[ANNOUNCE] OpenSSL 0.9.8 beta 6 released

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


  OpenSSL version 0.9.8 Beta 6 (FINAL!)
  =====================================

  OpenSSL - The Open Source toolkit for SSL/TLS
  http://www.openssl.org/

  OpenSSL is currently in a release cycle.  The sixth beta is now
  released.  The beta release is available for download via HTTP and
  FTP from the following master locations (the various FTP mirrors you
  can find under http://www.openssl.org/source/mirror.html):

    o http://www.openssl.org/source/
    o ftp://ftp.openssl.org/source/

  PLEASE TEST THIS RELEASE!  This is a final beta.  The final release
  is due very soon, and we would like your help to make this as good a
  release as ever possible.  Among others, base64 decoding needs extra
  attention (see below).

  The file names of the beta are:

    o openssl-0.9.8-beta6.tar.gz
      MD5 checksum: e6771df5621169ae616adb3475aac71a
      SHA1 checksum: d5aad452a4a192780ff1990b5c75513eb8408fe2

  The checksums were calculated using the following command:

    openssl md5 < openssl-0.9.8-beta6.tar.gz
    openssl sha1 < openssl-0.9.8-beta6.tar.gz

  Please download and test them as soon as possible.  This new OpenSSL
  version incorporates 104 documented changes and bugfixes to the
  toolkit (for a complete list see http://www.openssl.org/source/exp/CHANGES
  and http://www.openssl.org/source/exp/NEWS).

  Since the fifth beta, the following has happened:

    - Change the DJGPP setup so it's DEVRANDOM is defined in e_os.h
      instead of in the build command line.
    - Worked around a DJGPP command line bug during installation of
      docs.
    - Worked out better target selections for BSD ELF.
    - Corrected the CPUid code for x86_64.
    - Made the base64 decoder a bit more robust.
    - We made sure crypto/bn/bn_prime.h is properly built during an
      update.
    - Enhanced the documentation on id_function in threads.pod.
    - Added a fallback to software in the CSwift engine.
    - Other bug fixes...

  Reports and patches should be sent to [hidden email].
  Discussions around the development of OpenSSL should be sent to
  [hidden email].  Anything else should go to
  [hidden email].

  The best way, at least on Unix, to create a report is to do the
  following after configuration:

      make report

  That will do a few basic checks of the compiler and bc, then build
  and run the tests.  The result will appear on screen and in the file
  "testlog".  Please read the report before sending it to us.  There
  may be problems that we can't solve for you, like missing programs.

  Yours,
  The OpenSSL Project Team...  

    Mark J. Cox             Nils Larsch         Ulf Möller
    Ralf S. Engelschall     Ben Laurie          Andy Polyakov
    Dr. Stephen Henson      Richard Levitte     Geoff Thorpe
    Lutz Jänicke            Bodo Möller
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFCt7G3p6+eePcJRTsRAmHnAJ9YcnbPEj2J48vkBHpZCBQ1vKQI/wCglgM5
wKq2R9+XiFHQS5aumgYaEkE=
=1qsL
-----END PGP SIGNATURE-----
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


  OpenSSL version 0.9.8 released
  ==========================================

  OpenSSL - The Open Source toolkit for SSL/TLS
  http://www.openssl.org/

  The OpenSSL project team is pleased to announce the release of
  version 0.9.8 of our open source toolkit for SSL/TLS.  This new
  OpenSSL version is a major release and incorporates many new
  features as well as major fixes compared to 0.9.7x.  For a complete
  list of changes, please see http://www.openssl.org/source/exp/CHANGES .

  The most significant changes are:

    o Major work on the BIGNUM library for higher efficiency and to
      make operations more streamlined and less contradictory.  This
      is the result of a major audit of the BIGNUM library.
    o Addition of BIGNUM functions for fields GF(2^m) and NIST
      curves, to support the Elliptic Crypto functions.
    o Major work on Elliptic Crypto; ECDH and ECDSA added, including
      the use through EVP, X509 and ENGINE.
    o New ASN.1 mini-compiler that's usable through the OpenSSL
      configuration file.
    o Added support for ASN.1 indefinite length constructed encoding.
    o New PKCS#12 'medium level' API to manipulate PKCS#12 files.
    o Complete rework of shared library construction and linking
      programs with shared or static libraries, through a separate
      Makefile.shared.
    o Rework of the passing of parameters from one Makefile to another.
    o Changed ENGINE framework to load dynamic engine modules
      automatically from specifically given directories.
    o New structure and ASN.1 functions for CertificatePair.
    o Changed the ZLIB compression method to be stateful.
    o Changed the key-generation and primality testing "progress"
      mechanism to take a structure that contains the ticker
      function and an argument.
    o New engine module: GMP (performs private key exponentiation).
    o New engine module: VIA PadLOck ACE extension in VIA C3
      Nehemiah processors.
    o Added support for IPv6 addresses in certificate extensions.
      See RFC 1884, section 2.2.
    o Added support for certificate policy mappings, policy
      constraints and name constraints.
    o Added support for multi-valued AVAs in the OpenSSL
      configuration file.
    o Added support for multiple certificates with the same subject
      in the 'openssl ca' index file.
    o Make it possible to create self-signed certificates using
      'openssl ca -selfsign'.
    o Make it possible to generate a serial number file with
      'openssl ca -create_serial'.
    o New binary search functions with extended functionality.
    o New BUF functions.
    o New STORE structure and library to provide an interface to all
      sorts of data repositories.  Supports storage of public and
      private keys, certificates, CRLs, numbers and arbitrary blobs.
      This library is unfortunately unfinished and unused withing
      OpenSSL.
    o New control functions for the error stack.
    o Changed the PKCS#7 library to support one-pass S/MIME
      processing.
    o Added the possibility to compile without old deprecated
      functionality with the OPENSSL_NO_DEPRECATED macro or the
      'no-deprecated' argument to the config and Configure scripts.
    o Constification of all ASN.1 conversion functions, and other
      affected functions.
    o Improved platform support for PowerPC.
    o New FIPS 180-2 algorithms (SHA-224, -256, -384 and -512).
    o New X509_VERIFY_PARAM structure to support parametrisation
      of X.509 path validation.
    o Major overhaul of RC4 performance on Intel P4, IA-64 and
      AMD64.
    o Changed the Configure script to have some algorithms disabled
      by default.  Those can be explicitely enabled with the new
      argument form 'enable-xxx'.
    o Change the default digest in 'openssl' commands from MD5 to
      SHA-1.
    o Added support for DTLS.
    o New BIGNUM blinding.
    o Added support for the RSA-PSS encryption scheme
    o Added support for the RSA X.931 padding.
    o Added support for BSD sockets on NetWare.
    o Added support for files larger than 2GB.
    o Added initial support for Win64.
    o Added alternate pkg-config files.

