto/perlasm/f crypto/pkcs7/build crypto/rsa/f + crypto/sha/asm/f crypto/threads/f ms/zzz ssl/f ssl/f.mak test/f + util/f.mak util/pl/f util/pl/f.mak crypto/bf/bf_locl.old apps/f + [Ralf S. Engelschall] + + *) Added various platform portability fixes. + [Mark J. Cox] + + *) The Genesis of the OpenSSL rpject: + We start with the latest (unreleased) SSLeay version 0.9.1b which Eric A. + Young and Tim J. Hudson created while they were working for C2Net until + summer 1998. + [The OpenSSL Project] + + + Changes between 0.9.0b and 0.9.1b [not released] + + *) Updated a few CA certificates under certs/ + [Eric A. Young] + + *) Changed some BIGNUM api stuff. + [Eric A. Young] + + *) Various platform ports: OpenBSD, Ultrix, IRIX 64bit, NetBSD, + DGUX x86, Linux Alpha, etc. + [Eric A. Young] + + *) New COMP library [crypto/comp/] for SSL Record Layer Compression: + RLE (dummy implemented) and ZLIB (really implemented when ZLIB is + available). + [Eric A. Young] + + *) Add -strparse option to asn1pars program which parses nested + binary structures + [Dr Stephen Henson ] + + *) Added "oid_file" to ssleay.cnf for "ca" and "req" programs. + [Eric A. Young] + + *) DSA fix for "ca" program. + [Eric A. Young] + + *) Added "-genkey" option to "dsaparam" program. + [Eric A. Young] + + *) Added RIPE MD160 (rmd160) message digest. + [Eric A. Young] + + *) Added -a (all) option to "ssleay version" command. + [Eric A. Young] + + *) Added PLATFORM define which is the id given to Configure. + [Eric A. Young] + + *) Added MemCheck_XXXX functions to crypto/mem.c for memory checking. + [Eric A. Young] + + *) Extended the ASN.1 parser routines. + [Eric A. Young] + + *) Extended BIO routines to support REUSEADDR, seek, tell, etc. + [Eric A. Young] + + *) Added a BN_CTX to the BN library. + [Eric A. Young] + + *) Fixed the weak key values in DES library + [Eric A. Young] + + *) Changed API in EVP library for cipher aliases. + [Eric A. Young] + + *) Added support for RC2/64bit cipher. + [Eric A. Young] + + *) Converted the lhash library to the crypto/mem.c functions. + [Eric A. Young] + + *) Added more recognized ASN.1 object ids. + [Eric A. Young] + + *) Added more RSA padding checks for SSL/TLS. + [Eric A. Young] + + *) Added BIO proxy/filter functionality. + [Eric A. Young] + + *) Added extra_certs to SSL_CTX which can be used + send extra CA certificates to the client in the CA cert chain sending + process. It can be configured with SSL_CTX_add_extra_chain_cert(). + [Eric A. Young] + + *) Now Fortezza is denied in the authentication phase because + this is key exchange mechanism is not supported by SSLeay at all. + [Eric A. Young] + + *) Additional PKCS1 checks. + [Eric A. Young] + + *) Support the string "TLSv1" for all TLS v1 ciphers. + [Eric A. Young] + + *) Added function SSL_get_ex_data_X509_STORE_CTX_idx() which gives the + ex_data index of the SSL context in the X509_STORE_CTX ex_data. + [Eric A. Young] + + *) Fixed a few memory leaks. + [Eric A. Young] + + *) Fixed various code and comment typos. + [Eric A. Young] + + *) A minor bug in ssl/s3_clnt.c where there would always be 4 0 + bytes sent in the client random. + [Edward Bishop ] + diff --git a/CHANGES.SSLeay b/CHANGES.SSLeay new file mode 100644 index 0000000000000000000000000000000000000000..dbb80b003d81ae4bfaa3607572116fb59190dab6 --- /dev/null +++ b/CHANGES.SSLeay @@ -0,0 +1,968 @@ +This file contains the changes for the SSLeay library up to version +0.9.0b. For later changes, see the file "CHANGES". + + SSLeay CHANGES + ______________ + +Changes between 0.8.x and 0.9.0b + +10-Apr-1998 + +I said the next version would go out at easter, and so it shall. +I expect a 0.9.1 will follow with portability fixes in the next few weeks. + +This is a quick, meet the deadline. Look to ssl-users for comments on what +is new etc. + +eric (about to go bushwalking for the 4 day easter break :-) + +16-Mar-98 + - Patch for Cray T90 from Wayne Schroeder + - Lots and lots of changes + +29-Jan-98 + - ASN1_BIT_STRING_set_bit()/ASN1_BIT_STRING_get_bit() from + Goetz Babin-Ebell . + - SSL_version() now returns SSL2_VERSION, SSL3_VERSION or + TLS1_VERSION. + +7-Jan-98 + - Finally reworked the cipher string to ciphers again, so it + works correctly + - All the app_data stuff is now ex_data with funcion calls to access. + The index is supplied by a function and 'methods' can be setup + for the types that are called on XXX_new/XXX_free. This lets + applications get notified on creation and destruction. Some of + the RSA methods could be implemented this way and I may do so. + - Oh yes, SSL under perl5 is working at the basic level. + +15-Dec-97 + - Warning - the gethostbyname cache is not fully thread safe, + but it should work well enough. + - Major internal reworking of the app_data stuff. More functions + but if you were accessing ->app_data directly, things will + stop working. + - The perlv5 stuff is working. Currently on message digests, + ciphers and the bignum library. + +9-Dec-97 + - Modified re-negotiation so that server initated re-neg + will cause a SSL_read() to return -1 should retry. + The danger otherwise was that the server and the + client could end up both trying to read when using non-blocking + sockets. + +4-Dec-97 + - Lots of small changes + - Fix for binaray mode in Windows for the FILE BIO, thanks to + Bob Denny + +17-Nov-97 + - Quite a few internal cleanups, (removal of errno, and using macros + defined in e_os.h). + - A bug in ca.c, pointed out by yasuyuki-ito@d-cruise.co.jp, where + the automactic naming out output files was being stuffed up. + +29-Oct-97 + - The Cast5 cipher has been added. MD5 and SHA-1 are now in assember + for x86. + +21-Oct-97 + - Fixed a bug in the BIO_gethostbyname() cache. + +15-Oct-97 + - cbc mode for blowfish/des/3des is now in assember. Blowfish asm + has also been improved. At this point in time, on the pentium, + md5 is %80 faster, the unoptimesed sha-1 is %79 faster, + des-cbc is %28 faster, des-ede3-cbc is %9 faster and blowfish-cbc + is %62 faster. + +12-Oct-97 + - MEM_BUF_grow() has been fixed so that it always sets the buf->length + to the value we are 'growing' to. Think of MEM_BUF_grow() as the + way to set the length value correctly. + +10-Oct-97 + - I now hash for certificate lookup on the raw DER encoded RDN (md5). + This breaks things again :-(. This is efficent since I cache + the DER encoding of the RDN. + - The text DN now puts in the numeric OID instead of UNKNOWN. + - req can now process arbitary OIDs in the config file. + - I've been implementing md5 in x86 asm, much faster :-). + - Started sha1 in x86 asm, needs more work. + - Quite a few speedups in the BN stuff. RSA public operation + has been made faster by caching the BN_MONT_CTX structure. + The calulating of the Ai where A*Ai === 1 mod m was rather + expensive. Basically a 40-50% speedup on public operations. + The RSA speedup is now 15% on pentiums and %20 on pentium + pro. + +30-Sep-97 + - After doing some profiling, I added x86 adm for bn_add_words(), + which just adds 2 arrays of longs together. A %10 speedup + for 512 and 1024 bit RSA on the pentium pro. + +29-Sep-97 + - Converted the x86 bignum assembler to us the perl scripts + for generation. + +23-Sep-97 + - If SSL_set_session() is passed a NULL session, it now clears the + current session-id. + +22-Sep-97 + - Added a '-ss_cert file' to apps/ca.c. This will sign selfsigned + certificates. + - Bug in crypto/evp/encode.c where by decoding of 65 base64 + encoded lines, one line at a time (via a memory BIO) would report + EOF after the first line was decoded. + - Fix in X509_find_by_issuer_and_serial() from + Dr Stephen Henson + +19-Sep-97 + - NO_FP_API and NO_STDIO added. + - Put in sh config command. It auto runs Configure with the correct + parameters. + +18-Sep-97 + - Fix x509.c so if a DSA cert has different parameters to its parent, + they are left in place. Not tested yet. + +16-Sep-97 + - ssl_create_cipher_list() had some bugs, fixes from + Patrick Eisenacher + - Fixed a bug in the Base64 BIO, where it would return 1 instead + of -1 when end of input was encountered but should retry. + Basically a Base64/Memory BIO interaction problem. + - Added a HMAC set of functions in preporarion for TLS work. + +15-Sep-97 + - Top level makefile tweak - Cameron Simpson + - Prime generation spead up %25 (512 bit prime, pentium pro linux) + by using montgomery multiplication in the prime number test. + +11-Sep-97 + - Ugly bug in ssl3_write_bytes(). Basically if application land + does a SSL_write(ssl,buf,len) where len > 16k, the SSLv3 write code + did not check the size and tried to copy the entire buffer. + This would tend to cause memory overwrites since SSLv3 has + a maximum packet size of 16k. If your program uses + buffers <= 16k, you would probably never see this problem. + - Fixed a new errors that were cause by malloc() not returning + 0 initialised memory.. + - SSL_OP_NETSCAPE_CA_DN_BUG was being switched on when using + SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL); which was a bad thing + since this flags stops SSLeay being able to handle client + cert requests correctly. + +08-Sep-97 + - SSL_SESS_CACHE_NO_INTERNAL_LOOKUP option added. When switched + on, the SSL server routines will not use a SSL_SESSION that is + held in it's cache. This in intended to be used with the session-id + callbacks so that while the session-ids are still stored in the + cache, the decision to use them and how to look them up can be + done by the callbacks. The are the 'new', 'get' and 'remove' + callbacks. This can be used to determine the session-id + to use depending on information like which port/host the connection + is coming from. Since the are also SSL_SESSION_set_app_data() and + SSL_SESSION_get_app_data() functions, the application can hold + information against the session-id as well. + +03-Sep-97 + - Added lookup of CRLs to the by_dir method, + X509_load_crl_file() also added. Basically it means you can + lookup CRLs via the same system used to lookup certificates. + - Changed things so that the X509_NAME structure can contain + ASN.1 BIT_STRINGS which is required for the unique + identifier OID. + - Fixed some problems with the auto flushing of the session-id + cache. It was not occuring on the server side. + +02-Sep-97 + - Added SSL_CTX_sess_cache_size(SSL_CTX *ctx,unsigned long size) + which is the maximum number of entries allowed in the + session-id cache. This is enforced with a simple FIFO list. + The default size is 20*1024 entries which is rather large :-). + The Timeout code is still always operating. + +01-Sep-97 + - Added an argument to all the 'generate private key/prime` + callbacks. It is the last parameter so this should not + break existing code but it is needed for C++. + - Added the BIO_FLAGS_BASE64_NO_NL flag for the BIO_f_base64() + BIO. This lets the BIO read and write base64 encoded data + without inserting or looking for '\n' characters. The '-A' + flag turns this on when using apps/enc.c. + - RSA_NO_PADDING added to help BSAFE functionality. This is a + very dangerous thing to use, since RSA private key + operations without random padding bytes (as PKCS#1 adds) can + be attacked such that the private key can be revealed. + - ASN.1 bug and rc2-40-cbc and rc4-40 added by + Dr Stephen Henson + +31-Aug-97 (stuff added while I was away) + - Linux pthreads by Tim Hudson (tjh@cryptsoft.com). + - RSA_flags() added allowing bypass of pub/priv match check + in ssl/ssl_rsa.c - Tim Hudson. + - A few minor bugs. + +SSLeay 0.8.1 released. + +19-Jul-97 + - Server side initated dynamic renegotiation is broken. I will fix + it when I get back from holidays. + +15-Jul-97 + - Quite a few small changes. + - INVALID_SOCKET usage cleanups from Alex Kiernan + +09-Jul-97 + - Added 2 new values to the SSL info callback. + SSL_CB_START which is passed when the SSL protocol is started + and SSL_CB_DONE when it has finished sucsessfully. + +08-Jul-97 + - Fixed a few bugs problems in apps/req.c and crypto/asn1/x_pkey.c + that related to DSA public/private keys. + - Added all the relevent PEM and normal IO functions to support + reading and writing RSAPublic keys. + - Changed makefiles to use ${AR} instead of 'ar r' + +07-Jul-97 + - Error in ERR_remove_state() that would leave a dangling reference + to a free()ed location - thanks to Alex Kiernan + - s_client now prints the X509_NAMEs passed from the server + when requesting a client cert. + - Added a ssl->type, which is one of SSL_ST_CONNECT or + SSL_ST_ACCEPT. I had to add it so I could tell if I was + a connect or an accept after the handshake had finished. + - SSL_get_client_CA_list(SSL *s) now returns the CA names + passed by the server if called by a client side SSL. + +05-Jul-97 + - Bug in X509_NAME_get_text_by_OBJ(), looking starting at index + 0, not -1 :-( Fix from Tim Hudson (tjh@cryptsoft.com). + +04-Jul-97 + - Fixed some things in X509_NAME_add_entry(), thanks to + Matthew Donald . + - I had a look at the cipher section and though that it was a + bit confused, so I've changed it. + - I was not setting up the RC4-64-MD5 cipher correctly. It is + a MS special that appears in exported MS Money. + - Error in all my DH ciphers. Section 7.6.7.3 of the SSLv3 + spec. I was missing the two byte length header for the + ClientDiffieHellmanPublic value. This is a packet sent from + the client to the server. The SSL_OP_SSLEAY_080_CLIENT_DH_BUG + option will enable SSLeay server side SSLv3 accept either + the correct or my 080 packet format. + - Fixed a few typos in crypto/pem.org. + +02-Jul-97 + - Alias mapping for EVP_get_(digest|cipher)byname is now + performed before a lookup for actual cipher. This means + that an alias can be used to 're-direct' a cipher or a + digest. + - ASN1_read_bio() had a bug that only showed up when using a + memory BIO. When EOF is reached in the memory BIO, it is + reported as a -1 with BIO_should_retry() set to true. + +01-Jul-97 + - Fixed an error in X509_verify_cert() caused by my + miss-understanding how 'do { contine } while(0);' works. + Thanks to Emil Sit for educating me :-) + +30-Jun-97 + - Base64 decoding error. If the last data line did not end with + a '=', sometimes extra data would be returned. + - Another 'cut and paste' bug in x509.c related to setting up the + STDout BIO. + +27-Jun-97 + - apps/ciphers.c was not printing due to an editing error. + - Alex Kiernan send in a nice fix for + a library build error in util/mk1mf.pl + +26-Jun-97 + - Still did not have the auto 'experimental' code removal + script correct. + - A few header tweaks for Watcom 11.0 under Win32 from + Rolf Lindemann + - 0 length OCTET_STRING bug in asn1_parse + - A minor fix with an non-existent function in the MS .def files. + - A few changes to the PKCS7 stuff. + +25-Jun-97 + SSLeay 0.8.0 finally it gets released. + +24-Jun-97 + Added a SSL_OP_EPHEMERAL_RSA option which causes all SSLv3 RSA keys to + use a temporary RSA key. This is experimental and needs some more work. + Fixed a few Win16 build problems. + +23-Jun-97 + SSLv3 bug. I was not doing the 'lookup' of the CERT structure + correctly. I was taking the SSL->ctx->default_cert when I should + have been using SSL->cert. The bug was in ssl/s3_srvr.c + +20-Jun-97 + X509_ATTRIBUTES were being encoded wrongly by apps/reg.c and the + rest of the library. Even though I had the code required to do + it correctly, apps/req.c was doing the wrong thing. I have fixed + and tested everything. + + Missing a few #ifdef FIONBIO sections in crypto/bio/bss_acpt.c. + +19-Jun-97 + Fixed a bug in the SSLv2 server side first packet handling. When + using the non-blocking test BIO, the ssl->s2->first_packet flag + was being reset when a would-block failure occurred when reading + the first 5 bytes of the first packet. This caused the checking + logic to run at the wrong time and cause an error. + + Fixed a problem with specifying cipher. If RC4-MD5 were used, + only the SSLv3 version would be picked up. Now this will pick + up both SSLv2 and SSLv3 versions. This required changing the + SSL_CIPHER->mask values so that they only mask the ciphers, + digests, authentication, export type and key-exchange algorithms. + + I found that when a SSLv23 session is established, a reused + session, of type SSLv3 was attempting to write the SSLv2 + ciphers, which were invalid. The SSL_METHOD->put_cipher_by_char + method has been modified so it will only write out cipher which + that method knows about. + + + Changes between 0.8.0 and 0.8.1 + + *) Mostly bug fixes. + There is an Ephemeral DH cipher problem which is fixed. + + SSLeay 0.8.0 + +This version of SSLeay has quite a lot of things different from the +previous version. + +Basically check all callback parameters, I will be producing documentation +about how to use things in th future. Currently I'm just getting 080 out +the door. Please not that there are several ways to do everything, and +most of the applications in the apps directory are hybrids, some using old +methods and some using new methods. + +Have a look in demos/bio for some very simple programs and +apps/s_client.c and apps/s_server.c for some more advanced versions. +Notes are definitly needed but they are a week or so away. + +Anyway, some quick nots from Tim Hudson (tjh@cryptsoft.com) +--- +Quick porting notes for moving from SSLeay-0.6.x to SSLeay-0.8.x to +get those people that want to move to using the new code base off to +a quick start. + +Note that Eric has tidied up a lot of the areas of the API that were +less than desirable and renamed quite a few things (as he had to break +the API in lots of places anyrate). There are a whole pile of additional +functions for making dealing with (and creating) certificates a lot +cleaner. + +01-Jul-97 +Tim Hudson +tjh@cryptsoft.com + +---8<--- + +To maintain code that uses both SSLeay-0.6.x and SSLeay-0.8.x you could +use something like the following (assuming you #include "crypto.h" which +is something that you really should be doing). + +#if SSLEAY_VERSION_NUMBER >= 0x0800 +#define SSLEAY8 +#endif + +buffer.h -> splits into buffer.h and bio.h so you need to include bio.h + too if you are working with BIO internal stuff (as distinct + from simply using the interface in an opaque manner) + +#include "bio.h" - required along with "buffer.h" if you write + your own BIO routines as the buffer and bio + stuff that was intermixed has been separated + out + +envelope.h -> evp.h (which should have been done ages ago) + +Initialisation ... don't forget these or you end up with code that +is missing the bits required to do useful things (like ciphers): + +SSLeay_add_ssl_algorithms() +(probably also want SSL_load_error_strings() too but you should have + already had that call in place) + +SSL_CTX_new() - requires an extra method parameter + SSL_CTX_new(SSLv23_method()) + SSL_CTX_new(SSLv2_method()) + SSL_CTX_new(SSLv3_method()) + + OR to only have the server or the client code + SSL_CTX_new(SSLv23_server_method()) + SSL_CTX_new(SSLv2_server_method()) + SSL_CTX_new(SSLv3_server_method()) + or + SSL_CTX_new(SSLv23_client_method()) + SSL_CTX_new(SSLv2_client_method()) + SSL_CTX_new(SSLv3_client_method()) + +SSL_set_default_verify_paths() ... renamed to the more appropriate +SSL_CTX_set_default_verify_paths() + +If you want to use client certificates then you have to add in a bit +of extra stuff in that a SSLv3 server sends a list of those CAs that +it will accept certificates from ... so you have to provide a list to +SSLeay otherwise certain browsers will not send client certs. + +SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file)); + + +X509_NAME_oneline(X) -> X509_NAME_oneline(X,NULL,0) + or provide a buffer and size to copy the + result into + +X509_add_cert -> X509_STORE_add_cert (and you might want to read the + notes on X509_NAME structure changes too) + + +VERIFICATION CODE +================= + +The codes have all be renamed from VERIFY_ERR_* to X509_V_ERR_* to +more accurately reflect things. + +The verification callback args are now packaged differently so that +extra fields for verification can be added easily in future without +having to break things by adding extra parameters each release :-) + +X509_cert_verify_error_string -> X509_verify_cert_error_string + + +BIO INTERNALS +============= + +Eric has fixed things so that extra flags can be introduced in +the BIO layer in future without having to play with all the BIO +modules by adding in some macros. + +The ugly stuff using + b->flags ~= (BIO_FLAGS_RW|BIO_FLAGS_SHOULD_RETRY) +becomes + BIO_clear_retry_flags(b) + + b->flags |= (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY) +becomes + BIO_set_retry_read(b) + +Also ... BIO_get_retry_flags(b), BIO_set_flags(b) + + + +OTHER THINGS +============ + +X509_NAME has been altered so that it isn't just a STACK ... the STACK +is now in the "entries" field ... and there are a pile of nice functions +for getting at the details in a much cleaner manner. + +SSL_CTX has been altered ... "cert" is no longer a direct member of this +structure ... things are now down under "cert_store" (see x509_vfy.h) and +things are no longer in a CERTIFICATE_CTX but instead in a X509_STORE. +If your code "knows" about this level of detail then it will need some +surgery. + +If you depending on the incorrect spelling of a number of the error codes +then you will have to change your code as these have been fixed. + +ENV_CIPHER "type" got renamed to "nid" and as that is what it actually +has been all along so this makes things clearer. +ify_cert_error_string(ctx->error)); + +SSL_R_NO_CIPHER_WE_TRUST -> SSL_R_NO_CIPHER_LIST + and SSL_R_REUSE_CIPHER_LIST_NOT_ZERO + + + + Changes between 0.7.x and 0.8.0 + + *) There have been lots of changes, mostly the addition of SSLv3. + There have been many additions from people and amongst + others, C2Net has assisted greatly. + + Changes between 0.7.x and 0.7.x + + *) Internal development version only + +SSLeay 0.6.6 13-Jan-1997 + +The main additions are + +- assember for x86 DES improvments. + From 191,000 per second on a pentium 100, I now get 281,000. The inner + loop and the IP/FP modifications are from + Svend Olaf Mikkelsen . Many thanks for his + contribution. +- The 'DES macros' introduced in 0.6.5 now have 3 types. + DES_PTR1, DES_PTR2 and 'normal'. As per before, des_opts reports which + is best and there is a summery of mine in crypto/des/options.txt +- A few bug fixes. +- Added blowfish. It is not used by SSL but all the other stuff that + deals with ciphers can use it in either ecb, cbc, cfb64 or ofb64 modes. + There are 3 options for optimising Blowfish. BF_PTR, BF_PTR2 and 'normal'. + BF_PTR2 is pentium/x86 specific. The correct option is setup in + the 'Configure' script. +- There is now a 'get client certificate' callback which can be + 'non-blocking'. If more details are required, let me know. It will + documented more in SSLv3 when I finish it. +- Bug fixes from 0.6.5 including the infamous 'ca' bug. The 'make test' + now tests the ca program. +- Lots of little things modified and tweaked. + + SSLeay 0.6.5 + +After quite some time (3 months), the new release. I have been very busy +for the last few months and so this is mostly bug fixes and improvments. + +The main additions are + +- assember for x86 DES. For all those gcc based systems, this is a big + improvement. From 117,000 DES operation a second on a pentium 100, + I now get 191,000. I have also reworked the C version so it + now gives 148,000 DESs per second. +- As mentioned above, the inner DES macros now have some more variant that + sometimes help, sometimes hinder performance. There are now 3 options + DES_PTR (ptr vs array lookup), DES_UNROLL (full vs partial loop unrolling) + and DES_RISC (a more register intensive version of the inner macro). + The crypto/des/des_opts.c program, when compiled and run, will give + an indication of the correct options to use. +- The BIO stuff has been improved. Read doc/bio.doc. There are now + modules for encryption and base64 encoding and a BIO_printf() function. +- The CA program will accept simple one line X509v3 extensions in the + ssleay.cnf file. Have a look at the example. Currently this just + puts the text into the certificate as an OCTET_STRING so currently + the more advanced X509v3 data types are not handled but this is enough + for the netscape extensions. +- There is the start of a nicer higher level interface to the X509 + strucutre. +- Quite a lot of bug fixes. +- CRYPTO_malloc_init() (or CRYPTO_set_mem_functions()) can be used + to define the malloc(), free() and realloc() routines to use + (look in crypto/crypto.h). This is mostly needed for Windows NT/95 when + using DLLs and mixing CRT libraries. + +In general, read the 'VERSION' file for changes and be aware that some of +the new stuff may not have been tested quite enough yet, so don't just plonk +in SSLeay 0.6.5 when 0.6.4 used to work and expect nothing to break. + +SSLeay 0.6.4 30/08/96 eay + +I've just finished some test builds on Windows NT, Windows 3.1, Solaris 2.3, +Solaris 2.5, Linux, IRIX, HPUX 10 and everthing seems to work :-). + +The main changes in this release + +- Thread safe. have a read of doc/threads.doc and play in the mt directory. + For anyone using 0.6.3 with threads, I found 2 major errors so consider + moving to 0.6.4. I have a test program that builds under NT and + solaris. +- The get session-id callback has changed. Have a read of doc/callback.doc. +- The X509_cert_verify callback (the SSL_verify callback) now + has another argument. Have a read of doc/callback.doc +- 'ca -preserve', sign without re-ordering the DN. Not tested much. +- VMS support. +- Compile time memory leak detection can now be built into SSLeay. + Read doc/memory.doc +- CONF routines now understand '\', '\n', '\r' etc. What this means is that + the SPKAC object mentioned in doc/ns-ca.doc can be on multiple lines. +- 'ssleay ciphers' added, lists the default cipher list for SSLeay. +- RC2 key setup is now compatable with Netscape. +- Modifed server side of SSL implementation, big performance difference when + using session-id reuse. + +0.6.3 + +Bug fixes and the addition of some nice stuff to the 'ca' program. +Have a read of doc/ns-ca.doc for how hit has been modified so +it can be driven from a CGI script. The CGI script is not provided, +but that is just being left as an excersize for the reader :-). + +0.6.2 + +This is most bug fixes and functionality improvements. + +Additions are +- More thread debugging patches, the thread stuff is still being + tested, but for those keep to play with stuff, have a look in + crypto/cryptlib.c. The application needs to define 1 (or optionaly + a second) callback that is used to implement locking. Compiling + with LOCK_DEBUG spits out lots of locking crud :-). + This is what I'm currently working on. +- SSL_CTX_set_default_passwd_cb() can be used to define the callback + function used in the SSL*_file() functions used to load keys. I was + always of the opinion that people should call + PEM_read_RSAPrivateKey() and pass the callback they want to use, but + it appears they just want to use the SSL_*_file() function() :-(. +- 'enc' now has a -kfile so a key can be read from a file. This is + mostly used so that the passwd does not appear when using 'ps', + which appears imposible to stop under solaris. +- X509v3 certificates now work correctly. I even have more examples + in my tests :-). There is now a X509_EXTENSION type that is used in + X509v3 certificates and CRLv2. +- Fixed that signature type error :-( +- Fixed quite a few potential memory leaks and problems when reusing + X509, CRL and REQ structures. +- EVP_set_pw_prompt() now sets the library wide default password + prompt. +- The 'pkcs7' command will now, given the -print_certs flag, output in + pem format, all certificates and CRL contained within. This is more + of a pre-emtive thing for the new verisign distribution method. I + should also note, that this also gives and example in code, of how + to do this :-), or for that matter, what is involved in going the + other way (list of certs and crl -> pkcs7). +- Added RSA's DESX to the DES library. It is also available via the + EVP_desx_cbc() method and via 'enc desx'. + +SSLeay 0.6.1 + +The main functional changes since 0.6.0 are as follows +- Bad news, the Microsoft 060 DLL's are not compatable, but the good news is + that from now on, I'll keep the .def numbers the same so they will be. +- RSA private key operations are about 2 times faster that 0.6.0 +- The SSL_CTX now has more fields so default values can be put against + it. When an SSL structure is created, these default values are used + but can be overwritten. There are defaults for cipher, certificate, + private key, verify mode and callback. This means SSL session + creation can now be + ssl=SSL_new() + SSL_set_fd(ssl,sock); + SSL_accept(ssl) + .... + All the other uglyness with having to keep a global copy of the + private key and certificate/verify mode in the server is now gone. +- ssl/ssltest.c - one process talking SSL to its self for testing. +- Storage of Session-id's can be controled via a session_cache_mode + flag. There is also now an automatic default flushing of + old session-id's. +- The X509_cert_verify() function now has another parameter, this + should not effect most people but it now means that the reason for + the failure to verify is now available via SSL_get_verify_result(ssl). + You don't have to use a global variable. +- SSL_get_app_data() and SSL_set_app_data() can be used to keep some + application data against the SSL structure. It is upto the application + to free the data. I don't use it, but it is available. +- SSL_CTX_set_cert_verify_callback() can be used to specify a + verify callback function that completly replaces my certificate + verification code. Xcert should be able to use this :-). + The callback is of the form int app_verify_callback(arg,ssl,cert). + This needs to be documented more. +- I have started playing with shared library builds, have a look in + the shlib directory. It is very simple. If you need a numbered + list of functions, have a look at misc/crypto.num and misc/ssl.num. +- There is some stuff to do locking to make the library thread safe. + I have only started this stuff and have not finished. If anyone is + keen to do so, please send me the patches when finished. + +So I have finally made most of the additions to the SSL interface that +I thought were