]> git.ipfire.org Git - thirdparty/openssl.git/blame - CHANGES
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Update dependencies.
[thirdparty/openssl.git] / CHANGES
CommitLineData
651d0aff 1
f1c236f8 2 OpenSSL CHANGES
651d0aff
RE		 3 _______________
4
d91e201e
RE		 5 Changes between 0.9.4 and 0.9.5 [xx XXX 1999]
6
f76d8c47
DSH		 7 *) First update to verify code. Change the verify utility
8 so it warns if it is passed a self signed certificate:
9 for consistency with the normal behaviour. X509_verify
10 has been modified to it will now verify a self signed
11 certificate if *exactly* the same certificate appears
12 in the store: it was previously impossible to trust a
13 single self signed certificate. This means that:
14 openssl verify ss.pem
15 now gives a warning about a self signed certificate but
16 openssl verify -CAfile ss.pem ss.pem
17 is OK.
18 [Steve Henson]
19
b1fe6ca1
BM		 20 *) For servers, store verify_result in SSL_SESSION data structure
21 (and add it to external session representation).
22 This is needed when client certificate verifications fails,
23 but an application-provided verification callback (set by
24 SSL_CTX_set_cert_verify_callback) allows accepting the session
25 anyway (i.e. leaves x509_store_ctx->error != X509_V_OK
26 but returns 1): When the session is reused, we have to set
27 ssl->verify_result to the appropriate error code to avoid
28 security holes.
29 [Bodo Moeller, problem pointed out by Lutz Jaenicke]
30
91895a59
DSH		 31 *) Fix a bug in the new PKCS#7 code: it didn't consider the
32 case in PKCS7_dataInit() where the signed PKCS7 structure
33 didn't contain any existing data because it was being created.
f76d8c47 34 [Po-Cheng Chen <pocheng@nst.com.tw>, slightly modified by Steve Henson]
91895a59 35
fd699ac5
DSH		 36 *) Add a salt to the key derivation routines in enc.c. This
37 forms the first 8 bytes of the encrypted file. Also add a
38 -S option to allow a salt to be input on the command line.
39 [Steve Henson]
40
e947f396
DSH		 41 *) New function X509_cmp(). Oddly enough there wasn't a function
42 to compare two certificates. We do this by working out the SHA1
43 hash and comparing that. X509_cmp() will be needed by the trust
44 code.
45 [Steve Henson]
46
b7cfcfb7
MC		 47 *) Correctly increment the reference count in the SSL_SESSION pointer
48 returned from SSL_get_session().
49 [Geoff Thorpe <geoff@eu.c2.net>]
50
06556a17
DSH		 51 *) Fix for 'req': it was adding a null to request attributes.
52 Also change the X509_LOOKUP and X509_INFO code to handle
53 certificate auxiliary information.
54 [Steve Henson]
55
a0e9f529
DSH		 56 *) Add support for 40 and 64 bit RC2 and RC4 algorithms: document
57 the 'enc' command.
58 [Steve Henson]
59
71d7526b
RL		 60 *) Add the possibility to add extra information to the memory leak
61 detecting output, to form tracebacks, showing from where each
62 allocation was originated. Also updated sid code to be multi-
63 thread-safe.
64 [Richard Levitte]
65
a0e9f529 66 *) Add options -text and -noout to pkcs7 utility and delete the
954ef7ef
DSH		 67 encryption options which never did anything. Update docs.
68 [Steve Henson]
69
af29811e
DSH		 70 *) Add options to some of the utilities to allow the pass phrase
71 to be included on either the command line (not recommended on
72 OSes like Unix) or read from the environment. Update the
73 manpages and fix a few bugs.
74 [Steve Henson]
75
aba3e65f
DSH		 76 *) Add a few manpages for some of the openssl commands.
77 [Steve Henson]
78
a0ad17bb
DSH		 79 *) Fix the -revoke option in ca. It was freeing up memory twice,
80 leaking and not finding already revoked certificates.
81 [Steve Henson]
82
ce1b4fe1
DSH		 83 *) Extensive changes to support certificate auxiliary information.