  We consider OpenSSL 0.9.8 to be the best version of OpenSSL available
  and we strongly recommend that users of older versions upgrade as
  soon as possible.  OpenSSL 0.9.8 is available for download via HTTP
  and FTP from the following master locations (you can find the various
  FTP mirrors under http://www.openssl.org/source/mirror.html):

    o http://www.openssl.org/source/
    o ftp://ftp.openssl.org/source/

  The distribution file name is:

    o openssl-0.9.8.tar.gz
      MD5 checksum: 9da21071596a124acde6080552deac16
      SHA1 checksum: 7350b0f0d1a6d257cb24b9d4dc5e30b80e49d6ac

  The checksums were calculated using the following command:

    openssl md5 < openssl-0.9.8.tar.gz
    openssl sha1 < openssl-0.9.8.tar.gz


  Yours,
  The OpenSSL Project Team...  

    Mark J. Cox             Nils Larsch         Ulf Möller
    Ralf S. Engelschall     Ben Laurie          Andy Polyakov
    Dr. Stephen Henson      Richard Levitte     Geoff Thorpe
    Lutz Jänicke            Bodo Möller
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFCyuIRp6+eePcJRTsRAmPlAJ9E/E0j4ckuIOVb+7xKFeQT0YjlnQCgtkVW
yc0z6p3sqHBzvitdStyEuJI=
=WBGr
-----END PGP SIGNATURE-----
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]

Richard Levitte - VMS Whacker wrote:
 > -----BEGIN PGP SIGNED MESSAGE-----
 > Hash: SHA1
 >
 >
 >   OpenSSL version 0.9.8 released
 >   ==========================================
 >
 >   OpenSSL - The Open Source toolkit for SSL/TLS
 >   http://www.openssl.org/
 >
 >   The OpenSSL project team is pleased to announce the release of
 >   version 0.9.8 of our open source toolkit for SSL/TLS.  This new
 >   OpenSSL version is a major release and incorporates many new
 >   features as well as major fixes compared to 0.9.7x.  For a complete
 >   list of changes, please see http://www.openssl.org/source/exp/CHANGES .



I would like to personally thank the entire OpenSSL team on behalf of
everyone using OpenSSL in any form.  You guys do a terrific job with
this project and this latest release is, well, wow.  The number of
changes in this release are insane.  Keep up the great work!

On another note:
The Win32 OpenSSL Installation Project has officially switched to follow
OpenSSL's lead for 0.9.8.  Of important public note, this particular
project has dropped support for 0.9.6 and 0.9.6 Engine.  IMO, everyone
out there using OpenSSL of any form should upgrade to at least 0.9.7g,
preferrably 0.9.8.

The Win32 OpenSSL Installation Project provides pre-built static (New
Feature by popular demand!) and dynamic binaries, libraries, include
files, executables, and a number of Perl libraries for the _default_
build of OpenSSL.  It provides linker-compliant libraries for Visual C++
6 SP5, Visual C++ .NET and .NET 2003, Borland Builder 4/5/6 and
BuilderX, and MinGW.

This project is the only sanctioned binary distribution of OpenSSL by
the OpenSSL team.  Great care is taken to make it easy for both
developers and end-users to use this tool and utilize OpenSSL to its
fullest potential more quickly (more so for end-users than developers).

Thomas Hruska
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

Hi,

> I would like to personally thank the entire OpenSSL team on behalf of
> everyone using OpenSSL in any form.  You guys do a terrific job with
> this project and this latest release is, well, wow.  The number of
> changes in this release are insane.  Keep up the great work!

ditto.  but I have a question - are the hifn (and other 256bit capable cards)
now doing 256bit AES natively in hardware byd efault now - or do i still
have to patch the OpenSSL with the 256bit AES patch which has been kicking around
for a long time now?

(i'm talking about patch-hw_cryptodev.c-aes_256 which came from 2003/08/07)

Alan
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]