]>
Commit | Line | Data |
---|---|---|
651d0aff | 1 | |
f1c236f8 | 2 | OpenSSL CHANGES |
651d0aff RE |
3 | _______________ |
4 | ||
c90341a1 RL |
5 | Changes between 0.9.5a and 0.9.6 [xx XXX 2000] |
6 | ||
fd13f0ee DSH |
7 | *) Fix so PRNG is seeded in req if using an already existing |
8 | DSA key. | |
9 | [Steve Henson] | |
10 | ||
094fe66d DSH |
11 | *) New options to smime application. -inform and -outform |
12 | allow alternative formats for the S/MIME message including | |
13 | PEM and DER. The -content option allows the content to be | |
14 | specified separately. This should allow things like Netscape | |
15 | form signing output easier to verify. | |
16 | [Steve Henson] | |
17 | ||
18 | *) Fix the ASN1 encoding of tags using the 'long form'. | |
19 | [Steve Henson] | |
20 | ||
a338e21b DSH |
21 | *) New ASN1 functions, i2c_* and c2i_* for INTEGER and BIT |
22 | STRING types. These convert content octets to and from the | |
23 | underlying type. The actual tag and length octets are | |
24 | already assumed to have been read in and checked. These | |
25 | are needed because all other string types have virtually | |
26 | identical handling apart from the tag. By having versions | |
27 | of the ASN1 functions that just operate on content octets | |
28 | IMPLICIT tagging can be handled properly. It also allows | |
29 | the ASN1_ENUMERATED code to be cut down because ASN1_ENUMERATED | |
30 | and ASN1_INTEGER are identical apart from the tag. | |
31 | [Steve Henson] | |
32 | ||
d5870bbe RL |
33 | *) Change the handling of OID objects as follows: |
34 | ||
35 | - New object identifiers are inserted in objects.txt, following | |
36 | the syntax given in objects.README. | |
37 | - objects.pl is used to process obj_mac.num and create a new | |
38 | obj_mac.h. | |
39 | - obj_dat.pl is used to create a new obj_dat.h, using the data in | |
40 | obj_mac.h. | |
41 | ||
42 | This is currently kind of a hack, and the perl code in objects.pl | |
43 | isn't very elegant, but it works as I intended. The simplest way | |
44 | to check that it worked correctly is to look in obj_dat.h and | |
45 | check the array nid_objs and make sure the objects haven't moved | |
46 | around (this is important!). Additions are OK, as well as | |
47 | consistent name changes. | |
48 | [Richard Levitte] | |
49 | ||
1f4643a2 BM |
50 | *) Add BSD-style MD5-based passwords to 'openssl passwd' (option '-1'). |
51 | [Bodo Moeller] | |
52 | ||
fb0b844a | 53 | *) Addition of the command line parameter '-rand file' to 'openssl req'. |
1023b122 RL |
54 | The given file adds to whatever has already been seeded into the |
55 | random pool through the RANDFILE configuration file option or | |
56 | environment variable, or the default random state file. | |
fb0b844a RL |
57 | [Richard Levitte] |
58 | ||
4dd45354 DSH |
59 | *) mkstack.pl now sorts each macro group into lexical order. |
60 | Previously the output order depended on the order the files | |
61 | appeared in the directory, resulting in needless rewriting | |
62 | of safestack.h . | |
63 | [Steve Henson] | |
64 | ||
13083215 DSH |
65 | *) Patches to make OpenSSL compile under Win32 again. Mostly |
66 | work arounds for the VC++ problem that it treats func() as | |
67 | func(void). Also stripped out the parts of mkdef.pl that | |
68 | added extra typesafe functions: these no longer exist. | |
69 | [Steve Henson] | |
70 | ||
3aceb94b DSH |
71 | *) Reorganisation of the stack code. The macros are now all |
72 | collected in safestack.h . Each macro is defined in terms of | |
73 | a "stack macro" of the form SKM_<name>(type, a, b). The | |
74 | DEBUG_SAFESTACK is now handled in terms of function casts, | |
75 | this has the advantage of retaining type safety without the | |
76 | use of additional functions. If DEBUG_SAFESTACK is not defined | |
77 | then the non typesafe macros are used instead. Also modified the | |
78 | mkstack.pl script to handle the new form. Needs testing to see | |