84 This involves the use of X509_CERT_AUX structure and X509_AUX
85 functions. An X509_AUX function such as PEM_read_X509_AUX()
86 can still read in a certificate file in the usual way but it
87 will also read in any additional "auxiliary information". By
88 doing things this way a fair degree of compatability can be
89 retained: existing certificates can have this information added
90 using the new 'x509' options.
91
92 Current auxiliary information includes an "alias" and some trust
93 settings. The trust settings will ultimately be used in enhanced
94 certificate chain verification routines: currently a certificate
95 can only be trusted if it is self signed and then it is trusted
96 for all purposes.
97 [Steve Henson]
98
ce2c95b2
MC		 99 *) Fix assembler for Alpha (tested only on DEC OSF not Linux or *BSD). The
100 problem was that one of the replacement routines had not been working since
101 SSLeay releases. For now the offending routine has been replaced with
102 non-optimised assembler. Even so, this now gives around 95% performance
103 improvement for 1024 bit RSA signs.
104 [Mark Cox]
105
9716a8f9
DSH		 106 *) Hack to fix PKCS#7 decryption when used with some unorthodox RC2
107 handling. Most clients have the effective key size in bits equal to
108 the key length in bits: so a 40 bit RC2 key uses a 40 bit (5 byte) key.
109 A few however don't do this and instead use the size of the decrypted key
110 to determine the RC2 key length and the AlgorithmIdentifier to determine
111 the effective key length. In this case the effective key lenth can still
112 be 40 bits but the key length can be 168 bits for example. This is fixed
113 by manually forcing an RC2 key into the EVP_PKEY structure because the
114 EVP code can't currently handle unusual RC2 key sizes: it always assumes
115 the key length and effective key length are equal.
116 [Steve Henson]
117
74400f73
DSH		 118 *) Add a bunch of functions that should simplify the creation of
119 X509_NAME structures. Now you should be able to do:
120 X509_NAME_add_entry_by_txt(nm, "CN", MBSTRING_ASC, "Steve", -1, -1, 0);
121 and have it automatically work out the correct field type and fill in
122 the structures. The more adventurous can try:
123 X509_NAME_add_entry_by_txt(nm, field, MBSTRING_UTF8, str, -1, -1, 0);
124 and it will (hopefully) work out the correct multibyte encoding.
125 [Steve Henson]
126
127 *) Change the 'req' utility to use the new field handling and multibyte
128 copy routines. Before the DN field creation was handled in an ad hoc
129 way in req, ca, and x509 which was rather broken and didn't support
130 BMPStrings or UTF8Strings. Since some software doesn't implement
131 BMPStrings or UTF8Strings yet, they can be enabled using the config file
132 using the dirstring_type option. See the new comment in the default
133 openssl.cnf for more info.
134 [Steve Henson]
135
c1e744b9 136 *) Make crypto/rand/md_rand.c more robust:
62ac2938 137 - Assure unique random numbers after fork().
c1e744b9
BM		 138 - Make sure that concurrent threads access the global counter and
139 md serializably so that we never lose entropy in them
140 or use exactly the same state in multiple threads.
141 Access to the large state is not always serializable because
142 the additional locking could be a performance killer, and
143 md should be large enough anyway.
144 [Bodo Moeller]
145
a31011e8
BM		 146 *) New file apps/app_rand.c with commonly needed functionality
147 for handling the random seed file.
148
149 Use the random seed file in some applications that previously did not:
150 ca,
151 dsaparam -genkey (which also ignored its `-rand' option),
152 s_client,
153 s_server,
154 x509 (when signing).
155 Except on systems with /dev/urandom, it is crucial to have a random
156 seed file at least for key creation, DSA signing, and for DH exchanges;
99e87569 157 for RSA signatures we could do without one.
a31011e8
BM		 158
159 gendh and gendsa (unlike genrsa) used to read only the first byte
160 of each file listed in the `-rand' option. The function as previously
161 found in genrsa is now in app_rand.c and is used by all programs
162 that support `-rand'.
163 [Bodo Moeller]
164
165 *) In RAND_write_file, use mode 0600 for creating files;
166 don't just chmod when it may be too late.
167 [Bodo Moeller]
168
169 *) Report an error from X509_STORE_load_locations
170 when X509_LOOKUP_load_file or X509_LOOKUP_add_dir failed.