needed. + +There will probably be a pause before I make any non-bug/documentation +related changes to SSLeay since I'm feeling like a bit of a break. + +eric - 12 Jul 1996 +I saw recently a comment by some-one that we now seem to be entering +the age of perpetual Beta software. +Pioneered by packages like linux but refined to an art form by +netscape. + +I too wish to join this trend with the anouncement of SSLeay 0.6.0 :-). + +There are quite a large number of sections that are 'works in +progress' in this package. I will also list the major changes and +what files you should read. + +BIO - this is the new IO structure being used everywhere in SSLeay. I +started out developing this because of microsoft, I wanted a mechanism +to callback to the application for all IO, so Windows 3.1 DLL +perversion could be hidden from me and the 15 different ways to write +to a file under NT would also not be dictated by me at library build +time. What the 'package' is is an API for a data structure containing +functions. IO interfaces can be written to conform to the +specification. This in not intended to hide the underlying data type +from the application, but to hide it from SSLeay :-). +I have only really finished testing the FILE * and socket/fd modules. +There are also 'filter' BIO's. Currently I have only implemented +message digests, and it is in use in the dgst application. This +functionality will allow base64/encrypto/buffering modules to be +'push' into a BIO without it affecting the semantics. I'm also +working on an SSL BIO which will hide the SSL_accept()/SLL_connet() +from an event loop which uses the interface. +It is also possible to 'attach' callbacks to a BIO so they get called +before and after each operation, alowing extensive debug output +to be generated (try running dgst with -d). + +Unfortunaly in the conversion from 0.5.x to 0.6.0, quite a few +functions that used to take FILE *, now take BIO *. +The wrappers are easy to write + +function_fp(fp,x) +FILE *fp; + { + BIO *b; + int ret; + + if ((b=BIO_new(BIO_s_file())) == NULL) error..... + BIO_set_fp(b,fp,BIO_NOCLOSE); + ret=function_bio(b,x); + BIO_free(b); + return(ret); + } +Remember, there are no functions that take FILE * in SSLeay when +compiled for Windows 3.1 DLL's. + +-- +I have added a general EVP_PKEY type that can hold a public/private +key. This is now what is used by the EVP_ functions and is passed +around internally. I still have not done the PKCS#8 stuff, but +X509_PKEY is defined and waiting :-) + +-- +For a full function name listings, have a look at ms/crypt32.def and +ms/ssl32.def. These are auto-generated but are complete. +Things like ASN1_INTEGER_get() have been added and are in here if you +look. I have renamed a few things, again, have a look through the +function list and you will probably find what you are after. I intend +to at least put a one line descrition for each one..... + +-- +Microsoft - thats what this release is about, read the MICROSOFT file. + +-- +Multi-threading support. I have started hunting through the code and +flaging where things need to be done. In a state of work but high on +the list. + +-- +For random numbers, edit e_os.h and set DEVRANDOM (it's near the top) +be be you random data device, otherwise 'RFILE' in e_os.h +will be used, in your home directory. It will be updated +periodically. The environment variable RANDFILE will override this +choice and read/write to that file instead. DEVRANDOM is used in +conjunction to the RFILE/RANDFILE. If you wish to 'seed' the random +number generator, pick on one of these files. + +-- + +The list of things to read and do + +dgst -d +s_client -state (this uses a callback placed in the SSL state loop and + will be used else-where to help debug/monitor what + is happening.) + +doc/why.doc +doc/bio.doc <- hmmm, needs lots of work. +doc/bss_file.doc <- one that is working :-) +doc/session.doc <- it has changed +doc/speed.doc + also play with ssleay version -a. I have now added a SSLeay() + function that returns a version number, eg 0600 for this release + which is primarily to be used to check DLL version against the + application. +util/* Quite a few will not interest people, but some may, like + mk1mf.pl, mkdef.pl, +util/do_ms.sh + +try +cc -Iinclude -Icrypto -c crypto/crypto.c +cc -Iinclude -Issl -c ssl/ssl.c +You have just built the SSLeay libraries as 2 object files :-) + +Have a general rummage around in the bin stall directory and look at +what is in there, like CA.sh and c_rehash + +There are lots more things but it is 12:30am on a Friday night and I'm +heading home :-). + +eric 22-Jun-1996 +This version has quite a few major bug fixes and improvements. It DOES NOT +do SSLv3 yet. + +The main things changed +- A Few days ago I added the s_mult application to ssleay which is + a demo of an SSL server running in an event loop type thing. + It supports non-blocking IO, I have finally gotten it right, SSL_accept() + can operate in non-blocking IO mode, look at the code to see how :-). + Have a read of doc/s_mult as well. This program leaks memory and + file descriptors everywhere but I have not cleaned it up yet. + This is a demo of how to do non-blocking IO. +- The SSL session management has been 'worked over' and there is now + quite an expansive set of functions to manipulate them. Have a read of + doc/session.doc for some-things I quickly whipped up about how it now works. + This assume you know the SSLv2 protocol :-) +- I can now read/write the netscape certificate format, use the + -inform/-outform 'net' options to the x509 command. I have not put support + for this type in the other demo programs, but it would be easy to add. +- asn1parse and 'enc' have been modified so that when reading base64 + encoded files (pem format), they do not require '-----BEGIN' header lines. + The 'enc' program had a buffering bug fixed, it can be used as a general + base64 -> binary -> base64 filter by doing 'enc -a -e' and 'enc -a -d' + respecivly. Leaving out the '-a' flag in this case makes the 'enc' command + into a form of 'cat'. +- The 'x509' and 'req' programs have been fixed and modified a little so + that they generate self-signed certificates correctly. The test + script actually generates a 'CA' certificate and then 'signs' a + 'user' certificate. Have a look at this shell script (test/sstest) + to see how things work, it tests most possible combinations of what can + be done. +- The 'SSL_set_pref_cipher()' function has been 'fixed' and the prefered name + of SSL_set_cipher_list() is now the correct API (stops confusion :-). + If this function is used in the client, only the specified ciphers can + be used, with preference given to the order the ciphers were listed. + For the server, if this is used, only the specified ciphers will be used + to accept connections. If this 'option' is not used, a default set of + ciphers will be used. The SSL_CTX_set_cipher_list(SSL_CTX *ctx) sets this + list for all ciphers started against the SSL_CTX. So the order is + SSL cipher_list, if not present, SSL_CTX cipher list, if not + present, then the library default. + What this means is that normally ciphers like + NULL-MD5 will never be used. The only way this cipher can be used + for both ends to specify to use it. + To enable or disable ciphers in the library at build time, modify the + first field for the cipher in the ssl_ciphers array in ssl/ssl_lib.c. + This file also contains the 'pref_cipher' list which is the default + cipher preference order. +- I'm not currently sure if the 'rsa -inform net' and the 'rsa -outform net' + options work. They should, and they enable loading and writing the + netscape rsa private key format. I will be re-working this section of + SSLeay for the next version. What is currently in place is a quick and + dirty hack. +- I've re-written parts of the bignum library. This gives speedups + for all platforms. I now provide assembler for use under Windows NT. + I have not tested the Windows 3.1 assembler but it is quite simple code. + This gives RSAprivate_key operation encryption times of 0.047s (512bit key) + and 0.230s (1024bit key) on a pentium 100 which I consider reasonable. + Basically the times available under linux/solaris x86 can be achieve under + Windows NT. I still don't know how these times compare to RSA's BSAFE + library but I have been emailing with people and with their help, I should + be able to get my library's quite a bit faster still (more algorithm changes). + The object file crypto/bn/asm/x86-32.obj should be used when linking + under NT. +- 'make makefile.one' in the top directory will generate a single makefile + called 'makefile.one' This makefile contains no perl references and + will build the SSLeay library into the 'tmp' and 'out' directories. + util/mk1mf.pl >makefile.one is how this makefile is + generated. The mk1mf.pl command take several option to generate the + makefile for use with cc, gcc, Visual C++ and Borland C++. This is + still under development. I have only build .lib's for NT and MSDOS + I will be working on this more. I still need to play with the + correct compiler setups for these compilers and add some more stuff but + basically if you just want to compile the library + on a 'non-unix' platform, this is a very very good file to start with :-). + Have a look in the 'microsoft' directory for my current makefiles. + I have not yet modified things to link with sockets under Windows NT. + You guys should be able to do this since this is actually outside of the + SSLeay scope :-). I will be doing it for myself soon. + util/mk1mf.pl takes quite a few options including no-rc, rsaref and no-sock + to build without RC2/RC4, to require RSAref for linking, and to + build with no socket code. + +- Oh yes, the cipher that was reported to be compatible with RSA's RC2 cipher + that was posted to sci.crypt has been added to the library and SSL. + I take the view that if RC2 is going to be included in a standard, + I'll include the cipher to make my package complete. + There are NO_RC2, NO_RC4 and NO_IDEA macros to remove these ciphers + at compile time. I have not tested this recently but it should all work + and if you are in the USA and don't want RSA threatening to sue you, + you could probably remove the RC4/RC2 code inside these sections. + I may in the future include a perl script that does this code + removal automatically for those in the USA :-). +- I have removed all references to sed in the makefiles. So basically, + the development environment requires perl and sh. The build environment + does not (use the makefile.one makefile). + The Configure script still requires perl, this will probably stay that way + since I have perl for Windows NT :-). + +eric (03-May-1996) + +PS Have a look in the VERSION file for more details on the changes and + bug fixes. +I have fixed a few bugs, added alpha and x86 assembler and generally cleaned +things up. This version will be quite stable, mostly because I'm on +holidays until 10-March-1996. For any problems in the interum, send email +to Tim Hudson . + +SSLeay 0.5.0 + +12-12-95 +This is going out before it should really be released. + +I leave for 11 weeks holidays on the 22-12-95 and so I either sit on +this for 11 weeks or get things out. It is still going to change a +lot in the next week so if you do grab this version, please test and +give me feed back ASAP, inculuding questions on how to do things with +the library. This will prompt me to write documentation so I don't +have to answer the same question again :-). + +This 'pre' release version is for people who are interested in the +library. The applications will have to be changed to use +the new version of the SSL interface. I intend to finish more +documentation before I leave but until then, look at the programs in +the apps directory. As far as code goes, it is much much nicer than +the old version. + +The current library works, has no memory leaks (as far as I can tell) +and is far more bug free that 0.4.5d. There are no global variable of +consequence (I believe) and I will produce some documentation that +tell where to look for those people that do want to do multi-threaded +stuff. + +There should be more documentation. Have a look in the +doc directory. I'll be adding more before I leave, it is a start +by mostly documents the crypto library. Tim Hudson will update +the web page ASAP. The spelling and grammar are crap but +it is better than nothing :-) + +Reasons to start playing with version 0.5.0 +- All the programs in the apps directory build into one ssleay binary. +- There is a new version of the 'req' program that generates certificate + requests, there is even documentation for this one :-) +- There is a demo certification authorithy program. Currently it will + look at the simple database and update it. It will generate CRL from + the data base. You need to edit the database by hand to revoke a + certificate, it is my aim to use perl5/Tk but I don't have time to do + this right now. It will generate the certificates but the management + scripts still need to be written. This is not a hard task. +- Things have been cleaned up alot. +- Have a look at the enc and dgst programs in the apps directory. +- It supports v3 of x509 certiticates. + + +Major things missing. +- I have been working on (and thinging about) the distributed x509 + hierachy problem. I have not had time to put my solution in place. + It will have to wait until I come back. +- I have not put in CRL checking in the certificate verification but + it would not be hard to do. I was waiting until I could generate my + own CRL (which has only been in the last week) and I don't have time + to put it in correctly. +- Montgomery multiplication need to be implemented. I know the + algorithm, just ran out of time. +- PKCS#7. I can load and write the DER version. I need to re-work + things to support BER (if that means nothing, read the ASN1 spec :-). +- Testing of the higher level digital envelope routines. I have not + played with the *_seal() and *_open() type functions. They are + written but need testing. The *_sign() and *_verify() functions are + rock solid. +- PEM. Doing this and PKCS#7 have been dependant on the distributed + x509 heirachy problem. I started implementing my ideas, got + distracted writing a CA program and then ran out of time. I provide + the functionality of RSAref at least. +- Re work the asm. code for the x86. I've changed by low level bignum + interface again, so I really need to tweak the x86 stuff. gcc is + good enough for the other boxes. + diff --git a/ChangeLog.0_9_7-stable_not-in-head b/ChangeLog.0_9_7-stable_not-in-head new file mode 100644 index 0000000000000000000000000000000000000000..1203a22158a8e45f683a35ca47ac5591327502a8 --- /dev/null +++ b/ChangeLog.0_9_7-stable_not-in-head @@ -0,0 +1,163 @@ +This file, together with ChangeLog.0_9_7-stable_not-in-head_FIPS, +provides a collection of those CVS change log entries for the +0.9.7 branch (OpenSSL_0_9_7-stable) that do not appear similarly in +0.9.8-dev (CVS head). + +ChangeLog.0_9_7-stable_not-in-head_FIPS - "FIPS" related changes +ChangeLog.0_9_7-stable_not-in-head - everything else + +Some obvious false positives have been eliminated: e.g., we do not +care about a simple "make update"; and we don't care about changes +identified to the 0.9.7 branch that were explicitly identified as +backports from head. + +Eliminating all other entries (and finally this file and its +compantion), either as false positives or as things that should go +into 0.9.8, remains to be done. Any additional changes to 0.9.7 that +are not immediately put into 0.9.8, but belong there as well, should +be added to the end of this file. + + +2002-11-04 17:33 levitte + + Changed: + Configure (1.314.2.38), "Exp", lines: +4 -2 + + Return my normal debug targets to something not so extreme, and + make the extreme ones special (or 'extreme', if you will :-)). + +2002-12-16 19:17 appro + + Changed: + crypto/bn/bn_lcl.h (1.23.2.3), "Exp", lines: +3 -0 + crypto/bn/bn_mul.c (1.28.2.4), "Exp", lines: +84 -445 + + This is rollback to 0.9.6h bn_mul.c to address problem reported in + RT#272. + +2003-07-27 15:46 ben + + Changed: + crypto/aes/aes.h (1.1.2.5), "Exp", lines: +3 -0 + crypto/aes/aes_cfb.c (1.1.2.4), "Exp", lines: +57 -0 + + Add untested CFB-r mode. Will be tested soon. + +2003-07-28 17:07 ben + + Changed: + Makefile.org (1.154.2.69), "Exp", lines: +5 -1 + crypto/aes/aes.h (1.1.2.6), "Exp", lines: +3 -0 + crypto/aes/aes_cfb.c (1.1.2.5), "Exp", lines: +19 -0 + crypto/dsa/Makefile.ssl (1.49.2.6), "Exp", lines: +3 -2 + crypto/err/Makefile.ssl (1.48.2.4), "Exp", lines: +17 -16 + crypto/evp/e_aes.c (1.6.2.5), "Exp", lines: +8 -0 + crypto/evp/e_des.c (1.5.2.2), "Exp", lines: +1 -1 + crypto/evp/e_des3.c (1.8.2.3), "Exp", lines: +2 -2 + crypto/evp/evp.h (1.86.2.11), "Exp", lines: +28 -11 + crypto/evp/evp_locl.h (1.7.2.3), "Exp", lines: +2 -2 + crypto/objects/obj_dat.h (1.49.2.13), "Exp", lines: +10 -5 + crypto/objects/obj_mac.h (1.19.2.13), "Exp", lines: +5 -0 + crypto/objects/obj_mac.num (1.15.2.9), "Exp", lines: +1 -0 + crypto/objects/objects.txt (1.20.2.14), "Exp", lines: +4 -0 + fips/Makefile.ssl (1.1.2.3), "Exp", lines: +7 -0 + fips/aes/Makefile.ssl (1.1.2.2), "Exp", lines: +23 -1 + fips/aes/fips_aesavs.c (1.1.2.3), "Exp", lines: +9 -1 + test/Makefile.ssl (1.84.2.30), "Exp", lines: +101 -43 + + Add support for partial CFB modes, make tests work, update + dependencies. + +2003-07-29 12:56 ben + + Changed: + crypto/aes/aes_cfb.c (1.1.2.6), "Exp", lines: +9 -6 + crypto/evp/c_allc.c (1.8.2.3), "Exp", lines: +1 -0 + crypto/evp/evp_test.c (1.14.2.11), "Exp", lines: +17 -8 + crypto/evp/evptests.txt (1.9.2.2), "Exp", lines: +48 -1 + + Working CFB1 and test vectors. + +2003-07-29 15:24 ben + + Changed: + crypto/evp/e_aes.c (1.6.2.6), "Exp", lines: +14 -0 + crypto/objects/obj_dat.h (1.49.2.14), "Exp", lines: +15 -5 + crypto/objects/obj_mac.h (1.19.2.14), "Exp", lines: +10 -0 + crypto/objects/obj_mac.num (1.15.2.10), "Exp", lines: +2 -0 + crypto/objects/objects.txt (1.20.2.15), "Exp", lines: +2 -0 + fips/aes/Makefile.ssl (1.1.2.3), "Exp", lines: +1 -1 + fips/aes/fips_aesavs.c (1.1.2.4), "Exp", lines: +34 -19 + + The rest of the keysizes for CFB1, working AES AVS test for CFB1. + +2003-07-29 19:05 ben + + Changed: + crypto/aes/aes.h (1.1.2.7), "Exp", lines: +3 -0 + crypto/aes/aes_cfb.c (1.1.2.7), "Exp", lines: +14 -0 + crypto/evp/c_allc.c (1.8.2.4), "Exp", lines: +1 -0 + crypto/evp/e_aes.c (1.6.2.7), "Exp", lines: +4 -9 + crypto/evp/evptests.txt (1.9.2.3), "Exp", lines: +48 -0 + crypto/objects/obj_dat.h (1.49.2.15), "Exp", lines: +20 -5 + crypto/objects/obj_mac.h (1.19.2.15), "Exp", lines: +15 -0 + crypto/objects/obj_mac.num (1.15.2.11), "Exp", lines: +3 -0 + crypto/objects/objects.txt (1.20.2.16), "Exp", lines: +3 -0 + fips/aes/fips_aesavs.c (1.1.2.7), "Exp", lines: +11 -0 + + AES CFB8. + +2003-07-30 20:30 ben + + Changed: + Makefile.org (1.154.2.70), "Exp", lines: +16 -5 + crypto/des/cfb_enc.c (1.7.2.1), "Exp", lines: +2 -1 + crypto/des/des_enc.c (1.11.2.2), "Exp", lines: +4 -0 + crypto/evp/e_aes.c (1.6.2.8), "Exp", lines: +7 -14 + crypto/evp/e_des.c (1.5.2.3), "Exp", lines: +37 -1 + crypto/evp/evp.h (1.86.2.12), "Exp", lines: +6 -0 + crypto/evp/evp_locl.h (1.7.2.4), "Exp", lines: +9 -0 + crypto/objects/obj_dat.h (1.49.2.16), "Exp", lines: +48 -23 + crypto/objects/obj_mac.h (1.19.2.16), "Exp", lines: +31 -6 + crypto/objects/obj_mac.num (1.15.2.12), "Exp", lines: +5 -0 + crypto/objects/objects.txt (1.20.2.17), "Exp", lines: +12 -6 + fips/Makefile.ssl (1.1.2.4), "Exp", lines: +8 -1 + fips/fips_make_sha1 (1.1.2.3), "Exp", lines: +3 -0 + fips/aes/Makefile.ssl (1.1.2.4), "Exp", lines: +1 -1 + fips/des/.cvsignore (1.1.2.1), "Exp", lines: +3 -0 + fips/des/Makefile.ssl (1.1.2.1), "Exp", lines: +96 -0 + fips/des/fingerprint.sha1 (1.1.2.1), "Exp", lines: +2 -0 + fips/des/fips_des_enc.c (1.1.2.1), "Exp", lines: +288 -0 + fips/des/fips_des_locl.h (1.1.2.1), "Exp", lines: +428 -0 + fips/des/fips_desmovs.c (1.1.2.1), "Exp", lines: +659 -0 + + Whoops, forgot FIPS DES, also add EVPs for DES CFB1 and 8. + +2003-08-01 12:25 ben + + Changed: + crypto/des/cfb_enc.c (1.7.2.2), "Exp", lines: +45 -36 + crypto/evp/c_allc.c (1.8.2.5), "Exp", lines: +2 -0 + crypto/evp/e_des.c (1.5.2.4), "Exp", lines: +8 -3 + crypto/evp/evptests.txt (1.9.2.4), "Exp", lines: +6 -0 + + Fix DES CFB-r. + +2003-08-01 12:31 ben + + Changed: + crypto/evp/evptests.txt (1.9.2.5), "Exp", lines: +4 -0 + + DES CFB8 test. + +2005-04-19 16:21 appro + + Changed: + Configure (1.314.2.117), "Exp", lines: +24 -21 + Makefile.org (1.154.2.100), "Exp", lines: +1 -11 + TABLE (1.99.2.52), "Exp", lines: +20 -20 + apps/Makefile (1.1.4.15), "Exp", lines: +1 -1 + test/Makefile (1.1.4.12), "Exp", lines: +1 -1 + + Enable shared link on HP-UX. + diff --git a/ChangeLog.0_9_7-stable_not-in-head_FIPS b/ChangeLog.0_9_7-stable_not-in-head_FIPS new file mode 100644 index 0000000000000000000000000000000000000000..1e6c88f77abfbf8d9db47184393a9929291e0041 --- /dev/null +++ b/ChangeLog.0_9_7-stable_not-in-head_FIPS @@ -0,0 +1,1494 @@ +See file ChangeLog.0_9_7-stable_not-in-head for explanations. +This is the "FIPS"-related part. + + + +2003-07-27 19:00 ben + + Changed: + Configure (1.314.2.85), "Exp", lines: +2 -0 + Makefile.org (1.154.2.67), "Exp", lines: +12 -3 + crypto/cryptlib.c (1.32.2.9), "Exp", lines: +5 -0 + crypto/md32_common.h (1.22.2.4), "Exp", lines: +11 -0 + crypto/aes/Makefile.ssl (1.4.2.6), "Exp", lines: +2 -1 + crypto/aes/aes_core.c (1.1.2.4), "Exp", lines: +4 -0 + crypto/des/des.h (1.40.2.4), "Exp", lines: +1 -1 + crypto/des/des_old.c (1.11.2.4), "Exp", lines: +1 -1 + crypto/des/destest.c (1.30.2.6), "Exp", lines: +2 -2 + crypto/des/ecb3_enc.c (1.8.2.1), "Exp", lines: +1 -3 + crypto/dsa/Makefile.ssl (1.49.2.5), "Exp", lines: +7 -4 + crypto/dsa/dsa_ossl.c (1.12.2.4), "Exp", lines: +2 -0 + crypto/dsa/dsa_sign.c (1.10.2.3), "Exp", lines: +12 -0 + crypto/dsa/dsa_vrf.c (1.10.2.3), "Exp", lines: +8 -0 + crypto/engine/engine.h (1.36.2.6), "Exp", lines: +4 -0 + crypto/err/err.h (1.35.2.3), "Exp", lines: +2 -0 + crypto/err/err_all.c (1.17.2.2), "Exp", lines: +4 -0 + crypto/err/openssl.ec (1.11.2.1), "Exp", lines: +1 -0 + crypto/evp/Makefile.ssl (1.64.2.8), "Exp", lines: +8 -7 + crypto/evp/c_all.c (1.7.8.7), "Exp", lines: +1 -0 + crypto/evp/e_aes.c (1.6.2.4), "Exp", lines: +12 -4 + crypto/evp/e_des3.c (1.8.2.2), "Exp", lines: +1 -1 + crypto/evp/evp.h (1.86.2.10), "Exp", lines: +2 -0 + crypto/evp/evp_err.c (1.23.2.1), "Exp", lines: +3 -1 + crypto/md4/Makefile.ssl (1.6.2.4), "Exp", lines: +7 -4 + crypto/md5/Makefile.ssl (1.33.2.7), "Exp", lines: +7 -4 + crypto/rand/Makefile.ssl (1.56.2.4), "Exp", lines: +17 -15 + crypto/rand/md_rand.c (1.69.2.2), "Exp", lines: +9 -0 + crypto/rand/rand.h (1.26.2.5), "Exp", lines: +2 -0 + crypto/rand/rand_err.c (1.6.2.1), "Exp", lines: +3 -1 + crypto/rand/rand_lib.c (1.15.2.2), "Exp", lines: +11 -0 + crypto/ripemd/Makefile.ssl (1.25.2.5), "Exp", lines: +7 -2 + crypto/sha/Makefile.ssl (1.26.2.5), "Exp", lines: +16 -6 + fips/.cvsignore (1.1.2.1), "Exp", lines: +1 -0 + fips/Makefile.ssl (1.1.2.1), "Exp", lines: +155 -0 + fips/fingerprint.sha1 (1.1.2.1), "Exp", lines: +3 -0 + fips/fips.c (1.1.2.1), "Exp", lines: +74 -0 + fips/fips.h (1.1.2.1), "Exp", lines: +85 -0 + fips/fips_check_sha1 (1.1.2.1), "Exp", lines: +7 -0 + fips/fips_err.c (1.1.2.1), "Exp", lines: +96 -0 + fips/fips_make_sha1 (1.1.2.1), "Exp", lines: +21 -0 + fips/lib (1.1.2.1), "Exp", lines: +0 -0 + fips/aes/.cvsignore (1.1.2.1), "Exp", lines: +4 -0 + fips/aes/Makefile.ssl (1.1.2.1), "Exp", lines: +95 -0 + fips/aes/fingerprint.sha1 (1.1.2.1), "Exp", lines: +2 -0 + fips/aes/fips_aes_core.c (1.1.2.1), "Exp", lines: +1260 -0 + fips/aes/fips_aes_locl.h (1.1.2.1), "Exp", lines: +85 -0 + fips/aes/fips_aesavs.c (1.1.2.1), "Exp", lines: +896 -0 + fips/dsa/.cvsignore (1.1.2.1), "Exp", lines: +2 -0 + fips/dsa/Makefile.ssl (1.1.2.1), "Exp", lines: +95 -0 + fips/dsa/fingerprint.sha1 (1.1.2.1), "Exp", lines: +1 -0 + fips/dsa/fips_dsa_ossl.c (1.1.2.1), "Exp", lines: +366 -0 + fips/dsa/fips_dsatest.c (1.1.2.1), "Exp", lines: +252 -0 + fips/rand/.cvsignore (1.1.2.1), "Exp", lines: +2 -0 + fips/rand/Makefile.ssl (1.1.2.1), "Exp", lines: +94 -0 + fips/rand/fingerprint.sha1 (1.1.2.1), "Exp", lines: +2 -0 + fips/rand/fips_rand.c (1.1.2.1), "Exp", lines: +236 -0 + fips/rand/fips_rand.h (1.1.2.1), "Exp", lines: +55 -0 + fips/rand/fips_randtest.c (1.1.2.1), "Exp", lines: +348 -0 + fips/sha1/.cvsignore (1.1.2.1), "Exp", lines: +3 -0 + fips/sha1/Makefile.ssl (1.1.2.1), "Exp", lines: +94 -0 + fips/sha1/fingerprint.sha1 (1.1.2.1), "Exp", lines: +3 -0 + fips/sha1/fips_md32_common.h (1.1.2.1), "Exp", lines: +637 -0 + fips/sha1/fips_sha1dgst.c (1.1.2.1), "Exp", lines: +76 -0 + fips/sha1/fips_sha1test.c (1.1.2.1), "Exp", lines: +128 -0 + fips/sha1/fips_sha_locl.h (1.1.2.1), "Exp", lines: +472 -0 + fips/sha1/fips_standalone_sha1.c (1.1.2.1), "Exp", lines: +101 -0 + fips/sha1/standalone.sha1 (1.1.2.1), "Exp", lines: +4 -0 + test/Makefile.ssl (1.84.2.29), "Exp", lines: +81 -13 + util/mkerr.pl (1.18.2.4), "Exp", lines: +2 -1 + + Unfinished FIPS stuff for review/improvement. + +2003-07-27 19:19 ben + + Changed: + fips/fips_check_sha1 (1.1.2.2), "Exp", lines: +1 -1 + + Use unified diff. + +2003-07-27 19:23 ben + + Changed: + fips/Makefile.ssl (1.1.2.2), "Exp", lines: +3 -3 + fips/fingerprint.sha1 (1.1.2.2), "Exp", lines: +2 -1 + fips/fips_make_sha1 (1.1.2.2), "Exp", lines: +1 -1 + + Build in non-FIPS mode. + +2003-07-27 23:13 ben + + Changed: + Makefile.org (1.154.2.68), "Exp", lines: +1 -1 + fips/fips_check_sha1 (1.1.2.3), "Exp", lines: +2 -1 + fips/aes/fips_aesavs.c (1.1.2.2), "Exp", lines: +2 -0 + fips/dsa/fips_dsa_ossl.c (1.1.2.2), "Exp", lines: +8 -0 + fips/dsa/fips_dsatest.c (1.1.2.2), "Exp", lines: +2 -1 + fips/sha1/fingerprint.sha1 (1.1.2.2), "Exp", lines: +1 -1 + fips/sha1/fips_sha1dgst.c (1.1.2.2), "Exp", lines: +5 -1 + fips/sha1/fips_standalone_sha1.c (1.1.2.2), "Exp", lines: +2 -0 + fips/sha1/standalone.sha1 (1.1.2.2), "Exp", lines: +1 -1 + + Build when not FIPS. + +2003-07-28 11:56 ben + + Changed: + fips/dsa/fingerprint.sha1 (1.1.2.2), "Exp", lines: +1 -1 + fips/sha1/standalone.sha1 (1.1.2.3), "Exp", lines: +1 -1 + + New fingerprints. + +2003-07-29 16:06 ben + + Changed: + fips/aes/fips_aesavs.c (1.1.2.5), "Exp", lines: +295 -303 + + Reformat. + +2003-07-29 16:34 ben + + Changed: + fips/aes/fips_aesavs.c (1.1.2.6), "Exp", lines: +43 -17 + + MMT for CFB1 + +2003-07-29 17:17 ben + + Changed: + fips/fips_err_wrapper.c (1.1.2.1), "Exp", lines: +5 -0 + fips/sha1/sha1hashes.txt (1.1.2.1), "Exp", lines: +342 -0 + fips/sha1/sha1vectors.txt (1.1.2.1), "Exp", lines: +2293 -0 + + Missing files. + +2003-07-31 23:30 levitte + + Changed: + Makefile.org (1.154.2.71), "Exp", lines: +2 -0 + + If FDIRS is to be treated like SDIRS, let's not forget to + initialize it in Makefile.org. + +2003-07-31 23:41 levitte + + Changed: + fips/sha1/fips_sha1test.c (1.1.2.2), "Exp", lines: +3 -3 + + No C++ comments in C programs! + +2003-08-01 15:07 steve + + Changed: + fips/aes/fips_aesavs.c (1.1.2.8), "Exp", lines: +3 -3 + + Replace C++ style comments. + +2003-08-03 14:22 ben + + Changed: + fips/des/fips_desmovs.c (1.1.2.2), "Exp", lines: +55 -37 + + Make tests work (CFB1 still doesn't produce the right answers, + strangely). + +2003-08-08 12:08 levitte + + Changed: + fips/des/fips_des_enc.c (1.1.2.2), "Exp", lines: +9 -0 + + Avoid clashing with the regular DES functions when not compiling + with -DFIPS. This is basically only visible when building with + shared library supoort... + +2003-08-11 11:36 levitte + + Deleted: + fips/sha1/.cvsignore (1.1.2.2) + fips/sha1/Makefile.ssl (1.1.2.3) + fips/sha1/fingerprint.sha1 (1.1.2.3) + fips/sha1/fips_md32_common.h (1.1.2.2) + fips/sha1/fips_sha1dgst.c (1.1.2.3) + fips/sha1/fips_sha1test.c (1.1.2.3) + fips/sha1/fips_sha_locl.h (1.1.2.2) + fips/sha1/fips_standalone_sha1.c (1.1.2.3) + fips/sha1/sha1hashes.txt (1.1.2.2) + fips/sha1/sha1vectors.txt (1.1.2.2) + fips/sha1/standalone.sha1 (1.1.2.4) + fips/dsa/.cvsignore (1.1.2.2) + fips/dsa/Makefile.ssl (1.1.2.2) + fips/dsa/fingerprint.sha1 (1.1.2.3) + fips/dsa/fips_dsa_ossl.c (1.1.2.3) + fips/dsa/fips_dsatest.c (1.1.2.3) + fips/rand/.cvsignore (1.1.2.2) + fips/rand/Makefile.ssl (1.1.2.2) + fips/rand/fingerprint.sha1 (1.1.2.2) + fips/rand/fips_rand.c (1.1.2.2) + fips/rand/fips_rand.h (1.1.2.2) + fips/rand/fips_randtest.c (1.1.2.2) + fips/des/.cvsignore (1.1.2.2) + fips/des/Makefile.ssl (1.1.2.3) + fips/des/fingerprint.sha1 (1.1.2.2) + fips/des/fips_des_enc.c (1.1.2.3) + fips/des/fips_des_locl.h (1.1.2.2) + fips/des/fips_desmovs.c (1.1.2.3) + fips/aes/.cvsignore (1.1.2.2) + fips/aes/Makefile.ssl (1.1.2.5) + fips/aes/fingerprint.sha1 (1.1.2.2) + fips/aes/fips_aes_core.c (1.1.2.2) + fips/aes/fips_aes_locl.h (1.1.2.2) + fips/aes/fips_aesavs.c (1.1.2.9) + fips/.cvsignore (1.1.2.2) + fips/Makefile.ssl (1.1.2.6) + fips/fingerprint.sha1 (1.1.2.3) + fips/fips.c (1.1.2.2) + fips/fips.h (1.1.2.2) + fips/fips_check_sha1 (1.1.2.4) + fips/fips_err.c (1.1.2.2) + fips/fips_err_wrapper.c (1.1.2.2) + fips/fips_make_sha1 (1.1.2.4) + fips/lib (1.1.2.2) + Changed: + util/libeay.num (1.173.2.16), "Exp", lines: +11 -38 + util/mkerr.pl (1.18.2.5), "Exp", lines: +1 -2 + test/Makefile.ssl (1.84.2.31), "Exp", lines: +54 -180 + crypto/ripemd/Makefile.ssl (1.25.2.6), "Exp", lines: +2 -7 + crypto/sha/Makefile.ssl (1.26.2.6), "Exp", lines: +6 -16 + crypto/rand/Makefile.ssl (1.56.2.5), "Exp", lines: +15 -17 + crypto/rand/md_rand.c (1.69.2.3), "Exp", lines: +0 -9 + crypto/rand/rand.h (1.26.2.6), "Exp", lines: +0 -2 + crypto/rand/rand_err.c (1.6.2.2), "Exp", lines: +1 -3 + crypto/rand/rand_lib.c (1.15.2.3), "Exp", lines: +0 -11 + crypto/objects/obj_dat.h (1.49.2.18), "Exp", lines: +3 -27 + crypto/objects/obj_mac.h (1.19.2.18), "Exp", lines: +0 -32 + crypto/objects/obj_mac.num (1.15.2.14), "Exp", lines: +0 -8 + crypto/objects/objects.txt (1.20.2.19), "Exp", lines: +0 -11 + crypto/md4/Makefile.ssl (1.6.2.5), "Exp", lines: +4 -7 + crypto/md5/Makefile.ssl (1.33.2.8), "Exp", lines: +4 -7 + crypto/evp/Makefile.ssl (1.64.2.9), "Exp", lines: +7 -8 + crypto/evp/c_allc.c (1.8.2.6), "Exp", lines: +0 -4 + crypto/evp/e_aes.c (1.6.2.9), "Exp", lines: +4 -22 + crypto/evp/e_des.c (1.5.2.5), "Exp", lines: +2 -43 + crypto/evp/e_des3.c (1.8.2.4), "Exp", lines: +3 -3 + crypto/evp/evp.h (1.86.2.13), "Exp", lines: +11 -36 + crypto/evp/evp_err.c (1.23.2.2), "Exp", lines: +1 -3 + crypto/evp/evp_lib.c (1.6.8.3), "Exp", lines: +0 -24 + crypto/evp/evp_locl.h (1.7.2.5), "Exp", lines: +2 -11 + crypto/evp/evp_test.c (1.14.2.12), "Exp", lines: +8 -17 + crypto/evp/evptests.txt (1.9.2.6), "Exp", lines: +1 -106 + crypto/dsa/Makefile.ssl (1.49.2.7), "Exp", lines: +6 -10 + crypto/dsa/dsa_ossl.c (1.12.2.5), "Exp", lines: +0 -2 + crypto/dsa/dsa_sign.c (1.10.2.4), "Exp", lines: +0 -12 + crypto/dsa/dsa_vrf.c (1.10.2.4), "Exp", lines: +0 -8 + crypto/err/Makefile.ssl (1.48.2.5), "Exp", lines: +16 -17 + crypto/err/err.h (1.35.2.4), "Exp", lines: +0 -2 + crypto/err/err_all.c (1.17.2.3), "Exp", lines: +0 -4 + crypto/err/openssl.ec (1.11.2.2), "Exp", lines: +0 -1 + crypto/des/des.h (1.40.2.5), "Exp", lines: +1 -1 + crypto/des/des_enc.c (1.11.2.3), "Exp", lines: +0 -4 + crypto/des/des_old.c (1.11.2.5), "Exp", lines: +1 -1 + crypto/des/destest.c (1.30.2.7), "Exp", lines: +2 -2 + crypto/des/ecb3_enc.c (1.8.2.2), "Exp", lines: +3 -1 + crypto/aes/Makefile.ssl (1.4.2.7), "Exp", lines: +1 -2 + crypto/aes/aes.h (1.1.2.8), "Exp", lines: +0 -9 + crypto/aes/aes_cfb.c (1.1.2.8), "Exp", lines: +0 -93 + crypto/aes/aes_core.c (1.1.2.5), "Exp", lines: +0 -4 + crypto/cryptlib.c (1.32.2.10), "Exp", lines: +0 -5 + crypto/md32_common.h (1.22.2.5), "Exp", lines: +0 -11 + Configure (1.314.2.86), "Exp", lines: +0 -2 + Makefile.org (1.154.2.72), "Exp", lines: +8 -34 + TABLE (1.99.2.30), "Exp", lines: +0 -50 + + A new branch for FIPS-related changes has been created with the + name OpenSSL-fips-0_9_7-stable. + + Since the 0.9.7-stable branch is supposed to be in freeze + and should only contain bug corrections, this change removes the + FIPS changes from that branch. + +2004-05-11 14:44 ben + + Deleted: + apps/Makefile.ssl (1.100.2.27) + crypto/Makefile.ssl (1.84.2.12) + crypto/aes/Makefile.ssl (1.4.2.9) + crypto/asn1/Makefile.ssl (1.77.2.7) + crypto/bf/Makefile.ssl (1.25.2.6) + crypto/bio/Makefile.ssl (1.52.2.4) + crypto/bn/Makefile.ssl (1.65.2.9) + crypto/buffer/Makefile.ssl (1.32.2.4) + crypto/cast/Makefile.ssl (1.31.2.6) + crypto/comp/Makefile.ssl (1.32.2.4) + crypto/conf/Makefile.ssl (1.38.2.8) + crypto/des/Makefile.ssl (1.61.2.13) + crypto/dh/Makefile.ssl (1.43.2.5) + crypto/dsa/Makefile.ssl (1.49.2.9) + crypto/dso/Makefile.ssl (1.11.2.4) + crypto/ec/Makefile.ssl (1.7.2.4) + crypto/engine/Makefile.ssl (1.30.2.13) + crypto/err/Makefile.ssl (1.48.2.7) + crypto/evp/Makefile.ssl (1.64.2.12) + crypto/hmac/Makefile.ssl (1.33.2.6) + crypto/idea/Makefile.ssl (1.20.2.4) + crypto/krb5/Makefile.ssl (1.5.2.6) + crypto/lhash/Makefile.ssl (1.28.2.4) + crypto/md2/Makefile.ssl (1.29.2.5) + crypto/md4/Makefile.ssl (1.6.2.7) + crypto/md5/Makefile.ssl (1.33.2.10) + crypto/mdc2/Makefile.ssl (1.30.2.4) + crypto/objects/Makefile.ssl (1.46.2.6) + crypto/ocsp/Makefile.ssl (1.19.2.7) + crypto/pem/Makefile.ssl (1.51.2.5) + crypto/pkcs12/Makefile.ssl (1.37.2.5) + crypto/pkcs7/Makefile.ssl (1.47.2.5) + crypto/rand/Makefile.ssl (1.56.2.8) + crypto/rc2/Makefile.ssl (1.20.2.4) + crypto/rc4/Makefile.ssl (1.25.2.6) + crypto/rc5/Makefile.ssl (1.22.2.6) + crypto/ripemd/Makefile.ssl (1.25.2.9) + crypto/rsa/Makefile.ssl (1.53.2.6) + crypto/sha/Makefile.ssl (1.26.2.9) + crypto/stack/Makefile.ssl (1.28.2.4) + crypto/txt_db/Makefile.ssl (1.26.2.4) + crypto/ui/Makefile.ssl (1.10.2.6) + crypto/x509/Makefile.ssl (1.56.2.5) + crypto/x509v3/Makefile.ssl (1.62.2.5) + ssl/Makefile.ssl (1.53.2.11) + test/Makefile.ssl (1.84.2.36) + tools/Makefile.ssl (1.9.2.4) + Changed: + .cvsignore (1.7.6.2), "Exp", lines: +2 -1 + Configure (1.314.2.92), "Exp", lines: +38 -8 + FAQ (1.61.2.31), "Exp", lines: +1 -1 + INSTALL (1.45.2.9), "Exp", lines: +2 -2 + INSTALL.W32 (1.30.2.14), "Exp", lines: +9 -4 + Makefile.org (1.154.2.78), "Exp", lines: +51 -19 + PROBLEMS (1.4.2.10), "Exp", lines: +2 -2 + e_os.h (1.56.2.17), "Exp", lines: +20 -1 + apps/.cvsignore (1.5.8.1), "Exp", lines: +1 -0 + apps/Makefile (1.1.4.1), "Exp", lines: +1147 -0 + apps/apps.c (1.49.2.27), "Exp", lines: +0 -10 + apps/ca.c (1.102.2.31), "Exp", lines: +0 -10 + apps/dgst.c (1.23.2.10), "Exp", lines: +39 -11 + apps/openssl.c (1.48.2.9), "Exp", lines: +19 -0 + crypto/Makefile (1.1.4.1), "Exp", lines: +217 -0 + crypto/cryptlib.c (1.32.2.11), "Exp", lines: +5 -0 + crypto/crypto-lib.com (1.53.2.12), "Exp", lines: +1 -1 + crypto/md32_common.h (1.22.2.6), "Exp", lines: +12 -0 + crypto/aes/Makefile (1.1.4.1), "Exp", lines: +102 -0 + crypto/aes/aes.h (1.1.2.9), "Exp", lines: +9 -0 + crypto/aes/aes_cfb.c (1.1.2.9), "Exp", lines: +93 -0 + crypto/aes/aes_core.c (1.1.2.6), "Exp", lines: +4 -0 + crypto/asn1/Makefile (1.1.4.1), "Exp", lines: +1150 -0 + crypto/bf/Makefile (1.1.4.1), "Exp", lines: +113 -0 + crypto/bio/Makefile (1.1.4.1), "Exp", lines: +214 -0 + crypto/bio/bio.h (1.56.2.6), "Exp", lines: +1 -0 + crypto/bn/Makefile (1.1.4.1), "Exp", lines: +324 -0 + crypto/bn/bntest.c (1.55.2.4), "Exp", lines: +1 -1 + crypto/buffer/Makefile (1.1.4.1), "Exp", lines: +92 -0 + crypto/cast/Makefile (1.1.4.1), "Exp", lines: +118 -0 + crypto/cast/asm/.cvsignore (1.2.8.1), "Exp", lines: +1 -0 + crypto/comp/Makefile (1.1.4.1), "Exp", lines: +112 -0 + crypto/conf/Makefile (1.1.4.1), "Exp", lines: +181 -0 + crypto/des/Makefile (1.1.4.1), "Exp", lines: +314 -0 + crypto/des/cfb64ede.c (1.6.2.4), "Exp", lines: +111 -0 + crypto/des/des.h (1.40.2.6), "Exp", lines: +5 -1 + crypto/des/des_enc.c (1.11.2.4), "Exp", lines: +8 -0 + crypto/des/des_old.c (1.11.2.6), "Exp", lines: +1 -1 + crypto/des/destest.c (1.30.2.8), "Exp", lines: +2 -2 + crypto/des/ecb3_enc.c (1.8.2.3), "Exp", lines: +1 -3 + crypto/des/set_key.c (1.18.2.2), "Exp", lines: +4 -0 + crypto/dh/Makefile (1.1.4.1), "Exp", lines: +131 -0 + crypto/dsa/Makefile (1.1.4.1), "Exp", lines: +173 -0 + crypto/dsa/dsa_gen.c (1.19.2.1), "Exp", lines: +4 -1 + crypto/dsa/dsa_key.c (1.9.2.1), "Exp", lines: +2 -0 + crypto/dsa/dsa_ossl.c (1.12.2.6), "Exp", lines: +2 -0 + crypto/dsa/dsa_sign.c (1.10.2.5), "Exp", lines: +12 -0 + crypto/dsa/dsa_vrf.c (1.10.2.5), "Exp", lines: +8 -0 + crypto/dso/Makefile (1.1.4.1), "Exp", lines: +140 -0 + crypto/ec/Makefile (1.1.4.1), "Exp", lines: +126 -0 + crypto/engine/Makefile (1.1.4.1), "Exp", lines: +536 -0 + crypto/engine/hw_cryptodev.c (1.1.2.6), "Exp", lines: +6 -2 + crypto/err/Makefile (1.1.4.1), "Exp", lines: +118 -0 + crypto/err/err.h (1.35.2.6), "Exp", lines: +2 -0 + crypto/err/err_all.c (1.17.2.4), "Exp", lines: +4 -0 + crypto/err/openssl.ec (1.11.2.3), "Exp", lines: +1 -0 + crypto/evp/Makefile (1.1.4.1), "Exp", lines: +1057 -0 + crypto/evp/bio_md.c (1.11.2.1), "Exp", lines: +6 -0 + crypto/evp/c_allc.c (1.8.2.7), "Exp", lines: +8 -0 + crypto/evp/e_aes.c (1.6.2.10), "Exp", lines: +22 -4 + crypto/evp/e_des.c (1.5.2.8), "Exp", lines: +36 -3 + crypto/evp/e_des3.c (1.8.2.7), "Exp", lines: +43 -4 + crypto/evp/evp.h (1.86.2.15), "Exp", lines: +39 -11 + crypto/evp/evp_err.c (1.23.2.3), "Exp", lines: +3 -1 + crypto/evp/evp_lib.c (1.6.8.4), "Exp", lines: +24 -0 + crypto/evp/evp_locl.h (1.7.2.6), "Exp", lines: +11 -2 + crypto/evp/evp_test.c (1.14.2.13), "Exp", lines: +17 -8 + crypto/evp/evptests.txt (1.9.2.7), "Exp", lines: +106 -1 + crypto/hmac/Makefile (1.1.4.1), "Exp", lines: +99 -0 + crypto/idea/Makefile (1.1.4.1), "Exp", lines: +89 -0 + crypto/krb5/Makefile (1.1.4.1), "Exp", lines: +88 -0 + crypto/lhash/Makefile (1.1.4.1), "Exp", lines: +91 -0 + crypto/md2/Makefile (1.1.4.1), "Exp", lines: +91 -0 + crypto/md4/Makefile (1.1.4.1), "Exp", lines: +93 -0 + crypto/md5/Makefile (1.1.4.1), "Exp", lines: +129 -0 + crypto/mdc2/Makefile (1.1.4.1), "Exp", lines: +96 -0 + crypto/objects/Makefile (1.1.4.1), "Exp", lines: +121 -0 + crypto/objects/obj_dat.h (1.49.2.19), "Exp", lines: +33 -3 + crypto/objects/obj_mac.h (1.19.2.19), "Exp", lines: +40 -0 + crypto/objects/obj_mac.num (1.15.2.15), "Exp", lines: +10 -0 + crypto/objects/objects.txt (1.20.2.20), "Exp", lines: +13 -0 + crypto/ocsp/Makefile (1.1.4.1), "Exp", lines: +291 -0 + crypto/pem/Makefile (1.1.4.1), "Exp", lines: +334 -0 + crypto/pkcs12/Makefile (1.1.4.1), "Exp", lines: +415 -0 + crypto/pkcs7/Makefile (1.1.4.1), "Exp", lines: +241 -0 + crypto/rand/Makefile (1.1.4.1), "Exp", lines: +196 -0 + crypto/rand/md_rand.c (1.69.2.4), "Exp", lines: +9 -0 + crypto/rand/rand.h (1.26.2.7), "Exp", lines: +3 -0 + crypto/rand/rand_err.c (1.6.2.3), "Exp", lines: +4 -1 + crypto/rand/rand_lib.c (1.15.2.4), "Exp", lines: +11 -0 + crypto/rc2/Makefile (1.1.4.1), "Exp", lines: +89 -0 + crypto/rc4/Makefile (1.1.4.1), "Exp", lines: +108 -0 + crypto/rc5/Makefile (1.1.4.1), "Exp", lines: +106 -0 + crypto/ripemd/Makefile (1.1.4.1), "Exp", lines: +111 -0 + crypto/rsa/Makefile (1.1.4.1), "Exp", lines: +239 -0 + crypto/rsa/rsa_eay.c (1.28.2.9), "Exp", lines: +1 -1 + crypto/rsa/rsa_gen.c (1.8.6.1), "Exp", lines: +3 -0 + crypto/sha/Makefile (1.1.4.1), "Exp", lines: +118 -0 + crypto/sha/sha1dgst.c (1.21.2.1), "Exp", lines: +8 -0 + crypto/stack/Makefile (1.1.4.1), "Exp", lines: +86 -0 + crypto/txt_db/Makefile (1.1.4.1), "Exp", lines: +86 -0 + crypto/ui/Makefile (1.1.4.1), "Exp", lines: +115 -0 + crypto/x509/Makefile (1.1.4.1), "Exp", lines: +592 -0 + crypto/x509v3/Makefile (1.1.4.1), "Exp", lines: +601 -0 + fips/Makefile (1.1.4.1), "Exp", lines: +202 -0 + fips/fingerprint.sha1 (1.1.2.4), "Exp", lines: +4 -4 + fips/fips.c (1.1.2.3), "Exp", lines: +120 -5 + fips/fips.h (1.1.2.3), "Exp", lines: +42 -2 + fips/fips_check_sha1 (1.1.2.5), "Exp", lines: +2 -2 + fips/fips_err.h (1.1.4.1), "Exp", lines: +117 -0 + fips/fips_err_wrapper.c (1.1.2.3), "Exp", lines: +4 -2 + fips/fips_locl.h (1.1.4.1), "Exp", lines: +62 -0 + fips/fips_make_sha1 (1.1.2.5), "Exp", lines: +9 -6 + fips/fips_test_suite.c (1.1.4.1), "Exp", lines: +302 -0 + fips/openssl_fips_fingerprint (1.1.4.1), "Exp", lines: +25 -0 + fips/aes/Makefile (1.1.4.1), "Exp", lines: +131 -0 + fips/aes/fingerprint.sha1 (1.1.2.3), "Exp", lines: +3 -2 + fips/aes/fips_aes_core.c (1.1.2.3), "Exp", lines: +5 -2 + fips/aes/fips_aes_locl.h (1.1.2.3), "Exp", lines: +0 -0 + fips/aes/fips_aes_selftest.c (1.1.4.1), "Exp", lines: +112 -0 + fips/aes/fips_aesavs.c (1.1.2.10), "Exp", lines: +12 -6 + fips/des/Makefile (1.1.4.1), "Exp", lines: +155 -0 + fips/des/fingerprint.sha1 (1.1.2.3), "Exp", lines: +5 -2 + fips/des/fips_des_enc.c (1.1.2.4), "Exp", lines: +16 -3 + fips/des/fips_des_locl.h (1.1.2.3), "Exp", lines: +1 -1 + fips/des/fips_des_selftest.c (1.1.4.1), "Exp", lines: +200 -0 + fips/des/fips_desmovs.c (1.1.2.4), "Exp", lines: +186 -79 + fips/des/fips_set_key.c (1.1.4.1), "Exp", lines: +415 -0 + fips/des/asm/fips-dx86-elf.s (1.1.4.1), "Exp", lines: +2697 -0 + fips/dsa/Makefile (1.1.4.1), "Exp", lines: +159 -0 + fips/dsa/fingerprint.sha1 (1.1.2.4), "Exp", lines: +3 -1 + fips/dsa/fips_dsa_gen.c (1.1.4.1), "Exp", lines: +373 -0 + fips/dsa/fips_dsa_ossl.c (1.1.2.4), "Exp", lines: +16 -3 + fips/dsa/fips_dsa_selftest.c (1.1.4.1), "Exp", lines: +168 -0 + fips/dsa/fips_dsatest.c (1.1.2.4), "Exp", lines: +10 -6 + fips/dsa/fips_dssvs.c (1.1.4.1), "Exp", lines: +306 -0 + fips/rand/Makefile (1.1.4.1), "Exp", lines: +104 -0 + fips/rand/fingerprint.sha1 (1.1.2.3), "Exp", lines: +2 -2 + fips/rand/fips_rand.c (1.1.2.3), "Exp", lines: +60 -10 + fips/rand/fips_rand.h (1.1.2.3), "Exp", lines: +19 -1 + fips/rand/fips_randtest.c (1.1.2.3), "Exp", lines: +31 -10 + fips/rsa/Makefile (1.1.4.1), "Exp", lines: +112 -0 + fips/rsa/fingerprint.sha1 (1.1.4.1), "Exp", lines: +3 -0 + fips/rsa/fips_rsa_eay.c (1.1.4.1), "Exp", lines: +735 -0 + fips/rsa/fips_rsa_gen.c (1.1.4.1), "Exp", lines: +249 -0 + fips/rsa/fips_rsa_selftest.c (1.1.4.1), "Exp", lines: +207 -0 + fips/sha1/.cvsignore (1.1.2.3), "Exp", lines: +1 -2 + fips/sha1/Makefile (1.1.4.1), "Exp", lines: +158 -0 + fips/sha1/fingerprint.sha1 (1.1.2.4), "Exp", lines: +5 -3 + fips/sha1/fips_md32_common.h (1.1.2.3), "Exp", lines: +0 -0 + fips/sha1/fips_sha1_selftest.c (1.1.4.1), "Exp", lines: +97 -0 + fips/sha1/fips_sha1dgst.c (1.1.2.4), "Exp", lines: +4 -4 + fips/sha1/fips_sha1test.c (1.1.2.4), "Exp", lines: +17 -0 + fips/sha1/fips_sha_locl.h (1.1.2.3), "Exp", lines: +7 -0 + fips/sha1/fips_standalone_sha1.c (1.1.2.4), "Exp", lines: +60 -7 + fips/sha1/sha1hashes.txt (1.1.2.3), "Exp", lines: +0 -0 + fips/sha1/sha1vectors.txt (1.1.2.3), "Exp", lines: +0 -0 + fips/sha1/standalone.sha1 (1.1.2.5), "Exp", lines: +6 -4 + fips/sha1/asm/sx86-elf.s (1.1.4.1), "Exp", lines: +1568 -0 + ms/do_masm.bat (1.1.8.2), "Exp", lines: +12 -10 + ms/do_ms.bat (1.4.8.2), "Exp", lines: +11 -11 + ms/do_nasm.bat (1.1.8.2), "Exp", lines: +12 -11 + ms/do_nt.bat (1.2.8.1), "Exp", lines: +4 -4 + shlib/hpux10-cc.sh (1.3.2.2), "Exp", lines: +3 -3 + ssl/Makefile (1.1.4.1), "Exp", lines: +1019 -0 + ssl/s3_clnt.c (1.53.2.16), "Exp", lines: +10 -0 + ssl/s3_srvr.c (1.85.2.21), "Exp", lines: +9 -0 + ssl/ssl_cert.c (1.48.2.7), "Exp", lines: +9 -0 + ssl/ssl_lib.c (1.110.2.12), "Exp", lines: +13 -1 + ssl/ssltest.c (1.53.2.23), "Exp", lines: +33 -1 + ssl/t1_enc.c (1.27.2.8), "Exp", lines: +19 -1 + test/.cvsignore (1.4.8.1), "Exp", lines: +4 -0 + test/Makefile (1.1.4.1), "Exp", lines: +941 -0 + test/bctest (1.14.2.1), "Exp", lines: +1 -1 + test/testenc (1.3.8.1), "Exp", lines: +1 -1 + test/testfipsssl (1.1.4.1), "Exp", lines: +113 -0 + tools/Makefile (1.1.4.1), "Exp", lines: +61 -0 + util/cygwin.sh (1.1.2.5), "Exp", lines: +3 -3 + util/domd (1.6.2.3), "Exp", lines: +5 -5 + util/fixNT.sh (1.1.1.2.8.1), "Exp", lines: +3 -3 + util/libeay.num (1.173.2.19), "Exp", lines: +55 -11 + util/mk1mf.pl (1.41.2.10), "Exp", lines: +6 -4 + util/mkdef.pl (1.67.2.7), "Exp", lines: +11 -4 + util/mkerr.pl (1.18.2.6), "Exp", lines: +2 -1 + util/mkfiles.pl (1.12.2.1), "Exp", lines: +8 -1 + util/pod2mantest (1.1.2.7), "Exp", lines: +1 -1 + util/selftest.pl (1.18.2.1), "Exp", lines: +2 -2 + util/pl/BC-16.pl (1.2.2.1), "Exp", lines: +1 -1 + util/pl/BC-32.pl (1.11.2.4), "Exp", lines: +1 -1 + util/pl/Mingw32.pl (1.12.6.5), "Exp", lines: +1 -1 + util/pl/OS2-EMX.pl (1.1.2.3), "Exp", lines: +1 -1 + util/pl/VC-16.pl (1.3.2.1), "Exp", lines: +2 -2 + util/pl/VC-32.pl (1.11.2.3), "Exp", lines: +2 -2 + util/pl/VC-CE.pl (1.1.2.5), "Exp", lines: +1 -1 + util/pl/ultrix.pl (1.2.8.1), "Exp", lines: +1 -1 + + Pull FIPS back into stable. + +2004-05-12 10:27 levitte + + Changed: + apps/Makefile (1.1.4.2), "Exp", lines: +3 -1 + + Only check for FIPS signatures when FIPS is enabled. + +2004-05-12 10:28 levitte + + Changed: + crypto/des/FILES0 (1.1.4.2), "Exp", lines: +1 -1 + + Makefile.ssl changed name to Makefile. + +2004-05-12 10:28 levitte + + Changed: + fips/rand/fips_rand.c (1.1.2.4), "Exp", lines: +5 -1 + + Only really build this file when OPENSSL_FIPS is defined. And oh, + let's keep internal variables static. + +2004-05-12 10:42 levitte + + Changed: + fips/rand/fingerprint.sha1 (1.1.2.4), "Exp", lines: +1 -1 + + I forgot to modify the signature for fips_rand.c... + +2004-05-12 10:46 levitte + + Changed: + fips/rsa/.cvsignore (1.1.4.1), "Exp", lines: +1 -0 + fips/.cvsignore (1.1.2.3), "Exp", lines: +1 -1 + fips/aes/.cvsignore (1.1.2.3), "Exp", lines: +0 -3 + fips/des/.cvsignore (1.1.2.3), "Exp", lines: +0 -2 + fips/dsa/.cvsignore (1.1.2.3), "Exp", lines: +0 -1 + fips/rand/.cvsignore (1.1.2.3), "Exp", lines: +0 -1 + + Ignore the 'lib' timestamp file. + +2004-05-12 12:07 levitte + + Changed: + fips/.cvsignore (1.1.2.4), "Exp", lines: +1 -0 + fips/aes/.cvsignore (1.1.2.4), "Exp", lines: +1 -0 + fips/des/.cvsignore (1.1.2.4), "Exp", lines: +1 -0 + fips/dsa/.cvsignore (1.1.2.4), "Exp", lines: +1 -0 + fips/rand/.cvsignore (1.1.2.4), "Exp", lines: +1 -0 + fips/rsa/.cvsignore (1.1.4.2), "Exp", lines: +1 -0 + fips/sha1/.cvsignore (1.1.2.4), "Exp", lines: +1 -0 + + Ignore 'Makefile.save' + +2004-05-12 16:11 ben + + Changed: + crypto/rand/rand.h (1.26.2.8), "Exp", lines: +2 -0 + crypto/rand/rand_err.c (1.6.2.4), "Exp", lines: +2 -0 + fips/fingerprint.sha1 (1.1.2.5), "Exp", lines: +1 -1 + fips/fips.c (1.1.2.4), "Exp", lines: +5 -1 + fips/rand/fingerprint.sha1 (1.1.2.5), "Exp", lines: +1 -1 + fips/rand/fips_rand.c (1.1.2.5), "Exp", lines: +29 -0 + + Blow up in people's faces if they don't reseed. + +2004-05-15 19:51 ben + + Changed: + crypto/dh/dh.h (1.23.2.6), "Exp", lines: +1 -0 + crypto/dh/dh_err.c (1.6.2.3), "Exp", lines: +2 -1 + crypto/dh/dh_gen.c (1.8.8.2), "Exp", lines: +9 -0 + fips/fips_test_suite.c (1.1.4.2), "Exp", lines: +4 -3 + fips/aes/fips_aesavs.c (1.1.2.11), "Exp", lines: +49 -1 + fips/des/fingerprint.sha1 (1.1.2.4), "Exp", lines: +1 -1 + fips/des/fips_desmovs.c (1.1.2.5), "Exp", lines: +49 -1 + fips/des/fips_set_key.c (1.1.4.2), "Exp", lines: +2 -0 + fips/sha1/fingerprint.sha1 (1.1.2.5), "Exp", lines: +1 -1 + fips/sha1/fips_md32_common.h (1.1.2.4), "Exp", lines: +3 -0 + fips/sha1/standalone.sha1 (1.1.2.6), "Exp", lines: +1 -1 + + Fix self-tests, ban some things in FIPS mode, fix copyrights. + +2004-05-17 06:28 levitte + + Changed: + util/mk1mf.pl (1.41.2.11), "Exp", lines: +8 -2 + util/pl/BC-16.pl (1.2.2.2), "Exp", lines: +9 -4 + util/pl/BC-32.pl (1.11.2.5), "Exp", lines: +8 -3 + util/pl/Mingw32.pl (1.12.6.6), "Exp", lines: +7 -2 + util/pl/OS2-EMX.pl (1.1.2.4), "Exp", lines: +7 -2 + util/pl/VC-16.pl (1.3.2.2), "Exp", lines: +7 -2 + util/pl/VC-32.pl (1.11.2.4), "Exp", lines: +7 -2 + util/pl/VC-CE.pl (1.1.2.6), "Exp", lines: +7 -2 + util/pl/linux.pl (1.3.6.1), "Exp", lines: +7 -2 + util/pl/ultrix.pl (1.2.8.2), "Exp", lines: +7 -2 + util/pl/unix.pl (1.2.8.1), "Exp", lines: +7 -2 + + Generate SHA1 files on Windows and other platforms supported by + mk1mf.pl, when building in FIPS mode. + + Note: UNTESTED! + +2004-05-17 06:30 levitte + + Changed: + apps/apps.h (1.44.2.14), "Exp", lines: +3 -0 + apps/openssl.c (1.48.2.10), "Exp", lines: +9 -5 + + Make sure the applications know when we are running in FIPS mode. + We can't use the variable in libcrypto, since it's supposedly + unknown. + + Note: currently only supported in MONOLITH mode. + +2004-05-17 06:31 levitte + + Changed: + apps/enc.c (1.35.2.9), "Exp", lines: +10 -1 + + When in FIPS mode, use SHA1 to digest the key, rather than MD5, as + MD5 isn't a FIPS-approved algorithm. + + Note: this means the user needs to keep track of this, and + we need to add support for that... + +2004-05-19 16:16 levitte + + Changed: + fips/rsa/fingerprint.sha1 (1.1.4.2), "Exp", lines: +2 -2 + fips/rsa/fips_rsa_eay.c (1.1.4.2), "Exp", lines: +8 -8 + fips/rsa/fips_rsa_gen.c (1.1.4.2), "Exp", lines: +1 -1 + fips/dsa/fingerprint.sha1 (1.1.2.5), "Exp", lines: +2 -2 + fips/dsa/fips_dsa_gen.c (1.1.4.2), "Exp", lines: +2 -2 + fips/dsa/fips_dsa_ossl.c (1.1.2.5), "Exp", lines: +4 -4 + fips/aes/fingerprint.sha1 (1.1.2.4), "Exp", lines: +1 -1 + fips/aes/fips_aes_core.c (1.1.2.4), "Exp", lines: +5 -5 + crypto/rsa/rsa.h (1.36.2.11), "Exp", lines: +4 -0 + crypto/aes/aes.h (1.1.2.10), "Exp", lines: +6 -0 + crypto/dsa/dsa.h (1.26.2.5), "Exp", lines: +4 -0 + + Define FIPS_*_SIZE_T for AES, DSA and RSA as well, in preparation + for size_t-ification of those algorithms in future version of + OpenSSL... + +2004-05-27 11:33 levitte + + Changed: + makevms.com (1.35.2.3), "Exp", lines: +27 -0 + + Copy the FIPS files to the temporary openssl include directory. + +2004-05-27 12:04 levitte + + Changed: + fips/fips-lib.com (1.1.2.1), "Exp", lines: +1179 -0 + makevms.com (1.35.2.4), "Exp", lines: +8 -0 + + Compile the FIPS directory on VMS as well. fips-lib.com is + essentially a copy of crypto-lib.com, with just a few edits. + +2004-05-27 12:07 levitte + + Changed: + fips/install.com (1.1.2.1), "Exp", lines: +55 -0 + install.com (1.4.2.2), "Exp", lines: +6 -6 + + Run an installation of FIPS stuff as well. + +2004-05-27 12:19 levitte + + Changed: + test/maketests.com (1.13.2.5), "Exp", lines: +3 -3 + apps/makeapps.com (1.18.2.5), "Exp", lines: +3 -3 + + Make sure o_str.h is reachable. + +2004-06-19 15:15 ben + + Changed: + Makefile.org (1.154.2.80), "Exp", lines: +1 -1 + crypto/dh/dh.h (1.23.2.7), "Exp", lines: +0 -1 + crypto/dh/dh_check.c (1.6.2.1), "Exp", lines: +4 -0 + crypto/dh/dh_err.c (1.6.2.4), "Exp", lines: +0 -1 + crypto/dh/dh_gen.c (1.8.8.3), "Exp", lines: +5 -9 + crypto/dh/dh_key.c (1.16.2.3), "Exp", lines: +4 -0 + fips/Makefile (1.1.4.2), "Exp", lines: +13 -14 + fips/fingerprint.sha1 (1.1.2.6), "Exp", lines: +2 -2 + fips/fips.h (1.1.2.4), "Exp", lines: +1 -0 + fips/fips_err.h (1.1.4.2), "Exp", lines: +1 -0 + fips/fips_make_sha1 (1.1.2.6), "Exp", lines: +3 -0 + fips/fips_test_suite.c (1.1.4.3), "Exp", lines: +13 -9 + fips/openssl_fips_fingerprint (1.1.4.2), "Exp", lines: +1 -2 + + The version that was actually submitted for FIPS testing. + +2004-06-19 15:16 ben + + Changed: + fips/dh/Makefile (1.1.2.1), "Exp", lines: +92 -0 + fips/dh/fingerprint.sha1 (1.1.2.1), "Exp", lines: +3 -0 + fips/dh/fips_dh_check.c (1.1.2.1), "Exp", lines: +119 -0 + fips/dh/fips_dh_gen.c (1.1.2.1), "Exp", lines: +182 -0 + fips/dh/fips_dh_key.c (1.1.2.1), "Exp", lines: +222 -0 + + Add Diffie-Hellman to FIPS. + +2004-06-19 15:18 ben + + Changed: + fips/.cvsignore (1.1.2.5), "Exp", lines: +2 -0 + fips/dh/.cvsignore (1.1.2.1), "Exp", lines: +1 -0 + + Update ignores. + +2004-06-21 11:07 levitte + + Changed: + fips/aes/Makefile (1.1.4.2), "Exp", lines: +7 -5 + fips/des/Makefile (1.1.4.2), "Exp", lines: +7 -5 + fips/dh/Makefile (1.1.2.2), "Exp", lines: +7 -6 + fips/dsa/Makefile (1.1.4.2), "Exp", lines: +7 -6 + fips/rsa/Makefile (1.1.4.2), "Exp", lines: +7 -6 + fips/sha1/Makefile (1.1.4.2), "Exp", lines: +7 -5 + + Make sure we don't try to loop over an empty EXHEADER. In the + Makefiles where this was fixed by commenting away code, change it + to check for an empty EXHEADER instead, so we have less hassle in a + future where EXHEADER changes. + + PR: 900 + +2004-06-21 20:05 levitte + + Changed: + Makefile.org (1.154.2.82), "Exp", lines: +3 -1 + + Standard sh doesn't tolerate ! as part of the conditional command. + + PR: 900 + +2004-06-28 22:33 levitte + + Changed: + fips/dh/fips_dh_check.c (1.1.2.2), "Exp", lines: +6 -0 + fips/dh/fips_dh_gen.c (1.1.2.2), "Exp", lines: +6 -2 + fips/dh/fips_dh_key.c (1.1.2.2), "Exp", lines: +8 -0 + + Make sure the FIPS stuff is only really compiled when in FIPS mode. + +2004-07-12 19:59 ben + + Changed: + fips/fips_test_suite.c (1.1.4.4), "Exp", lines: +39 -6 + fips/dh/fingerprint.sha1 (1.1.2.2), "Exp", lines: +3 -3 + + Corrected test program. + +2004-07-17 14:48 appro + + Changed: + fips/des/Makefile (1.1.4.3), "Exp", lines: +1 -1 + + Eliminate enforced -g from CFLAGS. It switches off optimization + with some compilers, e.g. DEC C. + +2004-07-21 19:41 steve + + Changed: + crypto/pem/pem_all.c (1.20.2.1), "Exp", lines: +119 -0 + + When in FIPS mode write private keys in PKCS#8 and PBES2 format to + avoid use of prohibited MD5 algorithm. + +2004-07-23 15:20 ben + + Changed: + fips/rand/fingerprint.sha1 (1.1.2.7), "Exp", lines: +1 -1 + fips/rand/fips_rand.c (1.1.2.7), "Exp", lines: +22 -7 + fips/rand/fips_randtest.c (1.1.2.5), "Exp", lines: +2 -2 + + Convert to X9.31. + +2004-07-21 19:35 steve + + Changed: + fips/fingerprint.sha1 (1.1.2.7), "Exp", lines: +1 -1 + fips/fips.c (1.1.2.5), "Exp", lines: +3 -3 + fips/rsa/fingerprint.sha1 (1.1.4.3), "Exp", lines: +1 -1 + fips/rsa/fips_rsa_selftest.c (1.1.4.2), "Exp", lines: +8 -8 + + Avoid compiler warnings. + +2004-07-27 02:17 steve + + Changed: + fips/fips_test_suite.c (1.1.4.5), "Exp", lines: +9 -8 + + Stop compiler warnings. + +2004-07-27 02:20 steve + + Changed: + crypto/err/err.c (1.51.2.6), "Exp", lines: +1 -0 + + Add FIPS name to error library. + +2004-07-27 14:22 steve + + Changed: + Makefile.org (1.154.2.84), "Exp", lines: +3 -3 + fips/fips_check_sha1 (1.1.2.6), "Exp", lines: +1 -1 + fips/openssl_fips_fingerprint (1.1.4.3), "Exp", lines: +1 -1 + + Rename libcrypto.sha1 to libcrypto.a.sha1 + +2004-07-27 20:28 steve + + Changed: + ssl/s3_lib.c (1.57.2.11), "Exp", lines: +33 -33 + ssl/ssl.h (1.126.2.20), "Exp", lines: +1 -0 + ssl/ssl_ciph.c (1.33.2.9), "Exp", lines: +11 -0 + ssl/ssl_locl.h (1.47.2.3), "Exp", lines: +2 -1 + + New cipher "strength" FIPS which specifies that a cipher suite is + FIPS compatible. + + New cipherstring "FIPS" is all FIPS compatible ciphersuites + except eNULL. + + Only allow FIPS ciphersuites in FIPS mode. + +2004-07-28 04:24 levitte + + Changed: + makevms.com (1.35.2.6), "Exp", lines: +2 -2 + + From the FIPS directory, darnit! + +2004-07-28 15:47 levitte + + Changed: + makevms.com (1.35.2.7), "Exp", lines: +5 -1 + + Define OPENSSL_FIPS in opensslconf.h if a logical name with the + same name is defined. + + Go up one directory level before dealing with FIPS stuff. + +2004-07-30 00:26 levitte + + Changed: + fips/fips-lib.com (1.1.2.2), "Exp", lines: +3 -3 + + We're building crypto stuff, not ssl stuff. Additionally, we're in + the fips subdirectory, not the crypto one... + +2004-07-30 16:37 levitte + + Changed: + fips/sha1/fingerprint.sha1 (1.1.2.7), "Exp", lines: +2 -2 + fips/sha1/fips_md32_common.h (1.1.2.6), "Exp", lines: +1 -1 + fips/sha1/fips_sha_locl.h (1.1.2.5), "Exp", lines: +2 -2 + fips/sha1/fips_standalone_sha1.c (1.1.2.5), "Exp", lines: +1 -1 + fips/sha1/standalone.sha1 (1.1.2.8), "Exp", lines: +3 -3 + ssl/ssl_ciph.c (1.33.2.10), "Exp", lines: +2 -2 + fips/rsa/fingerprint.sha1 (1.1.4.4), "Exp", lines: +2 -2 + fips/rsa/fips_rsa_eay.c (1.1.4.3), "Exp", lines: +1 -1 + fips/rsa/fips_rsa_gen.c (1.1.4.3), "Exp", lines: +1 -1 + fips/dh/fingerprint.sha1 (1.1.2.3), "Exp", lines: +1 -1 + fips/dh/fips_dh_gen.c (1.1.2.3), "Exp", lines: +1 -1 + fips/dsa/fingerprint.sha1 (1.1.2.6), "Exp", lines: +2 -2 + fips/dsa/fips_dsa_gen.c (1.1.4.3), "Exp", lines: +4 -3 + fips/dsa/fips_dsa_ossl.c (1.1.2.6), "Exp", lines: +2 -2 + fips/des/fingerprint.sha1 (1.1.2.5), "Exp", lines: +2 -2 + fips/des/fips_des_enc.c (1.1.2.5), "Exp", lines: +2 -2 + fips/des/fips_set_key.c (1.1.4.3), "Exp", lines: +3 -3 + fips/fingerprint.sha1 (1.1.2.8), "Exp", lines: +2 -2 + fips/fips.c (1.1.2.6), "Exp", lines: +76 -23 + fips/fips.h (1.1.2.5), "Exp", lines: +2 -3 + fips/fips_locl.h (1.1.4.2), "Exp", lines: +7 -2 + fips/aes/fingerprint.sha1 (1.1.2.5), "Exp", lines: +1 -1 + fips/aes/fips_aes_core.c (1.1.2.5), "Exp", lines: +1 -1 + crypto/rand/md_rand.c (1.69.2.5), "Exp", lines: +1 -1 + crypto/rand/rand_lib.c (1.15.2.5), "Exp", lines: +2 -1 + crypto/dsa/dsa_sign.c (1.10.2.6), "Exp", lines: +2 -2 + crypto/dsa/dsa_vrf.c (1.10.2.6), "Exp", lines: +1 -1 + crypto/pem/pem_all.c (1.20.2.2), "Exp", lines: +2 -2 + crypto/cryptlib.c (1.32.2.12), "Exp", lines: +122 -6 + crypto/crypto.h (1.62.2.8), "Exp", lines: +8 -1 + crypto/md32_common.h (1.22.2.7), "Exp", lines: +2 -2 + + To protect FIPS-related global variables, add locking mechanisms + around them. + + NOTE: because two new locks are added, this adds potential + binary incompatibility with earlier versions in the 0.9.7 series. + However, those locks will only ever be touched when FIPS_mode_set() + is called and after, thanks to a variable that's only changed from + 0 to 1 once (when FIPS_mode_set() is called). So basically, as + long as FIPS mode hasn't been engaged explicitely by the calling + application, the new locks are treated as if they didn't exist at + all, thus not becoming a problem. Applications that are built or + rebuilt to use FIPS functionality will need to be recompiled in any + case, thus not being a problem either. + +2004-08-02 16:15 levitte + + Changed: + crypto/cryptlib.c (1.32.2.13), "Exp", lines: +4 -4 + + Let's lock a write lock when changing values, shall we? + + Thanks to Dr Stephen Henson + for making me aware of this error. + +2004-08-05 20:11 steve + + Changed: + fips/fingerprint.sha1 (1.1.2.9), "Exp", lines: +1 -1 + fips/fips.c (1.1.2.7), "Exp", lines: +1 -1 + + Stop compiler giving bogus shadow warning. + +2004-08-09 14:13 levitte + + Changed: + makevms.com (1.35.2.8), "Exp", lines: +1 -1 + + In the fips directory, we use FIPS-LIB.COM, not CRYPTO-LIB.COM... + +2004-08-09 14:14 levitte + + Changed: + fips/fips-lib.com (1.1.2.3), "Exp", lines: +4 -4 + + Correct typos and include directory specifications. + +2004-08-10 11:11 levitte + + Changed: + fips/fips-lib.com (1.1.2.4), "Exp", lines: +2 -1 + + Update the VMS fips library builder with the DH library. + +2004-08-10 12:04 levitte + + Changed: + fips/rand/fingerprint.sha1 (1.1.2.8), "Exp", lines: +1 -1 + fips/rand/fips_rand.c (1.1.2.8), "Exp", lines: +7 -1 + + With DEC C in ANSI C mode, we need to define _XOPEN_SOURCE_EXTENDED + to get struct timeval and gettimeofday(). + +2004-09-06 16:19 levitte + + Changed: + fips/fips.c (1.1.2.8), "Exp", lines: +5 -4 + + Replace the bogus checks of n with proper uses of feof(), ferror() + and clearerr(). + +2004-09-06 16:21 levitte + + Changed: + fips/sha1/fips_sha_locl.h (1.1.2.6), "Exp", lines: +2 -2 + + num is an unsigned long, but since it was transfered from + crypto/sha/sha_locl.h, where it is in fact an int, we need to check + for less-than-zero as if it was an int... + +2004-10-08 12:03 ben + + Changed: + fips/fingerprint.sha1 (1.1.2.10), "Exp", lines: +1 -1 + fips/sha1/fingerprint.sha1 (1.1.2.8), "Exp", lines: +1 -1 + fips/sha1/standalone.sha1 (1.1.2.9), "Exp", lines: +1 -1 + + Update fingerprints. + +2004-10-14 07:51 levitte + + Changed: + VMS/mkshared.com (1.3.2.1), "Exp", lines: +8 -0 + + We need to check for OPENSSL_FIPS when building shared libraries, + so we get correct transfer vectors for those functions when + required. + +2004-10-26 13:47 steve + + Changed: + util/mkfiles.pl (1.12.2.2), "Exp", lines: +1 -0 + + Add fips/dh directory to mkfiles.pl + +2004-10-26 14:17 levitte + + Changed: + fips/sha1/Makefile (1.1.4.4), "Exp", lines: +3 -1 + util/mkfiles.pl (1.12.2.3), "Exp", lines: +1 -0 + fips/Makefile (1.1.4.5), "Exp", lines: +7 -1 + crypto/sha/Makefile (1.1.4.4), "Exp", lines: +1 -7 + + fips/dh was missing in mkfiles.pl. make update + +2004-10-26 15:01 steve + + Changed: + util/mkfiles.pl (1.12.2.4), "Exp", lines: +0 -1 + + Only add fips/dh once... + +2004-11-01 09:20 levitte + + Changed: + fips/rand/fingerprint.sha1 (1.1.2.9), "Exp", lines: +1 -1 + fips/rand/fips_rand.c (1.1.2.9), "Exp", lines: +3 -1 + + Make sure _XOPEN_SOURCE_EXTENDED is correctly defined, and only if + not already defined. + +2004-12-09 19:03 appro + + vChanged: + crypto/Makefile (1.1.4.4), "Exp", lines: +2 -0 + + Postpone linking of shared libcrypto in FIPS build. + +2004-12-09 19:13 appro + + Changed: + fips/fingerprint.sha1 (1.1.2.11), "Exp", lines: +1 -1 + fips/fips.c (1.1.2.9), "Exp", lines: +13 -1 + fips/openssl_fips_fingerprint (1.1.4.4), "Exp", lines: +4 -2 + + Cygwin specific FIPS fix-ups. + +2004-12-09 23:43 appro + + Changed: + Configure (1.314.2.100), "Exp", lines: +2 -3 + crypto/des/des_enc.c (1.11.2.5), "Exp", lines: +2 -2 + + Eliminate false