Hi, just skimmed freshmeat and noticed that a new openssl version(0.9.7) has been released. So far i only found a changelog on freshmeat, here it is: Changes: New features (OCSP, ENGINE framework, AES, Elliptic Curve), a complete rewrite of the ASN.1 parser/encoder, support for more platforms, better support for alternate randomness sources, many bugfixes, and removal of RSAref support.
This is the complete announcement. -----BEGIN PGP SIGNED MESSAGE----- OpenSSL version 0.9.7 released =============================== OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 0.9.7 of our open source toolkit for SSL/TLS. This new OpenSSL version is a major release and incorporates at least 262 changes and bugfixes to the toolkit (for a complete list see http://www.openssl.org/source/exp/CHANGES. The most significant changes are: o New library section OCSP. o Complete rewrite of ASN1 code. o CRL checking in verify code and openssl utility. o Extension copying in 'ca' utility. o Flexible display options in 'ca' utility. o Provisional support for international characters with UTF8. o Support for external crypto devices ('engine') is no longer a separate distribution. o New elliptic curve library section. o New AES (Rijndael) library section. o Support for new platforms: Windows CE, Tandem OSS, A/UX, AIX 64-bit, Linux x86_64, Linux 64-bit on Sparc v9 o Extended support for some platforms: VxWorks o Enhanced support for shared libraries. o Now only builds PIC code when shared library support is requested. o Support for pkg-config. o Lots of new manuals. o Makes symbolic links to or copies of manuals to cover all described functions. o Change DES API to clean up the namespace (some applications link also against libdes providing similar functions having the same name). Provide macros for backward compatibility (will be removed in the future). o Unify handling of cryptographic algorithms (software and engine) to be available via EVP routines for asymmetric and symmetric ciphers. o NCONF: new configuration handling routines. o Change API to use more 'const' modifiers to improve error checking and help optimizers. o Finally remove references to RSAref. o Reworked parts of the BIGNUM code. o Support for new engines: Broadcom ubsec, Accelerated Encryption Processing, IBM 4758. o A few new engines added in the demos area. o Extended and corrected OID (object identifier) table. o PRNG: query at more locations for a random device, automatic query for EGD style random sources at several locations. o SSL/TLS: allow optional cipher choice according to server's preference. o SSL/TLS: allow server to explicitly set new session ids. o SSL/TLS: support Kerberos cipher suites (RFC2712). Only supports MIT Kerberos for now. o SSL/TLS: allow more precise control of renegotiations and sessions. o SSL/TLS: add callback to retrieve SSL/TLS messages. o SSL/TLS: support AES cipher suites (RFC3268). We consider OpenSSL 0.9.7 to be the best version of OpenSSL available and we strongly recommend that users of older versions upgrade as soon as possible. OpenSSL 0.9.7 is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): o http://www.openssl.org/source/ o ftp://ftp.openssl.org/source/ OpenSSL 0.9.6 (all patch levels) came in the form of two distributions, a "normal" one and an "engine" variant that included support for external crypto devices. In 0.9.7, the "engine" framework is part of the "normal" distribution, so there are no variants of 0.9.7. The distribution file name is: o openssl-0.9.7.tar.gz [normal] MD5 checksum: ef376d14205afcfb831cd3720f705d79 The checksum was calculated using the following command: openssl md5 < openssl-0.9.7.tar.gz Yours, The OpenSSL Project Team... Mark J. Cox Ben Laurie Andy Polyakov Ralf S. Engelschall Richard Levitte Geoff Thorpe Dr. Stephen Henson Bodo M
