]>
Commit | Line | Data |
---|---|---|
81a6c781 | 1 | |
f1c236f8 | 2 | OpenSSL CHANGES |
651d0aff RE |
3 | _______________ |
4 | ||
4d94ae00 BM |
5 | Changes between 0.9.7 and 0.9.8 [xx XXX 2002] |
6 | ||
82652aaf BM |
7 | *) Add a function EC_GROUP_check_discriminant() (defined via |
8 | EC_METHOD) that verifies that the curve discriminant is non-zero. | |
9 | ||
10 | Add a function EC_GROUP_check() that makes some sanity tests | |
11 | on a EC_GROUP, its generator and order. This includes | |
12 | EC_GROUP_check_discriminant(). | |
13 | [Nils Larsch <nla@trustcenter.de>] | |
14 | ||
4d94ae00 BM |
15 | *) Add ECDSA in new directory crypto/ecdsa/. |
16 | ||
17 | Add applications 'openssl ecdsaparam' and 'openssl ecdsa' | |
18 | (these are variants of 'openssl dsaparam' and 'openssl dsa'). | |
19 | ||
20 | ECDSA support is also included in various other files across the | |
21 | library. Most notably, | |
22 | - 'openssl req' now has a '-newkey ecdsa:file' option; | |
23 | - EVP_PKCS82PKEY (crypto/evp/evp_pkey.c) now can handle ECDSA; | |
24 | - X509_PUBKEY_get (crypto/asn1/x_pubkey.c) and | |
25 | d2i_PublicKey (crypto/asn1/d2i_pu.c) have been modified to make | |
26 | them suitable for ECDSA where domain parameters must be | |
27 | extracted before the specific public key. | |
f8e21776 | 28 | [Nils Larsch <nla@trustcenter.de>] |
4d94ae00 | 29 | |
af28dd6c BM |
30 | *) Include some named elliptic curves, and add OIDs from X9.62, |
31 | SECG, and WAP/WTLS. The curves can be obtained from the new | |
32 | functions | |
4d94ae00 BM |
33 | EC_GROUP_new_by_nid() |
34 | EC_GROUP_new_by_name() | |
35 | Also add a 'nid' field to EC_GROUP objects, which can be accessed | |
36 | via | |
37 | EC_GROUP_set_nid() | |
38 | EC_GROUP_get_nid() | |
39 | [Nils Larsch <nla@trustcenter.de, Bodo Moeller] | |
40 | ||
381a146d | 41 | Changes between 0.9.6d and 0.9.7 [XX xxx 2002] |
4d94ae00 | 42 | |
c0455cbb LJ |
43 | *) Fix escaping of non-ASCII characters when using the -subj option |
44 | of the "openssl req" command line tool. (Robert Joop <joop@fokus.gmd.de>) | |
45 | [Lutz Jaenicke] | |
46 | ||
85fb12d5 | 47 | *) Make object definitions compliant to LDAP (RFC2256): SN is the short |
e9cbcb1d LJ |
48 | form for "surname", serialNumber has no short form. |
49 | Use "mail" as the short name for "rfc822Mailbox" according to RFC2798; | |
50 | therefore remove "mail" short name for "internet 7". | |
51 | Some more OID additions. (Michael Bell <michael.bell@rz.hu-berlin.de>) | |
08b977b5 | 52 | [Lutz Jaenicke] |
ffbe98b7 | 53 | |
85fb12d5 | 54 | *) Add an "init" command to the ENGINE config module and auto initialize |
0dc09233 DSH |
55 | ENGINEs. Without any "init" command the ENGINE will be initialized |
56 | after all ctrl commands have been executed on it. If init=1 the | |
57 | ENGINE is initailized at that point (ctrls before that point are run | |
58 | on the uninitialized ENGINE and after on the initialized one). If | |
59 | init=0 then the ENGINE will not be iniatialized at all. | |
60 | [Steve Henson] | |
61 | ||
85fb12d5 | 62 | *) Fix the 'app_verify_callback' interface so that the user-defined |
023ec151 BM |
63 | argument is actually passed to the callback: In the |
64 | SSL_CTX_set_cert_verify_callback() prototype, the callback | |
65 | declaration has been changed from | |
66 | int (*cb)() | |
67 | into | |
68 | int (*cb)(X509_STORE_CTX *,void *); | |
69 | in ssl_verify_cert_chain (ssl/ssl_cert.c), the call | |
70 | i=s->ctx->app_verify_callback(&ctx) | |
71 | has been changed into | |
72 | i=s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg). | |
73 | ||
74 | To update applications using SSL_CTX_set_cert_verify_callback(), | |
75 | a dummy argument can be added to their callback functions. | |
76 | [D. K. Smetters <smetters@parc.xerox.com>] | |
77 | ||
85fb12d5 | 78 | *) Added the '4758cca' ENGINE to support IBM 4758 cards. |
92d1bc09 GT |
79 | [Maurice Gittens <maurice@gittens.nl>, touchups by Geoff Thorpe] |
80 | ||
85fb12d5 | 81 | *) Add and OPENSSL_LOAD_CONF define which will cause |
e84be9b4 DSH |
82 | OpenSSL_add_all_algorithms() to load the openssl.cnf config file. |
83 | This allows older applications to transparently support certain | |
84 | OpenSSL features: such as crypto acceleration and dynamic ENGINE loading. | |
85 | Two new functions OPENSSL_add_all_algorithms_noconf() which will never | |
86 | load the config file and OPENSSL_add_all_algorithms_conf() which will | |
87 | always load it have also been added. | |
88 | [Steve Henson] | |
89 | ||
85fb12d5 | 90 | *) Add the OFB, CFB and CTR (all with 128 bit feedback) to AES. |
0d22b5da RL |
91 | Adjust NIDs and EVP layer. |
92 | [Stephen Sprunk <stephen@sprunk.org> and Richard Levitte] | |
93 | ||
85fb12d5 | 94 | *) Config modules support in openssl utility. |
3647bee2 DSH |
95 | |
96 | Most commands now load modules from the config file, | |
97 | though in a few (such as version) this isn't done | |
98 | because it couldn't be used for anything. | |
99 | ||
100 | In the case of ca and req the config file used is | |
101 | the same as the utility itself: that is the -config | |
102 | command line option can be used to specify an | |
103 | alternative file. | |
104 | [Steve Henson] | |
105 | ||
85fb12d5 | 106 | *) Move default behaviour from OPENSSL_config(). If appname is NULL |
92f91ff4 DSH |
107 | use "openssl_conf" if filename is NULL use default openssl config file. |
108 | [Steve Henson] | |
109 | ||
85fb12d5 | 110 | *) Add an argument to OPENSSL_config() to allow the use of an alternative |
92f91ff4 DSH |
111 | config section name. Add a new flag to tolerate a missing config file |
112 | and move code to CONF_modules_load_file(). | |
113 | [Steve Henson] | |
114 | ||
85fb12d5 | 115 | *) Support for crypto accelerator cards from Accelerated Encryption |
3cd039dd RL |
116 | Processing, www.aep.ie. (Use engine 'aep') |
117 | The support was copied from 0.9.6c [engine] and adapted/corrected | |
118 | to work with the new engine framework. | |
119 | [AEP Inc. and Richard Levitte] | |
120 | ||
85fb12d5 | 121 | *) Support for SureWare crypto accelerator cards from Baltimore |
3cd039dd RL |
122 | Technologies. (Use engine 'sureware') |
123 | The support was copied from 0.9.6c [engine] and adapted | |
124 | to work with the new engine framework. | |
125 | [Richard Levitte] | |
126 | ||
85fb12d5 | 127 | *) Have the CHIL engine fork-safe (as defined by nCipher) and actually |
1199e2d8 RL |
128 | make the newer ENGINE framework commands for the CHIL engine work. |
129 | [Toomas Kiisk <vix@cyber.ee> and Richard Levitte] | |
130 | ||
85fb12d5 | 131 | *) Make it possible to produce shared libraries on ReliantUNIX. |
a3fffd64 RL |
132 | [Robert Dahlem <Robert.Dahlem@ffm2.siemens.de> via Richard Levitte] |
133 | ||
85fb12d5 | 134 | *) Add the configuration target debug-linux-ppro. |
80bb905d RL |
135 | Make 'openssl rsa' use the general key loading routines |
136 | implemented in apps.c, and make those routines able to | |
137 | handle the key format FORMAT_NETSCAPE and the variant | |
138 | FORMAT_IISSGC. | |
139 | [Toomas Kiisk <vix@cyber.ee> via Richard Levitte] | |
140 | ||
381a146d | 141 | *) Fix a crashbug and a logic bug in hwcrhk_load_pubkey(). |
80bb905d RL |
142 | [Toomas Kiisk <vix@cyber.ee> via Richard Levitte] |
143 | ||
85fb12d5 | 144 | *) Add -keyform to rsautl, and document -engine. |
8242a6a9 RL |
145 | [Richard Levitte, inspired by Toomas Kiisk <vix@cyber.ee>] |
146 | ||
85fb12d5 | 147 | *) Change BIO_new_file (crypto/bio/bss_file.c) to use new |
a14e2d9d BM |
148 | BIO_R_NO_SUCH_FILE error code rather than the generic |
149 | ERR_R_SYS_LIB error code if fopen() fails with ENOENT. | |
150 | [Ben Laurie] | |
151 | ||
85fb12d5 | 152 | *) Add new functions |
a14e2d9d BM |
153 | ERR_peek_last_error |
154 | ERR_peek_last_error_line | |
155 | ERR_peek_last_error_line_data. | |
156 | These are similar to | |
157 | ERR_peek_error | |
158 | ERR_peek_error_line | |
159 | ERR_peek_error_line_data, | |
160 | but report on the latest error recorded rather than the first one | |
161 | still in the error queue. | |
162 | [Ben Laurie, Bodo Moeller] | |
163 | ||
85fb12d5 | 164 | *) default_algorithms option in ENGINE config module. This allows things |
df5eaa8a DSH |
165 | like: |
166 | default_algorithms = ALL | |
167 | default_algorithms = RSA, DSA, RAND, CIPHERS, DIGESTS | |
168 | [Steve Henson] | |
169 | ||
85fb12d5 | 170 | *) Prelminary ENGINE config module. |
c9501c22 DSH |
171 | [Steve Henson] |
172 | ||
85fb12d5 | 173 | *) New experimental application configuration code. |
bc37d996 DSH |
174 | [Steve Henson] |
175 | ||
85fb12d5 | 176 | *) Change the AES code to follow the same name structure as all other |
6f9079fd RL |
177 | symmetric ciphers, and behave the same way. Move everything to |
178 | the directory crypto/aes, thereby obsoleting crypto/rijndael. | |
179 | [Stephen Sprunk <stephen@sprunk.org> and Richard Levitte] | |
180 | ||
85fb12d5 | 181 | *) SECURITY: remove unsafe setjmp/signal interaction from ui_openssl.c. |
7c517a04 BL |
182 | [Ben Laurie and Theo de Raadt] |
183 | ||
85fb12d5 | 184 | *) Add option to output public keys in req command. |
21a85f19 DSH |
185 | [Massimiliano Pala madwolf@openca.org] |
186 | ||
85fb12d5 | 187 | *) Use wNAFs in EC_POINTs_mul() for improved efficiency |
76c4336c | 188 | (up to about 10% better than before for P-192 and P-224). |
3ba1f111 BM |
189 | [Bodo Moeller] |
190 | ||
85fb12d5 | 191 | *) New functions/macros |
7aa983c6 BM |
192 | |
193 | SSL_CTX_set_msg_callback(ctx, cb) | |
194 | SSL_CTX_set_msg_callback_arg(ctx, arg) | |
195 | SSL_set_msg_callback(ssl, cb) | |
196 | SSL_set_msg_callback_arg(ssl, arg) | |
197 | ||
198 | to request calling a callback function | |
199 | ||
200 | void cb(int write_p, int version, int content_type, | |
201 | const void *buf, size_t len, SSL *ssl, void *arg) | |
202 | ||
203 | whenever a protocol message has been completely received | |
204 | (write_p == 0) or sent (write_p == 1). Here 'version' is the | |
205 | protocol version according to which the SSL library interprets | |
206 | the current protocol message (SSL2_VERSION, SSL3_VERSION, or | |
207 | TLS1_VERSION). 'content_type' is 0 in the case of SSL 2.0, or | |
208 | the content type as defined in the SSL 3.0/TLS 1.0 protocol | |
209 | specification (change_cipher_spec(20), alert(21), handshake(22)). | |
210 | 'buf' and 'len' point to the actual message, 'ssl' to the | |
211 | SSL object, and 'arg' is the application-defined value set by | |
212 | SSL[_CTX]_set_msg_callback_arg(). | |
213 | ||
214 | 'openssl s_client' and 'openssl s_server' have new '-msg' options | |
215 | to enable a callback that displays all protocol messages. | |
216 | [Bodo Moeller] | |
217 | ||
85fb12d5 | 218 | *) Change the shared library support so shared libraries are built as |
a7b42009 RL |
219 | soon as the corresponding static library is finished, and thereby get |
220 | openssl and the test programs linked against the shared library. | |
221 | This still only happens when the keyword "shard" has been given to | |
222 | the configuration scripts. | |
223 | ||
224 | NOTE: shared library support is still an experimental thing, and | |
225 | backward binary compatibility is still not guaranteed. | |
226 | ["Maciej W. Rozycki" <macro@ds2.pg.gda.pl> and Richard Levitte] | |
227 | ||
85fb12d5 | 228 | *) Add support for Subject Information Access extension. |
7d5b04db DSH |
229 | [Peter Sylvester <Peter.Sylvester@EdelWeb.fr>] |
230 | ||
85fb12d5 | 231 | *) Make BUF_MEM_grow() behaviour more consistent: Initialise to zero |
48b0cf8b BM |
232 | additional bytes when new memory had to be allocated, not just |
233 | when reusing an existing buffer. | |
234 | [Bodo Moeller] | |
235 | ||
85fb12d5 | 236 | *) New command line and configuration option 'utf8' for the req command. |
1fc6d41b DSH |
237 | This allows field values to be specified as UTF8 strings. |
238 | [Steve Henson] | |
239 | ||
85fb12d5 | 240 | *) Add -multi and -mr options to "openssl speed" - giving multiple parallel |
0e211563 BL |
241 | runs for the former and machine-readable output for the latter. |
242 | [Ben Laurie] | |
243 | ||
85fb12d5 | 244 | *) Add '-noemailDN' option to 'openssl ca'. This prevents inclusion |
89da653f BM |
245 | of the e-mail address in the DN (i.e., it will go into a certificate |
246 | extension only). The new configuration file option 'email_in_dn = no' | |
247 | has the same effect. | |
248 | [Massimiliano Pala madwolf@openca.org] | |
249 | ||
85fb12d5 | 250 | *) Change all functions with names starting with des_ to be starting |
12852213 | 251 | with DES_ instead. Add wrappers that are compatible with libdes, |
2d57b73a | 252 | but are named _ossl_old_des_*. Finally, add macros that map the |
0d81c69b RL |