dependency on 386 config option is FIPS context. + At the same time limit assembler support to ELF platforms [that's + what is there, ELF modules]. + +2004-12-10 12:37 appro + + Changed: + Configure (1.314.2.101), "Exp", lines: +10 -3 + crypto/des/des_enc.c (1.11.2.6), "Exp", lines: +2 -2 + + Respect no-asm with fips option and disable FIPS DES assembler in + shared context [because it's not PIC]. + +2004-12-10 14:15 appro + + Changed: + fips/sha1/fingerprint.sha1 (1.1.2.10), "Exp", lines: +1 -1 + fips/sha1/standalone.sha1 (1.1.2.11), "Exp", lines: +1 -1 + fips/sha1/asm/sx86-elf.s (1.1.4.3), "Exp", lines: +32 -32 + + Solaris x86 assembler update. + +2004-12-10 17:30 appro + + Changed: + fips/fips_check_sha1 (1.1.2.7), "Exp", lines: +1 -1 + fips/openssl_fips_fingerprint (1.1.4.5), "Exp", lines: +1 -1 + fips/sha1/Makefile (1.1.4.6), "Exp", lines: +1 -1 + + Adapt FIPS sub-tree for mingw. + +2005-01-03 18:46 steve + + Changed: + fips/rsa/fingerprint.sha1 (1.1.4.5), "Exp", lines: +1 -1 + fips/rsa/fips_rsa_selftest.c (1.1.4.3), "Exp", lines: +55 -11 + + RSA KAT. + +2005-01-11 17:54 levitte + + Changed: + fips/rsa/fingerprint.sha1 (1.1.4.6), "Exp", lines: +1 -1 + fips/rsa/fips_rsa_selftest.c (1.1.4.4), "Exp", lines: +2 -2 + + Clear signed vs. unsigned conflicts. Change the fingerprint + accordingly. + +2005-01-11 19:25 levitte + + Changed: + ssl/ssltest.c (1.53.2.24), "Exp", lines: +2 -2 + fips/rand/fips_randtest.c (1.1.2.6), "Exp", lines: +3 -3 + fips/sha1/fips_sha1test.c (1.1.2.5), "Exp", lines: +10 -4 + fips/des/fips_desmovs.c (1.1.2.6), "Exp", lines: +8 -7 + fips/dsa/fips_dsatest.c (1.1.2.5), "Exp", lines: +2 -2 + apps/openssl.c (1.48.2.12), "Exp", lines: +1 -1 + fips/aes/fips_aesavs.c (1.1.2.12), "Exp", lines: +8 -7 + + Use EXIT() instead of exit(). + +2005-01-26 21:00 steve + + Changed: + apps/dgst.c (1.23.2.13), "Exp", lines: +10 -0 + apps/pkcs12.c (1.60.2.13), "Exp", lines: +8 -1 + crypto/crypto.h (1.62.2.9), "Exp", lines: +49 -0 + crypto/md32_common.h (1.22.2.9), "Exp", lines: +1 -1 + crypto/bf/bf_skey.c (1.6.2.1), "Exp", lines: +2 -1 + crypto/bf/blowfish.h (1.9.2.1), "Exp", lines: +4 -1 + crypto/cast/c_skey.c (1.5.6.1), "Exp", lines: +3 -1 + crypto/cast/cast.h (1.7.2.1), "Exp", lines: +4 -1 + crypto/evp/bio_md.c (1.11.2.3), "Exp", lines: +2 -7 + crypto/evp/digest.c (1.21.2.7), "Exp", lines: +11 -0 + crypto/evp/e_aes.c (1.6.2.11), "Exp", lines: +11 -11 + crypto/evp/e_des.c (1.5.2.9), "Exp", lines: +5 -3 + crypto/evp/e_des3.c (1.8.2.8), "Exp", lines: +6 -6 + crypto/evp/evp.h (1.86.2.16), "Exp", lines: +17 -0 + crypto/evp/evp_enc.c (1.28.2.11), "Exp", lines: +15 -1 + crypto/evp/evp_err.c (1.23.2.4), "Exp", lines: +6 -1 + crypto/evp/evp_locl.h (1.7.2.7), "Exp", lines: +17 -2 + crypto/evp/m_dss.c (1.8.2.1), "Exp", lines: +1 -1 + crypto/evp/m_md2.c (1.9.2.1), "Exp", lines: +1 -0 + crypto/evp/m_md4.c (1.8.2.1), "Exp", lines: +1 -0 + crypto/evp/m_md5.c (1.9.2.1), "Exp", lines: +1 -0 + crypto/evp/m_mdc2.c (1.9.2.1), "Exp", lines: +1 -0 + crypto/evp/m_sha.c (1.8.2.2), "Exp", lines: +1 -0 + crypto/evp/m_sha1.c (1.8.2.1), "Exp", lines: +1 -1 + crypto/evp/names.c (1.7.2.1), "Exp", lines: +3 -0 + crypto/hmac/hmac.c (1.12.2.3), "Exp", lines: +7 -0 + crypto/hmac/hmac.h (1.14.2.2), "Exp", lines: +1 -0 + crypto/idea/i_skey.c (1.5.6.1), "Exp", lines: +13 -0 + crypto/idea/idea.h (1.10.2.1), "Exp", lines: +4 -0 + crypto/md2/md2.h (1.11.2.1), "Exp", lines: +3 -0 + crypto/md2/md2_dgst.c (1.13.2.4), "Exp", lines: +3 -1 + crypto/md4/md4.h (1.3.2.1), "Exp", lines: +3 -0 + crypto/md4/md4_dgst.c (1.2.2.2), "Exp", lines: +1 -1 + crypto/md5/md5.h (1.10.2.3), "Exp", lines: +3 -0 + crypto/md5/md5_dgst.c (1.16.2.2), "Exp", lines: +1 -1 + crypto/mdc2/mdc2.h (1.9.2.1), "Exp", lines: +3 -1 + crypto/mdc2/mdc2dgst.c (1.13.2.1), "Exp", lines: +3 -1 + crypto/rc2/rc2.h (1.10.2.1), "Exp", lines: +4 -1 + crypto/rc2/rc2_skey.c (1.4.6.1), "Exp", lines: +13 -0 + crypto/rc4/rc4.h (1.10.2.2), "Exp", lines: +3 -0 + crypto/rc4/rc4_skey.c (1.10.8.2), "Exp", lines: +2 -1 + crypto/rc5/rc5.h (1.5.2.1), "Exp", lines: +4 -1 + crypto/rc5/rc5_skey.c (1.4.6.1), "Exp", lines: +14 -0 + crypto/ripemd/ripemd.h (1.8.2.1), "Exp", lines: +3 -0 + crypto/ripemd/rmd_dgst.c (1.13.2.2), "Exp", lines: +2 -1 + crypto/sha/sha.h (1.11.2.2), "Exp", lines: +3 -0 + crypto/sha/sha_locl.h (1.16.2.3), "Exp", lines: +4 -0 + crypto/x509/x509_cmp.c (1.22.2.4), "Exp", lines: +7 -1 + crypto/x509/x509_vfy.c (1.56.2.13), "Exp", lines: +1 -1 + ssl/s3_clnt.c (1.53.2.18), "Exp", lines: +2 -0 + ssl/s3_enc.c (1.31.2.9), "Exp", lines: +3 -0 + ssl/s3_srvr.c (1.85.2.23), "Exp", lines: +2 -0 + ssl/t1_enc.c (1.27.2.9), "Exp", lines: +2 -0 + + FIPS algorithm blocking. + + Non FIPS algorithms are not normally allowed in FIPS mode. + + Any attempt to use them via high level functions will + return an error. + + The low level non-FIPS algorithm functions cannot return + errors so they produce assertion failures. HMAC also has to give an + assertion error because it (erroneously) can't return an error + either. + + There are exceptions (such as MD5 in TLS and non + cryptographic use of algorithms) and applications can override the + blocking and use non FIPS algorithms anyway. + + For low level functions the override is perfomed by + prefixing the algorithm initalization function with "private_" for + example private_MD5_Init(). + + For high level functions an override is performed by + setting a flag in the context. + +2005-01-27 02:49 steve + + Changed: + apps/dgst.c (1.23.2.14), "Exp", lines: +9 -5 + crypto/crypto.h (1.62.2.10), "Exp", lines: +3 -0 + crypto/evp/digest.c (1.21.2.8), "Exp", lines: +34 -0 + crypto/hmac/hmac.c (1.12.2.4), "Exp", lines: +9 -0 + + More FIPS algorithm blocking. + + Catch attempted use of non FIPS algorithms with HMAC. + + Give an assertion error for applications that ignore FIPS + digest errors. + + Make -non-fips-allow work with dgst and HMAC. + +2005-01-28 15:03 steve + + Changed: + apps/dgst.c (1.23.2.15), "Exp", lines: +2 -1 + apps/enc.c (1.35.2.13), "Exp", lines: +38 -4 + crypto/evp/e_rc4.c (1.11.2.2), "Exp", lines: +1 -0 + crypto/evp/evp.h (1.86.2.17), "Exp", lines: +3 -0 + crypto/evp/evp_enc.c (1.28.2.12), "Exp", lines: +60 -15 + crypto/evp/evp_locl.h (1.7.2.8), "Exp", lines: +1 -0 + test/testenc (1.3.8.2), "Exp", lines: +8 -8 + + Further FIPS algorithm blocking. + + Fixes to cipher blocking and enabling code. + + Add option -non-fips-allow to 'enc' and update testenc. + +2005-01-31 02:33 steve + + Changed: + ssl/s23_clnt.c (1.20.2.7), "Exp", lines: +16 -0 + ssl/s23_srvr.c (1.41.2.6), "Exp", lines: +9 -0 + ssl/s3_clnt.c (1.53.2.19), "Exp", lines: +0 -8 + ssl/s3_enc.c (1.31.2.10), "Exp", lines: +1 -0 + ssl/s3_srvr.c (1.85.2.24), "Exp", lines: +0 -8 + ssl/ssl.h (1.126.2.21), "Exp", lines: +1 -0 + ssl/ssl_cert.c (1.48.2.10), "Exp", lines: +0 -8 + ssl/ssl_err.c (1.41.2.4), "Exp", lines: +2 -1 + ssl/ssl_lib.c (1.110.2.13), "Exp", lines: +8 -9 + ssl/t1_enc.c (1.27.2.10), "Exp", lines: +0 -18 + + Only allow TLS is FIPS mode. + + Remove old FIPS_allow_md5() calls. + +2005-02-05 19:24 steve + + Changed: + apps/req.c (1.88.2.18), "Exp", lines: +8 -1 + apps/x509.c (1.67.2.20), "Exp", lines: +8 -1 + + In FIPS mode use SHA1 as default digest in x509 and req utilities. + +2005-03-15 10:46 appro + + Changed: + Makefile.org (1.154.2.96), "Exp", lines: +1 -1 + crypto/Makefile (1.1.4.6), "Exp", lines: +2 -3 + fips/Makefile (1.1.4.8), "Exp", lines: +4 -1 + + Real Bourne shell doesn't accept ! as in "if ! grep ..." Fix this + in crypto/Makefile and make Makefile.org and fips/Makefile more + discreet. + +2005-03-22 18:29 steve + + Changed: + fips/fingerprint.sha1 (1.1.2.12), "Exp", lines: +1 -1 + fips/fips.c (1.1.2.10), "Exp", lines: +1 -0 + + Fix memory leak. + +2005-03-27 05:36 steve + + Changed: + crypto/evp/e_null.c (1.9.2.1), "Exp", lines: +1 -1 + ssl/s3_lib.c (1.57.2.13), "Exp", lines: +3 -3 + + Allow 'null' cipher and appropriate Kerberos ciphersuites in FIPS + mode. + +2005-04-14 14:44 steve + + Changed: + fips/fipshashes.sha1 (1.1.2.1), "Exp", lines: +29 -0 + util/checkhash.pl (1.1.2.1), "Exp", lines: +181 -0 + + Perl script that checks or rebuilds FIPS hash files. This works on + both Unix and Windows. + + Merge all FIPS hash files into a single hash file + fips/fips.sha1 + +2005-04-15 05:27 steve + + Changed: + fips/Makefile (1.1.4.9), "Exp", lines: +1 -1 + fips/aes/Makefile (1.1.4.4), "Exp", lines: +1 -4 + fips/des/Makefile (1.1.4.6), "Exp", lines: +1 -4 + fips/dh/Makefile (1.1.2.5), "Exp", lines: +1 -4 + fips/dsa/Makefile (1.1.4.4), "Exp", lines: +1 -4 + fips/rand/Makefile (1.1.4.3), "Exp", lines: +1 -4 + fips/rsa/Makefile (1.1.4.5), "Exp", lines: +1 -4 + fips/sha1/Makefile (1.1.4.9), "Exp", lines: +1 -7 + + Update hash checking in makefiles to use new perl script. + +2005-04-17 06:37 steve + + Changed: + util/checkhash.pl (1.1.2.2), "Exp", lines: +163 -127 + + Modify checkhash.pl so it can be run standalone or included as a + funtion in another perl script. + +2005-04-17 16:00 appro + + Changed: + fips/sha1/Makefile (1.1.4.10), "Exp", lines: +9 -5 + + Bring back fips_standalone_sha1. + +2005-04-17 16:17 appro + + Deleted: + fips/sha1/asm/sx86-elf.s (1.1.4.4) + Changed: + Configure (1.314.2.114), "Exp", lines: +1 -1 + fips/fipshashes.sha1 (1.1.2.2), "Exp", lines: +1 -1 + fips/sha1/Makefile (1.1.4.11), "Exp", lines: +1 -1 + fips/sha1/standalone.sha1 (1.1.2.13), "Exp", lines: +1 -1 + fips/sha1/asm/fips-sx86-elf.s (1.1.2.1), "Exp", lines: +1568 -0 + + Rename fips/sha1/sx86-elf.s to fips/sha1/fips-sx86-elf.s. + +2005-04-17 16:21 steve + + Changed: + util/checkhash.pl (1.1.2.3), "Exp", lines: +2 -0 + + Return 0 for successful hash check. + +2005-04-17 16:54 appro + + Changed: + Configure (1.314.2.116), "Exp", lines: +8 -1 + Makefile.org (1.154.2.99), "Exp", lines: +3 -2 + crypto/aes/aes_cbc.c (1.1.2.11), "Exp", lines: +2 -0 + fips/fipshashes.sha1 (1.1.2.4), "Exp", lines: +1 -0 + fips/aes/Makefile (1.1.4.5), "Exp", lines: +4 -2 + fips/aes/asm/fips-ax86-elf.s (1.1.2.1), "Exp", lines: +1822 -0 + + Throw in fips/aes/asm/fips-ax86-elf.s. + +2005-04-17 16:35 appro + + Changed: + Configure (1.314.2.115), "Exp", lines: +1 -1 + fips/fipshashes.sha1 (1.1.2.3), "Exp", lines: +1 -1 + fips/des/asm/fips-dx86-elf.s (1.1.4.2), "Exp", lines: +108 -98 + + Regenerate fips/des/asm/fips-dx86-elf.s with -fPIC flag. + +2005-04-17 17:26 appro + + Changed: + crypto/cryptlib.c (1.32.2.18), "Exp", lines: +6 -55 + crypto/crypto.h (1.62.2.11), "Exp", lines: +0 -3 + fips/fips.c (1.1.2.11), "Exp", lines: +62 -8 + fips/fips.h (1.1.2.7), "Exp", lines: +2 -3 + fips/fips_locl.h (1.1.4.3), "Exp", lines: +6 -3 + fips/fipshashes.sha1 (1.1.2.5), "Exp", lines: +4 -4 + fips/rand/fips_rand.c (1.1.2.10), "Exp", lines: +3 -1 + fips/rsa/fips_rsa_gen.c (1.1.4.4), "Exp", lines: +4 -2 + + Resolve minor binary compatibility issues in fips. + +2005-04-17 18:22 appro + + Changed: + fips/fipshashes.sha1 (1.1.2.6), "Exp", lines: +12 -12 + fips/des/fips_des_locl.h (1.1.2.4), "Exp", lines: +1 -1 + fips/des/fips_set_key.c (1.1.4.4), "Exp", lines: +2 -2 + fips/dh/fips_dh_key.c (1.1.2.3), "Exp", lines: +1 -1 + fips/dsa/fips_dsa_ossl.c (1.1.2.7), "Exp", lines: +1 -1 + fips/dsa/fips_dsa_selftest.c (1.1.4.2), "Exp", lines: +3 -3 + fips/rand/fips_rand.c (1.1.2.11), "Exp", lines: +2 -2 + fips/rand/fips_rand.h (1.1.2.5), "Exp", lines: +1 -1 + fips/rsa/fips_rsa_eay.c (1.1.4.4), "Exp", lines: +1 -1 + fips/rsa/fips_rsa_gen.c (1.1.4.5), "Exp", lines: +1 -1 + fips/rsa/fips_rsa_selftest.c (1.1.4.5), "Exp", lines: +11 -11 + fips/sha1/fips_sha1_selftest.c (1.1.4.2), "Exp", lines: +1 -1 + fips/sha1/fips_sha1dgst.c (1.1.2.5), "Exp", lines: +1 -1 + fips/sha1/standalone.sha1 (1.1.2.14), "Exp", lines: +2 -2 + + Minor fips const-ification. + +2005-04-18 07:02 steve + + Changed: + crypto/bf/bf_skey.c (1.6.2.2), "Exp", lines: +1 -0 + crypto/cast/c_skey.c (1.5.6.2), "Exp", lines: +1 -0 + crypto/idea/i_skey.c (1.5.6.2), "Exp", lines: +1 -0 + crypto/rc2/rc2_skey.c (1.4.6.2), "Exp", lines: +1 -0 + crypto/rc4/rc4_skey.c (1.10.8.3), "Exp", lines: +1 -0 + crypto/rc5/rc5_skey.c (1.4.6.2), "Exp", lines: +1 -0 + + Pick up definition of FIPS_mode() in fips.h to avoid warnings. + +2005-04-18 10:34 steve + + Deleted: + fips/fingerprint.sha1 (1.1.2.14) + fips/fips_check_sha1 (1.1.2.8) + fips/fips_make_sha1 (1.1.2.7) + fips/aes/fingerprint.sha1 (1.1.2.7) + fips/des/fingerprint.sha1 (1.1.2.6) + fips/dh/fingerprint.sha1 (1.1.2.4) + fips/dsa/fingerprint.sha1 (1.1.2.7) + fips/rand/fingerprint.sha1 (1.1.2.10) + fips/rsa/fingerprint.sha1 (1.1.4.7) + fips/sha1/fingerprint.sha1 (1.1.2.12) + Changed: + fips/sha1/Makefile (1.1.4.12), "Exp", lines: +1 -4 + + Remove obsolete fingerprint.sha1 files and associated scripts. + Delete test in fips/sha1/Makefile: the top level test checks the + same files. + +2005-04-19 09:11 appro + + Deleted: + fips/fipshashes.sha1 (1.1.2.7) + fips/sha1/standalone.sha1 (1.1.2.15) + Changed: + fips/fipshashes.c (1.1.2.1), "Exp", lines: +32 -0 + util/checkhash.pl (1.1.2.4), "Exp", lines: +7 -4 + + Maintain fingerprint hashes as C source. + +2005-04-19 09:17 appro + + Changed: + util/checkhash.pl (1.1.2.5), "Exp", lines: +1 -1 + + Complete the transition C-code hashes. + +2005-04-21 19:06 steve + + Changed: + apps/openssl.c (1.48.2.13), "Exp", lines: +0 -2 + fips/fips.c (1.1.2.12), "Exp", lines: +0 -27 + fips/fips.h (1.1.2.8), "Exp", lines: +0 -2 + fips/fipshashes.c (1.1.2.2), "Exp", lines: +2 -2 + + Remove defunct FIPS_allow_md5() and related functions. + +2005-04-22 06:15 appro + + Changed: + fips/fips.c (1.1.2.13), "Exp", lines: +3 -3 + fips/fips_err.h (1.1.4.4), "Exp", lines: +3 -3 + fips/fipshashes.c (1.1.2.4), "Exp", lines: +2 -2 + + Move some variables to .bss. + diff --git a/Configure b/Configure new file mode 100755 index 0000000000000000000000000000000000000000..1455da11d1fa0343e2eb95821cb0b4ed620a42fb --- /dev/null +++ b/Configure @@ -0,0 +1,1818 @@ +: +eval 'exec perl -S $0 ${1+"$@"}' + if $running_under_some_shell; +## +## Configure -- OpenSSL source tree configuration script +## + +require 5.000; +use strict; + +# see INSTALL for instructions. + +my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n"; + +# Options: +# +# --openssldir install OpenSSL in OPENSSLDIR (Default: DIR/ssl if the +# --prefix option is given; /usr/local/ssl otherwise) +# --prefix prefix for the OpenSSL include, lib and bin directories +# (Default: the OPENSSLDIR directory) +# +# --install_prefix Additional prefix for package builders (empty by +# default). This needn't be set in advance, you can +# just as well use "make INSTALL_PREFIX=/whatever install". +# +# --with-krb5-dir Declare where Kerberos 5 lives. The libraries are expected +# to live in the subdirectory lib/ and the header files in +# include/. A value is required. +# --with-krb5-lib Declare where the Kerberos 5 libraries live. A value is +# required. +# (Default: KRB5_DIR/lib) +# --with-krb5-include Declare where the Kerberos 5 header files live. A +# value is required. +# (Default: KRB5_DIR/include) +# --with-krb5-flavor Declare what flavor of Kerberos 5 is used. Currently +# supported values are "MIT" and "Heimdal". A value is required. +# +# --test-sanity Make a number of sanity checks on the data in this file. +# This is a debugging tool for OpenSSL developers. +# +# no-hw-xxx do not compile support for specific crypto hardware. +# Generic OpenSSL-style methods relating to this support +# are always compiled but return NULL if the hardware +# support isn't compiled. +# no-hw do not compile support for any crypto hardware. +# [no-]threads [don't] try to create a library that is suitable for +# multithreaded applications (default is "threads" if we +# know how to do it) +# [no-]shared [don't] try to create shared libraries when supported. +# no-asm do not use assembler +# no-dso do not compile in any native shared-library methods. This +# will ensure that all methods just return NULL. +# no-krb5 do not compile in any KRB5 library or code. +# [no-]zlib [don't] compile support for zlib compression. +# zlib-dynamic Like "zlib", but the zlib library is expected to be a shared +# library and will be loaded in run-time by the OpenSSL library. +# 386 generate 80386 code +# no-sse2 disables IA-32 SSE2 code, above option implies no-sse2 +# no- build without specified algorithm (rsa, idea, rc5, ...) +# - + compiler options are passed through +# +# DEBUG_SAFESTACK use type-safe stacks to enforce type-safety on stack items +# provided to stack calls. Generates unique stack functions for +# each possible stack type. +# DES_PTR use pointer lookup vs arrays in the DES in crypto/des/des_locl.h +# DES_RISC1 use different DES_ENCRYPT macro that helps reduce register +# dependancies but needs to more registers, good for RISC CPU's +# DES_RISC2 A different RISC variant. +# DES_UNROLL unroll the inner DES loop, sometimes helps, somtimes hinders. +# DES_INT use 'int' instead of 'long' for DES_LONG in crypto/des/des.h +# This is used on the DEC Alpha where long is 8 bytes +# and int is 4 +# BN_LLONG use the type 'long long' in crypto/bn/bn.h +# MD2_CHAR use 'char' instead of 'int' for MD2_INT in crypto/md2/md2.h +# MD2_LONG use 'long' instead of 'int' for MD2_INT in crypto/md2/md2.h +# IDEA_SHORT use 'short' instead of 'int' for IDEA_INT in crypto/idea/idea.h +# IDEA_LONG use 'long' instead of 'int' for IDEA_INT in crypto/idea/idea.h +# RC2_SHORT use 'short' instead of 'int' for RC2_INT in crypto/rc2/rc2.h +# RC2_LONG use 'long' instead of 'int' for RC2_INT in crypto/rc2/rc2.h +# RC4_CHAR use 'char' instead of 'int' for RC4_INT in crypto/rc4/rc4.h +# RC4_LONG use 'long' instead of 'int' for RC4_INT in crypto/rc4/rc4.h +# RC4_INDEX define RC4_INDEX in crypto/rc4/rc4_locl.h. This turns on +# array lookups instead of pointer use. +# RC4_CHUNK enables code that handles data aligned at long (natural CPU +# word) boundary. +# RC4_CHUNK_LL enables code that handles data aligned at long long boundary +# (intended for 64-bit CPUs running 32-bit OS). +# BF_PTR use 'pointer arithmatic' for Blowfish (unsafe on Alpha). +# BF_PTR2 intel specific version (generic version is more efficient). +# +# Following are set automatically by this script +# +# MD5_ASM use some extra md5 assember, +# SHA1_ASM use some extra sha1 assember, must define L_ENDIAN for x86 +# RMD160_ASM use some extra ripemd160 assember, +# SHA256_ASM sha256_block is implemented in assembler +# SHA512_ASM sha512_block is implemented in assembler +# AES_ASM ASE_[en|de]crypt is implemented in assembler + +my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL"; + +# MD2_CHAR slags pentium pros +my $x86_gcc_opts="RC4_INDEX MD2_INT"; + +# MODIFY THESE PARAMETERS IF YOU ARE GOING TO USE THE 'util/speed.sh SCRIPT +# Don't worry about these normally + +my $tcc="cc"; +my $tflags="-fast -Xa"; +my $tbn_mul=""; +my $tlib="-lnsl -lsocket"; +#$bits1="SIXTEEN_BIT "; +#$bits2="THIRTY_TWO_BIT "; +my $bits1="THIRTY_TWO_BIT "; +my $bits2="SIXTY_FOUR_BIT "; + +my $x86_elf_asm="x86cpuid-elf.o:bn86-elf.o co86-elf.o:dx86-elf.o yx86-elf.o:ax86-elf.o:bx86-elf.o:mx86-elf.o:sx86-elf.o s512sse2-elf.o:cx86-elf.o:rx86-elf.o:rm86-elf.o:r586-elf.o"; +my $x86_coff_asm="x86cpuid-cof.o:bn86-cof.o co86-cof.o:dx86-cof.o yx86-cof.o:ax86-cof.o:bx86-cof.o:mx86-cof.o:sx86-cof.o s512sse2-cof.o:cx86-cof.o:rx86-cof.o:rm86-cof.o:r586-cof.o"; +my $x86_out_asm="x86cpuid-out.o:bn86-out.o co86-out.o:dx86-out.o yx86-out.o:ax86-out.o:bx86-out.o:mx86-out.o:sx86-out.o s512sse2-out.o:cx86-out.o:rx86-out.o:rm86-out.o:r586-out.o"; + +my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o::::md5-x86_64.o:::rc4-x86_64.o::"; +my $ia64_asm=":bn-ia64.o::aes_core.o aes_cbc.o aes-ia64.o:::sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o::"; + +my $no_asm="::::::::::"; + +# As for $BSDthreads. Idea is to maintain "collective" set of flags, +# which would cover all BSD flavors. -pthread applies to them all, +# but is treated differently. OpenBSD expands is as -D_POSIX_THREAD +# -lc_r, which is sufficient. FreeBSD 4.x expands it as -lc_r, +# which has to be accompanied by explicit -D_THREAD_SAFE and +# sometimes -D_REENTRANT. FreeBSD 5.x expands it as -lc_r, which +# seems to be sufficient? +my $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT"; + +#config-string $cc : $cflags : $unistd : $thread_cflag : $sys_id : $lflags : $bn_ops : $cpuid_obj : $bn_obj : $des_obj : $aes_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib : $arflags + +my %table=( +# File 'TABLE' (created by 'make TABLE') contains the data from this list, +# formatted for better readability. + + +#"b", "${tcc}:${tflags}::${tlib}:${bits1}:${tbn_mul}::", +#"bl-4c-2c", "${tcc}:${tflags}::${tlib}:${bits1}BN_LLONG RC4_CHAR MD2_CHAR:${tbn_mul}::", +#"bl-4c-ri", "${tcc}:${tflags}::${tlib}:${bits1}BN_LLONG RC4_CHAR RC4_INDEX:${tbn_mul}::", +#"b2-is-ri-dp", "${tcc}:${tflags}::${tlib}:${bits2}IDEA_SHORT RC4_INDEX DES_PTR:${tbn_mul}::", + +# Our development configs +"purify", "purify gcc:-g -DPURIFY -Wall::(unknown)::-lsocket -lnsl::::", +"debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown)::-lefence::::", +"debug-ben", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::bn86-elf.o co86-elf.o", +"debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", +"debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", +"debug-ben-debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::::", +"debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::", +"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", +"debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -march=i486 -pedantic -Wshadow -Wall::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", +"debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll", +"debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -march=i486 -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared", +"debug-steve-linux-pseudo64", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT:${no_asm}:dlfcn:linux-shared", +"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-geoff","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", +"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", +"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"dist", "cc:-O::(unknown)::::::", + +# Basic configs that should work on any (32 and less bit) box +"gcc", "gcc:-O3::(unknown):::BN_LLONG:::", +"cc", "cc:-O::(unknown)::::::", + +####VOS Configurations +"vos-gcc","gcc:-O3 -Wall -D_POSIX_C_SOURCE=200112L -D_BSD -DB_ENDIAN::(unknown):VOS:-Wl,-map:BN_LLONG:${no_asm}:::::.so:", +"debug-vos-gcc","gcc:-O0 -g -Wall -D_POSIX_C_SOURCE=200112L -D_BSD -DB_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG::(unknown):VOS:-Wl,-map:BN_LLONG:${no_asm}:::::.so:", + +#### Solaris x86 with GNU C setups +# -DOPENSSL_NO_INLINE_ASM switches off inline assembler. We have to do it +# here because whenever GNU C instantiates an assembler template it +# surrounds it with #APP #NO_APP comment pair which (at least Solaris +# 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic" +# error message. +"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -march=pentium -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +# -shared -static-libgcc might appear controversial, but modules taken +# from static libgcc do not have relocations and linking them into our +# shared objects doesn't have any negative side-effects. On the contrary, +# doing so makes it possible to use gcc shared build with Sun C. Given +# that gcc generates faster code [thanks to inline assembler], I would +# actually recommend to consider using gcc shared build even with vendor +# compiler:-) +# +"solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN -DMD32_REG_T=int::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + +#### Solaris x86 with Sun C setups +"solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + +#### SPARC Solaris with GNU C setups +"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +# -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc +"solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +#### +"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o::::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + +#### SPARC Solaris with Sun C setups +# SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2. +# SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8 +# SC5.0 note: Compiler common patch 107357-01 or later is required! +"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC:-xarch=v9 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs", +#### +"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8.o::::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8plus.o::::md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + +#### SunOS configs, assuming sparc for the gcc one. +#"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:${no_asm}::", +"sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::", + +#### IRIX 5.x configs +# -mips2 flag is added by ./config when appropriate. +"irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${no_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${no_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +#### IRIX 6.x configs +# Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke +# './Configure irix-cc -o32' manually. +"irix-mips3-gcc","gcc:-mabi=n32 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT::bn-mips3.o::::::::::dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT::bn-mips3.o::::::::::dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +# N64 ABI builds. +"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG::bn-mips3.o::::::::::dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG::bn-mips3.o::::::::::dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + +#### Unified HP-UX ANSI C configs. +# Special notes: +# - Originally we were optimizing at +O4 level. It should be noted +# that the only difference between +O3 and +O4 is global inter- +# procedural analysis. As it has to be performed during the link +# stage the compiler leaves behind certain pseudo-code in lib*.a +# which might be release or even patch level specific. Generating +# the machine code for and analyzing the *whole* program appears +# to be *extremely* memory demanding while the performance gain is +# actually questionable. The situation is intensified by the default +# HP-UX data set size limit (infamous 'maxdsiz' tunable) of 64MB +# which is way too low for +O4. In other words, doesn't +O3 make +# more sense? +# - Keep in mind that the HP compiler by default generates code +# suitable for execution on the host you're currently compiling at. +# If the toolkit is ment to be used on various PA-RISC processors +# consider './config +DAportable'. +# - +DD64 is chosen in favour of +DA2.0W because it's meant to be +# compatible with *future* releases. +# - If you run ./Configure hpux-parisc-[g]cc manually don't forget to +# pass -D_REENTRANT on HP-UX 10 and later. +# - -DMD32_XARRAY triggers workaround for compiler bug we ran into in +# 32-bit message digests. (For the moment of this writing) HP C +# doesn't seem to "digest" too many local variables (they make "him" +# chew forever:-). For more details look-up MD32_XARRAY comment in +# crypto/sha/sha_lcl.h. +# +# +# Since there is mention of this in shlib/hpux10-cc.sh +"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux-parisc2-gcc","gcc:-march=2.0 -O3 -DB_ENDIAN -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL DES_RISC1::pa-risc2.o::::::::::dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2W.o::::::::::dlfcn:hpux-shared:-fpic:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + +# More attempts at unified 10.X and 11.X targets for HP C compiler. +# +# Chris Ruemmler +# Kevin Steves +"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux-parisc1_0-cc","cc:+DAportable +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2.o::::::::::dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2W.o::::::::::dlfcn:hpux-shared:+Z:+DD64 -b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + +# HP/UX IA-64 targets +"hpux-ia64-cc","cc:-Ae +DD32 +O2 +Olit=all -z -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:+Z:+DD32 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +# Frank Geurts has patiently assisted with +# with debugging of the following config. +"hpux64-ia64-cc","cc:-Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:+Z:+DD64 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +# GCC builds... +"hpux-ia64-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:-fpic:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux64-ia64-gcc","gcc:-mlp64 -O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:-fpic:-mlp64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + +# Legacy HPUX 9.X configs... +"hpux-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O2 -z::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + +#### HP MPE/iX http://jazz.external.hp.com/src/openssl/ +"MPE/iX-gcc", "gcc:-D_ENDIAN -DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):MPE:-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::", + +# DEC Alpha OSF/1/Tru64 targets. +# +# "What's in a name? That which we call a rose +# By any other word would smell as sweet." +# +# - William Shakespeare, "Romeo & Juliet", Act II, scene II. +# +# For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version +# +"osf1-alpha-gcc", "gcc:-O3::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${no_asm}:dlfcn:alpha-osf1-shared:::.so", +"osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${no_asm}:dlfcn:alpha-osf1-shared:::.so", +"tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${no_asm}:dlfcn:alpha-osf1-shared::-msym:.so", + +#### +#### Variety of LINUX:-) +#### +# *-generic* is endian-neutral target, but ./config is free to +# throw in -D[BL]_ENDIAN, whichever appropriate... +"linux-generic32","gcc:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc32.o::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +#### IA-32 targets... +"linux-ia32-icc", "icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}", +#### +"linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-ppc64", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc64.o::::::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +#### SPARC Linux setups +# Ray Miller has patiently +# assisted with debugging of following two configs. +"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +# it's a real mess with -mcpu=ultrasparc option under Linux, but +# -Wa,-Av8plus should do the trick no matter