72 lines
3.8 KiB
Plaintext
72 lines
3.8 KiB
Plaintext
|
10-Apr-1998
|
||
|
I said the next version would go out at easter, and so it shall.
|
||
|
I expect a 0.9.1 will follow with portability fixes in the next few weeks.
|
||
|
|
||
|
This is a quick, meet the deadline. Look to ssl-users for comments on what
|
||
|
is new etc.
|
||
|
|
||
|
The state of play
|
||
|
- TLSv1 - I need to do some explaining about how the methods interact.
|
||
|
The bad news is that SSLeay 0.8.x application will not roll back to
|
||
|
SSLv3, I suffed up. 0.8.x is rather pedantic about the '3.0' version
|
||
|
number. Look at the 'no-tls' options in applications in the apps directory.
|
||
|
- The perl5 stuff is very rough. The SSL part does not work due to
|
||
|
reference count hassles in the BIO stuff. I just have not had time to
|
||
|
look at it. The cipher, digest and bignum stuff works though. I just
|
||
|
need to clean up the API.
|
||
|
- Lots of x86 assember. I now have it for des, 3des, rc4, rc5, blowfish,
|
||
|
cast, md5, sha1 and ripemd160. It has been tested on win32, linux (elf)
|
||
|
and FreeBSD (a.out).
|
||
|
- As mentioned above, cast, rc5 and ripemd160 have been added.
|
||
|
- A simple HMAC set of functions.
|
||
|
- EX_DATA strucutre, which can be used by applications or other libraries
|
||
|
to tack arbitarty data against strucutures that include it.
|
||
|
You will probably have to see examples to see how to use it, and I will
|
||
|
elaberate on the ssl-users mailing list
|
||
|
- RSA blinding. If you fear timing attacks on RSA, you can turn on
|
||
|
blinding which defeats it.
|
||
|
- From Tim Hudson, try running 'sh config' instead of 'perl Configure'.
|
||
|
I makes an educated guess as to what you are and then runs 'perl Configure'
|
||
|
- The error stuff has been modified so arbitary strings can be taged
|
||
|
against an error message. It is used in a few places to elaberate on
|
||
|
parameters that caused the error.
|
||
|
|
||
|
Areas of work
|
||
|
- The 16bit big-num assember needs a routine added. The WIN16 and
|
||
|
WIN32 stuff is ok, but MS-DOS or 286 builds need the update.
|
||
|
- Most of the bignum assember will not work. There will be a function
|
||
|
missing, bn_add_words(). I need people to send me the C compiler output
|
||
|
for platforms I don't already have. Currently, the assember is correct for
|
||
|
x86, win32, win16(386+), linux elf, FreeBSD a.out and sparc.
|
||
|
- PKCS7, I have delusions of s/MIME. I need to do a BIO interface.
|
||
|
- perl5, it needs finishing
|
||
|
- X509v3 extension. I have some ideas, I just need to
|
||
|
implement them :-)
|
||
|
- Public key methods. I need to clean up the library internally so
|
||
|
public key methods are loaded is a similar way to symetric ciphers
|
||
|
and digests. I also need to seperate out the digests from public
|
||
|
key methods. This stuff is needed to support sortware patents, smaller
|
||
|
code size and hardware tokens.
|
||
|
|
||
|
Anyway, this release gets out the bug fixes and TLS, but be warned, until
|
||
|
all those old SSLeay 0.8.x based server get upgraded, you will need to
|
||
|
connect with SSLv3 if TLSv1 fails.
|
||
|
|
||
|
eric (about to go bushwalking for the 4 day easter break :-)
|
||
|
|
||
|
PS Common problems
|
||
|
- For Win32 build, use /MD to specify your libraries, or build SSLeay with
|
||
|
the same flags as your application. Visual C stuffs up the malloc routines
|
||
|
if memory allocated by one memory model is freed by another. FILE pointers
|
||
|
are a major cause of these problem.
|
||
|
- If you are trying to use non-blocking IO and it is not working,
|
||
|
try 'ssleay s_client -help' and see if the -nbio option is listed.
|
||
|
For unixware, it has the non-block IO define in 'differnt' header file
|
||
|
and SSLeay will silently build without non-blocking IO calls (but for
|
||
|
unixware, the special header has been included).
|
||
|
- -DL_ENDIAN. For the message digests, some code needs to be turned off
|
||
|
in the C code when assember is used. For x86, this means the L_ENDIAN
|
||
|
needs to defined when x86 -DSHA1_ASM is defined. The reasons this is
|
||
|
not automagically done is because non-x86 assember could be bigendian.
|
||
|
For pure C code builds, the B_ENDIAN/L_ENDIAN flags are optional.
|