79 | if which (if any) compilers it chokes and maybe make DEBUG_SAFESTACK | |
7ef82068 DSH |
80 | the default if no major problems. Similar behaviour for ASN1_SET_OF |
81 | and PKCS12_STACK_OF. | |
3aceb94b DSH |
82 | [Steve Henson] |
83 | ||
d3ed8ceb DSH |
84 | *) When some versions of IIS use the 'NET' form of private key the |
85 | key derivation algorithm is different. Normally MD5(password) is | |
86 | used as a 128 bit RC4 key. In the modified case | |
87 | MD5(MD5(password) + "SGCKEYSALT") is used insted. Added some | |
88 | new functions i2d_RSA_NET(), d2i_RSA_NET() etc which are the same | |
89 | as the old Netscape_RSA functions except they have an additional | |
90 | 'sgckey' parameter which uses the modified algorithm. Also added | |
91 | an -sgckey command line option to the rsa utility. Thanks to | |
92 | Adrian Peck <bertie@ncipher.com> for posting details of the modified | |
93 | algorithm to openssl-dev. | |
94 | [Steve Henson] | |
95 | ||
e366f2b8 DSH |
96 | *) The evp_local.h macros were using 'c.##kname' which resulted in |
97 | invalid expansion on some systems (SCO 5.0.5 for example). | |
98 | Corrected to 'c.kname'. | |
99 | [Phillip Porch <root@theporch.com>] | |
100 | ||
a91dedca DSH |
101 | *) New X509_get1_email() and X509_REQ_get1_email() functions that return |
102 | a STACK of email addresses from a certificate or request, these look | |
103 | in the subject name and the subject alternative name extensions and | |
104 | omit any duplicate addresses. | |
105 | [Steve Henson] | |
106 | ||
dc434bbc BM |
107 | *) Re-implement BN_mod_exp2_mont using independent (and larger) windows. |
108 | This makes DSA verification about 2 % faster. | |
109 | [Bodo Moeller] | |
110 | ||
111 | *) Increase maximum window size in BN_mod_exp_... to 6 bits instead of 5 | |
112 | (meaning that now 2^5 values will be precomputed, which is only 4 KB | |
113 | plus overhead for 1024 bit moduli). | |
114 | This makes exponentiations about 0.5 % faster for 1024 bit | |
115 | exponents (as measured by "openssl speed rsa2048"). | |
116 | [Bodo Moeller] | |
117 | ||
947b3b8b BM |
118 | *) Rename memory handling macros to avoid conflicts with other |
119 | software: | |
120 | Malloc => OPENSSL_malloc | |
121 | Malloc_locked => OPENSSL_malloc_locked | |
122 | Realloc => OPENSSL_realloc | |
123 | Free => OPENSSL_free | |
124 | [Richard Levitte] | |
125 | ||
482a9d41 BM |
126 | *) New function BN_mod_exp_mont_word for small bases (roughly 15% |
127 | faster than BN_mod_exp_mont, i.e. 7% for a full DH exchange). | |
6dad7bd6 BM |
128 | [Bodo Moeller] |
129 | ||
be5d92e0 UM |
130 | *) CygWin32 support. |
131 | [John Jarvie <jjarvie@newsguy.com>] | |
132 | ||
e41c8d6a GT |
133 | *) The type-safe stack code has been rejigged. It is now only compiled |
134 | in when OpenSSL is configured with the DEBUG_SAFESTACK option and | |
135 | by default all type-specific stack functions are "#define"d back to | |
136 | standard stack functions. This results in more streamlined output | |
137 | but retains the type-safety checking possibilities of the original | |
138 | approach. | |
139 | [Geoff Thorpe] | |
140 | ||
ccd86b68 GT |
141 | *) The STACK code has been cleaned up, and certain type declarations |
142 | that didn't make a lot of sense have been brought in line. This has | |
143 | also involved a cleanup of sorts in safestack.h to more correctly | |
144 | map type-safe stack functions onto their plain stack counterparts. | |
145 | This work has also resulted in a variety of "const"ifications of | |
146 | lots of the code, especially "_cmp" operations which should normally | |
147 | be prototyped with "const" parameters anyway. | |
148 | [Geoff Thorpe] | |
149 | ||
361ee973 BM |
150 | *) When generating bytes for the first time in md_rand.c, 'stir the pool' |
151 | by seeding with STATE_SIZE dummy bytes (with zero entropy count). | |