what. +"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +# GCC 3.1 is a requirement +"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::md5-sparcv9.o::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +#### Alpha Linux with GNU C and Compaq C setups +# Special notes: +# - linux-alpha+bwx-gcc is ment to be used from ./config only. If you +# ought to run './Configure linux-alpha+bwx-gcc' manually, do +# complement the command line with -mcpu=ev56, -mcpu=ev6 or whatever +# which is appropriate. +# - If you use ccc keep in mind that -fast implies -arch host and the +# compiler is free to issue instructions which gonna make elder CPU +# choke. If you wish to build "blended" toolkit, add -arch generic +# *after* -fast and invoke './Configure linux-alpha-ccc' manually. +# +# +# +"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${no_asm}", +"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${no_asm}", + +#### *BSD [do see comment about ${BSDthreads} above!] +"BSD-generic32","gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-x86-elf", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-BSD-x86-elf", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-sparcv8", "gcc:-DB_ENDIAN -DTERMIOS -O3 -mv8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + +"BSD-generic64","gcc:-DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +# -DMD32_REG_T=int doesn't actually belong in sparc64 target, it +# simply *happens* to work around a compiler bug in gcc 3.3.3, +# triggered by RIPEMD160 code. +"BSD-sparc64", "gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:::des_enc-sparc.o fcrypt_b.o:::md5-sparcv9.o::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-ia64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-x86_64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + +"bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + +"nextstep", "cc:-O -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", +"nextstep3.3", "cc:-O3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", + +# NCR MP-RAS UNIX ver 02.03.01 +"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown)::-lsocket -lnsl -lc89:${x86_gcc_des} ${x86_gcc_opts}:::", + +# QNX +"qnx4", "cc:-DL_ENDIAN -DTERMIO::(unknown):::${x86_gcc_des} ${x86_gcc_opts}:", +"qnx6", "cc:-DL_ENDIAN -DTERMIOS::(unknown)::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:", + +#### SCO/Caldera targets. +# +# Originally we had like unixware-*, unixware-*-pentium, unixware-*-p6, etc. +# Now we only have blended unixware-* as it's the only one used by ./config. +# If you want to optimize for particular microarchitecture, bypass ./config +# and './Configure unixware-7 -Kpentium_pro' or whatever appropriate. +# Note that not all targets include assembler support. Mostly because of +# lack of motivation to support out-of-date platforms with out-of-date +# compiler drivers and assemblers. Tim Rice has +# patiently assisted to debug most of it. +# +# UnixWare 2.0x fails destest with -O. +"unixware-2.0","cc:-DFILIO_H -DNO_STRINGS_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::", +"unixware-2.1","cc:-O -DFILIO_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::", +"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -march=pentium -Wall::-D_REENTRANT::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +# SCO 5 - Ben Laurie says the -O breaks the SCO cc. +"sco5-cc", "cc:-belf::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"sco5-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + +#### IBM's AIX. +"aix3-cc", "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::", +"aix-gcc", "gcc:-O -DB_ENDIAN::-D_THREAD_SAFE:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:", +"aix64-gcc","gcc:-maix64 -O -DB_ENDIAN::-D_THREAD_SAFE:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn::::::-X64", +# Below targets assume AIX 5. Idea is to effectively disregard $OBJECT_MODE +# at build time. $OBJECT_MODE is respected at ./config stage! +"aix-cc", "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384::-qthreaded:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:aix-shared::-q32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32", +"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384::-qthreaded:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-q64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64", + +# +# Cray T90 and similar (SDSC) +# It's Big-endian, but the algorithms work properly when B_ENDIAN is NOT +# defined. The T90 ints and longs are 8 bytes long, and apparently the +# B_ENDIAN code assumes 4 byte ints. Fortunately, the non-B_ENDIAN and +# non L_ENDIAN code aligns the bytes in each word correctly. +# +# The BIT_FIELD_LIMITS define is to avoid two fatal compiler errors: +#'Taking the address of a bit field is not allowed. ' +#'An expression with bit field exists as the operand of "sizeof" ' +# (written by Wayne Schroeder ) +# +# j90 is considered the base machine type for unicos machines, +# so this configuration is now called "cray-j90" ... +"cray-j90", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown):CRAY::SIXTY_FOUR_BIT_LONG DES_INT:::", + +# +# Cray T3E (Research Center Juelich, beckman@acl.lanl.gov) +# +# The BIT_FIELD_LIMITS define was written for the C90 (it seems). I added +# another use. Basically, the problem is that the T3E uses some bit fields +# for some st_addr stuff, and then sizeof and address-of fails +# I could not use the ams/alpha.o option because the Cray assembler, 'cam' +# did not like it. +"cray-t3e", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown):CRAY::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:::", + +# DGUX, 88100. +"dgux-R3-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown):::RC4_INDEX DES_UNROLL:::", +"dgux-R4-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::-lnsl -lsocket:RC4_INDEX DES_UNROLL:::", +"dgux-R4-x86-gcc", "gcc:-O3 -fomit-frame-pointer -DL_ENDIAN::(unknown)::-lnsl -lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", + +# Sinix/ReliantUNIX RM400 +# NOTE: The CDS++ Compiler up to V2.0Bsomething has the IRIX_CC_BUG optimizer problem. Better use -g */ +"ReliantUNIX","cc:-KPIC -g -DTERMIOS -DB_ENDIAN::-Kthread:SNI:-lsocket -lnsl -lc -L/usr/ucblib -lucb:BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${no_asm}:dlfcn:reliantunix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"SINIX","cc:-O::(unknown):SNI:-lsocket -lnsl -lc -L/usr/ucblib -lucb:RC4_INDEX RC4_CHAR:::", +"SINIX-N","/usr/ucb/cc:-O2 -misaligned::(unknown)::-lucb:RC4_INDEX RC4_CHAR:::", + +# SIEMENS BS2000/OSD: an EBCDIC-based mainframe +"BS2000-OSD","c89:-O -XLLML -XLLMK -XL -DB_ENDIAN -DTERMIOS -DCHARSET_EBCDIC::(unknown)::-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::", + +# OS/390 Unix an EBCDIC-based Unix system on IBM mainframe +# You need to compile using the c89.sh wrapper in the tools directory, because the +# IBM compiler does not like the -L switch after any object modules. +# +"OS390-Unix","c89.sh:-O -DB_ENDIAN -DCHARSET_EBCDIC -DNO_SYS_PARAM_H -D_ALL_SOURCE::(unknown):::THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::", + +# Win64 targets, WIN64I denotes IA-64 and WIN64A - AMD64 +"VC-WIN64I","cl::::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${no_asm}:win32", +"VC-WIN64A","cl::::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${no_asm}:win32", + +# Visual C targets +"VC-NT","cl::::WINNT::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32", +"VC-CE","cl::::WINCE::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32", +"VC-WIN32","cl::::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32", + +# Borland C++ 4.5 +"BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN:${no_asm}:win32", + +# MinGW +"mingw", "gcc:-mno-cygwin -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall -D_WIN32_WINNT=0x333:::MINGW32:-lwsock32 -lgdi32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts} EXPORT_VAR_AS_FN:${x86_coff_asm}:win32:cygwin-shared:-D_WINDLL -DOPENSSL_USE_APPLINK:-mno-cygwin -shared:.dll.a", + +# UWIN +"UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32", + +# Cygwin +"Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32", +"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_coff_asm}:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", +"debug-Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:::CYGWIN32:::${no_asm}:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", + +# NetWare from David Ward (dsward@novell.com) - requires MetroWerks NLM development tools +# netware-clib => legacy CLib c-runtime support +"netware-clib", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::", +# netware-libc => LibC/NKS support +# NetWare defaults socket bio to WinSock sockets. However, the LibC build can be +# configured to use BSD sockets instead. +"netware-libc", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::", +"netware-libc-bsdsock", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::", +"netware-libc-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -I/ndk/libc/include/winsock -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::", + +# DJGPP +"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:", + +# Ultrix from Bernhard Simon +"ultrix-cc","cc:-std1 -O -Olimit 2500 -DL_ENDIAN::(unknown):::::::", +"ultrix-gcc","gcc:-O3 -DL_ENDIAN::(unknown):::BN_LLONG::::", +# K&R C is no longer supported; you need gcc on old Ultrix installations +##"ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN::(unknown):::::::", + +##### MacOS X (a.k.a. Rhapsody or Darwin) setup +"rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown):MACOSX_RHAPSODY::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}::", +"darwin-ppc-cc","cc:-O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc32.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +"darwin-i386-cc","cc:-O3 -fomit-frame-pointer -fno-common::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +"debug-darwin-ppc-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DB_ENDIAN -g -Wall -O::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc32.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", + +##### A/UX +"aux3-gcc","gcc:-O2 -DTERMIO::(unknown):AUX:-lbsd:RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::", + +##### Sony NEWS-OS 4.x +"newsos4-gcc","gcc:-O -DB_ENDIAN::(unknown):NEWS4:-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::", + +##### GNU Hurd +"hurd-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC", + +##### OS/2 EMX +"OS2-EMX", "gcc::::::::", + +##### VxWorks for various targets +"vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::", +"vxworks-ppc750","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h \$(DEBUG_FLAG):::VXWORKS:-r:::::", +"vxworks-ppc750-debug","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g:::VXWORKS:-r:::::", +"vxworks-ppc860","ccppc:-nostdinc -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::", +"vxworks-mipsle","ccmips:-B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -DL_ENDIAN -EL -Wl,-EL -mips2 -mno-branch-likely -G 0 -fno-builtin -msoft-float -DCPU=MIPS32 -DMIPSEL -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r::${no_asm}::::::ranlibmips:", + +##### Compaq Non-Stop Kernel (Tandem) +"tandem-c89","c89:-Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN::(unknown):::THIRTY_TWO_BIT:::", + +); + +my @MK1MF_Builds=qw(VC-WIN64I VC-WIN64A + VC-NT VC-CE VC-WIN32 + BC-32 OS2-EMX netware-clib netware-libc netware-libc-bsdsock); + +my $idx = 0; +my $idx_cc = $idx++; +my $idx_cflags = $idx++; +my $idx_unistd = $idx++; +my $idx_thread_cflag = $idx++; +my $idx_sys_id = $idx++; +my $idx_lflags = $idx++; +my $idx_bn_ops = $idx++; +my $idx_cpuid_obj = $idx++; +my $idx_bn_obj = $idx++; +my $idx_des_obj = $idx++; +my $idx_aes_obj = $idx++; +my $idx_bf_obj = $idx++; +my $idx_md5_obj = $idx++; +my $idx_sha1_obj = $idx++; +my $idx_cast_obj = $idx++; +my $idx_rc4_obj = $idx++; +my $idx_rmd160_obj = $idx++; +my $idx_rc5_obj = $idx++; +my $idx_dso_scheme = $idx++; +my $idx_shared_target = $idx++; +my $idx_shared_cflag = $idx++; +my $idx_shared_ldflag = $idx++; +my $idx_shared_extension = $idx++; +my $idx_ranlib = $idx++; +my $idx_arflags = $idx++; + +my $prefix=""; +my $openssldir=""; +my $exe_ext=""; +my $install_prefix=""; +my $no_threads=0; +my $threads=0; +my $no_shared=0; # but "no-shared" is default +my $zlib=1; # but "no-zlib" is default +my $no_krb5=0; # but "no-krb5" is implied unless "--with-krb5-..." is used +my $no_rfc3779=1; # but "no-rfc3779" is default +my $no_asm=0; +my $no_dso=0; +my $no_gmp=0; +my @skip=(); +my $Makefile="Makefile"; +my $des_locl="crypto/des/des_locl.h"; +my $des ="crypto/des/des.h"; +my $bn ="crypto/bn/bn.h"; +my $md2 ="crypto/md2/md2.h"; +my $rc4 ="crypto/rc4/rc4.h"; +my $rc4_locl="crypto/rc4/rc4_locl.h"; +my $idea ="crypto/idea/idea.h"; +my $rc2 ="crypto/rc2/rc2.h"; +my $bf ="crypto/bf/bf_locl.h"; +my $bn_asm ="bn_asm.o"; +my $des_enc="des_enc.o fcrypt_b.o"; +my $aes_enc="aes_core.o aes_cbc.o"; +my $bf_enc ="bf_enc.o"; +my $cast_enc="c_enc.o"; +my $rc4_enc="rc4_enc.o"; +my $rc5_enc="rc5_enc.o"; +my $md5_obj=""; +my $sha1_obj=""; +my $rmd160_obj=""; +my $processor=""; +my $default_ranlib; +my $perl; + + +# All of the following is disabled by default (RC5 was enabled before 0.9.8): + +my %disabled = ( # "what" => "comment" + "camellia" => "default", + "gmp" => "default", + "mdc2" => "default", + "rc5" => "default", + "rfc3779" => "default", + "shared" => "default", + "zlib" => "default", + "zlib-dynamic" => "default" + ); + +# Additional "no-..." options will be collected in %disabled. +# To remove something from %disabled, use e.g. "enable-rc5". +# For symmetry, "disable-..." is a synonym for "no-...". + +# This is what $depflags will look like with the above default: +my $default_depflags = "-DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_GMP -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 "; + + +my $no_sse2=0; + +&usage if ($#ARGV < 0); + +my $flags; +my $depflags; +my $openssl_algorithm_defines; +my $openssl_thread_defines; +my $openssl_sys_defines=""; +my $openssl_other_defines; +my $libs; +my $libkrb5=""; +my $target; +my $options; +my $symlink; +my $make_depend=0; +my %withargs=(); + +my @argvcopy=@ARGV; +my $argvstring=""; +my $argv_unprocessed=1; + +while($argv_unprocessed) + { + $flags=""; + $depflags=""; + $openssl_algorithm_defines=""; + $openssl_thread_defines=""; + $openssl_sys_defines=""; + $openssl_other_defines=""; + $libs=""; + $target=""; + $options=""; + $symlink=1; + + $argv_unprocessed=0; + $argvstring=join(' ',@argvcopy); + +PROCESS_ARGS: + foreach (@argvcopy) + { + s /^-no-/no-/; # some people just can't read the instructions + + # rewrite some options in "enable-..." form + s /^-?-?shared$/enable-shared/; + s /^threads$/enable-threads/; + s /^zlib$/enable-zlib/; + s /^zlib-dynamic$/enable-zlib-dynamic/; + + if (/^no-(.+)$/ || /^disable-(.+)$/) + { + if ($1 eq "ssl") + { + $disabled{"ssl2"} = "option(ssl)"; + $disabled{"ssl3"} = "option(ssl)"; + } + elsif ($1 eq "tls") + { + $disabled{"tls1"} = "option(tls)" + } + else + { + $disabled{$1} = "option"; + } + } + elsif (/^enable-(.+)$/) + { + delete $disabled{$1}; + + $threads = 1 if ($1 eq "threads"); + } + elsif (/^--test-sanity$/) + { + exit(&test_sanity()); + } + elsif (/^reconfigure/ || /^reconf/) + { + if (open(IN,"<$Makefile")) + { + while () + { + chomp; + if (/^CONFIGURE_ARGS=(.*)/) + { + $argvstring=$1; + @argvcopy=split(' ',$argvstring); + die "Incorrect data to reconfigure, please do a normal configuration\n" + if (grep(/^reconf/,@argvcopy)); + print "Reconfiguring with: $argvstring\n"; + $argv_unprocessed=1; + close(IN); + last PROCESS_ARGS; + } + } + close(IN); + } + die "Insufficient data to reconfigure, please do a normal configuration\n"; + } + elsif (/^386$/) + { $processor=386; } + elsif (/^rsaref$/) + { + # No RSAref support any more since it's not needed. + # The check for the option is there so scripts aren't + # broken + } + elsif (/^[-+]/) + { + if (/^-[lL](.*)$/) + { + $libs.=$_." "; + } + elsif (/^-[^-]/ or /^\+/) + { + $flags.=$_." "; + } + elsif (/^--prefix=(.*)$/) + { + $prefix=$1; + } + elsif (/^--openssldir=(.*)$/) + { + $openssldir=$1; + } + elsif (/^--install.prefix=(.*)$/) + { + $install_prefix=$1; + } + elsif (/^--with-krb5-(dir|lib|include|flavor)=(.*)$/) + { + $withargs{"krb5-".$1}=$2; + } + elsif (/^--with-zlib-lib=(.*)$/) + { + $withargs{"zlib-lib"}=$1; + } + elsif (/^--with-zlib-include=(.*)$/) + { + $withargs{"zlib-include"}="-I$1"; + } + else + { + print STDERR $usage; + exit(1); + } + } + elsif ($_ =~ /^([^:]+):(.+)$/) + { + eval "\$table{\$1} = \"$2\""; # allow $xxx constructs in the string + $target=$1; + } + else + { + die "target already defined - $target (offending arg: $_)\n" if ($target ne ""); + $target=$_; + } + + unless ($_ eq $target || /^no-/ || /^disable-/) + { + # "no-..." follows later after implied disactivations + # have been derived. (Don't take this too seroiusly, + # we really only write OPTIONS to the Makefile out of + # nostalgia.) + + if ($options eq "") + { $options = $_; } + else + { $options .= " ".$_; } + } + } + } + + + +if ($processor eq "386") + { + $disabled{"sse2"} = "forced"; + } + +if (!defined($withargs{"krb5-flavor"}) || $withargs{"krb5-flavor"} eq "") + { + $disabled{"krb5"} = "krb5-flavor not specified"; + } + +if (!defined($disabled{"zlib-dynamic"})) + { + # "zlib-dynamic" was specifically enabled, so enable "zlib" + delete $disabled{"zlib"}; + } + +if (defined($disabled{"rijndael"})) + { + $disabled{"aes"} = "forced"; + } +if (defined($disabled{"des"})) + { + $disabled{"mdc2"} = "forced"; + } +if (defined($disabled{"ec"})) + { + $disabled{"ecdsa"} = "forced"; + $disabled{"ecdh"} = "forced"; + } + +# SSL 2.0 requires MD5 and RSA +if (defined($disabled{"md5"}) || defined($disabled{"rsa"})) + { + $disabled{"ssl2"} = "forced"; + } + +# SSL 3.0 and TLS requires MD5 and SHA and either RSA or DSA+DH +if (defined($disabled{"md5"}) || defined($disabled{"sha"}) + || (defined($disabled{"rsa"}) + && (defined($disabled{"dsa"}) || defined($disabled{"dh"})))) + { + $disabled{"ssl3"} = "forced"; + $disabled{"tls1"} = "forced"; + } + + +if ($target eq "TABLE") { + foreach $target (sort keys %table) { + print_table_entry($target); + } + exit 0; +} + +if ($target eq "LIST") { + foreach (sort keys %table) { + print; + print "\n"; + } + exit 0; +} + +if ($target =~ m/^CygWin32(-.*)$/) { + $target = "Cygwin".$1; +} + +print "Configuring for $target\n"; + +&usage if (!defined($table{$target})); + + +foreach (sort (keys %disabled)) + { + $options .= " no-$_"; + + printf " no-%-12s %-10s", $_, "[$disabled{$_}]"; + + if (/^dso$/) + { $no_dso = 1; } + elsif (/^threads$/) + { $no_threads = 1; } + elsif (/^shared$/) + { $no_shared = 1; } + elsif (/^zlib$/) + { $zlib = 0; } + elsif (/^static-engine$/) + { } + elsif (/^zlib-dynamic$/) + { } + elsif (/^symlinks$/) + { $symlink = 0; } + elsif (/^sse2$/) + { $no_sse2 = 1; } + else + { + my ($ALGO, $algo); + ($ALGO = $algo = $_) =~ tr/[a-z]/[A-Z]/; + + if (/^asm$/ || /^err$/ || /^hw$/ || /^hw-/) + { + $openssl_other_defines .= "#define OPENSSL_NO_$ALGO\n"; + print " OPENSSL_NO_$ALGO"; + + if (/^err$/) { $flags .= "-DOPENSSL_NO_ERR "; } + elsif (/^asm$/) { $no_asm = 1; } + } + else + { + $openssl_algorithm_defines .= "#define OPENSSL_NO_$ALGO\n"; + print " OPENSSL_NO_$ALGO"; + + if (/^krb5$/) + { $no_krb5 = 1; } + else + { + push @skip, $algo; + print " (skip dir)"; + + $depflags .="-DOPENSSL_NO_$ALGO "; + } + } + } + + print "\n"; + } + + +my $IsMK1MF=scalar grep /^$target$/,@MK1MF_Builds; + +$IsMK1MF=1 if ($target eq "mingw" && $^O ne "cygwin" && !is_msys()); + +$exe_ext=".exe" if ($target eq "Cygwin" || $target eq "DJGPP" || $target eq "mingw"); +$exe_ext=".pm" if ($target =~ /vos/); +$openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq ""); +$prefix=$openssldir if $prefix eq ""; + +$default_ranlib= &which("ranlib") or $default_ranlib="true"; +$perl=$ENV{'PERL'} or $perl=&which("perl5") or $perl=&which("perl") + or $perl="perl"; + +chop $openssldir if $openssldir =~ /\/$/; +chop $prefix if $prefix =~ /\/$/; + +$openssldir=$prefix . "/ssl" if $openssldir eq ""; +$openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/; + + +print "IsMK1MF=$IsMK1MF\n"; + +my @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1); +my $cc = $fields[$idx_cc]; +my $cflags = $fields[$idx_cflags]; +my $unistd = $fields[$idx_unistd]; +my $thread_cflag = $fields[$idx_thread_cflag]; +my $sys_id = $fields[$idx_sys_id]; +my $lflags = $fields[$idx_lflags]; +my $bn_ops = $fields[$idx_bn_ops]; +my $cpuid_obj = $fields[$idx_cpuid_obj]; +my $bn_obj = $fields[$idx_bn_obj]; +my $des_obj = $fields[$idx_des_obj]; +my $aes_obj = $fields[$idx_aes_obj]; +my $bf_obj = $fields[$idx_bf_obj]; +my $md5_obj = $fields[$idx_md5_obj]; +my $sha1_obj = $fields[$idx_sha1_obj]; +my $cast_obj = $fields[$idx_cast_obj]; +my $rc4_obj = $fields[$idx_rc4_obj]; +my $rmd160_obj = $fields[$idx_rmd160_obj]; +my $rc5_obj = $fields[$idx_rc5_obj]; +my $dso_scheme = $fields[$idx_dso_scheme]; +my $shared_target = $fields[$idx_shared_target]; +my $shared_cflag = $fields[$idx_shared_cflag]; +my $shared_ldflag = $fields[$idx_shared_ldflag]; +my $shared_extension = $fields[$idx_shared_extension]; +my $ranlib = $fields[$idx_ranlib]; +my $arflags = $fields[$idx_arflags]; + +my $no_shared_warn=0; +my $no_user_cflags=0; + +if ($flags ne "") { $cflags="$flags$cflags"; } +else { $no_user_cflags=1; } + +# Kerberos settings. The flavor must be provided from outside, either through +# the script "config" or manually. +if (!$no_krb5) + { + my ($lresolv, $lpath, $lext); + if ($withargs{"krb5-flavor"} =~ /^[Hh]eimdal$/) + { + die "Sorry, Heimdal is currently not supported\n"; + } + ##### HACK to force use of Heimdal. + ##### WARNING: Since we don't really have adequate support for Heimdal, + ##### using this will break the build. You'll have to make + ##### changes to the source, and if you do, please send + ##### patches to openssl-dev@openssl.org + if ($withargs{"krb5-flavor"} =~ /^force-[Hh]eimdal$/) + { + warn "Heimdal isn't really supported. Your build WILL break\n"; + warn "If you fix the problems, please send a patch to openssl-dev\@openssl.org\n"; + $withargs{"krb5-dir"} = "/usr/heimdal" + if $withargs{"krb5-dir"} eq ""; + $withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}. + "/lib -lgssapi -lkrb5 -lcom_err" + if $withargs{"krb5-lib"} eq "" && !$IsMK1MF; + $cflags="-DKRB5_HEIMDAL $cflags"; + } + if ($withargs{"krb5-flavor"} =~ /^[Mm][Ii][Tt]/) + { + $withargs{"krb5-dir"} = "/usr/kerberos" + if $withargs{"krb5-dir"} eq ""; + $withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}. + "/lib -lgssapi_krb5 -lkrb5 -lcom_err -lk5crypto" + if $withargs{"krb5-lib"} eq "" && !$IsMK1MF; + $cflags="-DKRB5_MIT $cflags"; + $withargs{"krb5-flavor"} =~ s/^[Mm][Ii][Tt][._-]*//; + if ($withargs{"krb5-flavor"} =~ /^1[._-]*[01]/) + { + $cflags="-DKRB5_MIT_OLD11 $cflags"; + } + } + LRESOLV: + foreach $lpath ("/lib", "/usr/lib") + { + foreach $lext ("a", "so") + { + $lresolv = "$lpath/libresolv.$lext"; + last LRESOLV if (-r "$lresolv"); + $lresolv = ""; + } + } + $withargs{"krb5-lib"} .= " -lresolv" + if ("$lresolv" ne ""); + $withargs{"krb5-include"} = "-I".$withargs{"krb5-dir"}."/include" + if $withargs{"krb5-include"} eq "" && + $withargs{"krb5-dir"} ne ""; + } + +# The DSO code currently always implements all functions so that no +# applications will have to worry about that from a compilation point +# of view. However, the "method"s may return zero unless that platform +# has support compiled in for them. Currently each method is enabled +# by a define "DSO_" ... we translate the "dso_scheme" config +# string entry into using the following logic; +my $dso_cflags; +if (!$no_dso && $dso_scheme ne "") + { + $dso_scheme =~ tr/[a-z]/[A-Z]/; + if ($dso_scheme eq "DLFCN") + { + $dso_cflags = "-DDSO_DLFCN -DHAVE_DLFCN_H"; + } + elsif ($dso_scheme eq "DLFCN_NO_H") + { + $dso_cflags = "-DDSO_DLFCN"; + } + else + { + $dso_cflags = "-DDSO_$dso_scheme"; + } + $cflags = "$dso_cflags $cflags"; + } + +my $thread_cflags; +my $thread_defines; +if ($thread_cflag ne "(unknown)" && !$no_threads) + { + # If we know how to do it, support threads by default. + $threads = 1; + } +if ($thread_cflag eq "(unknown)" && $threads) + { + # If the user asked for "threads", [s]he is also expected to + # provide any system-dependent compiler options that are + # necessary. + if ($no_user_cflags) + { + print "You asked for multi-threading support, but didn't\n"; + print "provide any system-specific compiler options\n"; + exit(1); + } + $thread_cflags="-DOPENSSL_THREADS $cflags" ; + $thread_defines .= "#define OPENSSL_THREADS\n"; + } +else + { + $thread_cflags="-DOPENSSL_THREADS $thread_cflag $cflags"; + $thread_defines .= "#define OPENSSL_THREADS\n"; +# my $def; +# foreach $def (split ' ',$thread_cflag) +# { +# if ($def =~ s/^-D// && $def !~ /^_/) +# { +# $thread_defines .= "#define $def\n"; +# } +# } + } + +$lflags="$libs$lflags" if ($libs ne ""); + +if ($no_asm) + { + $cpuid_obj=$bn_obj=$des_obj=$aes_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj=""; + $sha1_obj=$md5_obj=$rmd160_obj=""; + } + +if (!$no_shared) + { + $cast_obj=""; # CAST assembler is not PIC + } + +if ($threads) + { + $cflags=$thread_cflags; + $openssl_thread_defines .= $thread_defines; + } + +if ($zlib) + { + $cflags = "-DZLIB $cflags"; + if (defined($disabled{"zlib-dynamic"})) + { + $lflags = "$lflags -lz"; + } + else + { + $cflags = "-DZLIB_SHARED $cflags"; + } + } + +# You will find shlib_mark1 and shlib_mark2 explained in Makefile.org +my $shared_mark = ""; +if ($shared_target eq "") + { + $no_shared_warn = 1 if !$no_shared; + $no_shared = 1; + } +if (!$no_shared) + { + if ($shared_cflag ne "") + { + $cflags = "$shared_cflag -DOPENSSL_PIC $cflags"; + } + } + +if (!$IsMK1MF) + { + if ($no_shared) + { + $openssl_other_defines.="#define OPENSSL_NO_DYNAMIC_ENGINE\n"; + } + else + { + $openssl_other_defines.="#define OPENSSL_NO_STATIC_ENGINE\n"; + } + } + +$cpuid_obj.=" uplink.o uplink-cof.o" if ($cflags =~ /\-DOPENSSL_USE_APPLINK/); +# Compiler fix-ups +if ($target =~ /icc$/) + { + my($iccver)=`$cc -V 2>&1`; + if ($iccver =~ /Version ([0-9]+)\./) { $iccver=$1; } + else { $iccver=0; } + if ($iccver>=8) + { + # Eliminate unnecessary dependency from libirc.a. This is + # essential for shared library support, as otherwise + # apps/openssl can end up in endless loop upon startup... + $cflags.=" -Dmemcpy=__builtin_memcpy -Dmemset=__builtin_memset"; + } + } + +if ($sys_id ne "") + { + #$cflags="-DOPENSSL_SYSNAME_$sys_id $cflags"; + $openssl_sys_defines="#define OPENSSL_SYSNAME_$sys_id\n"; + } + +if ($ranlib eq "") + { + $ranlib = $default_ranlib; + } + +#my ($bn1)=split(/\s+/,$bn_obj); +#$bn1 = "" unless defined $bn1; +#$bn1=$bn_asm unless ($bn1 =~ /\.o$/); +#$bn_obj="$bn1"; + +$cpuid_obj="" if ($processor eq "386"); + +$bn_obj = $bn_asm unless $bn_obj ne ""; +# bn86* is the only one implementing bn_*_part_words +$cflags.=" -DOPENSSL_BN_ASM_PART_WORDS" if ($bn_obj =~ /bn86/); +$cflags.=" -DOPENSSL_IA32_SSE2" if (!$no_sse2 && $bn_obj =~ /bn86/); + +$des_obj=$des_enc unless ($des_obj =~ /\.o$/); +$bf_obj=$bf_enc unless ($bf_obj =~ /\.o$/); +$cast_obj=$cast_enc unless ($cast_obj =~ /\.o$/); +$rc4_obj=$rc4_enc unless ($rc4_obj =~ /\.o$/); +$rc5_obj=$rc5_enc unless ($rc5_obj =~ /\.o$/); +if ($sha1_obj =~ /\.o$/) + { +# $sha1_obj=$sha1_enc; + $cflags.=" -DSHA1_ASM" if ($sha1_obj =~ /sx86/ || $sha1_obj =~ /sha1/); + $cflags.=" -DSHA256_ASM" if ($sha1_obj =~ /sha256/); + $cflags.=" -DSHA512_ASM" if ($sha1_obj =~ /sha512/); + if ($sha1_obj =~ /x86/) + { if ($no_sse2) + { $sha1_obj =~ s/\S*sse2\S+//; } + elsif ($cflags !~ /OPENSSL_IA32_SSE2/) + { $cflags.=" -DOPENSSL_IA32_SSE2"; } + } + } +if ($md5_obj =~ /\.o$/) + { +# $md5_obj=$md5_enc; + $cflags.=" -DMD5_ASM"; + } +if ($rmd160_obj =~ /\.o$/) + { +# $rmd160_obj=$rmd160_enc; + $cflags.=" -DRMD160_ASM"; + } +if ($aes_obj =~ /\.o$/) + { + $cflags.=" -DAES_ASM"; + } +else { + $aes_obj=$aes_enc; + } + +# "Stringify" the C flags string. This permits it to be made part of a string +# and works as well on command lines. +$cflags =~ s/([\\\"])/\\\1/g; + +my $version = "unknown"; +my $version_num = "unknown"; +my $major = "unknown"; +my $minor = "unknown"; +my $shlib_version_number = "unknown"; +my $shlib_version_history = "unknown"; +my $shlib_major = "unknown"; +my $shlib_minor = "unknown"; + +open(IN,') + { + $version=$1 if /OPENSSL.VERSION.TEXT.*OpenSSL (\S+) /; + $version_num=$1 if /OPENSSL.VERSION.NUMBER.*0x(\S+)/; + $shlib_version_number=$1 if /SHLIB_VERSION_NUMBER *"([^"]+)"/; + $shlib_version_history=$1 if /SHLIB_VERSION_HISTORY *"([^"]*)"/; + } +close(IN); +if ($shlib_version_history ne "") { $shlib_version_history .= ":"; } + +if ($version =~ /(^[0-9]*)\.([0-9\.]*)/) + { + $major=$1; + $minor=$2; + } + +if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/) + { + $shlib_major=$1; + $shlib_minor=$2; + } + +open(IN,'$Makefile.new") || die "unable to create $Makefile.new:$!\n"; +print OUT "### Generated automatically from Makefile.org by Configure.\n\n"; +my $sdirs=0; +while () + { + chomp; + $sdirs = 1 if /^SDIRS=/; + if ($sdirs) { + my $dir; + foreach $dir (@skip) { + s/([ ])$dir /\1/; + } + } + $sdirs = 0 unless /\\$/; + s/^VERSION=.*/VERSION=$version/; + s/^MAJOR=.*/MAJOR=$major/; + s/^MINOR=.*/MINOR=$minor/; + s/^SHLIB_VERSION_NUMBER=.*/SHLIB_VERSION_NUMBER=$shlib_version_number/; + s/^SHLIB_VERSION_HISTORY=.*/SHLIB_VERSION_HISTORY=$shlib_version_history/; + s/^SHLIB_MAJOR=.*/SHLIB_MAJOR=$shlib_major/; + s/^SHLIB_MINOR=.*/SHLIB_MINOR=$shlib_minor/; + s/^SHLIB_EXT=.*/SHLIB_EXT=$shared_extension/; + s/^INSTALLTOP=.*$/INSTALLTOP=$prefix/; + s/^OPENSSLDIR=.*$/OPENSSLDIR=$openssldir/; + s/^INSTALL_PREFIX=.*$/INSTALL_PREFIX=$install_prefix/; + s/^PLATFORM=.*$/PLATFORM=$target/; + s/^OPTIONS=.*$/OPTIONS=$options/; + s/^CONFIGURE_ARGS=.*$/CONFIGURE_ARGS=$argvstring/; + s/^CC=.*$/CC= $cc/; + s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc"; + s/^CFLAG=.*$/CFLAG= $cflags/; + s/^DEPFLAG=.*$/DEPFLAG= $depflags/; + s/^EX_LIBS=.*$/EX_LIBS= $lflags/; + s/^EXE_EXT=.*$/EXE_EXT= $exe_ext/; + s/^CPUID_OBJ=.*$/CPUID_OBJ= $cpuid_obj/; + s/^BN_ASM=.*$/BN_ASM= $bn_obj/; + s/^DES_ENC=.*$/DES_ENC= $des_obj/; + s/^AES_ASM_OBJ=.*$/AES_ASM_OBJ= $aes_obj/; + s/^BF_ENC=.*$/BF_ENC= $bf_obj/; + s/^CAST_ENC=.*$/CAST_ENC= $cast_obj/; + s/^RC4_ENC=.*$/RC4_ENC= $rc4_obj/; + s/^RC5_ENC=.*$/RC5_ENC= $rc5_obj/; + s/^MD5_ASM_OBJ=.