OpenSSL 0.9.8a

Changelog

• Fix potential SSL 2.0 rollback, CAN-2005-2969
• Extended Windows CE support

OpenSSL 0.9.7h

Changelog

• Fix SSL 2.0 Rollback, CAN-2005-2969
• Allow use of fixed-length exponent on DSA signing
• Default fixed-window RSA, DSA, DH private-key operations

OpenSSL 0.9.8

Changelog

• Major work on the BIGNUM library for higher efficiency and to
  make operations more streamlined and less contradictory. This
  is the result of a major audit of the BIGNUM library.
• Addition of BIGNUM functions for fields GF(2^m) and NIST
  curves, to support the Elliptic Crypto functions.
• Major work on Elliptic Crypto; ECDH and ECDSA added, including
  the use through EVP, X509 and ENGINE.
• New ASN.1 mini-compiler that's usable through the OpenSSL
  configuration file.
• Added support for ASN.1 indefinite length constructed encoding.
• New PKCS#12 'medium level' API to manipulate PKCS#12 files.
• Complete rework of shared library construction and linking
  programs with shared or static libraries, through a separate
  Makefile.shared.
• Rework of the passing of parameters from one Makefile to another.
• Changed ENGINE framework to load dynamic engine modules
  automatically from specifically given directories.
• New structure and ASN.1 functions for CertificatePair.
• Changed the ZLIB compression method to be stateful.
• Changed the key-generation and primality testing "progress"
  mechanism to take a structure that contains the ticker
  function and an argument.
• New engine module: GMP (performs private key exponentiation).
• New engine module: VIA PadLOck ACE extension in VIA C3
  Nehemiah processors.
• Added support for IPv6 addresses in certificate extensions.
  See RFC 1884, section 2.2.
• Added support for certificate policy mappings, policy
  constraints and name constraints.
• Added support for multi-valued AVAs in the OpenSSL
  configuration file.
• Added support for multiple certificates with the same subject
  in the 'openssl ca' index file.
• Make it possible to create self-signed certificates using
  'openssl ca -selfsign'.
• Make it possible to generate a serial number file with
  'openssl ca -create_serial'.
• New binary search functions with extended functionality.
• New BUF functions.
• New STORE structure and library to provide an interface to all
  sorts of data repositories. Supports storage of public and
  private keys, certificates, CRLs, numbers and arbitrary blobs.
  This library is unfortunately unfinished and unused withing
  OpenSSL.
• New control functions for the error stack.
• Changed the PKCS#7 library to support one-pass S/MIME
  processing.
• Added the possibility to compile without old deprecated
  functionality with the OPENSSL_NO_DEPRECATED macro or the
  'no-deprecated' argument to the config and Configure scripts.
• Constification of all ASN.1 conversion functions, and other
  affected functions.
• Improved platform support for PowerPC.
• New FIPS 180-2 algorithms (SHA-224, -256, -384 and -512).
• New X509_VERIFY_PARAM structure to support parametrisation
  of X.509 path validation.
• Major overhaul of RC4 performance on Intel P4, IA-64 and
  AMD64.
• Changed the Configure script to have some algorithms disabled
  by default. Those can be explicitely enabled with the new
  argument form 'enable-xxx'.
• Change the default digest in 'openssl' commands from MD5 to
  SHA-1.
• Added support for DTLS.
• New BIGNUM blinding.
• Added support for the RSA-PSS encryption scheme
• Added support for the RSA X.931 padding.
• Added support for BSD sockets on NetWare.
• Added support for files larger than 2GB.
• Added initial support for Win64.
• Added alternate pkg-config files.

OpenSSL 0.9.7g

Changelog

• More compilation issues fixed.
• Adaptation to more modern Kerberos API.
• Enhanced or corrected configuration for Solaris64, Mingw and Cygwin.
• Enhanced x86_64 assembler BIGNUM module.
• More constification.
• Added processing of proxy certificates (RFC 3820).

OpenSSL 0.9.7f

Changelog

• Several compilation issues fixed.
• Many memory allocation failure checks added.
• Improved comparison of X509 Name type.
• Mandatory basic checks on certificates.
• Performance improvements.

OpenSSL 0.9.7e

Changelog

• Fix race condition in CRL checking code.
• Fixes to PKCS#7 (S/MIME) code.

OpenSSL 0.9.7d

Changelog

• Security: Fix Kerberos ciphersuite SSL/TLS handshaking bug
• Security: Fix null-pointer assignment in do_change_cipher_spec()
• Allow multiple active certificates with same subject in CA index
• Multiple X590 verification fixes
• Speed up HMAC and other operations

OpenSSL 0.9.6m

Changelog

• Security: fix null-pointer bug leading to crash

OpenSSL engine-0.9.6m

Fix null-pointer assignment in do_change_cipher_spec() revealed

by using the Codenomicon TLS Test Tool (CAN-2004-0079)

Prepare for 0.9.6m release

Submitted by: Steven Henson
Reviewed by: Joe Orton
Approved by: Mark Cox

OpenSSL 0.9.6l

Changelog

• Security: fix ASN1 bug leading to large recursion