253 | des_* symbols to the corresponding _ossl_old_des_* if libdes |
254 | compatibility is desired. If OpenSSL 0.9.6c compatibility is | |
255 | desired, the des_* symbols will be mapped to DES_*, with one | |
256 | exception. | |
12852213 | 257 | |
0d81c69b RL |
258 | Since we provide two compatibility mappings, the user needs to |
259 | define the macro OPENSSL_DES_LIBDES_COMPATIBILITY if libdes | |
260 | compatibility is desired. The default (i.e., when that macro | |
261 | isn't defined) is OpenSSL 0.9.6c compatibility. | |
262 | ||
263 | There are also macros that enable and disable the support of old | |
264 | des functions altogether. Those are OPENSSL_ENABLE_OLD_DES_SUPPORT | |
265 | and OPENSSL_DISABLE_OLD_DES_SUPPORT. If none or both of those | |
266 | are defined, the default will apply: to support the old des routines. | |
267 | ||
268 | In either case, one must include openssl/des.h to get the correct | |
269 | definitions. Do not try to just include openssl/des_old.h, that | |
270 | won't work. | |
c2e4f17c RL |
271 | |
272 | NOTE: This is a major break of an old API into a new one. Software | |
273 | authors are encouraged to switch to the DES_ style functions. Some | |
274 | time in the future, des_old.h and the libdes compatibility functions | |
0d81c69b RL |
275 | will be disable (i.e. OPENSSL_DISABLE_OLD_DES_SUPPORT will be the |
276 | default), and then completely removed. | |
c2e4f17c RL |
277 | [Richard Levitte] |
278 | ||
85fb12d5 | 279 | *) Test for certificates which contain unsupported critical extensions. |
f1558bb4 DSH |
280 | If such a certificate is found during a verify operation it is |
281 | rejected by default: this behaviour can be overridden by either | |
282 | handling the new error X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION or | |
283 | by setting the verify flag X509_V_FLAG_IGNORE_CRITICAL. A new function | |
284 | X509_supported_extension() has also been added which returns 1 if a | |
285 | particular extension is supported. | |
286 | [Steve Henson] | |
287 | ||
85fb12d5 | 288 | *) Modify the behaviour of EVP cipher functions in similar way to digests |
581f1c84 DSH |
289 | to retain compatibility with existing code. |
290 | [Steve Henson] | |
291 | ||
85fb12d5 | 292 | *) Modify the behaviour of EVP_DigestInit() and EVP_DigestFinal() to retain |
50d194af DSH |
293 | compatibility with existing code. In particular the 'ctx' parameter does |
294 | not have to be to be initialized before the call to EVP_DigestInit() and | |
295 | it is tidied up after a call to EVP_DigestFinal(). New function | |
296 | EVP_DigestFinal_ex() which does not tidy up the ctx. Similarly function | |
297 | EVP_MD_CTX_copy() changed to not require the destination to be | |
298 | initialized valid and new function EVP_MD_CTX_copy_ex() added which | |
299 | requires the destination to be valid. | |
300 | ||
301 | Modify all the OpenSSL digest calls to use EVP_DigestInit_ex(), | |
302 | EVP_DigestFinal_ex() and EVP_MD_CTX_copy_ex(). | |
20d2186c DSH |
303 | [Steve Henson] |
304 | ||
85fb12d5 | 305 | *) Change ssl3_get_message (ssl/s3_both.c) and the functions using it |
48948d53 BM |
306 | so that complete 'Handshake' protocol structures are kept in memory |
307 | instead of overwriting 'msg_type' and 'length' with 'body' data. | |
308 | [Bodo Moeller] | |
309 | ||
85fb12d5 | 310 | *) Add an implementation of SSL_add_dir_cert_subjects_to_stack for Win32. |
285046ec RL |
311 | [Massimo Santin via Richard Levitte] |
312 | ||
85fb12d5 | 313 | *) Major restructuring to the underlying ENGINE code. This includes |
07cee702 GT |
314 | reduction of linker bloat, separation of pure "ENGINE" manipulation |
315 | (initialisation, etc) from functionality dealing with implementations | |
316 | of specific crypto iterfaces. This change also introduces integrated | |
317 | support for symmetric ciphers and digest implementations - so ENGINEs | |
318 | can now accelerate these by providing EVP_CIPHER and EVP_MD | |
319 | implementations of their own. This is detailed in crypto/engine/README | |
320 | as it couldn't be adequately described here. However, there are a few | |
321 | API changes worth noting - some RSA, DSA, DH, and RAND functions that | |
322 | were changed in the original introduction of ENGINE code have now | |
323 | reverted back - the hooking from this code to ENGINE is now a good | |
324 | deal more passive and at run-time, operations deal directly with | |
325 | RSA_METHODs, DSA_METHODs (etc) as they did before, rather than | |
326 | dereferencing through an ENGINE pointer any more. Also, the ENGINE | |
327 | functions dealing with BN_MOD_EXP[_CRT] handlers have been removed - | |
328 | they were not being used by the framework as there is no concept of a | |
329 | BIGNUM_METHOD and they could not be generalised to the new | |
330 | 'ENGINE_TABLE' mechanism that underlies the new code. Similarly, | |
331 | ENGINE_cpy() has been removed as it cannot be consistently defined in | |
332 | the new code. | |
333 | [Geoff Thorpe] | |
334 | ||
85fb12d5 | 335 | *) Change ASN1_GENERALIZEDTIME_check() to allow fractional seconds. |
d46c1a81 DSH |
336 | [Steve Henson] |
337 | ||
85fb12d5 | 338 | *) Change mkdef.pl to sort symbols that get the same entry number, |
89eeccac RL |
339 | and make sure the automatically generated functions ERR_load_* |
340 | become part of libeay.num as well. | |
341 | [Richard Levitte] | |
342 | ||
85fb12d5 | 343 | *) New function SSL_renegotiate_pending(). This returns true once |
6b0e9fac BM |
344 | renegotiation has been requested (either SSL_renegotiate() call |
345 | or HelloRequest/ClientHello receveived from the peer) and becomes | |
346 | false once a handshake has been completed. | |
347 | (For servers, SSL_renegotiate() followed by SSL_do_handshake() | |
348 | sends a HelloRequest, but does not ensure that a handshake takes | |
349 | place. SSL_renegotiate_pending() is useful for checking if the | |
350 | client has followed the request.) | |
351 | [Bodo Moeller] | |
352 | ||
85fb12d5 | 353 | *) New SSL option SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION. |
6b0e9fac BM |
354 | By default, clients may request session resumption even during |
355 | renegotiation (if session ID contexts permit); with this option, | |
356 | session resumption is possible only in the first handshake. | |
357 | [Bodo Moeller] | |
358 | ||
85fb12d5 | 359 | *) Add some demos for certificate and certificate request creation. |
96bd6f73 DSH |
360 | [Steve Henson] |
361 | ||
85fb12d5 | 362 | *) Make maximum certificate chain size accepted from the peer application |
c0f5dd07 LJ |
363 | settable (SSL*_get/set_max_cert_list()), as proposed by |
364 | "Douglas E. Engert" <deengert@anl.gov>. | |
365 | [Lutz Jaenicke] | |
366 | ||
85fb12d5 | 367 | *) Add support for shared libraries for Unixware-7 |
b26ca340 | 368 | (Boyd Lynn Gerber <gerberb@zenez.com>). |
6c36f7a9 LJ |
369 | [Lutz Jaenicke] |
370 | ||
85fb12d5 | 371 | *) Add a "destroy" handler to ENGINEs that allows structural cleanup to |
908efd3b GT |
372 | be done prior to destruction. Use this to unload error strings from |
373 | ENGINEs that load their own error strings. NB: This adds two new API | |
374 | functions to "get" and "set" this destroy handler in an ENGINE. | |
a9ed4da8 | 375 | [Geoff Thorpe] |
908efd3b | 376 | |
85fb12d5 | 377 | *) Alter all existing ENGINE implementations (except "openssl" and |
541814c4 GT |
378 | "openbsd") to dynamically instantiate their own error strings. This |
379 | makes them more flexible to be built both as statically-linked ENGINEs | |
380 | and self-contained shared-libraries loadable via the "dynamic" ENGINE. | |
381 | Also, add stub code to each that makes building them as self-contained | |
382 | shared-libraries easier (see README.ENGINE). | |
383 | [Geoff Thorpe] | |
384 | ||
85fb12d5 | 385 | *) Add a "dynamic" ENGINE that provides a mechanism for binding ENGINE |
541814c4 GT |
386 | implementations into applications that are completely implemented in |
387 | self-contained shared-libraries. The "dynamic" ENGINE exposes control | |
388 | commands that can be used to configure what shared-library to load and | |
389 | to control aspects of the way it is handled. Also, made an update to | |
390 | the README.ENGINE file that brings its information up-to-date and | |
391 | provides some information and instructions on the "dynamic" ENGINE | |
392 | (ie. how to use it, how to build "dynamic"-loadable ENGINEs, etc). | |
393 | [Geoff Thorpe] | |
394 | ||
85fb12d5 | 395 | *) Make it possible to unload ranges of ERR strings with a new |
5b166395 GT |
396 | "ERR_unload_strings" function. |
397 | [Geoff Thorpe] | |
398 | ||
85fb12d5 | 399 | *) Add a copy() function to EVP_MD. |
26188931 BL |
400 | [Ben Laurie] |
401 | ||
85fb12d5 | 402 | *) Make EVP_MD routines take a context pointer instead of just the |
e3fefbfd | 403 | md_data void pointer. |
26188931 BL |
404 | [Ben Laurie] |
405 | ||
85fb12d5 | 406 | *) Add flags to EVP_MD and EVP_MD_CTX. EVP_MD_FLAG_ONESHOT indicates |
26188931 BL |
407 | that the digest can only process a single chunk of data |
408 | (typically because it is provided by a piece of | |
409 | hardware). EVP_MD_CTX_FLAG_ONESHOT indicates that the application | |
410 | is only going to provide a single chunk of data, and hence the | |
411 | framework needn't accumulate the data for oneshot drivers. | |
412 | [Ben Laurie] | |
413 | ||
85fb12d5 | 414 | *) As with "ERR", make it possible to replace the underlying "ex_data" |
36026dfc GT |
415 | functions. This change also alters the storage and management of global |
416 | ex_data state - it's now all inside ex_data.c and all "class" code (eg. | |
417 | RSA, BIO, SSL_CTX, etc) no longer stores its own STACKS and per-class | |
418 | index counters. The API functions that use this state have been changed | |
419 | to take a "class_index" rather than pointers to the class's local STACK | |
420 | and counter, and there is now an API function to dynamically create new | |
421 | classes. This centralisation allows us to (a) plug a lot of the | |
422 | thread-safety problems that existed, and (b) makes it possible to clean | |
423 | up all allocated state using "CRYPTO_cleanup_all_ex_data()". W.r.t. (b) | |
424 | such data would previously have always leaked in application code and | |
425 | workarounds were in place to make the memory debugging turn a blind eye | |
426 | to it. Application code that doesn't use this new function will still | |
427 | leak as before, but their memory debugging output will announce it now | |
428 | rather than letting it slide. | |
6ee2a136 BM |
429 | |
430 | Besides the addition of CRYPTO_cleanup_all_ex_data(), another API change | |
431 | induced by the "ex_data" overhaul is that X509_STORE_CTX_init() now | |
432 | has a return value to indicate success or failure. | |
36026dfc GT |
433 | [Geoff Thorpe] |
434 | ||
85fb12d5 | 435 | *) Make it possible to replace the underlying "ERR" functions such that the |
0783bf15 GT |
436 | global state (2 LHASH tables and 2 locks) is only used by the "default" |
437 | implementation. This change also adds two functions to "get" and "set" | |
438 | the implementation prior to it being automatically set the first time | |
439 | any other ERR function takes place. Ie. an application can call "get", | |
440 | pass the return value to a module it has just loaded, and that module | |
441 | can call its own "set" function using that value. This means the | |
442 | module's "ERR" operations will use (and modify) the error state in the | |
443 | application and not in its own statically linked copy of OpenSSL code. | |
444 | [Geoff Thorpe] | |
445 | ||
85fb12d5 | 446 | *) Give DH, DSA, and RSA types their own "**_up_ref()" function to increment |
eb6dc02b GT |
447 | reference counts. This performs normal REF_PRINT/REF_CHECK macros on |
448 | the operation, and provides a more encapsulated way for external code | |
449 | (crypto/evp/ and ssl/) to do this. Also changed the evp and ssl code | |
450 | to use these functions rather than manually incrementing the counts. | |
3cad81f6 BM |
451 | |
452 | Also rename "DSO_up()" function to more descriptive "DSO_up_ref()". | |
eb6dc02b GT |
453 | [Geoff Thorpe] |
454 | ||
85fb12d5 | 455 | *) Add EVP test program. |
0e360199 BL |
456 | [Ben Laurie] |
457 | ||
85fb12d5 | 458 | *) Add symmetric cipher support to ENGINE. Expect the API to change! |
354c3ace BL |
459 | [Ben Laurie] |
460 | ||
85fb12d5 | 461 | *) New CRL functions: X509_CRL_set_version(), X509_CRL_set_issuer_name() |
35bf3541 DSH |
462 | X509_CRL_set_lastUpdate(), X509_CRL_set_nextUpdate(), X509_CRL_sort(), |
463 | X509_REVOKED_set_serialNumber(), and X509_REVOKED_set_revocationDate(). | |
464 | These allow a CRL to be built without having to access X509_CRL fields | |