*$/MD5_ASM_OBJ= $md5_obj/; + s/^SHA1_ASM_OBJ=.*$/SHA1_ASM_OBJ= $sha1_obj/; + s/^RMD160_ASM_OBJ=.*$/RMD160_ASM_OBJ= $rmd160_obj/; + s/^PROCESSOR=.*/PROCESSOR= $processor/; + s/^RANLIB=.*/RANLIB= $ranlib/; + s/^ARFLAGS=.*/ARFLAGS= $arflags/; + s/^PERL=.*/PERL= $perl/; + s/^KRB5_INCLUDES=.*/KRB5_INCLUDES=$withargs{"krb5-include"}/; + s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/; + s/^LIBZLIB=.*/LIBZLIB=$withargs{"zlib-lib"}/; + s/^ZLIB_INCLUDE=.*/ZLIB_INCLUDE=$withargs{"zlib-include"}/; + s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/; + s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/; + s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared); + if ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*$/) + { + my $sotmp = $1; + s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp/; + } + elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.dylib$/) + { + s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.dylib/; + } + elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/) + { + my $sotmp = $1; + s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/; + } + elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/) + { + s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.\$(SHLIB_MAJOR).dylib .dylib/; + } + s/^SHARED_LDFLAGS=.*/SHARED_LDFLAGS=$shared_ldflag/; + print OUT $_."\n"; + } +close(IN); +close(OUT); +rename($Makefile,"$Makefile.bak") || die "unable to rename $Makefile\n" if -e $Makefile; +rename("$Makefile.new",$Makefile) || die "unable to rename $Makefile.new\n"; + +print "CC =$cc\n"; +print "CFLAG =$cflags\n"; +print "EX_LIBS =$lflags\n"; +print "CPUID_OBJ =$cpuid_obj\n"; +print "BN_ASM =$bn_obj\n"; +print "DES_ENC =$des_obj\n"; +print "AES_ASM_OBJ =$aes_obj\n"; +print "BF_ENC =$bf_obj\n"; +print "CAST_ENC =$cast_obj\n"; +print "RC4_ENC =$rc4_obj\n"; +print "RC5_ENC =$rc5_obj\n"; +print "MD5_OBJ_ASM =$md5_obj\n"; +print "SHA1_OBJ_ASM =$sha1_obj\n"; +print "RMD160_OBJ_ASM=$rmd160_obj\n"; +print "PROCESSOR =$processor\n"; +print "RANLIB =$ranlib\n"; +print "ARFLAGS =$arflags\n"; +print "PERL =$perl\n"; +print "KRB5_INCLUDES =",$withargs{"krb5-include"},"\n" + if $withargs{"krb5-include"} ne ""; + +my $des_ptr=0; +my $des_risc1=0; +my $des_risc2=0; +my $des_unroll=0; +my $bn_ll=0; +my $def_int=2; +my $rc4_int=$def_int; +my $md2_int=$def_int; +my $idea_int=$def_int; +my $rc2_int=$def_int; +my $rc4_idx=0; +my $rc4_chunk=0; +my $bf_ptr=0; +my @type=("char","short","int","long"); +my ($b64l,$b64,$b32,$b16,$b8)=(0,0,1,0,0); +my $export_var_as_fn=0; + +my $des_int; + +foreach (sort split(/\s+/,$bn_ops)) + { + $des_ptr=1 if /DES_PTR/; + $des_risc1=1 if /DES_RISC1/; + $des_risc2=1 if /DES_RISC2/; + $des_unroll=1 if /DES_UNROLL/; + $des_int=1 if /DES_INT/; + $bn_ll=1 if /BN_LLONG/; + $rc4_int=0 if /RC4_CHAR/; + $rc4_int=3 if /RC4_LONG/; + $rc4_idx=1 if /RC4_INDEX/; + $rc4_chunk=1 if /RC4_CHUNK/; + $rc4_chunk=2 if /RC4_CHUNK_LL/; + $md2_int=0 if /MD2_CHAR/; + $md2_int=3 if /MD2_LONG/; + $idea_int=1 if /IDEA_SHORT/; + $idea_int=3 if /IDEA_LONG/; + $rc2_int=1 if /RC2_SHORT/; + $rc2_int=3 if /RC2_LONG/; + $bf_ptr=1 if $_ eq "BF_PTR"; + $bf_ptr=2 if $_ eq "BF_PTR2"; + ($b64l,$b64,$b32,$b16,$b8)=(0,1,0,0,0) if /SIXTY_FOUR_BIT/; + ($b64l,$b64,$b32,$b16,$b8)=(1,0,0,0,0) if /SIXTY_FOUR_BIT_LONG/; + ($b64l,$b64,$b32,$b16,$b8)=(0,0,1,0,0) if /THIRTY_TWO_BIT/; + ($b64l,$b64,$b32,$b16,$b8)=(0,0,0,1,0) if /SIXTEEN_BIT/; + ($b64l,$b64,$b32,$b16,$b8)=(0,0,0,0,1) if /EIGHT_BIT/; + $export_var_as_fn=1 if /EXPORT_VAR_AS_FN/; + } + +open(IN,'crypto/opensslconf.h.new') || die "unable to create crypto/opensslconf.h.new:$!\n"; +print OUT "/* opensslconf.h */\n"; +print OUT "/* WARNING: Generated automatically from opensslconf.h.in by Configure. */\n\n"; + +print OUT "/* OpenSSL was configured with the following options: */\n"; +my $openssl_algorithm_defines_trans = $openssl_algorithm_defines; +$openssl_algorithm_defines_trans =~ s/^\s*#\s*define\s+OPENSSL_(.*)/# if defined(OPENSSL_$1) \&\& !defined($1)\n# define $1\n# endif/mg; +$openssl_algorithm_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg; +$openssl_algorithm_defines = " /* no ciphers excluded */\n" if $openssl_algorithm_defines eq ""; +$openssl_thread_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg; +$openssl_sys_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg; +$openssl_other_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg; +print OUT $openssl_sys_defines; +print OUT "#ifndef OPENSSL_DOING_MAKEDEPEND\n\n"; +print OUT $openssl_algorithm_defines; +print OUT "\n#endif /* OPENSSL_DOING_MAKEDEPEND */\n"; +print OUT $openssl_thread_defines; +print OUT $openssl_other_defines,"\n"; + +print OUT "/* The OPENSSL_NO_* macros are also defined as NO_* if the application\n"; +print OUT " asks for it. This is a transient feature that is provided for those\n"; +print OUT " who haven't had the time to do the appropriate changes in their\n"; +print OUT " applications. */\n"; +print OUT "#ifdef OPENSSL_ALGORITHM_DEFINES\n"; +print OUT $openssl_algorithm_defines_trans; +print OUT "#endif\n\n"; + +print OUT "#define OPENSSL_CPUID_OBJ\n\n" if ($cpuid_obj); + +while () + { + if (/^#define\s+OPENSSLDIR/) + { print OUT "#define OPENSSLDIR \"$openssldir\"\n"; } + elsif (/^#define\s+ENGINESDIR/) + { print OUT "#define ENGINESDIR \"$prefix/lib/engines\"\n"; } + elsif (/^#((define)|(undef))\s+OPENSSL_EXPORT_VAR_AS_FUNCTION/) + { printf OUT "#undef OPENSSL_EXPORT_VAR_AS_FUNCTION\n" + if $export_var_as_fn; + printf OUT "#%s OPENSSL_EXPORT_VAR_AS_FUNCTION\n", + ($export_var_as_fn)?"define":"undef"; } + elsif (/^#define\s+OPENSSL_UNISTD/) + { + $unistd = "" if $unistd eq ""; + print OUT "#define OPENSSL_UNISTD $unistd\n"; + } + elsif (/^#((define)|(undef))\s+SIXTY_FOUR_BIT_LONG/) + { printf OUT "#%s SIXTY_FOUR_BIT_LONG\n",($b64l)?"define":"undef"; } + elsif (/^#((define)|(undef))\s+SIXTY_FOUR_BIT/) + { printf OUT "#%s SIXTY_FOUR_BIT\n",($b64)?"define":"undef"; } + elsif (/^#((define)|(undef))\s+THIRTY_TWO_BIT/) + { printf OUT "#%s THIRTY_TWO_BIT\n",($b32)?"define":"undef"; } + elsif (/^#((define)|(undef))\s+SIXTEEN_BIT/) + { printf OUT "#%s SIXTEEN_BIT\n",($b16)?"define":"undef"; } + elsif (/^#((define)|(undef))\s+EIGHT_BIT/) + { printf OUT "#%s EIGHT_BIT\n",($b8)?"define":"undef"; } + elsif (/^#((define)|(undef))\s+BN_LLONG\s*$/) + { printf OUT "#%s BN_LLONG\n",($bn_ll)?"define":"undef"; } + elsif (/^\#define\s+DES_LONG\s+.*/) + { printf OUT "#define DES_LONG unsigned %s\n", + ($des_int)?'int':'long'; } + elsif (/^\#(define|undef)\s+DES_PTR/) + { printf OUT "#%s DES_PTR\n",($des_ptr)?'define':'undef'; } + elsif (/^\#(define|undef)\s+DES_RISC1/) + { printf OUT "#%s DES_RISC1\n",($des_risc1)?'define':'undef'; } + elsif (/^\#(define|undef)\s+DES_RISC2/) + { printf OUT "#%s DES_RISC2\n",($des_risc2)?'define':'undef'; } + elsif (/^\#(define|undef)\s+DES_UNROLL/) + { printf OUT "#%s DES_UNROLL\n",($des_unroll)?'define':'undef'; } + elsif (/^#define\s+RC4_INT\s/) + { printf OUT "#define RC4_INT unsigned %s\n",$type[$rc4_int]; } + elsif (/^#undef\s+RC4_CHUNK/) + { + printf OUT "#undef RC4_CHUNK\n" if $rc4_chunk==0; + printf OUT "#define RC4_CHUNK unsigned long\n" if $rc4_chunk==1; + printf OUT "#define RC4_CHUNK unsigned long long\n" if $rc4_chunk==2; + } + elsif (/^#((define)|(undef))\s+RC4_INDEX/) + { printf OUT "#%s RC4_INDEX\n",($rc4_idx)?"define":"undef"; } + elsif (/^#(define|undef)\s+I386_ONLY/) + { printf OUT "#%s I386_ONLY\n", ($processor eq "386")? + "define":"undef"; } + elsif (/^#define\s+MD2_INT\s/) + { printf OUT "#define MD2_INT unsigned %s\n",$type[$md2_int]; } + elsif (/^#define\s+IDEA_INT\s/) + {printf OUT "#define IDEA_INT unsigned %s\n",$type[$idea_int];} + elsif (/^#define\s+RC2_INT\s/) + {printf OUT "#define RC2_INT unsigned %s\n",$type[$rc2_int];} + elsif (/^#(define|undef)\s+BF_PTR/) + { + printf OUT "#undef BF_PTR\n" if $bf_ptr == 0; + printf OUT "#define BF_PTR\n" if $bf_ptr == 1; + printf OUT "#define BF_PTR2\n" if $bf_ptr == 2; + } + else + { print OUT $_; } + } +close(IN); +close(OUT); +rename("crypto/opensslconf.h","crypto/opensslconf.h.bak") || die "unable to rename crypto/opensslconf.h\n" if -e "crypto/opensslconf.h"; +rename("crypto/opensslconf.h.new","crypto/opensslconf.h") || die "unable to rename crypto/opensslconf.h.new\n"; + + +# Fix the date + +print "SIXTY_FOUR_BIT_LONG mode\n" if $b64l; +print "SIXTY_FOUR_BIT mode\n" if $b64; +print "THIRTY_TWO_BIT mode\n" if $b32; +print "SIXTEEN_BIT mode\n" if $b16; +print "EIGHT_BIT mode\n" if $b8; +print "DES_PTR used\n" if $des_ptr; +print "DES_RISC1 used\n" if $des_risc1; +print "DES_RISC2 used\n" if $des_risc2; +print "DES_UNROLL used\n" if $des_unroll; +print "DES_INT used\n" if $des_int; +print "BN_LLONG mode\n" if $bn_ll; +print "RC4 uses u$type[$rc4_int]\n" if $rc4_int != $def_int; +print "RC4_INDEX mode\n" if $rc4_idx; +print "RC4_CHUNK is undefined\n" if $rc4_chunk==0; +print "RC4_CHUNK is unsigned long\n" if $rc4_chunk==1; +print "RC4_CHUNK is unsigned long long\n" if $rc4_chunk==2; +print "MD2 uses u$type[$md2_int]\n" if $md2_int != $def_int; +print "IDEA uses u$type[$idea_int]\n" if $idea_int != $def_int; +print "RC2 uses u$type[$rc2_int]\n" if $rc2_int != $def_int; +print "BF_PTR used\n" if $bf_ptr == 1; +print "BF_PTR2 used\n" if $bf_ptr == 2; + +if($IsMK1MF) { + open (OUT,">crypto/buildinf.h") || die "Can't open buildinf.h"; + printf OUT <ms/version32.rc") || die "Can't open ms/version32.rc"; + print OUT < + +LANGUAGE 0x09,0x01 + +1 VERSIONINFO + FILEVERSION $v1,$v2,$v3,$v4 + PRODUCTVERSION $v1,$v2,$v3,$v4 + FILEFLAGSMASK 0x3fL +#ifdef _DEBUG + FILEFLAGS 0x01L +#else + FILEFLAGS 0x00L +#endif + FILEOS VOS__WINDOWS32 + FILETYPE VFT_DLL + FILESUBTYPE 0x0L +BEGIN + BLOCK "StringFileInfo" + BEGIN + BLOCK "040904b0" + BEGIN + // Required: + VALUE "CompanyName", "The OpenSSL Project, http://www.openssl.org/\\0" + VALUE "FileDescription", "OpenSSL Shared Library\\0" + VALUE "FileVersion", "$version\\0" +#if defined(CRYPTO) + VALUE "InternalName", "libeay32\\0" + VALUE "OriginalFilename", "libeay32.dll\\0" +#elif defined(SSL) + VALUE "InternalName", "ssleay32\\0" + VALUE "OriginalFilename", "ssleay32.dll\\0" +#endif + VALUE "ProductName", "The OpenSSL Toolkit\\0" + VALUE "ProductVersion", "$version\\0" + // Optional: + //VALUE "Comments", "\\0" + VALUE "LegalCopyright", "Copyright © 1998-2005 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0" + //VALUE "LegalTrademarks", "\\0" + //VALUE "PrivateBuild", "\\0" + //VALUE "SpecialBuild", "\\0" + END + END + BLOCK "VarFileInfo" + BEGIN + VALUE "Translation", 0x409, 0x4b0 + END +END +EOF + close(OUT); + } + +print < 78) + { + print STDERR "\n"; + $k=length($i); + } + print STDERR $i . " "; + } + foreach $i (sort keys %table) + { + next if $i !~ /^debug/; + $k += length($i) + 1; + if ($k > 78) + { + print STDERR "\n"; + $k=length($i); + } + print STDERR $i . " "; + } + print STDERR "\n\nNOTE: If in doubt, on Unix-ish systems use './config'.\n"; + exit(1); + } + +sub which + { + my($name)=@_; + my $path; + foreach $path (split /:/, $ENV{PATH}) + { + if (-f "$path/$name$exe_ext" and -x _) + { + return "$path/$name$exe_ext" unless ($name eq "perl" and + system("$path/$name$exe_ext -e " . '\'exit($]<5.0);\'')); + } + } + } + +sub dofile + { + my $f; my $p; my %m; my @a; my $k; my $ff; + ($f,$p,%m)=@_; + + open(IN,"<$f.in") || open(IN,"<$f") || die "unable to open $f:$!\n"; + @a=; + close(IN); + foreach $k (keys %m) + { + grep(/$k/ && ($_=sprintf($m{$k}."\n",$p)),@a); + } + open(OUT,">$f.new") || die "unable to open $f.new:$!\n"; + print OUT @a; + close(OUT); + rename($f,"$f.bak") || die "unable to rename $f\n" if -e $f; + rename("$f.new",$f) || die "unable to rename $f.new\n"; + } + +sub print_table_entry + { + my $target = shift; + + (my $cc,my $cflags,my $unistd,my $thread_cflag,my $sys_id,my $lflags, + my $bn_ops,my $cpuid_obj,my $bn_obj,my $des_obj,my $aes_obj, my $bf_obj, + my $md5_obj,my $sha1_obj,my $cast_obj,my $rc4_obj,my $rmd160_obj, + my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag, + my $shared_ldflag,my $shared_extension,my $ranlib,my $arflags)= + split(/\s*:\s*/,$table{$target} . ":" x 30 , -1); + + print < fail with a certificate verify error? +* Why can I only use weak ciphers when I connect to a server using OpenSSL? +* How can I create DSA certificates? +* Why can't I make an SSL connection using a DSA certificate? +* How can I remove the passphrase on a private key? +* Why can't I use OpenSSL certificates with SSL client authentication? +* Why does my browser give a warning about a mismatched hostname? +* How do I install a CA certificate into a browser? +* Why is OpenSSL x509 DN output not conformant to RFC2253? +* What is a "128 bit certificate"? Can I create one with OpenSSL? + +[BUILD] Questions about building and testing OpenSSL + +* Why does the linker complain about undefined symbols? +* Why does the OpenSSL test fail with "bc: command not found"? +* Why does the OpenSSL test fail with "bc: 1 no implemented"? +* Why does the OpenSSL test fail with "bc: stack empty"? +* Why does the OpenSSL compilation fail on Alpha Tru64 Unix? +* Why does the OpenSSL compilation fail with "ar: command not found"? +* Why does the OpenSSL compilation fail on Win32 with VC++? +* What is special about OpenSSL on Redhat? +* Why does the OpenSSL compilation fail on MacOS X? +* Why does the OpenSSL test suite fail on MacOS X? +* Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]? +* Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"? +* Why does the OpenSSL test suite fail in sha512t on x86 CPU? +* Why does compiler fail to compile sha512.c? +* Test suite still fails, what to do? + +[PROG] Questions about programming with OpenSSL + +* Is OpenSSL thread-safe? +* I've compiled a program under Windows and it crashes: why? +* How do I read or write a DER encoded buffer using the ASN1 functions? +* OpenSSL uses DER but I need BER format: does OpenSSL support BER? +* I've tried using and I get errors why? +* I've called and it fails, why? +* I just get a load of numbers for the error output, what do they mean? +* Why do I get errors about unknown algorithms? +* Why can't the OpenSSH configure script detect OpenSSL? +* Can I use OpenSSL's SSL library with non-blocking I/O? +* Why doesn't my server application receive a client certificate? +* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier? +* I think I've detected a memory leak, is this a bug? + +=============================================================================== + +[MISC] ======================================================================== + +* Which is the current version of OpenSSL? + +The current version is available from . +OpenSSL 0.9.8e was released on February 23rd, 2007. + +In addition to the current stable release, you can also access daily +snapshots of the OpenSSL development version at , or get it by anonymous CVS access. + + +* Where is the documentation? + +OpenSSL is a library that provides cryptographic functionality to +applications such as secure web servers. Be sure to read the +documentation of the application you want to use. The INSTALL file +explains how to install this library. + +OpenSSL includes a command line utility that can be used to perform a +variety of cryptographic functions. It is described in the openssl(1) +manpage. Documentation for developers is currently being written. A +few manual pages already are available; overviews over libcrypto and +libssl are given in the crypto(3) and ssl(3) manpages. + +The OpenSSL manpages are installed in /usr/local/ssl/man/ (or a +different directory if you specified one as described in INSTALL). +In addition, you can read the most current versions at +. + +For information on parts of libcrypto that are not yet documented, you +might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's +predecessor, at . Much +of this still applies to OpenSSL. + +There is some documentation about certificate extensions and PKCS#12 +in doc/openssl.txt + +The original SSLeay documentation is included in OpenSSL as +doc/ssleay.txt. It may be useful when none of the other resources +help, but please note that it reflects the obsolete version SSLeay +0.6.6. + + +* How can I contact the OpenSSL developers? + +The README file describes how to submit bug reports and patches to +OpenSSL. Information on the OpenSSL mailing lists is available from +. + + +* Where can I get a compiled version of OpenSSL? + +You can finder pointers to binary distributions in +http://www.openssl.org/related/binaries.html . + +Some applications that use OpenSSL are distributed in binary form. +When using such an application, you don't need to install OpenSSL +yourself; the application will include the required parts (e.g. DLLs). + +If you want to build OpenSSL on a Windows system and you don't have +a C compiler, read the "Mingw32" section of INSTALL.W32 for information +on how to obtain and install the free GNU C compiler. + +A number of Linux and *BSD distributions include OpenSSL. + + +* Why aren't tools like 'autoconf' and 'libtool' used? + +autoconf will probably be used in future OpenSSL versions. If it was +less Unix-centric, it might have been used much earlier. + +* What is an 'engine' version? + +With version 0.9.6 OpenSSL was extended to interface to external crypto +hardware. This was realized in a special release '0.9.6-engine'. With +version 0.9.7 the changes were merged into the main development line, +so that the special release is no longer necessary. + +* How do I check the authenticity of the OpenSSL distribution? + +We provide MD5 digests and ASC signatures of each tarball. +Use MD5 to check that a tarball from a mirror site is identical: + + md5sum TARBALL | awk '{print $1;}' | cmp - TARBALL.md5 + +You can check authenticity using pgp or gpg. You need the OpenSSL team +member public key used to sign it (download it from a key server, see a +list of keys at ). Then +just do: + + pgp TARBALL.asc + +[LEGAL] ======================================================================= + +* Do I need patent licenses to use OpenSSL? + +The patents section of the README file lists patents that may apply to +you if you want to use OpenSSL. For information on intellectual +property rights, please consult a lawyer. The OpenSSL team does not +offer legal advice. + +You can configure OpenSSL so as not to use IDEA, MDC2 and RC5 by using + ./config no-idea no-mdc2 no-rc5 + + +* Can I use OpenSSL with GPL software? + +On many systems including the major Linux and BSD distributions, yes (the +GPL does not place restrictions on using libraries that are part of the +normal operating system distribution). + +On other systems, the situation is less clear. Some GPL software copyright +holders claim that you infringe on their rights if you use OpenSSL with +their software on operating systems that don't normally include OpenSSL. + +If you develop open source software that uses OpenSSL, you may find it +useful to choose an other license than the GPL, or state explicitly that +"This program is released under the GPL with the additional exemption that +compiling, linking, and/or using OpenSSL is allowed." If you are using +GPL software developed by others, you may want to ask the copyright holder +for permission to use their software with OpenSSL. + + +[USER] ======================================================================== + +* Why do I get a "PRNG not seeded" error message? + +Cryptographic software needs a source of unpredictable data to work +correctly. Many open source operating systems provide a "randomness +device" (/dev/urandom or /dev/random) that serves this purpose. +All OpenSSL versions try to use /dev/urandom by default; starting with +version 0.9.7, OpenSSL also tries /dev/random if /dev/urandom is not +available. + +On other systems, applications have to call the RAND_add() or +RAND_seed() function with appropriate data before generating keys or +performing public key encryption. (These functions initialize the +pseudo-random number generator, PRNG.) Some broken applications do +not do this. As of version 0.9.5, the OpenSSL functions that need +randomness report an error if the random number generator has not been +seeded with at least 128 bits of randomness. If this error occurs and +is not discussed in the documentation of the application you are +using, please contact the author of that application; it is likely +that it never worked correctly. OpenSSL 0.9.5 and later make the +error visible by refusing to perform potentially insecure encryption. + +If you are using Solaris 8, you can add /dev/urandom and /dev/random +devices by installing patch 112438 (Sparc) or 112439 (x86), which are +available via the Patchfinder at +(Solaris 9 includes these devices by default). For /dev/random support +for earlier Solaris versions, see Sun's statement at + +(the SUNWski package is available in patch 105710). + +On systems without /dev/urandom and /dev/random, it is a good idea to +use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for +details. Starting with version 0.9.7, OpenSSL will automatically look +for an EGD socket at /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool and +/etc/entropy. + +Most components of the openssl command line utility automatically try +to seed the random number generator from a file. The name of the +default seeding file is determined as follows: If environment variable +RANDFILE is set, then it names the seeding file. Otherwise if +environment variable HOME is set, then the seeding file is $HOME/.rnd. +If neither RANDFILE nor HOME is set, versions up to OpenSSL 0.9.6 will +use file .rnd in the current directory while OpenSSL 0.9.6a uses no +default seeding file at all. OpenSSL 0.9.6b and later will behave +similarly to 0.9.6a, but will use a default of "C:\" for HOME on +Windows systems if the environment variable has not been set. + +If the default seeding file does not exist or is too short, the "PRNG +not seeded" error message may occur. + +The openssl command line utility will write back a new state to the +default seeding file (and create this file if necessary) unless +there was no sufficient seeding. + +Pointing $RANDFILE to an Entropy Gathering Daemon socket does not work. +Use the "-rand" option of the OpenSSL command line tools instead. +The $RANDFILE environment variable and $HOME/.rnd are only used by the +OpenSSL command line tools. Applications using the OpenSSL library +provide their own configuration options to specify the entropy source, +please check out the documentation coming the with application. + + +* Why do I get an "unable to write 'random state'" error message? + + +Sometimes the openssl command line utility does not abort with +a "PRNG not seeded" error message, but complains that it is +"unable to write 'random state'". This message refers to the +default seeding file (see previous answer). A possible reason +is that no default filename is known because neither RANDFILE +nor HOME is set. (Versions up to 0.9.6 used file ".rnd" in the +current directory in this case, but this has changed with 0.9.6a.) + + +* How do I create certificates or certificate requests? + +Check out the CA.pl(1) manual page. This provides a simple wrapper round +the 'req', 'verify', 'ca' and 'pkcs12' utilities. For finer control check +out the manual pages for the individual utilities and the certificate +extensions documentation (currently in doc/openssl.txt). + + +* Why can't I create certificate requests? + +You typically get the error: + + unable to find 'distinguished_name' in config + problems making Certificate Request + +This is because it can't find the configuration file. Check out the +DIAGNOSTICS section of req(1) for more information. + + +* Why does fail with a certificate verify error? + +This problem is usually indicated by log messages saying something like +"unable to get local issuer certificate" or "self signed certificate". +When a certificate is verified its root CA must be "trusted" by OpenSSL +this typically means that the CA certificate must be placed in a directory +or file and the relevant program configured to read it. The OpenSSL program +'verify' behaves in a similar way and issues similar error messages: check +the verify(1) program manual page for more information. + + +* Why can I only use weak ciphers when I connect to a server using OpenSSL? + +This is almost certainly because you are using an old "export grade" browser +which only supports weak encryption. Upgrade your browser to support 128 bit +ciphers. + + +* How can I create DSA certificates? + +Check the CA.pl(1) manual page for a DSA certificate example. + + +* Why can't I make an SSL connection to a server using a DSA certificate? + +Typically you'll see a message saying there are no shared ciphers when +the same setup works fine with an RSA certificate. There are two possible +causes. The client may not support connections to DSA servers most web +browsers (including Netscape and MSIE) only support connections to servers +supporting RSA cipher suites. The other cause is that a set of DH parameters +has not been supplied to the server. DH parameters can be created with the +dhparam(1) command and loaded using the SSL_CTX_set_tmp_dh() for example: +check the source to s_server in apps/s_server.c for an example. + + +* How can I remove the passphrase on a private key? + +Firstly you should be really *really* sure you want to do this. Leaving +a private key unencrypted is a major security risk. If you decide that +you do have to do this check the EXAMPLES sections of the rsa(1) and +dsa(1) manual pages. + + +* Why can't I use OpenSSL certificates with SSL client authentication? + +What will typically happen is that when a server requests authentication +it will either not include your certificate or tell you that you have +no client certificates (Netscape) or present you with an empty list box +(MSIE). The reason for this is that when a server requests a client +certificate it includes a list of CAs names which it will accept. Browsers +will only let you select certificates from the list on the grounds that +there is little point presenting a certificate which the server will +reject. + +The solution is to add the relevant CA certificate to your servers "trusted +CA list". How you do this depends on the server software in uses. You can +print out the servers list of acceptable CAs using the OpenSSL s_client tool: + +openssl s_client -connect www.some.host:443 -prexit + +If your server only requests certificates on certain URLs then you may need +to manually issue an HTTP GET command to get the list when s_client connects: + +GET /some/page/needing/a/certificate.html + +If your CA does not appear in the list then this confirms the problem. + + +* Why does my browser give a warning about a mismatched hostname? + +Browsers expect the server's hostname to match the value in the commonName +(CN) field of the certificate. If it does not then you get a warning. + + +* How do I install a CA certificate into a browser? + +The usual way is to send the DER encoded certificate to the browser as +MIME type application/x-x509-ca-cert, for example by clicking on an appropriate +link. On MSIE certain extensions such as .der or .cacert may also work, or you +can import the certificate using the certificate import wizard. + +You can convert a certificate to DER form using the command: + +openssl x509 -in ca.pem -outform DER -out ca.der + +Occasionally someone suggests using a command such as: + +openssl pkcs12 -export -out cacert.p12 -in cacert.pem -inkey cakey.pem + +DO NOT DO THIS! This command will give away your CAs private key and +reduces its security to zero: allowing anyone to forge certificates in +whatever name they choose. + +* Why is OpenSSL x509 DN output not conformant to RFC2253? + +The ways to print out the oneline format of the DN (Distinguished Name) have +been extended in version 0.9.7 of OpenSSL. Using the new X509_NAME_print_ex() +interface, the "-nameopt" option could be introduded. See the manual +page of the "openssl x509" commandline tool for details. The old behaviour +has however been left as default for the sake of compatibility. + +* What is a "128 bit certificate"? Can I create one with OpenSSL? + +The term "128 bit certificate" is a highly misleading marketing term. It does +*not* refer to the size of the public key in the certificate! A certificate +containing a 128 bit RSA key would have negligible security. + +There were various other names such as "magic certificates", "SGC +certificates", "step up certificates" etc. + +You can't generally create such a certificate using OpenSSL but there is no +need to any more. Nowadays web browsers using unrestricted strong encryption +are generally available. + +When there were tight export restrictions on the export of strong encryption +software from the US only weak encryption algorithms could be freely exported +(initially 40 bit and then 56 bit). It was widely recognised that this was +inadequate. A relaxation the rules allowed the use of strong encryption but +only to an authorised server. + +Two slighly different techniques were developed to support this, one used by +Netscape was called "step up", the other used by MSIE was called "Server Gated +Cryptography" (SGC). When a browser initially connected to a server it would +check to see if the certificate contained certain extensions and was issued by +an authorised authority. If these test succeeded it would reconnect using +strong encryption. + +Only certain (initially one) certificate authorities could issue the +certificates and they generally cost more than ordinary certificates. + +Although OpenSSL can create certificates containing the appropriate extensions +the certificate would not come from a permitted authority and so would not +be recognized. + +The export laws were later changed to allow almost unrestricted use of strong +encryption so these certificates are now obsolete. + + +[BUILD] ======================================================================= + +* Why does the linker complain about undefined symbols? + +Maybe the compilation was interrupted, and make doesn't notice that +something is missing. Run "make clean; make". + +If you used ./Configure instead of ./config, make sure that you +selected the right target. File formats may differ slightly between +OS versions (for example sparcv8/sparcv9, or a.out/elf). + +In case you get errors about the following symbols, use the config +option "no-asm", as described