152 | (The PRNG state consists of two parts, the large pool 'state' and 'md', | |
153 | where all of 'md' is used each time the PRNG is used, but 'state' | |
154 | is used only indexed by a cyclic counter. As entropy may not be | |
155 | well distributed from the beginning, 'md' is important as a | |
156 | chaining variable. However, the output function chains only half | |
157 | of 'md', i.e. 80 bits. ssleay_rand_add, on the other hand, chains | |
158 | all of 'md', and seeding with STATE_SIZE dummy bytes will result | |
159 | in all of 'state' being rewritten, with the new values depending | |
160 | on virtually all of 'md'. This overcomes the 80 bit limitation.) | |
161 | [Bodo Moeller] | |
162 | ||
49528751 DSH |
163 | *) In ssl/s2_clnt.c and ssl/s3_clnt.c, call ERR_clear_error() when |
164 | the handshake is continued after ssl_verify_cert_chain(); | |
165 | otherwise, if SSL_VERIFY_NONE is set, remaining error codes | |
166 | can lead to 'unexplainable' connection aborts later. | |
167 | [Bodo Moeller; problem tracked down by Lutz Jaenicke] | |
168 | ||
169 | *) Major EVP API cipher revision. | |
170 | Add hooks for extra EVP features. This allows various cipher | |
171 | parameters to be set in the EVP interface. Support added for variable | |
172 | key length ciphers via the EVP_CIPHER_CTX_set_key_length() function and | |
173 | setting of RC2 and RC5 parameters. | |
174 | ||
175 | Modify EVP_OpenInit() and EVP_SealInit() to cope with variable key length | |
176 | ciphers. | |
177 | ||
178 | Remove lots of duplicated code from the EVP library. For example *every* | |
360370d9 DSH |
179 | cipher init() function handles the 'iv' in the same way according to the |
180 | cipher mode. They also all do nothing if the 'key' parameter is NULL and | |
181 | for CFB and OFB modes they zero ctx->num. | |
182 | ||
49528751 DSH |
183 | New functionality allows removal of S/MIME code RC2 hack. |
184 | ||
57ae2e24 DSH |
185 | Most of the routines have the same form and so can be declared in terms |
186 | of macros. | |
187 | ||
360370d9 DSH |
188 | By shifting this to the top level EVP_CipherInit() it can be removed from |
189 | all individual ciphers. If the cipher wants to handle IVs or keys | |
190 | differently it can set the EVP_CIPH_CUSTOM_IV or EVP_CIPH_ALWAYS_CALL_INIT | |
191 | flags. | |
be06a934 DSH |
192 | |
193 | Change lots of functions like EVP_EncryptUpdate() to now return a | |
194 | value: although software versions of the algorithms cannot fail | |
195 | any installed hardware versions can. | |
7f060601 DSH |
196 | [Steve Henson] |
197 | ||
2c05c494 BM |
198 | *) Implement SSL_OP_TLS_ROLLBACK_BUG: In ssl3_get_client_key_exchange, if |
199 | this option is set, tolerate broken clients that send the negotiated | |
200 | protocol version number instead of the requested protocol version | |
201 | number. | |
202 | [Bodo Moeller] | |
203 | ||
204 | *) Call dh_tmp_cb (set by ..._TMP_DH_CB) with correct 'is_export' flag; | |
205 | i.e. non-zero for export ciphersuites, zero otherwise. | |
206 | Previous versions had this flag inverted, inconsistent with | |
207 | rsa_tmp_cb (..._TMP_RSA_CB). | |
208 | [Bodo Moeller; problem reported by Amit Chopra] | |
209 | ||
b4b41f48 DSH |
210 | *) Add missing DSA library text string. Work around for some IIS |
211 | key files with invalid SEQUENCE encoding. | |
212 | [Steve Henson] | |
213 | ||
6d7cce48 RL |
214 | *) Add a document (doc/standards.txt) that list all kinds of standards |
215 | and so on that are implemented in OpenSSL. | |
216 | [Richard Levitte] | |
217 | ||
439df508 DSH |
218 | *) Enhance c_rehash script. Old version would mishandle certificates |
219 | with the same subject name hash and wouldn't handle CRLs at all. | |
220 | Added -fingerprint option to crl utility, to support new c_rehash | |
221 | features. | |
222 | [Steve Henson] | |
223 | ||
0e1c0612 | 224 | *) Eliminate non-ANSI declarations in crypto.h and stack.h. |
2c05c494 | 225 |