465 | directly. Modify 'ca' application to use new functions. | |
466 | [Steve Henson] | |
467 | ||
85fb12d5 | 468 | *) Move SSL_OP_TLS_ROLLBACK_BUG out of the SSL_OP_ALL list of recommended |
06da6e49 | 469 | bug workarounds. Rollback attack detection is a security feature. |
6383bbe5 | 470 | The problem will only arise on OpenSSL servers when TLSv1 is not |
06da6e49 LJ |
471 | available (sslv3_server_method() or SSL_OP_NO_TLSv1). |
472 | Software authors not wanting to support TLSv1 will have special reasons | |
473 | for their choice and can explicitly enable this option. | |
474 | [Bodo Moeller, Lutz Jaenicke] | |
475 | ||
85fb12d5 | 476 | *) Rationalise EVP so it can be extended: don't include a union of |
dbad1690 BL |
477 | cipher/digest structures, add init/cleanup functions. This also reduces |
478 | the number of header dependencies. | |
4f4b1924 BM |
479 | Usage example: |
480 | ||
481 | EVP_MD_CTX md; | |
482 | ||
483 | EVP_MD_CTX_init(&md); /* new function call */ | |
484 | EVP_DigestInit(&md, EVP_sha1()); | |
485 | EVP_DigestUpdate(&md, in, len); | |
486 | EVP_DigestFinal(&md, out, NULL); | |
487 | EVP_MD_CTX_cleanup(&md); /* new function call */ | |
488 | ||
dbad1690 BL |
489 | [Ben Laurie] |
490 | ||
85fb12d5 | 491 | *) Make DES key schedule conform to the usual scheme, as well as |
8408f4fb BL |
492 | correcting its structure. This means that calls to DES functions |
493 | now have to pass a pointer to a des_key_schedule instead of a | |
494 | plain des_key_schedule (which was actually always a pointer | |
4f4b1924 BM |
495 | anyway): E.g., |
496 | ||
497 | des_key_schedule ks; | |
498 | ||
499 | des_set_key_checked(..., &ks); | |
500 | des_ncbc_encrypt(..., &ks, ...); | |
501 | ||
502 | (Note that a later change renames 'des_...' into 'DES_...'.) | |
dbad1690 BL |
503 | [Ben Laurie] |
504 | ||
85fb12d5 | 505 | *) Initial reduction of linker bloat: the use of some functions, such as |
19da1300 DSH |
506 | PEM causes large amounts of unused functions to be linked in due to |
507 | poor organisation. For example pem_all.c contains every PEM function | |
508 | which has a knock on effect of linking in large amounts of (unused) | |
509 | ASN1 code. Grouping together similar functions and splitting unrelated | |
510 | functions prevents this. | |
511 | [Steve Henson] | |
512 | ||
85fb12d5 | 513 | *) Cleanup of EVP macros. |
381a146d | 514 | [Ben Laurie] |
6aecef81 | 515 | |
85fb12d5 | 516 | *) Change historical references to {NID,SN,LN}_des_ede and ede3 to add the |
381a146d LJ |
517 | correct _ecb suffix. |
518 | [Ben Laurie] | |
c518ade1 | 519 | |
85fb12d5 | 520 | *) Add initial OCSP responder support to ocsp application. The |
ee306a13 DSH |
521 | revocation information is handled using the text based index |
522 | use by the ca application. The responder can either handle | |
523 | requests generated internally, supplied in files (for example | |
524 | via a CGI script) or using an internal minimal server. | |
525 | [Steve Henson] | |
526 | ||
85fb12d5 | 527 | *) Add configuration choices to get zlib compression for TLS. |
e452de9d RL |
528 | [Richard Levitte] |
529 | ||
85fb12d5 | 530 | *) Changes to Kerberos SSL for RFC 2712 compliance: |
0665dd68 RL |
531 | 1. Implemented real KerberosWrapper, instead of just using |
532 | KRB5 AP_REQ message. [Thanks to Simon Wilkinson <sxw@sxw.org.uk>] | |
533 | 2. Implemented optional authenticator field of KerberosWrapper. | |
534 | ||
535 | Added openssl-style ASN.1 macros for Kerberos ticket, ap_req, | |
536 | and authenticator structs; see crypto/krb5/. | |
537 | ||
538 | Generalized Kerberos calls to support multiple Kerberos libraries. | |
539 | [Vern Staats <staatsvr@asc.hpc.mil>, | |
540 | Jeffrey Altman <jaltman@columbia.edu> | |
541 | via Richard Levitte] | |
542 | ||
85fb12d5 | 543 | *) Cause 'openssl speed' to use fully hard-coded DSA keys as it |
af436bc1 GT |
544 | already does with RSA. testdsa.h now has 'priv_key/pub_key' |
545 | values for each of the key sizes rather than having just | |
546 | parameters (and 'speed' generating keys each time). | |
547 | [Geoff Thorpe] | |
548 | ||
85fb12d5 | 549 | *) Speed up EVP routines. |
f31b1250 BL |
550 | Before: |
551 | encrypt | |
552 | type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes | |
553 | des-cbc 4408.85k 5560.51k 5778.46k 5862.20k 5825.16k | |
554 | des-cbc 4389.55k 5571.17k 5792.23k 5846.91k 5832.11k | |
555 | des-cbc 4394.32k 5575.92k 5807.44k 5848.37k 5841.30k | |
556 | decrypt | |
557 | des-cbc 3482.66k 5069.49k 5496.39k 5614.16k 5639.28k | |
558 | des-cbc 3480.74k 5068.76k 5510.34k 5609.87k 5635.52k | |
559 | des-cbc 3483.72k 5067.62k 5504.60k 5708.01k 5724.80k | |
560 | After: | |
561 | encrypt | |
c148d709 | 562 | des-cbc 4660.16k 5650.19k 5807.19k 5827.13k 5783.32k |
f31b1250 | 563 | decrypt |
c148d709 | 564 | des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k |
f31b1250 BL |
565 | [Ben Laurie] |
566 | ||
85fb12d5 | 567 | *) Added the OS2-EMX target. |
c80410c5 RL |
568 | ["Brian Havard" <brianh@kheldar.apana.org.au> and Richard Levitte] |
569 | ||
85fb12d5 | 570 | *) Rewrite apps to use NCONF routines instead of the old CONF. New functions |
b7a26e6d DSH |
571 | to support NCONF routines in extension code. New function CONF_set_nconf() |
572 | to allow functions which take an NCONF to also handle the old LHASH | |
573 | structure: this means that the old CONF compatible routines can be | |
574 | retained (in particular wrt extensions) without having to duplicate the | |
575 | code. New function X509V3_add_ext_nconf_sk to add extensions to a stack. | |
576 | [Steve Henson] | |
577 | ||
85fb12d5 | 578 | *) Enhance the general user interface with mechanisms for inner control |
e3fefbfd | 579 | and with possibilities to have yes/no kind of prompts. |
235dd0a2 RL |
580 | [Richard Levitte] |
581 | ||
85fb12d5 | 582 | *) Change all calls to low level digest routines in the library and |
323f289c DSH |
583 | applications to use EVP. Add missing calls to HMAC_cleanup() and |
584 | don't assume HMAC_CTX can be copied using memcpy(). | |
585 | [Verdon Walker <VWalker@novell.com>, Steve Henson] | |
586 | ||
85fb12d5 | 587 | *) Add the possibility to control engines through control names but with |
839590f5 RL |
588 | arbitrary arguments instead of just a string. |
589 | Change the key loaders to take a UI_METHOD instead of a callback | |
590 | function pointer. NOTE: this breaks binary compatibility with earlier | |
591 | versions of OpenSSL [engine]. | |
e3fefbfd | 592 | Adapt the nCipher code for these new conditions and add a card insertion |
839590f5 RL |
593 | callback. |
594 | [Richard Levitte] | |
595 | ||
85fb12d5 | 596 | *) Enhance the general user interface with mechanisms to better support |
9ad0f681 RL |
597 | dialog box interfaces, application-defined prompts, the possibility |
598 | to use defaults (for example default passwords from somewhere else) | |
e3fefbfd | 599 | and interrupts/cancellations. |
9ad0f681 RL |
600 | [Richard Levitte] |
601 | ||
85fb12d5 | 602 | *) Tidy up PKCS#12 attribute handling. Add support for the CSP name |
f2a253e0 DSH |
603 | attribute in PKCS#12 files, add new -CSP option to pkcs12 utility. |
604 | [Steve Henson] | |
605 | ||
85fb12d5 | 606 | *) Fix a memory leak in 'sk_dup()' in the case reallocation fails. (Also |
e3fefbfd | 607 | tidy up some unnecessarily weird code in 'sk_new()'). |
d918f851 GT |
608 | [Geoff, reported by Diego Tartara <dtartara@novamens.com>] |
609 | ||
85fb12d5 | 610 | *) Change the key loading routines for ENGINEs to use the same kind |
79bb8d00 RL |
611 | callback (pem_password_cb) as all other routines that need this |
612 | kind of callback. | |
613 | [Richard Levitte] | |
614 | ||
85fb12d5 | 615 | *) Increase ENTROPY_NEEDED to 32 bytes, as Rijndael can operate with |
e8734731 LJ |
616 | 256 bit (=32 byte) keys. Of course seeding with more entropy bytes |
617 | than this minimum value is recommended. | |
7e978372 | 618 | [Lutz Jaenicke] |
4831e626 | 619 | |
85fb12d5 | 620 | *) New random seeder for OpenVMS, using the system process statistics |
496da8b9 RL |
621 | that are easily reachable. |
622 | [Richard Levitte] | |
623 | ||
85fb12d5 | 624 | *) Windows apparently can't transparently handle global |
4831e626 DSH |
625 | variables defined in DLLs. Initialisations such as: |
626 | ||
627 | const ASN1_ITEM *it = &ASN1_INTEGER_it; | |
628 | ||
629 | wont compile. This is used by the any applications that need to | |
e3fefbfd | 630 | declare their own ASN1 modules. This was fixed by adding the option |
4831e626 DSH |
631 | EXPORT_VAR_AS_FN to all Win32 platforms, although this isn't strictly |
632 | needed for static libraries under Win32. | |
633 | [Steve Henson] | |
634 | ||
85fb12d5 | 635 | *) New functions X509_PURPOSE_set() and X509_TRUST_set() to handle |
926a56bf DSH |
636 | setting of purpose and trust fields. New X509_STORE trust and |
637 | purpose functions and tidy up setting in other SSL functions. | |
638 | [Steve Henson] | |
639 | ||
85fb12d5 | 640 | *) Add copies of X509_STORE_CTX fields and callbacks to X509_STORE |
bdee69f7 DSH |
641 | structure. These are inherited by X509_STORE_CTX when it is |
642 | initialised. This allows various defaults to be set in the | |
643 | X509_STORE structure (such as flags for CRL checking and custom | |
644 | purpose or trust settings) for functions which only use X509_STORE_CTX | |
645 | internally such as S/MIME. | |
646 | ||
647 | Modify X509_STORE_CTX_purpose_inherit() so it only sets purposes and | |
648 | trust settings if they are not set in X509_STORE. This allows X509_STORE | |
649 | purposes and trust (in S/MIME for example) to override any set by default. | |
650 | ||
651 | Add command line options for CRL checking to smime, s_client and s_server | |
652 | applications. | |
653 | [Steve Henson] | |
654 | ||
85fb12d5 | 655 | *) Initial CRL based revocation checking. If the CRL checking flag(s) |
b545dc67 DSH |
656 | are set then the CRL is looked up in the X509_STORE structure and |
657 | its validity and signature checked, then if the certificate is found | |
658 | in the CRL the verify fails with a revoked error. | |
659 | ||
660 | Various new CRL related callbacks added to X509_STORE_CTX structure. | |
661 | ||
662 | Command line options added to 'verify' application to support this. | |
663 | ||
664 | This needs some additional work, such as being able to handle multiple | |
665 | CRLs with different times, extension based lookup (rather than just | |
666 | by subject name) and ultimately more complete V2 CRL extension | |
667 | handling. | |
668 | [Steve Henson] | |
669 | ||
85fb12d5 | 670 | *) Add a general user interface API (crypto/ui/). This is designed |
8a774dc9 BM |
671 | to replace things like des_read_password and friends (backward |
672 | compatibility functions using this new API are provided). | |
673 | The purpose is to remove prompting functions from the DES code | |
674 | section as well as provide for prompting through dialog boxes in | |
675 | a window system and the like. | |
a63d5eaa RL |
676 | [Richard Levitte] |
677 | ||
85fb12d5 | 678 | *) Add "ex_data" support to ENGINE so implementations can add state at a |
e5a77633 GT |
679 | per-structure level rather than having to store it globally. |
680 | [Geoff] | |
681 | ||
85fb12d5 | 682 | *) Make it possible for ENGINE structures to be copied when retrieved by |
e5a77633 GT |
683 | ENGINE_by_id() if the ENGINE specifies a new flag: ENGINE_FLAGS_BY_ID_COPY. |
684 | This causes the "original" ENGINE structure to act like a template, | |
685 | analogous to the RSA vs. RSA_METHOD type of separation. Because of this | |
686 | operational state can be localised to each ENGINE structure, despite the | |
687 | fact they all share the same "methods". New ENGINE structures returned in | |
688 | this case have no functional references and the return value is the single | |
689 | structural reference. This matches the single structural reference returned | |
690 | by ENGINE_by_id() normally, when it is incremented on the pre-existing | |
691 | ENGINE structure. | |
692 | [Geoff] | |
693 | ||
85fb12d5 | 694 | *) Fix ASN1 decoder when decoding type ANY and V_ASN1_OTHER: since this |
c962479b DSH |
695 | needs to match any other type at all we need to manually clear the |
696 | tag cache. | |
697 | [Steve Henson] | |
698 | ||
85fb12d5 | 699 | *) Changes to the "openssl engine" utility to include; |
2a8a10ed GT |
700 | - verbosity levels ('-v', '-vv', and '-vvv') that provide information |
701 | about an ENGINE's available control commands. | |
702 | - executing control commands from command line arguments using the | |
703 | '-pre' and '-post' switches. '-post' is only used if '-t' is | |
704 | specified and the ENGINE is successfully initialised. The syntax for | |