in INSTALL: + + BF_cbc_encrypt, BF_decrypt, BF_encrypt, CAST_cbc_encrypt, + CAST_decrypt, CAST_encrypt, RC4, RC5_32_cbc_encrypt, RC5_32_decrypt, + RC5_32_encrypt, bn_add_words, bn_div_words, bn_mul_add_words, + bn_mul_comba4, bn_mul_comba8, bn_mul_words, bn_sqr_comba4, + bn_sqr_comba8, bn_sqr_words, bn_sub_words, des_decrypt3, + des_ede3_cbc_encrypt, des_encrypt, des_encrypt2, des_encrypt3, + des_ncbc_encrypt, md5_block_asm_host_order, sha1_block_asm_data_order + +If none of these helps, you may want to try using the current snapshot. +If the problem persists, please submit a bug report. + + +* Why does the OpenSSL test fail with "bc: command not found"? + +You didn't install "bc", the Unix calculator. If you want to run the +tests, get GNU bc from ftp://ftp.gnu.org or from your OS distributor. + + +* Why does the OpenSSL test fail with "bc: 1 no implemented"? + +On some SCO installations or versions, bc has a bug that gets triggered +when you run the test suite (using "make test"). The message returned is +"bc: 1 not implemented". + +The best way to deal with this is to find another implementation of bc +and compile/install it. GNU bc (see http://www.gnu.org/software/software.html +for download instructions) can be safely used, for example. + + +* Why does the OpenSSL test fail with "bc: stack empty"? + +On some DG/ux versions, bc seems to have a too small stack for calculations +that the OpenSSL bntest throws at it. This gets triggered when you run the +test suite (using "make test"). The message returned is "bc: stack empty". + +The best way to deal with this is to find another implementation of bc +and compile/install it. GNU bc (see http://www.gnu.org/software/software.html +for download instructions) can be safely used, for example. + + +* Why does the OpenSSL compilation fail on Alpha Tru64 Unix? + +On some Alpha installations running Tru64 Unix and Compaq C, the compilation +of crypto/sha/sha_dgst.c fails with the message 'Fatal: Insufficient virtual +memory to continue compilation.' As far as the tests have shown, this may be +a compiler bug. What happens is that it eats up a lot of resident memory +to build something, probably a table. The problem is clearly in the +optimization code, because if one eliminates optimization completely (-O0), +the compilation goes through (and the compiler consumes about 2MB of resident +memory instead of 240MB or whatever one's limit is currently). + +There are three options to solve this problem: + +1. set your current data segment size soft limit higher. Experience shows +that about 241000 kbytes seems to be enough on an AlphaServer DS10. You do +this with the command 'ulimit -Sd nnnnnn', where 'nnnnnn' is the number of +kbytes to set the limit to. + +2. If you have a hard limit that is lower than what you need and you can't +get it changed, you can compile all of OpenSSL with -O0 as optimization +level. This is however not a very nice thing to do for those who expect to +get the best result from OpenSSL. A bit more complicated solution is the +following: + +----- snip:start ----- + make DIRS=crypto SDIRS=sha "`grep '^CFLAG=' Makefile.ssl | \ + sed -e 's/ -O[0-9] / -O0 /'`" + rm `ls crypto/*.o crypto/sha/*.o | grep -v 'sha_dgst\.o'` + make +----- snip:end ----- + +This will only compile sha_dgst.c with -O0, the rest with the optimization +level chosen by the configuration process. When the above is done, do the +test and installation and you're set. + +3. Reconfigure the toolkit with no-sha0 option to leave out SHA0. It +should not be used and is not used in SSL/TLS nor any other recognized +protocol in either case. + + +* Why does the OpenSSL compilation fail with "ar: command not found"? + +Getting this message is quite usual on Solaris 2, because Sun has hidden +away 'ar' and other development commands in directories that aren't in +$PATH by default. One of those directories is '/usr/ccs/bin'. The +quickest way to fix this is to do the following (it assumes you use sh +or any sh-compatible shell): + +----- snip:start ----- + PATH=${PATH}:/usr/ccs/bin; export PATH +----- snip:end ----- + +and then redo the compilation. What you should really do is make sure +'/usr/ccs/bin' is permanently in your $PATH, for example through your +'.profile' (again, assuming you use a sh-compatible shell). + + +* Why does the OpenSSL compilation fail on Win32 with VC++? + +Sometimes, you may get reports from VC++ command line (cl) that it +can't find standard include files like stdio.h and other weirdnesses. +One possible cause is that the environment isn't correctly set up. +To solve that problem for VC++ versions up to 6, one should run +VCVARS32.BAT which is found in the 'bin' subdirectory of the VC++ +installation directory (somewhere under 'Program Files'). For VC++ +version 7 (and up?), which is also called VS.NET, the file is called +VSVARS32.BAT instead. +This needs to be done prior to running NMAKE, and the changes are only +valid for the current DOS session. + + +* What is special about OpenSSL on Redhat? + +Red Hat Linux (release 7.0 and later) include a preinstalled limited +version of OpenSSL. For patent reasons, support for IDEA, RC5 and MDC2 +is disabled in this version. The same may apply to other Linux distributions. +Users may therefore wish to install more or all of the features left out. + +To do this you MUST ensure that you do not overwrite the openssl that is in +/usr/bin on your Red Hat machine. Several packages depend on this file, +including sendmail and ssh. /usr/local/bin is a good alternative choice. The +libraries that come with Red Hat 7.0 onwards have different names and so are +not affected. (eg For Red Hat 7.2 they are /lib/libssl.so.0.9.6b and +/lib/libcrypto.so.0.9.6b with symlinks /lib/libssl.so.2 and +/lib/libcrypto.so.2 respectively). + +Please note that we have been advised by Red Hat attempting to recompile the +openssl rpm with all the cryptography enabled will not work. All other +packages depend on the original Red Hat supplied openssl package. It is also +worth noting that due to the way Red Hat supplies its packages, updates to +openssl on each distribution never change the package version, only the +build number. For example, on Red Hat 7.1, the latest openssl package has +version number 0.9.6 and build number 9 even though it contains all the +relevant updates in packages up to and including 0.9.6b. + +A possible way around this is to persuade Red Hat to produce a non-US +version of Red Hat Linux. + +FYI: Patent numbers and expiry dates of US patents: +MDC-2: 4,908,861 13/03/2007 +IDEA: 5,214,703 25/05/2010 +RC5: 5,724,428 03/03/2015 + + +* Why does the OpenSSL compilation fail on MacOS X? + +If the failure happens when trying to build the "openssl" binary, with +a large number of undefined symbols, it's very probable that you have +OpenSSL 0.9.6b delivered with the operating system (you can find out by +running '/usr/bin/openssl version') and that you were trying to build +OpenSSL 0.9.7 or newer. The problem is that the loader ('ld') in +MacOS X has a misfeature that's quite difficult to go around. +Look in the file PROBLEMS for a more detailed explanation and for possible +solutions. + + +* Why does the OpenSSL test suite fail on MacOS X? + +If the failure happens when running 'make test' and the RC4 test fails, +it's very probable that you have OpenSSL 0.9.6b delivered with the +operating system (you can find out by running '/usr/bin/openssl version') +and that you were trying to build OpenSSL 0.9.6d. The problem is that +the loader ('ld') in MacOS X has a misfeature that's quite difficult to +go around and has linked the programs "openssl" and the test programs +with /usr/lib/libcrypto.dylib and /usr/lib/libssl.dylib instead of the +libraries you just built. +Look in the file PROBLEMS for a more detailed explanation and for possible +solutions. + +* Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]? + +Failure in BN_sqr test is most likely caused by a failure to configure the +toolkit for current platform or lack of support for the platform in question. +Run './config -t' and './apps/openssl version -p'. Do these platform +identifiers match? If they don't, then you most likely failed to run +./config and you're hereby advised to do so before filing a bug report. +If ./config itself fails to run, then it's most likely problem with your +local environment and you should turn to your system administrator (or +similar). If identifiers match (and/or no alternative identifier is +suggested by ./config script), then the platform is unsupported. There might +or might not be a workaround. Most notably on SPARC64 platforms with GNU +C compiler you should be able to produce a working build by running +'./config -m32'. I understand that -m32 might not be what you want/need, +but the build should be operational. For further details turn to +. + +* Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"? + +As of 0.9.7 assembler routines were overhauled for position independence +of the machine code, which is essential for shared library support. For +some reason OpenBSD is equipped with an out-of-date GNU assembler which +finds the new code offensive. To work around the problem, configure with +no-asm (and sacrifice a great deal of performance) or patch your assembler +according to . +For your convenience a pre-compiled replacement binary is provided at +. +Reportedly elder *BSD a.out platforms also suffer from this problem and +remedy should be same. Provided binary is statically linked and should be +working across wider range of *BSD branches, not just OpenBSD. + +* Why does the OpenSSL test suite fail in sha512t on x86 CPU? + +If the test program in question fails withs SIGILL, Illegal Instruction +exception, then you more than likely to run SSE2-capable CPU, such as +Intel P4, under control of kernel which does not support SSE2 +instruction extentions. See accompanying INSTALL file and +OPENSSL_ia32cap(3) documentation page for further information. + +* Why does compiler fail to compile sha512.c? + +OpenSSL SHA-512 implementation depends on compiler support for 64-bit +integer type. Few elder compilers [ULTRIX cc, SCO compiler to mention a +couple] lack support for this and therefore are incapable of compiling +the module in question. The recommendation is to disable SHA-512 by +adding no-sha512 to ./config [or ./Configure] command line. Another +possible alternative might be to switch to GCC. + +* Test suite still fails, what to do? + +Another common reason for failure to complete some particular test is +simply bad code generated by a buggy component in toolchain or deficiency +in run-time environment. There are few cases documented in PROBLEMS file, +consult it for possible workaround before you beat the drum. Even if you +don't find solution or even mention there, do reserve for possibility of +a compiler bug. Compiler bugs might appear in rather bizarre ways, they +never make sense, and tend to emerge when you least expect them. In order +to identify one, drop optimization level, e.g. by editing CFLAG line in +top-level Makefile, recompile and re-run the test. + +[PROG] ======================================================================== + +* Is OpenSSL thread-safe? + +Yes (with limitations: an SSL connection may not concurrently be used +by multiple threads). On Windows and many Unix systems, OpenSSL +automatically uses the multi-threaded versions of the standard +libraries. If your platform is not one of these, consult the INSTALL +file. + +Multi-threaded applications must provide two callback functions to +OpenSSL by calling CRYPTO_set_locking_callback() and +CRYPTO_set_id_callback(). This is described in the threads(3) +manpage. + +* I've compiled a program under Windows and it crashes: why? + +This is usually because you've missed the comment in INSTALL.W32. +Your application must link against the same version of the Win32 +C-Runtime against which your openssl libraries were linked. The +default version for OpenSSL is /MD - "Multithreaded DLL". + +If you are using Microsoft Visual C++'s IDE (Visual Studio), in +many cases, your new project most likely defaulted to "Debug +Singlethreaded" - /ML. This is NOT interchangeable with /MD and your +program will crash, typically on the first BIO related read or write +operation. + +For each of the six possible link stage configurations within Win32, +your application must link against the same by which OpenSSL was +built. If you are using MS Visual C++ (Studio) this can be changed +by: + + 1. Select Settings... from the Project Menu. + 2. Select the C/C++ Tab. + 3. Select "Code Generation from the "Category" drop down list box + 4. Select the Appropriate library (see table below) from the "Use + run-time library" drop down list box. Perform this step for both + your debug and release versions of your application (look at the + top left of the settings panel to change between the two) + + Single Threaded /ML - MS VC++ often defaults to + this for the release + version of a new project. + Debug Single Threaded /MLd - MS VC++ often defaults to + this for the debug version + of a new project. + Multithreaded /MT + Debug Multithreaded /MTd + Multithreaded DLL /MD - OpenSSL defaults to this. + Debug Multithreaded DLL /MDd + +Note that debug and release libraries are NOT interchangeable. If you +built OpenSSL with /MD your application must use /MD and cannot use /MDd. + +As per 0.9.8 the above limitation is eliminated for .DLLs. OpenSSL +.DLLs compiled with some specific run-time option [we insist on the +default /MD] can be deployed with application compiled with different +option or even different compiler. But there is a catch! Instead of +re-compiling OpenSSL toolkit, as you would have to with prior versions, +you have to compile small C snippet with compiler and/or options of +your choice. The snippet gets installed as +/include/openssl/applink.c and should be either added to +your application project or simply #include-d in one [and only one] +of your application source files. Failure to link this shim module +into your application manifests itself as fatal "no OPENSSL_Applink" +run-time error. An explicit reminder is due that in this situation +[mixing compiler options] it is as important to add CRYPTO_malloc_init +prior first call to OpenSSL. + +* How do I read or write a DER encoded buffer using the ASN1 functions? + +You have two options. You can either use a memory BIO in conjunction +with the i2d_*_bio() or d2i_*_bio() functions or you can use the +i2d_*(), d2i_*() functions directly. Since these are often the +cause of grief here are some code fragments using PKCS7 as an example: + + unsigned char *buf, *p; + int len; + + len = i2d_PKCS7(p7, NULL); + buf = OPENSSL_malloc(len); /* or Malloc, error checking omitted */ + p = buf; + i2d_PKCS7(p7, &p); + +At this point buf contains the len bytes of the DER encoding of +p7. + +The opposite assumes we already have len bytes in buf: + + unsigned char *p; + p = buf; + p7 = d2i_PKCS7(NULL, &p, len); + +At this point p7 contains a valid PKCS7 structure of NULL if an error +occurred. If an error occurred ERR_print_errors(bio) should give more +information. + +The reason for the temporary variable 'p' is that the ASN1 functions +increment the passed pointer so it is ready to read or write the next +structure. This is often a cause of problems: without the temporary +variable the buffer pointer is changed to point just after the data +that has been read or written. This may well be uninitialized data +and attempts to free the buffer will have unpredictable results +because it no longer points to the same address. + + +* OpenSSL uses DER but I need BER format: does OpenSSL support BER? + +The short answer is yes, because DER is a special case of BER and OpenSSL +ASN1 decoders can process BER. + +The longer answer is that ASN1 structures can be encoded in a number of +different ways. One set of ways is the Basic Encoding Rules (BER) with various +permissible encodings. A restriction of BER is the Distinguished Encoding +Rules (DER): these uniquely specify how a given structure is encoded. + +Therefore, because DER is a special case of BER, DER is an acceptable encoding +for BER. + + +* I've tried using and I get errors why? + +This usually happens when you try compiling something using the PKCS#12 +macros with a C++ compiler. There is hardly ever any need to use the +PKCS#12 macros in a program, it is much easier to parse and create +PKCS#12 files using the PKCS12_parse() and PKCS12_create() functions +documented in doc/openssl.txt and with examples in demos/pkcs12. The +'pkcs12' application has to use the macros because it prints out +debugging information. + + +* I've called and it fails, why? + +Before submitting a report or asking in one of the mailing lists, you +should try to determine the cause. In particular, you should call +ERR_print_errors() or ERR_print_errors_fp() after the failed call +and see if the message helps. Note that the problem may occur earlier +than you think -- you should check for errors after every call where +it is possible, otherwise the actual problem may be hidden because +some OpenSSL functions clear the error state. + + +* I just get a load of numbers for the error output, what do they mean? + +The actual format is described in the ERR_print_errors() manual page. +You should call the function ERR_load_crypto_strings() before hand and +the message will be output in text form. If you can't do this (for example +it is a pre-compiled binary) you can use the errstr utility on the error +code itself (the hex digits after the second colon). + + +* Why do I get errors about unknown algorithms? + +This can happen under several circumstances such as reading in an +encrypted private key or attempting to decrypt a PKCS#12 file. The cause +is forgetting to load OpenSSL's table of algorithms with +OpenSSL_add_all_algorithms(). See the manual page for more information. + + +* Why can't the OpenSSH configure script detect OpenSSL? + +Several reasons for problems with the automatic detection exist. +OpenSSH requires at least version 0.9.5a of the OpenSSL libraries. +Sometimes the distribution has installed an older version in the system +locations that is detected instead of a new one installed. The OpenSSL +library might have been compiled for another CPU or another mode (32/64 bits). +Permissions might be wrong. + +The general answer is to check the config.log file generated when running +the OpenSSH configure script. It should contain the detailed information +on why the OpenSSL library was not detected or considered incompatible. + + +* Can I use OpenSSL's SSL library with non-blocking I/O? + +Yes; make sure to read the SSL_get_error(3) manual page! + +A pitfall to avoid: Don't assume that SSL_read() will just read from +the underlying transport or that SSL_write() will just write to it -- +it is also possible that SSL_write() cannot do any useful work until +there is data to read, or that SSL_read() cannot do anything until it +is possible to send data. One reason for this is that the peer may +request a new TLS/SSL handshake at any time during the protocol, +requiring a bi-directional message exchange; both SSL_read() and +SSL_write() will try to continue any pending handshake. + + +* Why doesn't my server application receive a client certificate? + +Due to the TLS protocol definition, a client will only send a certificate, +if explicitly asked by the server. Use the SSL_VERIFY_PEER flag of the +SSL_CTX_set_verify() function to enable the use of client certificates. + + +* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier? + +For OpenSSL 0.9.7 the OID table was extended and corrected. In earlier +versions, uniqueIdentifier was incorrectly used for X.509 certificates. +The correct name according to RFC2256 (LDAP) is x500UniqueIdentifier. +Change your code to use the new name when compiling against OpenSSL 0.9.7. + + +* I think I've detected a memory leak, is this a bug? + +In most cases the cause of an apparent memory leak is an OpenSSL internal table +that is allocated when an application starts up. Since such tables do not grow +in size over time they are harmless. + +These internal tables can be freed up when an application closes using various +functions. Currently these include following: + +Thread-local cleanup functions: + + ERR_remove_state() + +Application-global cleanup functions that are aware of usage (and therefore +thread-safe): + + ENGINE_cleanup() and CONF_modules_unload() + +"Brutal" (thread-unsafe) Application-global cleanup functions: + + ERR_free_strings(), EVP_cleanup() and CRYPTO_cleanup_all_ex_data(). + + +=============================================================================== + diff --git a/INSTALL b/INSTALL new file mode 100644 index 0000000000000000000000000000000000000000..83439f1aa4f6195ff1841fe80c6eee9b3606006c --- /dev/null +++ b/INSTALL @@ -0,0 +1,350 @@ + + INSTALLATION ON THE UNIX PLATFORM + --------------------------------- + + [Installation on DOS (with djgpp), Windows, OpenVMS, MacOS (before MacOS X) + and NetWare is described in INSTALL.DJGPP, INSTALL.W32, INSTALL.VMS, + INSTALL.MacOS and INSTALL.NW. + + This document describes installation on operating systems in the Unix + family.] + + To install OpenSSL, you will need: + + * make + * Perl 5 + * an ANSI C compiler + * a development environment in form of development libraries and C + header files + * a supported Unix operating system + + Quick Start + ----------- + + If you want to just get on with it, do: + + $ ./config + $ make + $ make test + $ make install + + [If any of these steps fails, see section Installation in Detail below.] + + This will build and install OpenSSL in the default location, which is (for + historical reasons) /usr/local/ssl. If you want to install it anywhere else, + run config like this: + + $ ./config --prefix=/usr/local --openssldir=/usr/local/openssl + + + Configuration Options + --------------------- + + There are several options to ./config (or ./Configure) to customize + the build: + + --prefix=DIR Install in DIR/bin, DIR/lib, DIR/include/openssl. + Configuration files used by OpenSSL will be in DIR/ssl + or the directory specified by --openssldir. + + --openssldir=DIR Directory for OpenSSL files. If no prefix is specified, + the library files and binaries are also installed there. + + no-threads Don't try to build with support for multi-threaded + applications. + + threads Build with support for multi-threaded applications. + This will usually require additional system-dependent options! + See "Note on multi-threading" below. + + no-zlib Don't try to build with support for zlib compression and + decompression. + + zlib Build with support for zlib compression/decompression. + + zlib-dynamic Like "zlib", but has OpenSSL load the zlib library dynamically + when needed. This is only supported on systems where loading + of shared libraries is supported. This is the default choice. + + no-shared Don't try to create shared libraries. + + shared In addition to the usual static libraries, create shared + libraries on platforms where it's supported. See "Note on + shared libraries" below. + + no-asm Do not use assembler code. + + 386 Use the 80386 instruction set only (the default x86 code is + more efficient, but requires at least a 486). Note: Use + compiler flags for any other CPU specific configuration, + e.g. "-m32" to build x86 code on an x64 system. + + no-sse2 Exclude SSE2 code pathes. Normally SSE2 extention is + detected at run-time, but the decision whether or not the + machine code will be executed is taken solely on CPU + capability vector. This means that if you happen to run OS + kernel which does not support SSE2 extension on Intel P4 + processor, then your application might be exposed to + "illegal instruction" exception. There might be a way + to enable support in kernel, e.g. FreeBSD kernel can be + compiled with CPU_ENABLE_SSE, and there is a way to + disengage SSE2 code pathes upon application start-up, + but if you aim for wider "audience" running such kernel, + consider no-sse2. Both 386 and no-asm options above imply + no-sse2. + + no- Build without the specified cipher (bf, cast, des, dh, dsa, + hmac, md2, md5, mdc2, rc2, rc4, rc5, rsa, sha). + The crypto/ directory can be removed after running + "make depend". + + -Dxxx, -lxxx, -Lxxx, -fxxx, -mxxx, -Kxxx These system specific options will + be passed through to the compiler to allow you to + define preprocessor symbols, specify additional libraries, + library directories or other compiler options. + + + Installation in Detail + ---------------------- + + 1a. Configure OpenSSL for your operation system automatically: + + $ ./config [options] + + This guesses at your operating system (and compiler, if necessary) and + configures OpenSSL based on this guess. Run ./config -t to see + if it guessed correctly. If you want to use a different compiler, you + are cross-compiling for another platform, or the ./config guess was + wrong for other reasons, go to step 1b. Otherwise go to step 2. + + On some systems, you can include debugging information as follows: + + $ ./config -d [options] + + 1b. Configure OpenSSL for your operating system manually + + OpenSSL knows about a range of different operating system, hardware and + compiler combinations. To see the ones it knows about, run + + $ ./Configure + + Pick a suitable name from the list that matches your system. For most + operating systems there is a choice between using "cc" or "gcc". When + you have identified your system (and if necessary compiler) use this name + as the argument to ./Configure. For example, a "linux-elf" user would + run: + + $ ./Configure linux-elf [options] + + If your system is not available, you will have to edit the Configure + program and add the correct configuration for your system. The + generic configurations "cc" or "gcc" should usually work on 32 bit + systems. + + Configure creates the file Makefile.ssl from Makefile.org and + defines various macros in crypto/opensslconf.h (generated from + crypto/opensslconf.h.in). + + 2. Build OpenSSL by running: + + $ make + + This will build the OpenSSL libraries (libcrypto.a and libssl.a) and the + OpenSSL binary ("openssl"). The libraries will be built in the top-level + directory, and the binary will be in the "apps" directory. + + If "make" fails, look at the output. There may be reasons for + the failure that aren't problems in OpenSSL itself (like missing + standard headers). If it is a problem with OpenSSL itself, please + report the problem to (note that your + message will be recorded in the request tracker publicly readable + via http://www.openssl.org/support/rt2.html and will be forwarded to a + public mailing list). Include the output of "make report" in your message. + Please check out the request tracker. Maybe the bug was already + reported or has already been fixed. + + [If you encounter assembler error messages, try the "no-asm" + configuration option as an immediate fix.] + + Compiling parts of OpenSSL with gcc and others with the system + compiler will result in unresolved symbols on some systems. + + 3. After a successful build, the libraries should be tested. Run: + + $ make test + + If a test fails, look at the output. There may be reasons for + the failure that isn't a problem in OpenSSL itself (like a missing + or malfunctioning bc). If it is a problem with OpenSSL itself, + try removing any compiler optimization flags from the CFLAG line + in Makefile.ssl and run "make clean; make". Please send a bug + report to , including the output of + "make report" in order to be added to the request tracker at + http://www.openssl.org/support/rt2.html. + + 4. If everything tests ok, install OpenSSL with + + $ make install + + This will create the installation directory (if it does not exist) and + then the following subdirectories: + + certs Initially empty, this is the default location + for certificate files. + man/man1 Manual pages for the 'openssl' command line tool + man/man3 Manual pages for the libraries (very incomplete) + misc Various scripts. + private Initially empty, this is the default location + for private key files. + + If you didn't choose a different installation prefix, the + following additional subdirectories will be created: + + bin Contains the openssl binary and a few other + utility programs. + include/openssl Contains the header files needed if you want to + compile programs with libcrypto or libssl. + lib Contains the OpenSSL library files themselves. + + Package builders who want to configure the library for standard + locations, but have the package installed somewhere else so that + it can easily be packaged, can use + + $ make INSTALL_PREFIX=/tmp/package-root install + + (or specify "--install_prefix=/tmp/package-root" as a configure + option). The specified prefix will be prepended to all + installation target filenames. + + + NOTE: The header files used to reside directly in the include + directory, but have now been moved to include/openssl so that + OpenSSL can co-exist with other libraries which use some of the + same filenames. This means that applications that use OpenSSL + should now use C preprocessor directives of the form + + #include + + instead of "#include ", which was used with library versions + up to OpenSSL 0.9.2b. + + If you install a new version of OpenSSL over an old library version, + you should delete the old header files in the include directory. + + Compatibility issues: + + * COMPILING existing applications + + To compile an application that uses old filenames -- e.g. + "#include " --, it will usually be enough to find + the CFLAGS definition in the application's Makefile and + add a C option such as + + -I/usr/local/ssl/include/openssl + + to it. + + But don't delete the existing -I option that points to + the ..../include directory! Otherwise, OpenSSL header files + could not #include each other. + + * WRITING applications + + To write an application that is able to handle both the new + and the old directory layout, so that it can still be compiled + with library versions up to OpenSSL 0.9.2b without bothering + the user, you can proceed as follows: + + - Always use the new filename of OpenSSL header files, + e.g. #include . + + - Create a directory "incl" that contains only a symbolic + link named "openssl", which points to the "include" directory + of OpenSSL. + For example, your