171 [Bill Perry]
172
462f79ec
DSH		 173 *) New function ASN1_mbstring_copy() this copies a string in either
174 ASCII, Unicode, Universal (4 bytes per character) or UTF8 format
175 into an ASN1_STRING type. A mask of permissible types is passed
176 and it chooses the "minimal" type to use or an error if not type
177 is suitable.
178 [Steve Henson]
179
08e9c1af
DSH		 180 *) Add function equivalents to the various macros in asn1.h. The old
181 macros are retained with an M_ prefix. Code inside the library can
182 use the M_ macros. External code (including the openssl utility)
183 should *NOT* in order to be "shared library friendly".
184 [Steve Henson]
185
673b102c
DSH		 186 *) Add various functions that can check a certificate's extensions
187 to see if it usable for various purposes such as SSL client,
188 server or S/MIME and CAs of these types. This is currently
189 VERY EXPERIMENTAL but will ultimately be used for certificate chain
190 verification. Also added a -purpose flag to x509 utility to
191 print out all the purposes.
192 [Steve Henson]
193
56a3fec1
DSH		 194 *) Add a CRYPTO_EX_DATA to X509 certificate structure and associated
195 functions.
196 [Steve Henson]
197
4654ef98
DSH		 198 *) New X509V3_{X509,CRL,REVOKED}_get_d2i() functions. These will search
199 for, obtain and decode and extension and obtain its critical flag.
200 This allows all the necessary extension code to be handled in a
201 single function call.
202 [Steve Henson]
203
7e102e28
AP		 204 *) RC4 tune-up featuring 30-40% performance improvement on most RISC
205 platforms. See crypto/rc4/rc4_enc.c for further details.
206 [Andy Polyakov]
207
d71c6bc5
DSH		 208 *) New -noout option to asn1parse. This causes no output to be produced
209 its main use is when combined with -strparse and -out to extract data
210 from a file (which may not be in ASN.1 format).
211 [Steve Henson]
212
2d681b77
DSH		 213 *) Fix for pkcs12 program. It was hashing an invalid certificate pointer
214 when producing the local key id.
215 [Richard Levitte <levitte@stacken.kth.se>]
216
3908cdf4
DSH		 217 *) New option -dhparam in s_server. This allows a DH parameter file to be
218 stated explicitly. If it is not stated then it tries the first server
219 certificate file. The previous behaviour hard coded the filename
220 "server.pem".
221 [Steve Henson]
222
3ea23631
DSH		 223 *) Add -pubin and -pubout options to the rsa and dsa commands. These allow
224 a public key to be input or output. For example:
225 openssl rsa -in key.pem -pubout -out pubkey.pem
226 Also added necessary DSA public key functions to handle this.
227 [Steve Henson]
228
393f2c65
DSH		 229 *) Fix so PKCS7_dataVerify() doesn't crash if no certificates are contained
230 in the message. This was handled by allowing
231 X509_find_by_issuer_and_serial() to tolerate a NULL passed to it.
232 [Steve Henson, reported by Sampo Kellomaki <sampo@mail.neuronio.pt>]
233
234 *) Fix for bug in d2i_ASN1_bytes(): other ASN1 functions add an extra null
235 to the end of the strings whereas this didn't. This would cause problems
236 if strings read with d2i_ASN1_bytes() were later modified.
237 [Steve Henson, reported by Arne Ansper <arne@ats.cyber.ee>]
238
4579dd5d
DSH		 239 *) Fix for base64 decode bug. When a base64 bio reads only one line of
240 data and it contains EOF it will end up returning an error. This is
241 caused by input 46 bytes long. The cause is due to the way base64
242 BIOs find the start of base64 encoded data. They do this by trying a
243 trial decode on each line until they find one that works. When they
244 do a flag is set and it starts again knowing it can pass all the
245 data directly through the decoder. Unfortunately it doesn't reset
246 the context it uses. This means that if EOF is reached an attempt
247 is made to pass two EOFs through the context and this causes the
248 resulting error. This can also cause other problems as well. As is
249 usual with these problems it takes *ages* to find and the fix is
250 trivial: move one line.