705 | the individual commands are colon-separated, for example; | |
706 | openssl engine chil -pre FORK_CHECK:0 -pre SO_PATH:/lib/test.so | |
707 | [Geoff] | |
708 | ||
85fb12d5 | 709 | *) New dynamic control command support for ENGINEs. ENGINEs can now |
2a8a10ed GT |
710 | declare their own commands (numbers), names (strings), descriptions, |
711 | and input types for run-time discovery by calling applications. A | |
712 | subset of these commands are implicitly classed as "executable" | |
713 | depending on their input type, and only these can be invoked through | |
714 | the new string-based API function ENGINE_ctrl_cmd_string(). (Eg. this | |
715 | can be based on user input, config files, etc). The distinction is | |
716 | that "executable" commands cannot return anything other than a boolean | |
717 | result and can only support numeric or string input, whereas some | |
718 | discoverable commands may only be for direct use through | |
719 | ENGINE_ctrl(), eg. supporting the exchange of binary data, function | |
720 | pointers, or other custom uses. The "executable" commands are to | |
721 | support parameterisations of ENGINE behaviour that can be | |
722 | unambiguously defined by ENGINEs and used consistently across any | |
723 | OpenSSL-based application. Commands have been added to all the | |
724 | existing hardware-supporting ENGINEs, noticeably "SO_PATH" to allow | |
725 | control over shared-library paths without source code alterations. | |
726 | [Geoff] | |
727 | ||
85fb12d5 | 728 | *) Changed all ENGINE implementations to dynamically allocate their |
2a8a10ed GT |
729 | ENGINEs rather than declaring them statically. Apart from this being |
730 | necessary with the removal of the ENGINE_FLAGS_MALLOCED distinction, | |
731 | this also allows the implementations to compile without using the | |
732 | internal engine_int.h header. | |
733 | [Geoff] | |
734 | ||
85fb12d5 | 735 | *) Minor adjustment to "rand" code. RAND_get_rand_method() now returns a |
4d6115a5 GT |
736 | 'const' value. Any code that should be able to modify a RAND_METHOD |
737 | should already have non-const pointers to it (ie. they should only | |
738 | modify their own ones). | |
739 | [Geoff] | |
740 | ||
85fb12d5 | 741 | *) Made a variety of little tweaks to the ENGINE code. |
4d6115a5 GT |
742 | - "atalla" and "ubsec" string definitions were moved from header files |
743 | to C code. "nuron" string definitions were placed in variables | |
744 | rather than hard-coded - allowing parameterisation of these values | |
745 | later on via ctrl() commands. | |
746 | - Removed unused "#if 0"'d code. | |
747 | - Fixed engine list iteration code so it uses ENGINE_free() to release | |
748 | structural references. | |
749 | - Constified the RAND_METHOD element of ENGINE structures. | |
750 | - Constified various get/set functions as appropriate and added | |
751 | missing functions (including a catch-all ENGINE_cpy that duplicates | |
752 | all ENGINE values onto a new ENGINE except reference counts/state). | |
753 | - Removed NULL parameter checks in get/set functions. Setting a method | |
e13ae96d | 754 | or function to NULL is a way of cancelling out a previously set |
4d6115a5 GT |
755 | value. Passing a NULL ENGINE parameter is just plain stupid anyway |
756 | and doesn't justify the extra error symbols and code. | |
757 | - Deprecate the ENGINE_FLAGS_MALLOCED define and move the area for | |
758 | flags from engine_int.h to engine.h. | |
759 | - Changed prototypes for ENGINE handler functions (init(), finish(), | |
760 | ctrl(), key-load functions, etc) to take an (ENGINE*) parameter. | |
761 | [Geoff] | |
762 | ||
85fb12d5 | 763 | *) Implement binary inversion algorithm for BN_mod_inverse in addition |
e3fefbfd | 764 | to the algorithm using long division. The binary algorithm can be |
1f224bf0 BM |
765 | used only if the modulus is odd. On 32-bit systems, it is faster |
766 | only for relatively small moduli (roughly 20-30% for 128-bit moduli, | |
767 | roughly 5-15% for 256-bit moduli), so we use it only for moduli | |
768 | up to 450 bits. In 64-bit environments, the binary algorithm | |
769 | appears to be advantageous for much longer moduli; here we use it | |
770 | for moduli up to 2048 bits. | |
7d0d0996 BM |
771 | [Bodo Moeller] |
772 | ||
85fb12d5 | 773 | *) Rewrite CHOICE field setting in ASN1_item_ex_d2i(). The old code |
722ca278 DSH |
774 | could not support the combine flag in choice fields. |
775 | [Steve Henson] | |
776 | ||
85fb12d5 | 777 | *) Add a 'copy_extensions' option to the 'ca' utility. This copies |
791bd0cd DSH |
778 | extensions from a certificate request to the certificate. |
779 | [Steve Henson] | |
780 | ||
85fb12d5 | 781 | *) Allow multiple 'certopt' and 'nameopt' options to be separated |
535d79da DSH |
782 | by commas. Add 'namopt' and 'certopt' options to the 'ca' config |
783 | file: this allows the display of the certificate about to be | |
784 | signed to be customised, to allow certain fields to be included | |
785 | or excluded and extension details. The old system didn't display | |
786 | multicharacter strings properly, omitted fields not in the policy | |
787 | and couldn't display additional details such as extensions. | |
788 | [Steve Henson] | |
789 | ||
85fb12d5 | 790 | *) Function EC_POINTs_mul for multiple scalar multiplication |
3ba1f111 BM |
791 | of an arbitrary number of elliptic curve points |
792 | \sum scalars[i]*points[i], | |
793 | optionally including the generator defined for the EC_GROUP: | |
794 | scalar*generator + \sum scalars[i]*points[i]. | |
795 | ||
38374911 BM |
796 | EC_POINT_mul is a simple wrapper function for the typical case |
797 | that the point list has just one item (besides the optional | |
798 | generator). | |
48fe4d62 BM |
799 | [Bodo Moeller] |
800 | ||
85fb12d5 | 801 | *) First EC_METHODs for curves over GF(p): |
48fe4d62 BM |
802 | |
803 | EC_GFp_simple_method() uses the basic BN_mod_mul and BN_mod_sqr | |
804 | operations and provides various method functions that can also | |
805 | operate with faster implementations of modular arithmetic. | |
806 | ||
807 | EC_GFp_mont_method() reuses most functions that are part of | |
808 | EC_GFp_simple_method, but uses Montgomery arithmetic. | |
809 | ||
810 | [Bodo Moeller; point addition and point doubling | |
811 | implementation directly derived from source code provided by | |
812 | Lenka Fibikova <fibikova@exp-math.uni-essen.de>] | |
813 | ||
85fb12d5 | 814 | *) Framework for elliptic curves (crypto/ec/ec.h, crypto/ec/ec_lcl.h, |
48fe4d62 BM |
815 | crypto/ec/ec_lib.c): |
816 | ||
6f8f4431 BM |
817 | Curves are EC_GROUP objects (with an optional group generator) |
818 | based on EC_METHODs that are built into the library. | |
48fe4d62 BM |
819 | |
820 | Points are EC_POINT objects based on EC_GROUP objects. | |
821 | ||
822 | Most of the framework would be able to handle curves over arbitrary | |
6f8f4431 BM |
823 | finite fields, but as there are no obvious types for fields other |
824 | than GF(p), some functions are limited to that for now. | |
48fe4d62 BM |
825 | [Bodo Moeller] |
826 | ||
85fb12d5 | 827 | *) Add the -HTTP option to s_server. It is similar to -WWW, but requires |
251cb4cf RL |
828 | that the file contains a complete HTTP response. |
829 | [Richard Levitte] | |
830 | ||
85fb12d5 | 831 | *) Add the ec directory to mkdef.pl and mkfiles.pl. In mkdef.pl |
b4f682d3 DSH |
832 | change the def and num file printf format specifier from "%-40sXXX" |
833 | to "%-39s XXX". The latter will always guarantee a space after the | |
834 | field while the former will cause them to run together if the field | |
835 | is 40 of more characters long. | |
836 | [Steve Henson] | |
837 | ||
85fb12d5 | 838 | *) Constify the cipher and digest 'method' functions and structures |
13588350 DSH |
839 | and modify related functions to take constant EVP_MD and EVP_CIPHER |
840 | pointers. | |
841 | [Steve Henson] | |
842 | ||
85fb12d5 | 843 | *) Hide BN_CTX structure details in bn_lcl.h instead of publishing them |
48fe4d62 | 844 | in <openssl/bn.h>. Also further increase BN_CTX_NUM to 32. |
c62b26fd BM |
845 | [Bodo Moeller] |
846 | ||
85fb12d5 | 847 | *) Modify EVP_Digest*() routines so they now return values. Although the |
2dc769a1 DSH |
848 | internal software routines can never fail additional hardware versions |
849 | might. | |
850 | [Steve Henson] | |
851 | ||
85fb12d5 | 852 | *) Clean up crypto/err/err.h and change some error codes to avoid conflicts: |
5277d7cb BM |
853 | |
854 | Previously ERR_R_FATAL was too small and coincided with ERR_LIB_PKCS7 | |
855 | (= ERR_R_PKCS7_LIB); it is now 64 instead of 32. | |
856 | ||
857 | ASN1 error codes | |
858 | ERR_R_NESTED_ASN1_ERROR | |
859 | ... | |
860 | ERR_R_MISSING_ASN1_EOS | |
861 | were 4 .. 9, conflicting with | |
862 | ERR_LIB_RSA (= ERR_R_RSA_LIB) | |
863 | ... | |
864 | ERR_LIB_PEM (= ERR_R_PEM_LIB). | |
865 | They are now 58 .. 63 (i.e., just below ERR_R_FATAL). | |
866 | ||
867 | Add new error code 'ERR_R_INTERNAL_ERROR'. | |
868 | [Bodo Moeller] | |
869 | ||
85fb12d5 | 870 | *) Don't overuse locks in crypto/err/err.c: For data retrieval, CRYPTO_r_lock |
5277d7cb BM |
871 | suffices. |
872 | [Bodo Moeller] | |
873 | ||
85fb12d5 | 874 | *) New option '-subj arg' for 'openssl req' and 'openssl ca'. This |
bad40585 BM |
875 | sets the subject name for a new request or supersedes the |
876 | subject name in a given request. Formats that can be parsed are | |
877 | 'CN=Some Name, OU=myOU, C=IT' | |
878 | and | |
879 | 'CN=Some Name/OU=myOU/C=IT'. | |
880 | ||
881 | Add options '-batch' and '-verbose' to 'openssl req'. | |
882 | [Massimiliano Pala <madwolf@hackmasters.net>] | |
883 | ||
85fb12d5 | 884 | *) Introduce the possibility to access global variables through |
62dc5aad RL |
885 | functions on platform were that's the best way to handle exporting |
886 | global variables in shared libraries. To enable this functionality, | |
887 | one must configure with "EXPORT_VAR_AS_FN" or defined the C macro | |
888 | "OPENSSL_EXPORT_VAR_AS_FUNCTION" in crypto/opensslconf.h (the latter | |
889 | is normally done by Configure or something similar). | |
890 | ||
891 | To implement a global variable, use the macro OPENSSL_IMPLEMENT_GLOBAL | |
892 | in the source file (foo.c) like this: | |
893 | ||
894 | OPENSSL_IMPLEMENT_GLOBAL(int,foo)=1; | |
895 | OPENSSL_IMPLEMENT_GLOBAL(double,bar); | |
896 | ||
897 | To declare a global variable, use the macros OPENSSL_DECLARE_GLOBAL | |
898 | and OPENSSL_GLOBAL_REF in the header file (foo.h) like this: | |
899 | ||
900 | OPENSSL_DECLARE_GLOBAL(int,foo); | |
901 | #define foo OPENSSL_GLOBAL_REF(foo) | |
902 | OPENSSL_DECLARE_GLOBAL(double,bar); | |
903 | #define bar OPENSSL_GLOBAL_REF(bar) | |
904 | ||
905 | The #defines are very important, and therefore so is including the | |
e3fefbfd | 906 | header file everywhere where the defined globals are used. |
62dc5aad RL |
907 | |
908 | The macro OPENSSL_EXPORT_VAR_AS_FUNCTION also affects the definition | |
e3fefbfd | 909 | of ASN.1 items, but that structure is a bit different. |
62dc5aad RL |
910 | |
911 | The largest change is in util/mkdef.pl which has been enhanced with | |
912 | better and easier to understand logic to choose which symbols should | |
913 | go into the Windows .def files as well as a number of fixes and code | |
914 | cleanup (among others, algorithm keywords are now sorted | |
915 | lexicographically to avoid constant rewrites). | |
916 | [Richard Levitte] | |
917 | ||
85fb12d5 | 918 | *) In BN_div() keep a copy of the sign of 'num' before writing the |
3d2e469c DSH |
919 | result to 'rm' because if rm==num the value will be overwritten |
920 | and produce the wrong result if 'num' is negative: this caused | |
921 | problems with BN_mod() and BN_nnmod(). | |
922 | [Steve Henson] | |
923 | ||
85fb12d5 | 924 | *) Function OCSP_request_verify(). This checks the signature on an |
fafc7f98 DSH |
925 | OCSP request and verifies the signer certificate. The signer |
926 | certificate is just checked for a generic purpose and OCSP request | |
927 | trust settings. | |
928 | [Steve Henson] | |
929 | ||
85fb12d5 | 930 | *) Add OCSP_check_validity() function to check the validity of OCSP |
f1965221 DSH |
931 | responses. OCSP responses are prepared in real time and may only |
932 | be a few seconds old. Simply checking that the current time lies | |
933 | between thisUpdate and nextUpdate max reject otherwise valid responses | |
e3fefbfd | 934 | caused by either OCSP responder or client clock inaccuracy. Instead |
f1965221 DSH |
935 | we allow thisUpdate and nextUpdate to fall within a certain period of |
936 | the current time. The age of the response can also optionally be | |