This is the complete announcement. -----BEGIN PGP SIGNED MESSAGE----- OpenSSL version 0.9.7 released =============================== OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 0.9.7 of our open source toolkit for SSL/TLS. This new OpenSSL version is a major release and incorporates at least 262 changes and bugfixes to the toolkit (for a complete list see http://www.openssl.org/source/exp/CHANGES. The most significant changes are: o New library section OCSP. o Complete rewrite of ASN1 code. o CRL checking in verify code and openssl utility. o Extension copying in 'ca' utility. o Flexible display options in 'ca' utility. o Provisional support for international characters with UTF8. o Support for external crypto devices ('engine') is no longer a separate distribution. o New elliptic curve library section. o New AES (Rijndael) library section. o Support for new platforms: Windows CE, Tandem OSS, A/UX, AIX 64-bit, Linux x86_64, Linux 64-bit on Sparc v9 o Extended support for some platforms: VxWorks o Enhanced support for shared libraries. o Now only builds PIC code when shared library support is requested. o Support for pkg-config. o Lots of new manuals. o Makes symbolic links to or copies of manuals to cover all described functions. o Change DES API to clean up the namespace (some applications link also against libdes providing similar functions having the same name). Provide macros for backward compatibility (will be removed in the future). o Unify handling of cryptographic algorithms (software and engine) to be available via EVP routines for asymmetric and symmetric ciphers. o NCONF: new configuration handling routines. o Change API to use more 'const' modifiers to improve error checking and help optimizers. o Finally remove references to RSAref. o Reworked parts of the BIGNUM code. o Support for new engines: Broadcom ubsec, Accelerated Encryption Processing, IBM 4758. o A few new engines added in the demos area. o Extended and corrected OID (object identifier) table. o PRNG: query at more locations for a random device, automatic query for EGD style random sources at several locations. o SSL/TLS: allow optional cipher choice according to server's preference. o SSL/TLS: allow server to explicitly set new session ids. o SSL/TLS: support Kerberos cipher suites (RFC2712). Only supports MIT Kerberos for now. o SSL/TLS: allow more precise control of renegotiations and sessions. o SSL/TLS: add callback to retrieve SSL/TLS messages. o SSL/TLS: support AES cipher suites (RFC3268). We consider OpenSSL 0.9.7 to be the best version of OpenSSL available and we strongly recommend that users of older versions upgrade as soon as possible. OpenSSL 0.9.7 is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): o http://www.openssl.org/source/ o ftp://ftp.openssl.org/source/ OpenSSL 0.9.6 (all patch levels) came in the form of two distributions, a "normal" one and an "engine" variant that included support for external crypto devices. In 0.9.7, the "engine" framework is part of the "normal" distribution, so there are no variants of 0.9.7. The distribution file name is: o openssl-0.9.7.tar.gz [normal] MD5 checksum: ef376d14205afcfb831cd3720f705d79 The checksum was calculated using the following command: openssl md5 < openssl-0.9.7.tar.gz Yours, The OpenSSL Project Team... Mark J. Cox Ben Laurie Andy Polyakov Ralf S. Engelschall Richard Levitte Geoff Thorpe Dr. Stephen Henson Bodo Möller Lutz Jänicke Ulf Möller -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv iQEVAwUBPhDlY/Ty7ZjgbSyxAQEFlAgAktqLFxipUJnd64x/jShkBmgz+0hhhlfM 6bwMmNYYL8kMgsgvTdoqDgVD8gW3DoIv4xXKsamle9KCZY1aA6KFiU8NQMIzmr6U e5FUvwkoaw+X2buF7B5oCGLFOrvgrvNiVjGRzOSp0l+CLXC0/DP9tuzJ/0RJZeko YqDQVGAu+FhkZ5veIYTbo1vyuL4Vp6ZG+QMsHcEKfItV2rzCB9EPng7qQIU781a7 6kmLgMzNPsqWNW3Z6Ie6YpzVWVUxkiRBPCEEXlvc+jNdEbvG76ax8+Wje6PEsy78 KtRLbe9BAbBY0sMYB+0HEOZVeSZgqvLwhYm0aRg0VG/x3mTsSgSzxw== =NTIE -----END PGP SIGNATURE----- ______________________________________________________________________ OpenSSL Project http://www.openssl.org Announcement Mailing List openssl-announce@openssl.org Automated List Manager majordomo@openssl.org
Commited but masked, thanks for finding this!
So far so good ;-), but I couldn't compile openssh with it... I searched on their mailinglist and found my problem: http://bugzilla.mindrot.org/show_bug.cgi?id=462 Rigo's rule: when 'BN_mod' sounds familiar to you, follow Igor's advice below ! ;-D, Rogi <SNIP> ------- Additional Comment #13 From Igor V. Khristophorov 2003-01-04 19:21 I had the same problem, and it was because of old header file generated by gcc's fixincludes, namely /usr/lib/gcc-lib/.../openssl/bh.h. I just removed the whole directory openssl there. </SNIP>