application's Makefile might contain the + following rule, if OPENSSLDIR is a pathname (absolute or + relative) of the directory where OpenSSL resides: + + incl/openssl: + -mkdir incl + cd $(OPENSSLDIR) # Check whether the directory really exists + -ln -s `cd $(OPENSSLDIR); pwd`/include incl/openssl + + You will have to add "incl/openssl" to the dependencies + of those C files that include some OpenSSL header file. + + - Add "-Iincl" to your CFLAGS. + + With these additions, the OpenSSL header files will be available + under both name variants if an old library version is used: + Your application can reach them under names like , + while the header files still are able to #include each other + with names of the form . + + + Note on multi-threading + ----------------------- + + For some systems, the OpenSSL Configure script knows what compiler options + are needed to generate a library that is suitable for multi-threaded + applications. On these systems, support for multi-threading is enabled + by default; use the "no-threads" option to disable (this should never be + necessary). + + On other systems, to enable support for multi-threading, you will have + to specify at least two options: "threads", and a system-dependent option. + (The latter is "-D_REENTRANT" on various systems.) The default in this + case, obviously, is not to include support for multi-threading (but + you can still use "no-threads" to suppress an annoying warning message + from the Configure script.) + + + Note on shared libraries + ------------------------ + + Shared libraries have certain caveats. Binary backward compatibility + can't be guaranteed before OpenSSL version 1.0. The only reason to + use them would be to conserve memory on systems where several programs + are using OpenSSL. + + For some systems, the OpenSSL Configure script knows what is needed to + build shared libraries for libcrypto and libssl. On these systems, + the shared libraries are currently not created by default, but giving + the option "shared" will get them created. This method supports Makefile + targets for shared library creation, like linux-shared. Those targets + can currently be used on their own just as well, but this is expected + to change in future versions of OpenSSL. + + Note on random number generation + -------------------------------- + + Availability of cryptographically secure random numbers is required for + secret key generation. OpenSSL provides several options to seed the + internal PRNG. If not properly seeded, the internal PRNG will refuse + to deliver random bytes and a "PRNG not seeded error" will occur. + On systems without /dev/urandom (or similar) device, it may be necessary + to install additional support software to obtain random seed. + Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(), + and the FAQ for more information. + + Note on support for multiple builds + ----------------------------------- + + OpenSSL is usually built in its source tree. Unfortunately, this doesn't + support building for multiple platforms from the same source tree very well. + It is however possible to build in a separate tree through the use of lots + of symbolic links, which should be prepared like this: + + mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`" + cd objtree/"`uname -s`-`uname -r`-`uname -m`" + (cd $OPENSSL_SOURCE; find . -type f) | while read F; do + mkdir -p `dirname $F` + rm -f $F; ln -s $OPENSSL_SOURCE/$F $F + echo $F '->' $OPENSSL_SOURCE/$F + done + make -f Makefile.org clean + + OPENSSL_SOURCE is an environment variable that contains the absolute (this + is important!) path to the OpenSSL source tree. + + Also, operations like 'make update' should still be made in the source tree. diff --git a/INSTALL.DJGPP b/INSTALL.DJGPP new file mode 100644 index 0000000000000000000000000000000000000000..1047ec90a57f034dd3dd2effd257fbe8c6e0daa0 --- /dev/null +++ b/INSTALL.DJGPP @@ -0,0 +1,47 @@ + + + INSTALLATION ON THE DOS PLATFORM WITH DJGPP + ------------------------------------------- + + OpenSSL has been ported to DJGPP, a Unix look-alike 32-bit run-time + environment for 16-bit DOS, but only with long filename support. + If you wish to compile on native DOS with 8+3 filenames, you will + have to tweak the installation yourself, including renaming files + with illegal or duplicate names. + + You should have a full DJGPP environment installed, including the + latest versions of DJGPP, GCC, BINUTILS, BASH, etc. This package + requires that PERL and BC also be installed. + + All of these can be obtained from the usual DJGPP mirror sites or + directly at "http://www.delorie.com/pub/djgpp". For help on which + files to download, see the DJGPP "ZIP PICKER" page at + "http://www.delorie.com/djgpp/zip-picker.html". You also need to have + the WATT-32 networking package installed before you try to compile + OpenSSL. This can be obtained from "http://www.bgnett.no/~giva/". + The Makefile assumes that the WATT-32 code is in the directory + specified by the environment variable WATT_ROOT. If you have watt-32 + in directory "watt32" under your main DJGPP directory, specify + WATT_ROOT="/dev/env/DJDIR/watt32". + + To compile OpenSSL, start your BASH shell, then configure for DJGPP by + running "./Configure" with appropriate arguments: + + ./Configure no-threads --prefix=/dev/env/DJDIR DJGPP + + And finally fire up "make". You may run out of DPMI selectors when + running in a DOS box under Windows. If so, just close the BASH + shell, go back to Windows, and restart BASH. Then run "make" again. + + RUN-TIME CAVEAT LECTOR + -------------- + + Quoting FAQ: + + "Cryptographic software needs a source of unpredictable data to work + correctly. Many open source operating systems provide a "randomness + device" (/dev/urandom or /dev/random) that serves this purpose." + + As of version 0.9.7f DJGPP port checks upon /dev/urandom$ for a 3rd + party "randomness" DOS driver. One such driver, NOISE.SYS, can be + obtained from "http://www.rahul.net/dkaufman/index.html". diff --git a/INSTALL.MacOS b/INSTALL.MacOS new file mode 100644 index 0000000000000000000000000000000000000000..01c60d81f96aeee9312b0e41163c905dbab4a63d --- /dev/null +++ b/INSTALL.MacOS @@ -0,0 +1,72 @@ +OpenSSL - Port To The Macintosh OS 9 or Earlier +=============================================== + +Thanks to Roy Wood initial support for Mac OS (pre +X) is now provided. "Initial" means that unlike other platforms where you +get an SDK and a "swiss army" openssl application, on Macintosh you only +get one sample application which fetches a page over HTTPS(*) and dumps it +in a window. We don't even build the test applications so that we can't +guarantee that all algorithms are operational. + +Required software: + +- StuffIt Expander 5.5 or later, alternatively MacGzip and SUNtar; +- Scriptable Finder; +- CodeWarrior Pro 5; + +Installation procedure: + +- fetch the source at ftp://ftp.openssl.org/ (well, you probably already + did, huh?) +- unpack the .tar.gz file: + - if you have StuffIt Expander then just drag it over it; + - otherwise uncompress it with MacGzip and then unpack with SUNtar; +- locate MacOS folder in OpenSSL source tree and open it; +- unbinhex mklinks.as.hqx and OpenSSL.mcp.hqx if present (**), do it + "in-place", i.e. unpacked files should end-up in the very same folder; +- execute mklinks.as; +- open OpenSSL.mcp(***) and build 'GetHTTPS PPC' target(****); +- that's it for now; + +(*) URL is hardcoded into ./MacOS/GetHTTPS.src/GetHTTPS.cpp, lines 40 + to 42, change appropriately. +(**) If you use SUNtar, then it might have already unbinhexed the files + in question. +(***) The project file was saved with CW Pro 5.3. If you have an earlier + version and it refuses to open it, then download + http://www.openssl.org/~appro/OpenSSL.mcp.xml and import it + overwriting the original OpenSSL.mcp. +(****) Other targets are works in progress. If you feel like giving 'em a + shot, then you should know that OpenSSL* and Lib* targets are + supposed to be built with the GUSI, MacOS library which mimics + BSD sockets and some other POSIX APIs. The GUSI distribution is + expected to be found in the same directory as the openssl source tree, + i.e., in the parent directory to the one where this very file, + namely INSTALL.MacOS, resides. For more information about GUSI, see + http://www.iis.ee.ethz.ch/~neeri/macintosh/gusi-qa.html + +Finally some essential comments from our generous contributor:-) + +"I've gotten OpenSSL working on the Macintosh. It's probably a bit of a +hack, but it works for what I'm doing. If you don't like the way I've done +it, then feel free to change what I've done. I freely admit that I've done +some less-than-ideal things in my port, and if you don't like the way I've +done something, then feel free to change it-- I won't be offended! + +... I've tweaked "bss_sock.c" a little to call routines in a "MacSocket" +library I wrote. My MacSocket library is a wrapper around OpenTransport, +handling stuff like endpoint creation, reading, writing, etc. It is not +designed as a high-performance package such as you'd use in a webserver, +but is fine for lots of other applications. MacSocket also uses some other +code libraries I've written to deal with string manipulations and error +handling. Feel free to use these things in your own code, but give me +credit and/or send me free stuff in appreciation! :-) + +... + +If you have any questions, feel free to email me as the following: + +roy@centricsystems.ca + +-Roy Wood" + diff --git a/INSTALL.NW b/INSTALL.NW new file mode 100644 index 0000000000000000000000000000000000000000..92715cbbf308299a4c126ea6e4f8e8690316e4c5 --- /dev/null +++ b/INSTALL.NW @@ -0,0 +1,444 @@ + +INSTALLATION ON THE NETWARE PLATFORM +------------------------------------ + +Notes about building OpenSSL for NetWare. + + +BUILD PLATFORM: +--------------- +The build scripts (batch files, perl scripts, etc) have been developed and +tested on W2K. The scripts should run fine on other Windows +platforms (NT, Win9x, WinXP) but they haven't been tested. They may require +some modifications. + + +Supported NetWare Platforms - NetWare 5.x, NetWare 6.x: +------------------------------------------ +OpenSSL uses the WinSock interfaces introduced in NetWare 5. Therefore, +previous versions of NetWare, 4.x and 3.x, are not supported. + +On NetWare there are two c-runtime libraries. There is the legacy CLIB +interfaces and the newer LibC interfaces. Being ANSI-C libraries, the +functionality in CLIB and LibC is similar but the LibC interfaces are built +using Novell Kernal Services (NKS) which is designed to leverage +multi-processor environments. + +The NetWare port of OpenSSL can configured to build using CLIB or LibC. The +CLIB build was developed and tested using NetWare 5.0 sp6.0a. The LibC +build was developed and tested using the NetWare 6.0 FCS. + +The necessary LibC functionality ships with NetWare 6. However, earlier +NetWare 5.x versions will require updates in order to run the OpenSSL LibC +build. + +As of June 2005, the LibC build can be configured to use BSD sockets instead +of WinSock sockets. Call Configure (usually through netware\build.bat) using +a target of "netware-libc-bsdsock" instead of "netware-libc". + + +REQUIRED TOOLS: +--------------- +Based upon the configuration and build options used, some or all of the +following tools may be required: + + +* Perl for Win32 - required (http://www.activestate.com/ActivePerl) + Used to run the various perl scripts on the build platform. + + +* Perl 5.8.0 for NetWare v3.20 (or later) - required + (http://developer.novell.com) Used to run the test script on NetWare + after building. + + +* Metrowerks CodeWarrior PDK 2.1 (or later) for NetWare - required: + Provides command line tools used for building. + + Tools: + mwccnlm.exe - C/C++ Compiler for NetWare + mwldnlm.exe - Linker for NetWare + mwasmnlm.exe - x86 assembler for NetWare (if using assembly option) + + +* Assemblers - optional: + If you intend to build using the assembly options you will need an + assembler. Work has been completed to support two assemblers, Metrowerks + and NASM. However, during development, a bug was found in the Metrowerks + assembler which generates incorrect code. Until this problem is fixed, + the Metrowerks assembler cannot be used. + + mwasmnlm.exe - Metrowerks x86 assembler - part of CodeWarrior tools. + (version 2.2 Built Aug 23, 1999 - not useable due to code + generation bug) + + nasmw.exe - Netwide Assembler NASM + version 0.98 was used in development and testing + +* Make Tool - required: + In order to build you will need a make tool. Two make tools are + supported, GNU make (gmake.exe) or Microsoft nmake.exe. + + gmake.exe - GNU make for Windows (version 3.75 used for development) + http://www.gnu.org/software/make/make.html + + nmake.exe - Microsoft make (Version 6.00.8168.0 used for development) + + +* Novell Developer Kit (NDK) - required: (http://developer.novell.com) + + CLIB - BUILDS: + + WinSock2 Developer Components for NetWare: + For initial development, the October 27, 2000 version was used. + However, future versions should also work. + + NOTE: The WinSock2 components include headers & import files for + NetWare, but you will also need the winsock2.h and supporting + headers (pshpack4.h, poppack.h, qos.h) delivered in the + Microsoft SDK. Note: The winsock2.h support headers may change + with various versions of winsock2.h. Check the dependencies + section on the NDK WinSock2 download page for the latest + information on dependencies. These components are unsupported by + Novell. They are provided as a courtesy, but it is strongly + suggested that all development be done using LIBC, not CLIB. + + As of June 2005, the WinSock2 components are available at: + http://forgeftp.novell.com//ws2comp/ + + + NLM and NetWare libraries for C (including CLIB and XPlat): + If you are going to build a CLIB version of OpenSSL, you will + need the CLIB headers and imports. The March, 2001 NDK release or + later is recommended. + + Earlier versions should work but haven't been tested. In recent + versions the import files have been consolidated and function + names moved. This means you may run into link problems + (undefined symbols) when using earlier versions. The functions + are available in earlier versions, but you will have to modifiy + the make files to include additional import files (see + openssl\util\pl\netware.pl). + + + LIBC - BUILDS: + + Libraries for C (LibC) - LibC headers and import files + If you are going to build a LibC version of OpenSSL, you will + need the LibC headers and imports. The March 14, 2002 NDK release or + later is required. + + NOTE: The LibC SDK includes the necessary WinSock2 support. It + It is not necessary to download the WinSock2 Developer when building + for LibC. The LibC SDK also includes the appropriate BSD socket support + if configuring to use BSD sockets. + + +BUILDING: +--------- +Before building, you will need to set a few environment variables. You can +set them manually or you can modify the "netware\set_env.bat" file. + +The set_env.bat file is a template you can use to set up the path +and environment variables you will need to build. Modify the +various lines to point to YOUR tools and run set_env.bat. + + netware\set_env.bat [target] + + target - "netware-clib" - CLib NetWare build + - "netware-libc" - LibC NetWare build + +If you don't use set_env.bat, you will need to set up the following +environment variables: + + path - Set path to point to the tools you will use. + + MWCIncludes - The location of the NDK include files. + + CLIB ex: set MWCIncludes=c:\ndk\nwsdk\include\nlm + LibC ex: set MWCIncludes=c:\ndk\libc\include + + PRELUDE - The absolute path of the prelude object to link with. For + a CLIB build it is recommended you use the "clibpre.o" files shipped + with the Metrowerks PDK for NetWare. For a LibC build you should + use the "libcpre.o" file delivered with the LibC NDK components. + + CLIB ex: set PRELUDE=c:\ndk\nwsdk\imports\clibpre.o + LibC ex: set PRELUDE=c:\ndk\libc\imports\libcpre.o + + IMPORTS - The locaton of the NDK import files. + + CLIB ex: set IMPORTS=c:\ndk\nwsdk\imports + LibC ex: set IMPORTS=c:\ndk\libc\imports + + +In order to build, you need to run the Perl scripts to configure the build +process and generate a make file. There is a batch file, +"netware\build.bat", to automate the process. + +Build.bat runs the build configuration scripts and generates a make file. +If an assembly option is specified, it also runs the scripts to generate +the assembly code. Always run build.bat from the "openssl" directory. + + netware\build [target] [debug opts] [assembly opts] [configure opts] + + target - "netware-clib" - CLib NetWare build (WinSock Sockets) + - "netware-libc" - LibC NetWare build (WinSock Sockets) + - "netware-libc-bsdsock" - LibC NetWare build (BSD Sockets) + + debug opts - "debug" - build debug + + assembly opts - "nw-mwasm" - use Metrowerks assembler + "nw-nasm" - use NASM assembler + "no-asm" - don't use assembly + + configure opts- all unrecognized arguments are passed to the + perl configure script + + examples: + + CLIB build, debug, without assembly: + netware\build.bat netware-clib debug no-asm + + LibC build, non-debug, using NASM assembly: + netware\build.bat netware-libc nw-nasm + + LibC build, BSD sockets, non-debug, without assembly: + netware\build.bat netware-libc-bsdsock no-asm + +Running build.bat generates a make file to be processed by your make +tool (gmake or nmake): + + CLIB ex: gmake -f netware\nlm_clib_dbg.mak + LibC ex: gmake -f netware\nlm_libc.mak + LibC ex: gmake -f netware\nlm_libc_bsdsock.mak + + +You can also run the build scripts manually if you do not want to use the +build.bat file. Run the following scripts in the "\openssl" +subdirectory (in the order listed below): + + perl configure no-asm [other config opts] [netware-clib|netware-libc|netware-libc-bsdsock] + configures no assembly build for specified netware environment + (CLIB or LibC). + + perl util\mkfiles.pl >MINFO + generates a listing of source files (used by mk1mf) + + perl util\mk1mf.pl no-asm [other config opts] [netware-clib|netware-libc|netware-libc-bsdsock >netware\nlm.mak + generates the makefile for NetWare + + gmake -f netware\nlm.mak + build with the make tool (nmake.exe also works) + +NOTE: If you are building using the assembly option, you must also run the +various Perl scripts to generate the assembly files. See build.bat +for an example of running the various assembly scripts. You must use the +"no-asm" option to build without assembly. The configure and mk1mf scripts +also have various other options. See the scripts for more information. + + +The output from the build is placed in the following directories: + + CLIB Debug build: + out_nw_clib.dbg - static libs & test nlm(s) + tmp_nw_clib.dbg - temporary build files + outinc_nw_clib - necessary include files + + CLIB Non-debug build: + out_nw_clib - static libs & test nlm(s) + tmp_nw_clib - temporary build files + outinc_nw_clib - necesary include files + + LibC Debug build: + out_nw_libc.dbg - static libs & test nlm(s) + tmp_nw_libc.dbg - temporary build files + outinc_nw_libc - necessary include files + + LibC Non-debug build: + out_nw_libc - static libs & test nlm(s) + tmp_nw_libc - temporary build files + outinc_nw_libc - necesary include files + + +TESTING: +-------- +The build process creates the OpenSSL static libs ( crypto.lib, ssl.lib, +rsaglue.lib ) and several test programs. You should copy the test programs +to your NetWare server and run the tests. + +The batch file "netware\cpy_tests.bat" will copy all the necessary files +to your server for testing. In order to run the batch file, you need a +drive mapped to your target server. It will create an "OpenSSL" directory +on the drive and copy the test files to it. CAUTION: If a directory with the +name of "OpenSSL" already exists, it will be deleted. + +To run cpy_tests.bat: + + netware\cpy_tests [output directory] [NetWare drive] + + output directory - "out_nw_clib.dbg", "out_nw_libc", etc. + NetWare drive - drive letter of mapped drive + + CLIB ex: netware\cpy_tests out_nw_clib m: + LibC ex: netware\cpy_tests out_nw_libc m: + + +The Perl script, "do_tests.pl", in the "OpenSSL" directory on the server +should be used to execute the tests. Before running the script, make sure +your SEARCH PATH includes the "OpenSSL" directory. For example, if you +copied the files to the "sys:" volume you use the command: + + SEARCH ADD SYS:\OPENSSL + + +To run do_tests.pl type (at the console prompt): + + perl \openssl\do_tests.pl [options] + + options: + -p - pause after executing each test + +The do_tests.pl script generates a log file "\openssl\test_out\tests.log" +which should be reviewed for errors. Any errors will be denoted by the word +"ERROR" in the log. + +DEVELOPING WITH THE OPENSSL SDK: +-------------------------------- +Now that everything is built and tested, you are ready to use the OpenSSL +libraries in your development. + +There is no real installation procedure, just copy the static libs and +headers to your build location. The libs (crypto.lib & ssl.lib) are +located in the appropriate "out_nw_XXXX" directory +(out_nw_clib, out_nw_libc, etc). + +The headers are located in the appropriate "outinc_nw_XXX" directory +(outinc_nw_clib, outinc_nw_libc). + +One suggestion is to create the following directory +structure for the OpenSSL SDK: + + \openssl + |- bin + | |- openssl.nlm + | |- (other tests you want) + | + |- lib + | | - crypto.lib + | | - ssl.lib + | + |- include + | | - openssl + | | | - (all the headers in "outinc_nw\openssl") + + +The program "openssl.nlm" can be very useful. It has dozens of +options and you may want to keep it handy for debugging, testing, etc. + +When building your apps using OpenSSL, define "NETWARE". It is needed by +some of the OpenSSL headers. One way to do this is with a compile option, +for example "-DNETWARE". + + + +NOTES: +------ + +Resource leaks in Tests +------------------------ +Some OpenSSL tests do not clean up resources and NetWare reports +the resource leaks when the tests unload. If this really bugs you, +you can stop the messages by setting the developer option off at the console +prompt (set developer option = off). Or better yet, fix the tests to +clean up the resources! + + +Multi-threaded Development +--------------------------- +The NetWare version of OpenSSL is thread-safe however, multi-threaded +applications must provide the necessary locking function callbacks. This +is described in doc\threads.doc. The file "openssl\crypto\threads\mttest.c" +is a multi-threaded test program and demonstrates the locking functions. + + +What is openssl2.nlm? +--------------------- +The openssl program has numerous options and can be used for many different +things. Many of the options operate in an interactive mode requiring the +user to enter data. Because of this, a default screen is created for the +program. However, when running the test script it is not desirable to +have a seperate screen. Therefore, the build also creates openssl2.nlm. +Openssl2.nlm is functionally identical but uses the console screen. +Openssl2 can be used when a non-interactive mode is desired. + +NOTE: There are may other possibilities (command line options, etc) +which could have been used to address the screen issue. The openssl2.nlm +option was chosen because it impacted only the build not the code. + + +Why only static libraries? +-------------------------- +Globals, globals, and more globals. The OpenSSL code uses many global +variables that are allocated and initialized when used for the first time. + +On NetWare, most applications (at least historically) run in the kernel. +When running in the kernel, there is one instance of global variables. +For regular application type NLM(s) this isn't a problem because they are +the only ones using the globals. However, for a library NLM (an NLM which +exposes functions and has no threads of execution), the globals cause +problems. Applications could inadvertently step on each other if they +change some globals. Even worse, the first application that triggers a +global to be allocated and initialized has the allocated memory charged to +itself. Now when that application unloads, NetWare will clean up all the +applicaton's memory. The global pointer variables inside OpenSSL now +point to freed memory. An abend waiting to happen! + +To work correctly in the kernel, library NLM(s) that use globals need to +provide a set of globals (instance data) for each application. Another +option is to require the library only be loaded in a protected address +space along with the application using it. + +Modifying the OpenSSL code to provide a set of globals (instance data) for +each application isn't technically difficult, but due to the large number +globals it would require substantial code changes and it wasn't done. Hence, +the build currently only builds static libraries which are then linked +into each application. + +NOTE: If you are building a library NLM that uses the OpenSSL static +libraries, you will still have to deal with the global variable issue. +This is because when you link in the OpenSSL code you bring in all the +globals. One possible solution for the global pointer variables is to +register memory functions with OpenSSL which allocate memory and charge it +to your library NLM (see the function CRYPTO_set_mem_functions). However, +be aware that now all memory allocated by OpenSSL is charged to your NLM. + + +CodeWarrior Tools and W2K +--------------------------- +There have been problems reported with the CodeWarrior Linker +(mwldnlm.exe) in the PDK 2.1 for NetWare when running on Windows 2000. The +problems cause the link step to fail. The only work around is to obtain an +updated linker from Metrowerks. It is expected Metrowerks will release +PDK 3.0 (in beta testing at this time - May, 2001) in the near future which +will fix these problems. + + +Makefile "vclean" +------------------ +The generated makefile has a "vclean" target which cleans up the build +directories. If you have been building successfully and suddenly +experience problems, use "vclean" (gmake -f netware\nlm.mak vclean) and retry. + + +"Undefined Symbol" Linker errors +-------------------------------- +There have been linker errors reported when doing a CLIB build. The problems +occur because some versions of the CLIB SDK import files inadvertently +left out some symbols. One symbol in particular is "_lrotl". The missing +functions are actually delivered in the binaries, but they were left out of +the import files. The issues should be fixed in the September 2001 release +of the NDK. If you experience the problems you can temporarily +work around it by manually adding the missing symbols to your version of +"clib.imp". + diff --git a/INSTALL.OS2 b/INSTALL.OS2 new file mode 100644 index 0000000000000000000000000000000000000000..530316db180c8941efc6b6f3b2373e6334663229 --- /dev/null +++ b/INSTALL.OS2 @@ -0,0 +1,31 @@ + + Installation on OS/2 + -------------------- + + You need to have the following tools installed: + + * EMX GCC + * PERL + * GNU make + + + To build the makefile, run + + > os2\os2-emx + + This will configure OpenSSL and create OS2-EMX.mak which you then use to + build the OpenSSL libraries & programs by running + + > make -f os2-emx.mak + + If that finishes successfully you will find the libraries and programs in the + "out" directory. + + Alternatively, you can make a dynamic build that puts the library code into + crypto.dll and ssl.dll by running + + > make -f os2-emx-dll.mak + + This will build the above mentioned dlls and a matching pair of import + libraries in the "out_dll" directory along with the set of test programs + and the openssl application. diff --git a/INSTALL.VMS b/INSTALL.VMS new file mode 100644 index 0000000000000000000000000000000000000000..7658f64e1d7c7db5e8fd101c0ee9c1264c2aaafa --- /dev/null +++ b/INSTALL.VMS @@ -0,0 +1,299 @@ + VMS Installation instructions + written by Richard Levitte + + + +Intro: +====== + +This file is divided in the following parts: + + Requirements - Mandatory reading. + Checking the distribution - Mandatory reading. + Compilation - Mandatory reading. + Logical names - Mandatory reading. + Test - Mandatory reading. + Installation - Mandatory reading. + Backward portability - Read if it's an issue. + Possible bugs or quirks - A few warnings on things that + may go wrong or may surprise you. + TODO - Things that are to come. + + +Requirements: +============= + +To build and install OpenSSL, you will need: + + * DEC C or some other ANSI C compiler. VAX C is *not* supported. + [Note: OpenSSL has only been tested with DEC C. Compiling with + a different ANSI C compiler may require some work] + +Checking the distribution: +========================== + +There have been reports of places where the distribution didn't quite get +through, for example if you've copied the tree from a NFS-mounted Unix +mount point. + +The easiest way to check if everything got through as it should is to check +for one of the following files: + + [.CRYPTO]OPENSSLCONF.H_IN + [.CRYPTO]OPENSSLCONF_H.IN + +They should never exist both at once, but one of them should (preferably +the first variant). If you can't find any of those two, something went +wrong. + +The best way to get a correct distribution is to download the gzipped tar +file from ftp://ftp.openssl.org/source/, use GUNZIP to uncompress it and +use VMSTAR to unpack the resulting tar file. + +GUNZIP is available in many places on the net. One of the distribution +points is the WKU software archive, ftp://ftp.wku.edu/vms/fileserv/ . + +VMSTAR is also available in many places on the net. The recommended place +to find information about it is http://www.free.lp.se/vmstar/ . + + +Compilation: +============ + +I've used the very good command procedures written by Robert Byer +, and just slightly modified them, making +them slightly more general and easier to maintain. + +You can actually compile in almost any directory separately. Look +for a command procedure name xxx-LIB.COM (in the library directories) +or MAKExxx.COM (in the program directories) and read the comments at +the top to understand how to use them. However, if you want to +compile all you can get, the simplest is to use MAKEVMS.COM in the top +directory. The syntax is the following: + + @MAKEVMS