937 | checked. Two new options -validity_period and -status_age added to | |
938 | ocsp utility. | |
939 | [Steve Henson] | |
940 | ||
85fb12d5 | 941 | *) If signature or public key algorithm is unrecognized print out its |
e3fefbfd | 942 | OID rather that just UNKNOWN. |
4ff18c8c DSH |
943 | [Steve Henson] |
944 | ||
85fb12d5 | 945 | *) Change OCSP_cert_to_id() to tolerate a NULL subject certificate and |
d7c06e9e DSH |
946 | OCSP_cert_id_new() a NULL serialNumber. This allows a partial certificate |
947 | ID to be generated from the issuer certificate alone which can then be | |
948 | passed to OCSP_id_issuer_cmp(). | |
949 | [Steve Henson] | |
950 | ||
85fb12d5 | 951 | *) New compilation option ASN1_ITEM_FUNCTIONS. This causes the new |
386828d0 DSH |
952 | ASN1 modules to export functions returning ASN1_ITEM pointers |
953 | instead of the ASN1_ITEM structures themselves. This adds several | |
954 | new macros which allow the underlying ASN1 function/structure to | |
955 | be accessed transparently. As a result code should not use ASN1_ITEM | |
956 | references directly (such as &X509_it) but instead use the relevant | |
957 | macros (such as ASN1_ITEM_rptr(X509)). This option is to allow | |
958 | use of the new ASN1 code on platforms where exporting structures | |
959 | is problematical (for example in shared libraries) but exporting | |
960 | functions returning pointers to structures is not. | |
961 | [Steve Henson] | |
962 | ||
85fb12d5 | 963 | *) Add support for overriding the generation of SSL/TLS session IDs. |
fa2b8db4 GT |
964 | These callbacks can be registered either in an SSL_CTX or per SSL. |
965 | The purpose of this is to allow applications to control, if they wish, | |
966 | the arbitrary values chosen for use as session IDs, particularly as it | |
967 | can be useful for session caching in multiple-server environments. A | |
968 | command-line switch for testing this (and any client code that wishes | |
969 | to use such a feature) has been added to "s_server". | |
970 | [Geoff Thorpe, Lutz Jaenicke] | |
971 | ||
85fb12d5 | 972 | *) Modify mkdef.pl to recognise and parse preprocessor conditionals |
d399fdf8 RL |
973 | of the form '#if defined(...) || defined(...) || ...' and |
974 | '#if !defined(...) && !defined(...) && ...'. This also avoids | |
975 | the growing number of special cases it was previously handling. | |
976 | [Richard Levitte] | |
977 | ||
85fb12d5 | 978 | *) Make all configuration macros available for application by making |
cf1b7d96 RL |
979 | sure they are available in opensslconf.h, by giving them names starting |
980 | with "OPENSSL_" to avoid conflicts with other packages and by making | |
981 | sure e_os2.h will cover all platform-specific cases together with | |
982 | opensslconf.h. | |
2affbab9 RL |
983 | Additionally, it is now possible to define configuration/platform- |
984 | specific names (called "system identities"). In the C code, these | |
985 | are prefixed with "OPENSSL_SYSNAME_". e_os2.h will create another | |
986 | macro with the name beginning with "OPENSSL_SYS_", which is determined | |
987 | from "OPENSSL_SYSNAME_*" or compiler-specific macros depending on | |
988 | what is available. | |
cf1b7d96 RL |
989 | [Richard Levitte] |
990 | ||
85fb12d5 | 991 | *) New option -set_serial to 'req' and 'x509' this allows the serial |
acba75c5 DSH |
992 | number to use to be specified on the command line. Previously self |
993 | signed certificates were hard coded with serial number 0 and the | |
994 | CA options of 'x509' had to use a serial number in a file which was | |
995 | auto incremented. | |
996 | [Steve Henson] | |
997 | ||
85fb12d5 | 998 | *) New options to 'ca' utility to support V2 CRL entry extensions. |
a6b7ffdd DSH |
999 | Currently CRL reason, invalidity date and hold instruction are |
1000 | supported. Add new CRL extensions to V3 code and some new objects. | |
1001 | [Steve Henson] | |
1002 | ||
85fb12d5 | 1003 | *) New function EVP_CIPHER_CTX_set_padding() this is used to |
f2e5ca84 DSH |
1004 | disable standard block padding (aka PKCS#5 padding) in the EVP |
1005 | API, which was previously mandatory. This means that the data is | |
1006 | not padded in any way and so the total length much be a multiple | |
1007 | of the block size, otherwise an error occurs. | |
1008 | [Steve Henson] | |
1009 | ||
85fb12d5 | 1010 | *) Initial (incomplete) OCSP SSL support. |
cdc7b8cc DSH |
1011 | [Steve Henson] |
1012 | ||
85fb12d5 | 1013 | *) New function OCSP_parse_url(). This splits up a URL into its host, |
67c18019 DSH |
1014 | port and path components: primarily to parse OCSP URLs. New -url |
1015 | option to ocsp utility. | |
1016 | [Steve Henson] | |
1017 | ||
85fb12d5 | 1018 | *) New nonce behavior. The return value of OCSP_check_nonce() now |
46a58ab9 DSH |
1019 | reflects the various checks performed. Applications can decide |
1020 | whether to tolerate certain situations such as an absent nonce | |
1021 | in a response when one was present in a request: the ocsp application | |
1022 | just prints out a warning. New function OCSP_add1_basic_nonce() | |
1023 | this is to allow responders to include a nonce in a response even if | |
1024 | the request is nonce-less. | |
1025 | [Steve Henson] | |
1026 | ||
85fb12d5 | 1027 | *) Disable stdin buffering in load_cert (apps/apps.c) so that no certs are |
620cea37 BM |
1028 | skipped when using openssl x509 multiple times on a single input file, |
1029 | e.g. "(openssl x509 -out cert1; openssl x509 -out cert2) <certs". | |
1030 | [Bodo Moeller] | |
1031 | ||
85fb12d5 | 1032 | *) Make ASN1_UTCTIME_set_string() and ASN1_GENERALIZEDTIME_set_string() |
ccb08f98 DSH |
1033 | set string type: to handle setting ASN1_TIME structures. Fix ca |
1034 | utility to correctly initialize revocation date of CRLs. | |
1035 | [Steve Henson] | |
1036 | ||
85fb12d5 | 1037 | *) New option SSL_OP_CIPHER_SERVER_PREFERENCE allows the server to override |
836f9960 LJ |
1038 | the clients preferred ciphersuites and rather use its own preferences. |
1039 | Should help to work around M$ SGC (Server Gated Cryptography) bug in | |
1040 | Internet Explorer by ensuring unchanged hash method during stepup. | |
b72faddc | 1041 | (Also replaces the broken/deactivated SSL_OP_NON_EXPORT_FIRST option.) |
836f9960 LJ |
1042 | [Lutz Jaenicke] |
1043 | ||
85fb12d5 | 1044 | *) Make mkdef.pl recognise all DECLARE_ASN1 macros, change rijndael |
c47c6196 DSH |
1045 | to aes and add a new 'exist' option to print out symbols that don't |
1046 | appear to exist. | |
1047 | [Steve Henson] | |
1048 | ||
85fb12d5 | 1049 | *) Additional options to ocsp utility to allow flags to be set and |
8c950429 DSH |
1050 | additional certificates supplied. |
1051 | [Steve Henson] | |
1052 | ||
85fb12d5 | 1053 | *) Add the option -VAfile to 'openssl ocsp', so the user can give the |
9235adbf RL |
1054 | OCSP client a number of certificate to only verify the response |
1055 | signature against. | |
1056 | [Richard Levitte] | |
1057 | ||
85fb12d5 | 1058 | *) Update Rijndael code to version 3.0 and change EVP AES ciphers to |
deb2c1a1 DSH |
1059 | handle the new API. Currently only ECB, CBC modes supported. Add new |
1060 | AES OIDs. Add TLS AES ciphersuites as described in the "AES Ciphersuites | |
1061 | for TLS" draft-ietf-tls-ciphersuite-03.txt. | |
1062 | [Ben Laurie, Steve Henson] | |
1063 | ||
85fb12d5 | 1064 | *) New function OCSP_copy_nonce() to copy nonce value (if present) from |
26e083cc DSH |
1065 | request to response. |
1066 | [Steve Henson] | |
1067 | ||
85fb12d5 | 1068 | *) Functions for OCSP responders. OCSP_request_onereq_count(), |
02e4fbed DSH |
1069 | OCSP_request_onereq_get0(), OCSP_onereq_get0_id() and OCSP_id_get0_info() |
1070 | extract information from a certificate request. OCSP_response_create() | |
1071 | creates a response and optionally adds a basic response structure. | |
1072 | OCSP_basic_add1_status() adds a complete single response to a basic | |
e3fefbfd | 1073 | response and returns the OCSP_SINGLERESP structure just added (to allow |
02e4fbed DSH |
1074 | extensions to be included for example). OCSP_basic_add1_cert() adds a |
1075 | certificate to a basic response and OCSP_basic_sign() signs a basic | |
1076 | response with various flags. New helper functions ASN1_TIME_check() | |
1077 | (checks validity of ASN1_TIME structure) and ASN1_TIME_to_generalizedtime() | |
1078 | (converts ASN1_TIME to GeneralizedTime). | |
1079 | [Steve Henson] | |
1080 | ||
85fb12d5 | 1081 | *) Various new functions. EVP_Digest() combines EVP_Digest{Init,Update,Final}() |
88ce56f8 | 1082 | in a single operation. X509_get0_pubkey_bitstr() extracts the public_key |
e3fefbfd | 1083 | structure from a certificate. X509_pubkey_digest() digests the public_key |
88ce56f8 DSH |
1084 | contents: this is used in various key identifiers. |
1085 | [Steve Henson] | |
1086 | ||
85fb12d5 | 1087 | *) Make sk_sort() tolerate a NULL argument. |
b8470240 DSH |
1088 | [Steve Henson reported by Massimiliano Pala <madwolf@comune.modena.it>] |
1089 | ||
85fb12d5 | 1090 | *) New OCSP verify flag OCSP_TRUSTOTHER. When set the "other" certificates |
50d51991 | 1091 | passed by the function are trusted implicitly. If any of them signed the |
e3fefbfd | 1092 | response then it is assumed to be valid and is not verified. |
50d51991 DSH |
1093 | [Steve Henson] |
1094 | ||
85fb12d5 | 1095 | *) In PKCS7_set_type() initialise content_type in PKCS7_ENC_CONTENT |
a43cf9fa DSH |
1096 | to data. This was previously part of the PKCS7 ASN1 code. This |
1097 | was causing problems with OpenSSL created PKCS#12 and PKCS#7 structures. | |
1098 | [Steve Henson, reported by Kenneth R. Robinette | |
1099 | <support@securenetterm.com>] | |
1100 | ||
85fb12d5 | 1101 | *) Add CRYPTO_push_info() and CRYPTO_pop_info() calls to new ASN1 |
a43cf9fa DSH |
1102 | routines: without these tracing memory leaks is very painful. |
1103 | Fix leaks in PKCS12 and PKCS7 routines. | |
1104 | [Steve Henson] | |
1105 | ||
85fb12d5 | 1106 | *) Make X509_time_adj() cope with the new behaviour of ASN1_TIME_new(). |
ba8e2824 DSH |
1107 | Previously it initialised the 'type' argument to V_ASN1_UTCTIME which |
1108 | effectively meant GeneralizedTime would never be used. Now it | |
1109 | is initialised to -1 but X509_time_adj() now has to check the value | |
1110 | and use ASN1_TIME_set() if the value is not V_ASN1_UTCTIME or | |
1111 | V_ASN1_GENERALIZEDTIME, without this it always uses GeneralizedTime. | |
1112 | [Steve Henson, reported by Kenneth R. Robinette | |
1113 | <support@securenetterm.com>] | |
1114 | ||
85fb12d5 | 1115 | *) Fixes to BN_to_ASN1_INTEGER when bn is zero. This would previously |
8e8972bb DSH |
1116 | result in a zero length in the ASN1_INTEGER structure which was |
1117 | not consistent with the structure when d2i_ASN1_INTEGER() was used | |
1118 | and would cause ASN1_INTEGER_cmp() to fail. Enhance s2i_ASN1_INTEGER() | |
1119 | to cope with hex and negative integers. Fix bug in i2a_ASN1_INTEGER() | |
1120 | where it did not print out a minus for negative ASN1_INTEGER. | |
1121 | [Steve Henson] | |
1122 | ||
85fb12d5 | 1123 | *) Add summary printout to ocsp utility. The various functions which |
73758d43 DSH |
1124 | convert status values to strings have been renamed to: |
1125 | OCSP_response_status_str(), OCSP_cert_status_str() and | |
1126 | OCSP_crl_reason_str() and are no longer static. New options | |
1127 | to verify nonce values and to disable verification. OCSP response | |
1128 | printout format cleaned up. | |
1129 | [Steve Henson] | |
1130 | ||
85fb12d5 | 1131 | *) Add additional OCSP certificate checks. These are those specified |
e8af92fc DSH |
1132 | in RFC2560. This consists of two separate checks: the CA of the |
1133 | certificate being checked must either be the OCSP signer certificate | |
1134 | or the issuer of the OCSP signer certificate. In the latter case the | |
1135 | OCSP signer certificate must contain the OCSP signing extended key | |
1136 | usage. This check is performed by attempting to match the OCSP | |
1137 | signer or the OCSP signer CA to the issuerNameHash and issuerKeyHash | |
1138 | in the OCSP_CERTID structures of the response. | |
1139 | [Steve Henson] | |
1140 | ||
85fb12d5 | 1141 | *) Initial OCSP certificate verification added to OCSP_basic_verify() |
81f169e9 DSH |
1142 | and related routines. This uses the standard OpenSSL certificate |
1143 | verify routines to perform initial checks (just CA validity) and | |
1144 | to obtain the certificate chain. Then additional checks will be | |
1145 | performed on the chain. Currently the root CA is checked to see | |
1146 | if it is explicitly trusted for OCSP signing. This is used to set | |
1147 | a root CA as a global signing root: that is any certificate that | |
1148 | chains to that CA is an acceptable OCSP signing certificate. | |