251 [Steve Henson, reported by ian@uns.ns.ac.yu (Ivan Nejgebauer) ]
252
06f4536a
DSH		 253 *) Ugly workaround to get s_client and s_server working under Windows. The
254 old code wouldn't work because it needed to select() on sockets and the
255 tty (for keypresses and to see if data could be written). Win32 only
256 supports select() on sockets so we select() with a 1s timeout on the
257 sockets and then see if any characters are waiting to be read, if none
258 are present then we retry, we also assume we can always write data to
259 the tty. This isn't nice because the code then blocks until we've
260 received a complete line of data and it is effectively polling the
261 keyboard at 1s intervals: however it's quite a bit better than not
262 working at all :-) A dedicated Windows application might handle this
263 with an event loop for example.
264 [Steve Henson]
265
1c80019a
DSH		 266 *) Enhance RSA_METHOD structure. Now there are two extra methods, rsa_sign
267 and rsa_verify. When the RSA_FLAGS_SIGN_VER option is set these functions
268 will be called when RSA_sign() and RSA_verify() are used. This is useful
269 if rsa_pub_dec() and rsa_priv_enc() equivalents are not available.
270 For this to work properly RSA_public_decrypt() and RSA_private_encrypt()
271 should *not* be used: RSA_sign() and RSA_verify() must be used instead.
272 This necessitated the support of an extra signature type NID_md5_sha1
273 for SSL signatures and modifications to the SSL library to use it instead
274 of calling RSA_public_decrypt() and RSA_private_encrypt().
275 [Steve Henson]
276
090d848e
DSH		 277 *) Add new -verify -CAfile and -CApath options to the crl program, these
278 will lookup a CRL issuers certificate and verify the signature in a
279 similar way to the verify program. Tidy up the crl program so it
280 no longer acesses structures directly. Make the ASN1 CRL parsing a bit
281 less strict. It will now permit CRL extensions even if it is not
282 a V2 CRL: this will allow it to tolerate some broken CRLs.
283 [Steve Henson]
284
396f6314
BM		 285 *) Initialize all non-automatic variables each time one of the openssl
286 sub-programs is started (this is necessary as they may be started
287 multiple times from the "OpenSSL>" prompt).
288 [Lennart Bang, Bodo Moeller]
289
4a61a64f
DSH		 290 *) Preliminary compilation option RSA_NULL which disables RSA crypto without
291 removing all other RSA functionality (this is what NO_RSA does). This
292 is so (for example) those in the US can disable those operations covered
293 by the RSA patent while allowing storage and parsing of RSA keys and RSA
294 key generation.
295 [Steve Henson]
296
c1082a90 297 *) Non-copying interface to BIO pairs.
6f7af152 298 (still largely untested)
c1082a90
BM		 299 [Bodo Moeller]
300
a785abc3
DSH		 301 *) New function ANS1_tag2str() to convert an ASN1 tag to a descriptive
302 ASCII string. This was handled independently in various places before.
303 [Steve Henson]
304
aef838fc
DSH		 305 *) New functions UTF8_getc() and UTF8_putc() that parse and generate
306 UTF8 strings a character at a time.
307 [Steve Henson]
308
074309b7
BM		 309 *) Use client_version from client hello to select the protocol
310 (s23_srvr.c) and for RSA client key exchange verification
311 (s3_srvr.c), as required by the SSL 3.0/TLS 1.0 specifications.
312 [Bodo Moeller]
313
8ce97163
DSH		 314 *) Add various utility functions to handle SPKACs, these were previously
315 handled by poking round in the structure internals. Added new function
316 NETSCAPE_SPKI_print() to print out SPKAC and a new utility 'spkac' to
317 print, verify and generate SPKACs. Based on an original idea from
318 Massimiliano Pala <madwolf@comune.modena.it> but extensively modified.
319 [Steve Henson]
320
2d4287da
AP		 321 *) RIPEMD160 is operational on all platforms and is back in 'make test'.
322 [Andy Polyakov]
323
87a25f90
DSH		 324 *) Allow the config file extension section to be overwritten on the
325 command line. Based on an original idea from Massimiliano Pala
326 <madwolf@comune.modena.it>. The new option is called -extensions
327 and can be applied to ca, req and x509. Also -reqexts to override
328 the request extensions in req and -crlexts to override the crl extensions
329 in ca.