1149 | [Steve Henson] | |
1150 | ||
85fb12d5 | 1151 | *) New '-extfile ...' option to 'openssl ca' for reading X.509v3 |
dfebac32 BM |
1152 | extensions from a separate configuration file. |
1153 | As when reading extensions from the main configuration file, | |
1154 | the '-extensions ...' option may be used for specifying the | |
1155 | section to use. | |
1156 | [Massimiliano Pala <madwolf@comune.modena.it>] | |
1157 | ||
85fb12d5 | 1158 | *) New OCSP utility. Allows OCSP requests to be generated or |
5782ceb2 DSH |
1159 | read. The request can be sent to a responder and the output |
1160 | parsed, outputed or printed in text form. Not complete yet: | |
1161 | still needs to check the OCSP response validity. | |
1162 | [Steve Henson] | |
1163 | ||
85fb12d5 | 1164 | *) New subcommands for 'openssl ca': |
c67cdb50 BM |
1165 | 'openssl ca -status <serial>' prints the status of the cert with |
1166 | the given serial number (according to the index file). | |
1167 | 'openssl ca -updatedb' updates the expiry status of certificates | |
1168 | in the index file. | |
1169 | [Massimiliano Pala <madwolf@comune.modena.it>] | |
1170 | ||
85fb12d5 | 1171 | *) New '-newreq-nodes' command option to CA.pl. This is like |
d199858e BM |
1172 | '-newreq', but calls 'openssl req' with the '-nodes' option |
1173 | so that the resulting key is not encrypted. | |
1174 | [Damien Miller <djm@mindrot.org>] | |
1175 | ||
85fb12d5 | 1176 | *) New configuration for the GNU Hurd. |
10a2975a RL |
1177 | [Jonathan Bartlett <johnnyb@wolfram.com> via Richard Levitte] |
1178 | ||
85fb12d5 | 1179 | *) Initial code to implement OCSP basic response verify. This |
9b4dc830 DSH |
1180 | is currently incomplete. Currently just finds the signer's |
1181 | certificate and verifies the signature on the response. | |
1182 | [Steve Henson] | |
1183 | ||
85fb12d5 | 1184 | *) New SSLeay_version code SSLEAY_DIR to determine the compiled-in |
673b3fde BM |
1185 | value of OPENSSLDIR. This is available via the new '-d' option |
1186 | to 'openssl version', and is also included in 'openssl version -a'. | |
1187 | [Bodo Moeller] | |
1188 | ||
85fb12d5 | 1189 | *) Allowing defining memory allocation callbacks that will be given |
a5435e8b BM |
1190 | file name and line number information in additional arguments |
1191 | (a const char* and an int). The basic functionality remains, as | |
1192 | well as the original possibility to just replace malloc(), | |
1193 | realloc() and free() by functions that do not know about these | |
1194 | additional arguments. To register and find out the current | |
1195 | settings for extended allocation functions, the following | |
1196 | functions are provided: | |
65a22e8e RL |
1197 | |
1198 | CRYPTO_set_mem_ex_functions | |
1199 | CRYPTO_set_locked_mem_ex_functions | |
1200 | CRYPTO_get_mem_ex_functions | |
1201 | CRYPTO_get_locked_mem_ex_functions | |
1202 | ||
a5435e8b BM |
1203 | These work the same way as CRYPTO_set_mem_functions and friends. |
1204 | CRYPTO_get_[locked_]mem_functions now writes 0 where such an | |
1205 | extended allocation function is enabled. | |
1206 | Similarly, CRYPTO_get_[locked_]mem_ex_functions writes 0 where | |
1207 | a conventional allocation function is enabled. | |
1208 | [Richard Levitte, Bodo Moeller] | |
65a22e8e | 1209 | |
85fb12d5 | 1210 | *) Finish off removing the remaining LHASH function pointer casts. |
3c914840 | 1211 | There should no longer be any prototype-casting required when using |
56a67adb GT |
1212 | the LHASH abstraction, and any casts that remain are "bugs". See |
1213 | the callback types and macros at the head of lhash.h for details | |
1214 | (and "OBJ_cleanup" in crypto/objects/obj_dat.c as an example). | |
3c914840 GT |
1215 | [Geoff Thorpe] |
1216 | ||
85fb12d5 | 1217 | *) Add automatic query of EGD sockets in RAND_poll() for the unix variant. |
3351b8d0 LJ |
1218 | If /dev/[u]random devices are not available or do not return enough |
1219 | entropy, EGD style sockets (served by EGD or PRNGD) will automatically | |
1220 | be queried. | |
1221 | The locations /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool, and | |
1222 | /etc/entropy will be queried once each in this sequence, quering stops | |
1223 | when enough entropy was collected without querying more sockets. | |
599c0353 LJ |
1224 | [Lutz Jaenicke] |
1225 | ||
85fb12d5 | 1226 | *) Change the Unix RAND_poll() variant to be able to poll several |
361ef5f4 RL |
1227 | random devices, as specified by DEVRANDOM, until a sufficient amount |
1228 | of data has been collected. We spend at most 10 ms on each file | |
1229 | (select timeout) and read in non-blocking mode. DEVRANDOM now | |
1230 | defaults to the list "/dev/urandom", "/dev/random", "/dev/srandom" | |
1231 | (previously it was just the string "/dev/urandom"), so on typical | |
1232 | platforms the 10 ms delay will never occur. | |
1233 | Also separate out the Unix variant to its own file, rand_unix.c. | |
1234 | For VMS, there's a currently-empty rand_vms.c. | |
0c61e299 RL |
1235 | [Richard Levitte] |
1236 | ||
85fb12d5 | 1237 | *) Move OCSP client related routines to ocsp_cl.c. These |
0b33bc65 DSH |
1238 | provide utility functions which an application needing |
1239 | to issue a request to an OCSP responder and analyse the | |
1240 | response will typically need: as opposed to those which an | |
1241 | OCSP responder itself would need which will be added later. | |
1242 | ||
1243 | OCSP_request_sign() signs an OCSP request with an API similar | |
1244 | to PKCS7_sign(). OCSP_response_status() returns status of OCSP | |
1245 | response. OCSP_response_get1_basic() extracts basic response | |
1246 | from response. OCSP_resp_find_status(): finds and extracts status | |
1247 | information from an OCSP_CERTID structure (which will be created | |
1248 | when the request structure is built). These are built from lower | |
1249 | level functions which work on OCSP_SINGLERESP structures but | |
1250 | wont normally be used unless the application wishes to examine | |
1251 | extensions in the OCSP response for example. | |
1252 | ||
1253 | Replace nonce routines with a pair of functions. | |
1254 | OCSP_request_add1_nonce() adds a nonce value and optionally | |
1255 | generates a random value. OCSP_check_nonce() checks the | |
1256 | validity of the nonce in an OCSP response. | |
1257 | [Steve Henson] | |
1258 | ||
85fb12d5 | 1259 | *) Change function OCSP_request_add() to OCSP_request_add0_id(). |
8e961835 DSH |
1260 | This doesn't copy the supplied OCSP_CERTID and avoids the |
1261 | need to free up the newly created id. Change return type | |
1262 | to OCSP_ONEREQ to return the internal OCSP_ONEREQ structure. | |
1263 | This can then be used to add extensions to the request. | |
1264 | Deleted OCSP_request_new(), since most of its functionality | |
1265 | is now in OCSP_REQUEST_new() (and the case insensitive name | |
1266 | clash) apart from the ability to set the request name which | |
1267 | will be added elsewhere. | |
1268 | [Steve Henson] | |
1269 | ||
85fb12d5 | 1270 | *) Update OCSP API. Remove obsolete extensions argument from |
bf0d176e DSH |
1271 | various functions. Extensions are now handled using the new |
1272 | OCSP extension code. New simple OCSP HTTP function which | |
1273 | can be used to send requests and parse the response. | |
1274 | [Steve Henson] | |
1275 | ||
85fb12d5 | 1276 | *) Fix the PKCS#7 (S/MIME) code to work with new ASN1. Two new |
ec5add87 DSH |
1277 | ASN1_ITEM structures help with sign and verify. PKCS7_ATTR_SIGN |
1278 | uses the special reorder version of SET OF to sort the attributes | |
1279 | and reorder them to match the encoded order. This resolves a long | |
1280 | standing problem: a verify on a PKCS7 structure just after signing | |
1281 | it used to fail because the attribute order did not match the | |
1282 | encoded order. PKCS7_ATTR_VERIFY does not reorder the attributes: | |
1283 | it uses the received order. This is necessary to tolerate some broken | |
1284 | software that does not order SET OF. This is handled by encoding | |
1285 | as a SEQUENCE OF but using implicit tagging (with UNIVERSAL class) | |
1286 | to produce the required SET OF. | |
1287 | [Steve Henson] | |
1288 | ||
85fb12d5 | 1289 | *) Have mk1mf.pl generate the macros OPENSSL_BUILD_SHLIBCRYPTO and |
a6574c21 RL |
1290 | OPENSSL_BUILD_SHLIBSSL and use them appropriately in the header |
1291 | files to get correct declarations of the ASN.1 item variables. | |
1292 | [Richard Levitte] | |
1293 | ||
85fb12d5 | 1294 | *) Rewrite of PKCS#12 code to use new ASN1 functionality. Replace many |
ecbe0781 DSH |
1295 | PKCS#12 macros with real functions. Fix two unrelated ASN1 bugs: |
1296 | asn1_check_tlen() would sometimes attempt to use 'ctx' when it was | |
1297 | NULL and ASN1_TYPE was not dereferenced properly in asn1_ex_c2i(). | |
1298 | New ASN1 macro: DECLARE_ASN1_ITEM() which just declares the relevant | |
1299 | ASN1_ITEM and no wrapper functions. | |
1300 | [Steve Henson] | |
1301 | ||
85fb12d5 | 1302 | *) New functions or ASN1_item_d2i_fp() and ASN1_item_d2i_bio(). These |
4e1209eb DSH |
1303 | replace the old function pointer based I/O routines. Change most of |
1304 | the *_d2i_bio() and *_d2i_fp() functions to use these. | |
1305 | [Steve Henson] | |
1306 | ||
85fb12d5 | 1307 | *) Enhance mkdef.pl to be more accepting about spacing in C preprocessor |
3f07fe09 RL |
1308 | lines, recognice more "algorithms" that can be deselected, and make |
1309 | it complain about algorithm deselection that isn't recognised. | |
1310 | [Richard Levitte] | |
1311 | ||
85fb12d5 | 1312 | *) New ASN1 functions to handle dup, sign, verify, digest, pack and |
73e92de5 DSH |
1313 | unpack operations in terms of ASN1_ITEM. Modify existing wrappers |
1314 | to use new functions. Add NO_ASN1_OLD which can be set to remove | |
1315 | some old style ASN1 functions: this can be used to determine if old | |
1316 | code will still work when these eventually go away. | |
09ab755c DSH |
1317 | [Steve Henson] |
1318 | ||
85fb12d5 | 1319 | *) New extension functions for OCSP structures, these follow the |
ec558b65 DSH |
1320 | same conventions as certificates and CRLs. |
1321 | [Steve Henson] | |
1322 | ||
85fb12d5 | 1323 | *) New function X509V3_add1_i2d(). This automatically encodes and |
57d2f217 DSH |
1324 | adds an extension. Its behaviour can be customised with various |
1325 | flags to append, replace or delete. Various wrappers added for | |
1326 | certifcates and CRLs. | |
1327 | [Steve Henson] | |
1328 | ||
85fb12d5 | 1329 | *) Fix to avoid calling the underlying ASN1 print routine when |
5755cab4 DSH |
1330 | an extension cannot be parsed. Correct a typo in the |
1331 | OCSP_SERVICELOC extension. Tidy up print OCSP format. | |
1332 | [Steve Henson] | |
1333 | ||
85fb12d5 | 1334 | *) Make mkdef.pl parse some of the ASN1 macros and add apropriate |
9c67ab2f | 1335 | entries for variables. |
5755cab4 | 1336 | [Steve Henson] |
9c67ab2f | 1337 | |
85fb12d5 | 1338 | *) Add functionality to apps/openssl.c for detecting locking |
3ac82faa BM |
1339 | problems: As the program is single-threaded, all we have |
1340 | to do is register a locking callback using an array for | |
1341 | storing which locks are currently held by the program. | |
3ac82faa BM |
1342 | [Bodo Moeller] |
1343 | ||
85fb12d5 | 1344 | *) Use a lock around the call to CRYPTO_get_ex_new_index() in |
3ac82faa BM |
1345 | SSL_get_ex_data_X509_STORE_idx(), which is used in |
1346 | ssl_verify_cert_chain() and thus can be called at any time | |
1347 | during TLS/SSL handshakes so that thread-safety is essential. | |
1348 | Unfortunately, the ex_data design is not at all suited | |
1349 | for multi-threaded use, so it probably should be abolished. | |
1350 | [Bodo Moeller] | |
1351 | ||
85fb12d5 | 1352 | *) Added Broadcom "ubsec" ENGINE to OpenSSL. |
2a86064f GT |
1353 | [Broadcom, tweaked and integrated by Geoff Thorpe] |
1354 | ||
85fb12d5 | 1355 | *) Move common extension printing code to new function |
2c15d426 | 1356 | X509V3_print_extensions(). Reorganise OCSP print routines and |
c08523d8 | 1357 | implement some needed OCSP ASN1 functions. Add OCSP extensions. |
2c15d426 DSH |
1358 | [Steve Henson] |
1359 | ||
85fb12d5 | 1360 | *) New function X509_signature_print() to remove duplication in some |
de487514 DSH |
1361 | print routines. |
1362 | [Steve Henson] | |
1363 | ||
85fb12d5 | 1364 | *) Add a special meaning when SET OF and SEQUENCE OF flags are both |
06db4253 DSH |
1365 | set (this was treated exactly the same as SET OF previously). This |
1366 | is used to reorder the STACK representing the structure to match the | |
1367 | encoding. This will be used to get round a problem where a PKCS7 | |
1368 | structure which was signed could not be verified because the STACK | |
1369 | order did not reflect the encoded order. | |
1370 | [Steve Henson] | |
1371 | ||
85fb12d5 | 1372 | *) Reimplement the OCSP ASN1 module using the new code. |
36f554d4 DSH |
1373 | [Steve Henson] |
1374 | ||
85fb12d5 | 1375 | *) Update the X509V3 code to permit the use of an ASN1_ITEM structure |
2aff7727 DSH |
1376 | for its ASN1 operations. The old style function pointers still exist |
1377 | for now but they will eventually go away. | |
1378 | [Steve Henson] | |
1379 | ||
85fb12d5 | 1380 | *) Merge in replacement ASN1 code from the ASN1 branch. This almost |
5755cab4 DSH |
1381 | completely replaces the old ASN1 functionality with a table driven |
1382 | encoder and decoder which interprets an ASN1_ITEM structure describing | |
1383 | the ASN1 module. Compatibility with the existing ASN1 API (i2d,d2i) is | |
1384 | largely maintained. Almost all of the old asn1_mac.h macro based ASN1 | |
1385 | has also been converted to the new form. | |
9d6b1ce6 DSH |
1386 | [Steve Henson] |
1387 | ||
85fb12d5 | 1388 | *) Change BN_mod_exp_recp so that negative moduli are tolerated |
8dea52fa BM |
1389 | (the sign is ignored). Similarly, ignore the sign in BN_MONT_CTX_set |
1390 | so that BN_mod_exp_mont and BN_mod_exp_mont_word work | |
1391 | for negative moduli. | |
1392 | [Bodo Moeller] | |
1393 | ||
85fb12d5 | 1394 | *) Fix BN_uadd and BN_usub: Always return non-negative results instead |
8dea52fa BM |
1395 | of not touching the result's sign bit. |
1396 | [Bodo Moeller] | |
1397 | ||
85fb12d5 | 1398 | *) BN_div bugfix: If the result is 0, the sign (res->neg) must not be |
80d89e6a BM |
1399 | set. |
1400 | [Bodo Moeller] | |
1401 | ||
85fb12d5 | 1402 | *) Changed the LHASH code to use prototypes for callbacks, and created |
f1919c3d GT |
1403 | macros to declare and implement thin (optionally static) functions |
1404 | that provide type-safety and avoid function pointer casting for the | |
1405 | type-specific callbacks. | |
1406 | [Geoff Thorpe] | |
1407 | ||
85fb12d5 | 1408 | *) Added Kerberos Cipher Suites to be used with TLS, as written in |
a47b505e | 1409 | RFC 2712. |
33479d27 | 1410 | [Veers Staats <staatsvr@asc.hpc.mil>, |
1946cd8b | 1411 | Jeffrey Altman <jaltman@columbia.edu>, via Richard Levitte] |
33479d27 | 1412 | |
85fb12d5 | 1413 | *) Reformat the FAQ so the different questions and answers can be divided |
4b757c83 | 1414 | in sections depending on the subject. |
0ae485dc RL |
1415 | [Richard Levitte] |
1416 | ||
85fb12d5 | 1417 | *) Have the zlib compression code load ZLIB.DLL dynamically under |
20f88b9b RL |
1418 | Windows. |
1419 | [Richard Levitte] | |
1420 | ||
85fb12d5 | 1421 | *) New function BN_mod_sqrt for computing square roots modulo a prime |
aa66eba7 BM |
1422 | (using the probabilistic Tonelli-Shanks algorithm unless |
1423 | p == 3 (mod 4) or p == 5 (mod 8), which are cases that can | |
1424 | be handled deterministically). | |
6b5d39e8 BM |
1425 | [Lenka Fibikova <fibikova@exp-math.uni-essen.de>, Bodo Moeller] |
1426 | ||
85fb12d5 | 1427 | *) Make BN_mod_inverse faster by explicitly handling small quotients |
bdec3c53 BM |
1428 | in the Euclid loop. (Speed gain about 20% for small moduli [256 or |
1429 | 512 bits], about 30% for larger ones [1024 or 2048 bits].) | |
499e167f BM |
1430 | [Bodo Moeller] |
1431 | ||
85fb12d5 | 1432 | *) New function BN_kronecker. |
dcbd0d74 BM |
1433 | [Bodo Moeller] |
1434 | ||
85fb12d5 | 1435 | *) Fix BN_gcd so that it works on negative inputs; the result is |
dcbd0d74 BM |
1436 | positive unless both parameters are zero. |
1437 | Previously something reasonably close to an infinite loop was | |
1438 | possible because numbers could be growing instead of shrinking | |
1439 | in the implementation of Euclid's algorithm. | |
1440 | [Bodo Moeller] | |
1441 | ||
85fb12d5 | 1442 | *) Fix BN_is_word() and BN_is_one() macros to take into account the |
dcbd0d74 BM |
1443 | sign of the number in question. |
1444 | ||
1445 | Fix BN_is_word(a,w) to work correctly for w == 0. | |
1446 | ||
1447 | The old BN_is_word(a,w) macro is now called BN_abs_is_word(a,w) | |
1448 | because its test if the absolute value of 'a' equals 'w'. | |
1449 | Note that BN_abs_is_word does *not* handle w == 0 reliably; | |
1450 | it exists mostly for use in the implementations of BN_is_zero(), | |
1451 | BN_is_one(), and BN_is_word(). | |
1452 | [Bodo Moeller] | |
1453 | ||
85fb12d5 | 1454 | *) New function BN_swap. |
78a0c1f1 BM |
1455 | [Bodo Moeller] |
1456 | ||
85fb12d5 | 1457 | *) Use BN_nnmod instead of BN_mod in crypto/bn/bn_exp.c so that |
78a0c1f1 BM |
1458 | the exponentiation functions are more likely to produce reasonable |
1459 | results on negative inputs. | |
1460 | [Bodo Moeller] | |
1461 | ||
85fb12d5 | 1462 | *) Change BN_mod_mul so that the result is always non-negative. |
78a0c1f1 BM |
1463 | Previously, it could be negative if one of the factors was negative; |
1464 | I don't think anyone really wanted that behaviour. | |
1465 | [Bodo Moeller] | |
1466 | ||
85fb12d5 | 1467 | *) Move BN_mod_... functions into new file crypto/bn/bn_mod.c |
1946cd8b | 1468 | (except for exponentiation, which stays in crypto/bn/bn_exp.c, |
78a0c1f1 BM |
1469 | and BN_mod_mul_reciprocal, which stays in crypto/bn/bn_recp.c) |
1470 | and add new functions: | |
5acaa495 | 1471 | |
78a0c1f1 BM |
1472 | BN_nnmod |
1473 | BN_mod_sqr | |
1474 | BN_mod_add | |
5acaa495 | 1475 | BN_mod_add_quick |
78a0c1f1 | 1476 | BN_mod_sub |
5acaa495 BM |
1477 | BN_mod_sub_quick |
1478 | BN_mod_lshift1 | |
1479 | BN_mod_lshift1_quick | |
1480 | BN_mod_lshift | |
1481 | BN_mod_lshift_quick | |
1482 | ||
78a0c1f1 | 1483 | These functions always generate non-negative results. |
5acaa495 | 1484 | |
78a0c1f1 BM |
1485 | BN_nnmod otherwise is like BN_mod (if BN_mod computes a remainder r |
1486 | such that |m| < r < 0, BN_nnmod will output rem + |m| instead). | |
5acaa495 BM |
1487 | |
1488 | BN_mod_XXX_quick(r, a, [b,] m) generates the same result as | |
1489 | BN_mod_XXX(r, a, [b,] m, ctx), but requires that a [and b] | |
1490 | be reduced modulo m. | |
78a0c1f1 BM |
1491 | [Lenka Fibikova <fibikova@exp-math.uni-essen.de>, Bodo Moeller] |
1492 | ||
85fb12d5 | 1493 | *) Remove a few calls to bn_wexpand() in BN_sqr() (the one in there |
baa257f1 RL |
1494 | was actually never needed) and in BN_mul(). The removal in BN_mul() |
1495 | required a small change in bn_mul_part_recursive() and the addition | |
1946cd8b UM |
1496 | of the functions bn_cmp_part_words(), bn_sub_part_words() and |
1497 | bn_add_part_words(), which do the same thing as bn_cmp_words(), | |
baa257f1 RL |
1498 | bn_sub_words() and bn_add_words() except they take arrays with |
1499 | differing sizes. | |
1500 | [Richard Levitte] | |
1501 | ||
85fb12d5 | 1502 | *) In 'openssl passwd', verify passwords read from the terminal |
db70a3fd BM |
1503 | unless the '-salt' option is used (which usually means that |
1504 | verification would just waste user's time since the resulting | |
1505 | hash is going to be compared with some given password hash) | |
1506 | or the new '-noverify' option is used. | |
1507 | ||
1508 | This is an incompatible change, but it does not affect | |
1509 | non-interactive use of 'openssl passwd' (passwords on the command | |
1510 | line, '-stdin' option, '-in ...' option) and thus should not | |
1511 | cause any problems. | |
1512 | [Bodo Moeller] | |
1513 | ||
85fb12d5 | 1514 | *) Remove all references to RSAref, since there's no more need for it. |
ccb9643f RL |
1515 | [Richard Levitte] |
1516 | ||
85fb12d5 | 1517 | *) Make DSO load along a path given through an environment variable |
e06433d9 RL |
1518 | (SHLIB_PATH) with shl_load(). |
1519 | [Richard Levitte] | |
1520 | ||
85fb12d5 | 1521 | *) Constify the ENGINE code as a result of BIGNUM constification. |
55b3c877 RL |
1522 | Also constify the RSA code and most things related to it. In a |
1523 | few places, most notable in the depth of the ASN.1 code, ugly | |
1524 | casts back to non-const were required (to be solved at a later | |
1525 | time) | |
10e473e9 RL |
1526 | [Richard Levitte] |
1527 | ||
85fb12d5 | 1528 | *) Make it so the openssl application has all engines loaded by default. |
e7ef1a56 RL |
1529 | [Richard Levitte] |
1530 | ||
85fb12d5 | 1531 | *) Constify the BIGNUM routines a little more. |
020fc820 RL |
1532 | [Richard Levitte] |
1533 | ||
85fb12d5 | 1534 | *) Add the following functions: |
11c0f120 RL |
1535 | |
1536 | ENGINE_load_cswift() | |
1537 | ENGINE_load_chil() | |
1538 | ENGINE_load_atalla() | |
1539 | ENGINE_load_nuron() | |
1540 | ENGINE_load_builtin_engines() | |
1541 | ||
1542 | That way, an application can itself choose if external engines that | |
1543 | are built-in in OpenSSL shall ever be used or not. The benefit is | |
1544 | that applications won't have to be linked with libdl or other dso | |
1545 | libraries unless it's really needed. | |
1546 | ||
1547 | Changed 'openssl engine' to load all engines on demand. | |
1548 | Changed the engine header files to avoid the duplication of some | |
1549 | declarations (they differed!). | |
1550 | [Richard Levitte] | |
1551 | ||
85fb12d5 | 1552 | *) 'openssl engine' can now list capabilities. |
69e7805f RL |
1553 | [Richard Levitte] |
1554 | ||
85fb12d5 | 1555 | *) Better error reporting in 'openssl engine'. |
e264cfe1 RL |
1556 | [Richard Levitte] |
1557 | ||
85fb12d5 | 1558 | *) Never call load_dh_param(NULL) in s_server. |
15d52ddb BM |
1559 | [Bodo Moeller] |
1560 | ||
85fb12d5 | 1561 | *) Add engine application. It can currently list engines by name and |
14c6d27d RL |
1562 | identity, and test if they are actually available. |
1563 | [Richard Levitte] | |
1564 | ||
85fb12d5 | 1565 | *) Improve RPM specification file by forcing symbolic linking and making |
501ebf16 RL |
1566 | sure the installed documentation is also owned by root.root. |
1567 | [Damien Miller <djm@mindrot.org>] | |
1568 | ||
85fb12d5 | 1569 | *) Give the OpenSSL applications more possibilities to make use of |
3aba98e7 RL |
1570 | keys (public as well as private) handled by engines. |
1571 | [Richard Levitte] | |
1572 | ||
85fb12d5 | 1573 | *) Add OCSP code that comes from CertCo. |
7c155330 RL |
1574 | [Richard Levitte] |
1575 | ||
85fb12d5 | 1576 | *) Add VMS support for the Rijndael code. |
5270e702 RL |
1577 | [Richard Levitte] |
1578 | ||
85fb12d5 | 1579 | *) Added untested support for Nuron crypto accelerator. |
5270e702 RL |
1580 | [Ben Laurie] |
1581 | ||
85fb12d5 | 1582 | *) Add support for external cryptographic devices. This code was |
5270e702 RL |
1583 | previously distributed separately as the "engine" branch. |
1584 | [Geoff Thorpe, Richard Levitte] | |
1585 | ||
85fb12d5 | 1586 | *) Rework the filename-translation in the DSO code. It is now possible to |
1df586be GT |
1587 | have far greater control over how a "name" is turned into a filename |
1588 | depending on the operating environment and any oddities about the | |
1589 | different shared library filenames on each system. | |
1590 | [Geoff Thorpe] | |
1591 | ||
85fb12d5 | 1592 | *) Support threads on FreeBSD-elf in Configure. |
53400da7 RL |
1593 | [Richard Levitte] |
1594 | ||
85fb12d5 | 1595 | *) Fix for SHA1 assembly problem with MASM: it produces |
627ec355 DSH |
1596 | warnings about corrupt line number information when assembling |
1597 | with debugging information. This is caused by the overlapping | |
1598 | of two sections. | |
1599 | [Bernd Matthes <mainbug@celocom.de>, Steve Henson] | |
1600 | ||
85fb12d5 | 1601 | *) NCONF changes. |
567f17cf RL |
1602 | NCONF_get_number() has no error checking at all. As a replacement, |
1603 | NCONF_get_number_e() is defined (_e for "error checking") and is | |
1604 | promoted strongly. The old NCONF_get_number is kept around for | |
1605 | binary backward compatibility. | |
1606 | Make it possible for methods to load from something other than a BIO, | |
1607 | by providing a function pointer that is given a name instead of a BIO. | |
1608 | For example, this could be used to load configuration data from an | |
1609 | LDAP server. | |
1610 | [Richard Levitte] | |
1611 | ||
85fb12d5 | 1612 | *) Fix for non blocking accept BIOs. Added new I/O special reason |
924046ce DSH |
1613 | BIO_RR_ACCEPT to cover this case. Previously use of accept BIOs |
1614 | with non blocking I/O was not possible because no retry code was | |
1615 | implemented. Also added new SSL code SSL_WANT_ACCEPT to cover | |
1616 | this case. | |
1617 | [Steve Henson] | |
1618 | ||
85fb12d5 | 1619 | *) Added the beginnings of Rijndael support. |
3ab56511 RL |
1620 | [Ben Laurie] |
1621 | ||
85fb12d5 | 1622 | *) Fix for bug in DirectoryString mask setting. Add support for |
8ca533e3 DSH |
1623 | X509_NAME_print_ex() in 'req' and X509_print_ex() function |
1624 | to allow certificate printing to more controllable, additional | |
1625 | 'certopt' option to 'x509' to allow new printing options to be | |
1626 | set. | |
d0c98589 DSH |
1627 | [Steve Henson] |
1628 | ||
85fb12d5 | 1629 | *) Clean old EAY MD5 hack from e_os.h. |
ef71cb6d RL |
1630 | [Richard Levitte] |
1631 | ||
381a146d LJ |
1632 | Changes between 0.9.6c and 0.9.6d [XX xxx 2002] |
1633 | ||
8df61b50 BM |
1634 | *) Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not |
1635 | encoded as NULL) with id-dsa-with-sha1. | |
1636 | [Nils Larsch <nla@trustcenter.de>; problem pointed out by Bodo Moeller] | |
1637 | ||
1064acaf BM |
1638 | *) Check various X509_...() return values in apps/req.c. |
1639 | [Nils Larsch <nla@trustcenter.de>] | |
1640 | ||
2940a129 LJ |
1641 | *) Fix BASE64 decode (EVP_DecodeUpdate) for data with CR/LF ended lines: |
1642 | an end-of-file condition would erronously be flagged, when the CRLF | |
1643 | was just at the end of a processed block. The bug was discovered when | |
1644 | processing data through a buffering memory BIO handing the data to a | |
1645 | BASE64-decoding BIO. Bug fund and patch submitted by Pavel Tsekov | |
1646 | <ptsekov@syntrex.com> and Nedelcho Stanev. | |
1647 | [Lutz Jaenicke] | |
1648 | ||
82b0bf0b BM |
1649 | *) Implement a countermeasure against a vulnerability recently found |
1650 | in CBC ciphersuites in SSL 3.0/TLS 1.0: Send an empty fragment | |
1651 | before application data chunks to avoid the use of known IVs | |
1652 | with data potentially chosen by the attacker. | |
1653 | [Bodo Moeller] | |
1654 | ||
1655 | *) Fix length checks in ssl3_get_client_hello(). | |
1656 | [Bodo Moeller] | |
1657 | ||
1658 | *) TLS/SSL library bugfix: use s->s3->in_read_app_data differently | |
1659 | to prevent ssl3_read_internal() from incorrectly assuming that | |
1660 | ssl3_read_bytes() found application data while handshake | |
1661 | processing was enabled when in fact s->s3->in_read_app_data was | |
1662 | merely automatically cleared during the initial handshake. | |
1663 | [Bodo Moeller; problem pointed out by Arne Ansper <arne@ats.cyber.ee>] | |
1664 | ||
381a146d LJ |
1665 | *) Fix object definitions for Private and Enterprise: they were not |
1666 | recognized in their shortname (=lowercase) representation. Extend | |
1667 | obj_dat.pl to issue an error when using undefined keywords instead | |
1668 | of silently ignoring the problem (Svenning Sorensen | |
1669 | <sss@sss.dnsalias.net>). | |
1670 | [Lutz Jaenicke] | |
1671 | ||
1672 | *) Fix DH_generate_parameters() so that it works for 'non-standard' | |
1673 | generators, i.e. generators other than 2 and 5. (Previously, the | |
1674 | code did not properly initialise the 'add' and 'rem' values to | |
1675 | BN_generate_prime().) | |
1676 | ||
1677 | In the new general case, we do not insist that 'generator' is | |
1678 | actually a primitive root: This requirement is rather pointless; | |
1679 | a generator of the order-q subgroup is just as good, if not | |
1680 | better. | |
1681 | [Bodo Moeller] | |
1682 | ||
1683 | *) Map new X509 verification errors to alerts. Discovered and submitted by | |
1684 | Tom Wu <tom@arcot.com>. | |
1685 | [Lutz Jaenicke] | |
1686 | ||
1687 | *) Fix ssl3_pending() (ssl/s3_lib.c) to prevent SSL_pending() from | |
1688 | returning non-zero before the data has been completely received | |
1689 | when using non-blocking I/O. | |
1690 | [Bodo Moeller; problem pointed out by John Hughes] | |
1691 | ||
1692 | *) Some of the ciphers missed the strength entry (SSL_LOW etc). | |
1693 | [Ben Laurie, Lutz Jaenicke] | |
1694 | ||
1695 | *) Fix bug in SSL_clear(): bad sessions were not removed (found by | |
1696 | Yoram Zahavi <YoramZ@gilian.com>). | |
1697 | [Lutz Jaenicke] | |
1698 | ||
1699 | *) Add information about CygWin 1.3 and on, and preserve proper | |
1700 | configuration for the versions before that. | |
1701 | [Corinna Vinschen <vinschen@redhat.com> and Richard Levitte] | |
1702 | ||
1703 | *) Make removal from session cache (SSL_CTX_remove_session()) more robust: | |
1704 | check whether we deal with a copy of a session and do not delete from | |
1705 | the cache in this case. Problem reported by "Izhar Shoshani Levi" | |
1706 | <izhar@checkpoint.com>. | |
1707 | [Lutz Jaenicke] | |
1708 | ||
1709 | *) Do not store session data into the internal session cache, if it | |
1710 | is never intended to be looked up (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP | |
1711 | flag is set). Proposed by Aslam <aslam@funk.com>. | |
1712 | [Lutz Jaenicke] | |
1713 | ||
1714 | *) Have ASN1_BIT_STRING_set_bit() really clear a bit when the requested | |
1715 | value is 0. | |
1716 | [Richard Levitte] | |
1717 | ||
1718 | *) Add the configuration target linux-s390x. | |
1719 | [Neale Ferguson <Neale.Ferguson@SoftwareAG-USA.com> via Richard Levitte] | |
1720 | ||
1721 | *) [In 0.9.6d-engine release:] | |
1722 | Fix a crashbug and a logic bug in hwcrhk_load_pubkey(). | |
1723 | [Toomas Kiisk <vix@cyber.ee> via Richard Levitte] | |
1724 | ||
1725 | *) The earlier bugfix for the SSL3_ST_SW_HELLO_REQ_C case of | |
1726 | ssl3_accept (ssl/s3_srvr.c) incorrectly used a local flag | |
1727 | variable as an indication that a ClientHello message has been | |
1728 | received. As the flag value will be lost between multiple | |
1729 | invocations of ssl3_accept when using non-blocking I/O, the | |
1730 | function may not be aware that a handshake has actually taken | |
1731 | place, thus preventing a new session from being added to the | |
1732 | session cache. | |
1733 | ||
1734 | To avoid this problem, we now set s->new_session to 2 instead of | |
1735 | using a local variable. | |
1736 | [Lutz Jaenicke, Bodo Moeller] | |
1737 | ||
1738 | *) Bugfix: Return -1 from ssl3_get_server_done (ssl3/s3_clnt.c) | |
1739 | if the SSL_R_LENGTH_MISMATCH error is detected. | |
1740 | [Geoff Thorpe, Bodo Moeller] | |
1741 | ||
1742 | *) New 'shared_ldflag' column in Configure platform table. | |
1743 | [Richard Levitte] | |
1744 | ||
1745 | *) Fix EVP_CIPHER_mode macro. | |
1746 | ["Dan S. Camper" <dan@bti.net>] | |
1747 | ||
1748 | *) Fix ssl3_read_bytes (ssl/s3_pkt.c): To ignore messages of unknown | |
1749 | type, we must throw them away by setting rr->length to 0. | |
1750 | [D P Chang <dpc@qualys.com>] | |
1751 | ||
1752 | Changes between 0.9.6b and 0.9.6c [21 dec 2001] | |
1753 | ||
1754 | *) Fix BN_rand_range bug pointed out by Dominikus Scherkl | |
1755 | <Dominikus.Scherkl@biodata.com>. (The previous implementation | |
1756 | worked incorrectly for those cases where range = 10..._2 and | |
1757 | 3*range is two bits longer than range.) | |
1758 | [Bodo Moeller] | |
1759 | ||
1760 | *) Only add signing time to PKCS7 structures if it is not already | |
1761 | present. | |
1762 | [Steve Henson] | |
1763 | ||
1764 | *) Fix crypto/objects/objects.h: "ld-ce" should be "id-ce", | |
1765 | OBJ_ld_ce should be OBJ_id_ce. | |
1766 | Also some ip-pda OIDs in crypto/objects/objects.txt were | |
1767 | incorrect (cf. RFC 3039). | |
1768 | [Matt Cooper, Frederic Giudicelli, Bodo Moeller] | |
1769 | ||
1770 | *) Release CRYPTO_LOCK_DYNLOCK when CRYPTO_destroy_dynlockid() | |
1771 | returns early because it has nothing to do. | |
1772 | [Andy Schneider <andy.schneider@bjss.co.uk>] | |
1773 | ||
1774 | *) [In 0.9.6c-engine release:] | |
1775 | Fix mutex callback return values in crypto/engine/hw_ncipher.c. | |
1776 | [Andy Schneider <andy.schneider@bjss.co.uk>] | |
1777 | ||
1778 | *) [In 0.9.6c-engine release:] | |
1779 | Add support for Cryptographic Appliance's keyserver technology. | |
1780 | (Use engine 'keyclient') | |
1781 | [Cryptographic Appliances and Geoff Thorpe] | |
1782 | ||
1783 | *) Add a configuration entry for OS/390 Unix. The C compiler 'c89' | |
1784 | is called via tools/c89.sh because arguments have to be | |
1785 | rearranged (all '-L' options must appear before the first object | |
1786 | modules). | |
1787 | [Richard Shapiro <rshapiro@abinitio.com>] | |
1788 | ||
1789 | *) [In 0.9.6c-engine release:] | |
1790 | Add support for Broadcom crypto accelerator cards, backported | |
1791 | from 0.9.7. | |
1792 | [Broadcom, Nalin Dahyabhai <nalin@redhat.com>, Mark Cox] | |
1793 | ||
1794 | *) [In 0.9.6c-engine release:] | |
1795 | Add support for SureWare crypto accelerator cards from | |
1796 | Baltimore Technologies. (Use engine 'sureware') | |
1797 | [Baltimore Technologies and Mark Cox] | |
1798 | ||
1799 | *) [In 0.9.6c-engine release:] | |
1800 | Add support for crypto accelerator cards from Accelerated | |
1801 | Encryption Processing, www.aep.ie. (Use engine 'aep') | |
1802 | [AEP Inc. and Mark Cox] | |
1803 | ||
1804 | *) Add a configuration entry for gcc on UnixWare. | |
1805 | [Gary Benson <gbenson@redhat.com>] | |
1806 | ||
1807 | *) Change ssl/s2_clnt.c and ssl/s2_srvr.c so that received handshake | |
1808 | messages are stored in a single piece (fixed-length part and | |
1809 | variable-length part combined) and fix various bugs found on the way. | |
1810 | [Bodo Moeller] | |
1811 | ||
1812 | *) Disable caching in BIO_gethostbyname(), directly use gethostbyname() | |
1813 | instead. BIO_gethostbyname() does not know what timeouts are | |
1814 | appropriate, so entries would stay in cache even when they have | |
1815 | become invalid. | |
1816 | [Bodo Moeller; problem pointed out by Rich Salz <rsalz@zolera.com> | |
1817 | ||
1818 | *) Change ssl23_get_client_hello (ssl/s23_srvr.c) behaviour when | |
1819 | faced with a pathologically small ClientHello fragment that does | |
1820 | not contain client_version: Instead of aborting with an error, | |
1821 | simply choose the highest available protocol version (i.e., | |
1822 | TLS 1.0 unless it is disabled). In practice, ClientHello | |
1823 | messages are never sent like this, but this change gives us | |
1824 | strictly correct behaviour at least for TLS. | |
1825 | [Bodo Moeller] | |
1826 | ||
1827 | *) Fix SSL handshake functions and SSL_clear() such that SSL_clear() | |
1828 | never resets s->method to s->ctx->method when called from within | |
1829 | one of the SSL handshake functions. | |
1830 | [Bodo Moeller; problem pointed out by Niko Baric] | |
1831 | ||
1832 | *) In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert | |
1833 | (sent using the client's version number) if client_version is | |
1834 | smaller than the protocol version in use. Also change | |
1835 | ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0 if | |
1836 | the client demanded SSL 3.0 but only TLS 1.0 is enabled; then | |
1837 | the client will at least see that alert. | |
1838 | [Bodo Moeller] | |
1839 | ||
1840 | *) Fix ssl3_get_message (ssl/s3_both.c) to handle message fragmentation | |
1841 | correctly. | |
1842 | [Bodo Moeller] | |
1843 | ||
1844 | *) Avoid infinite loop in ssl3_get_message (ssl/s3_both.c) if a | |
1845 | client receives HelloRequest while in a handshake. | |
1846 | [Bodo Moeller; bug noticed by Andy Schneider <andy.schneider@bjss.co.uk>] | |
1847 | ||
1848 | *) Bugfix in ssl3_accept (ssl/s3_srvr.c): Case SSL3_ST_SW_HELLO_REQ_C | |
1849 | should end in 'break', not 'goto end' which circuments various | |
1850 | cleanups done in state SSL_ST_OK. But session related stuff | |
1851 | must be disabled for SSL_ST_OK in the case that we just sent a | |
1852 | HelloRequest. | |
1853 | ||
1854 | Also avoid some overhead by not calling ssl_init_wbio_buffer() | |
1855 | before just sending a HelloRequest. | |
1856 | [Bodo Moeller, Eric Rescorla <ekr@rtfm.com>] | |
1857 | ||
1858 | *) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't | |
1859 | reveal whether illegal block cipher padding was found or a MAC | |
1860 | verification error occured. (Neither SSLerr() codes nor alerts | |
1861 | are directly visible to potential attackers, but the information | |
1862 | may leak via logfiles.) | |
1863 | ||
1864 | Similar changes are not required for the SSL 2.0 implementation | |
1865 | because the number of padding bytes is sent in clear for SSL 2.0, | |
1866 | and the extra bytes are just ignored. However ssl/s2_pkt.c | |
1867 | failed to verify that the purported number of padding bytes is in | |
1868 | the legal range. | |
1869 | [Bodo Moeller] | |
1870 | ||
1871 | *) Add OpenUNIX-8 support including shared libraries | |
1872 | (Boyd Lynn Gerber <gerberb@zenez.com>). | |
1873 | [Lutz Jaenicke] | |
1874 | ||
1875 | *) Improve RSA_padding_check_PKCS1_OAEP() check again to avoid | |
1876 | 'wristwatch attack' using huge encoding parameters (cf. | |
1877 | James H. Manger's CRYPTO 2001 paper). Note that the | |
1878 | RSA_PKCS1_OAEP_PADDING case of RSA_private_decrypt() does not use | |
1879 | encoding parameters and hence was not vulnerable. | |
1880 | [Bodo Moeller] | |
1881 | ||
1882 | *) BN_sqr() bug fix. | |
1883 |