330 [Steve Henson]
331
f9150e54
DSH		 332 *) Add new feature to the SPKAC handling in ca. Now you can include
333 the same field multiple times by preceding it by "XXXX." for example:
334 1.OU="Unit name 1"
335 2.OU="Unit name 2"
336 this is the same syntax as used in the req config file.
337 [Steve Henson]
338
c79b16e1
DSH		 339 *) Allow certificate extensions to be added to certificate requests. These
340 are specified in a 'req_extensions' option of the req section of the
341 config file. They can be printed out with the -text option to req but
342 are otherwise ignored at present.
343 [Steve Henson]
344
96c2201b 345 *) Fix a horrible bug in enc_read() in crypto/evp/bio_enc.c: if the first
0f7e6fe1 346 data read consists of only the final block it would not decrypted because
7b65c329
DSH		 347 EVP_CipherUpdate() would correctly report zero bytes had been decrypted.
348 A misplaced 'break' also meant the decrypted final block might not be
349 copied until the next read.
350 [Steve Henson]
351
13066cee
DSH		 352 *) Initial support for DH_METHOD. Again based on RSA_METHOD. Also added
353 a few extra parameters to the DH structure: these will be useful if
354 for example we want the value of 'q' or implement X9.42 DH.
355 [Steve Henson]
356
c0711f7f
DSH		 357 *) Initial support for DSA_METHOD. This is based on the RSA_METHOD and
358 provides hooks that allow the default DSA functions or functions on a
359 "per key" basis to be replaced. This allows hardware acceleration and
360 hardware key storage to be handled without major modification to the
361 library. Also added low level modexp hooks and CRYPTO_EX structure and
362 associated functions.
363 [Steve Henson]
364
8484721a
DSH		 365 *) Add a new flag to memory BIOs, BIO_FLAG_MEM_RDONLY. This marks the BIO
366 as "read only": it can't be written to and the buffer it points to will
367 not be freed. Reading from a read only BIO is much more efficient than
368 a normal memory BIO. This was added because there are several times when
369 an area of memory needs to be read from a BIO. The previous method was
370 to create a memory BIO and write the data to it, this results in two
371 copies of the data and an O(n^2) reading algorithm. There is a new
372 function BIO_new_mem_buf() which creates a read only memory BIO from
373 an area of memory. Also modified the PKCS#7 routines to use read only
374 memory BIOSs.
375 [Steve Henson]
376
de1915e4
BM		 377 *) Bugfix: ssl23_get_client_hello did not work properly when called in
378 state SSL23_ST_SR_CLNT_HELLO_B, i.e. when the first 7 bytes of
379 a SSLv2-compatible client hello for SSLv3 or TLSv1 could be read,
380 but a retry condition occured while trying to read the rest.
381 [Bodo Moeller]
382
c6c34506
DSH		 383 *) The PKCS7_ENC_CONTENT_new() function was setting the content type as
384 NID_pkcs7_encrypted by default: this was wrong since this should almost
385 always be NID_pkcs7_data. Also modified the PKCS7_set_type() to handle
386 the encrypted data type: this is a more sensible place to put it and it
387 allows the PKCS#12 code to be tidied up that duplicated this
388 functionality.
389 [Steve Henson]
390
fd520577
DSH		 391 *) Changed obj_dat.pl script so it takes its input and output files on
392 the command line. This should avoid shell escape redirection problems
393 under Win32.
394 [Steve Henson]
395
87c49f62 396 *) Initial support for certificate extension requests, these are included
fd520577
DSH		 397 in things like Xenroll certificate requests. Included functions to allow
398 extensions to be obtained and added.
87c49f62
DSH		 399 [Steve Henson]
400
1b1a6e78
BM		 401 *) -crlf option to s_client and s_server for sending newlines as
402 CRLF (as required by many protocols).
403 [Bodo Moeller]
404
9a577e29 405 Changes between 0.9.3a and 0.9.4 [09 Aug 1999]
dfbaf956 406
9a577e29 407 *) Install libRSAglue.a when OpenSSL is built with RSAref.
dfbaf956 408 [Ralf S. Engelschall]
74678cc2 409
96395158
RE		 410 *) A few more ``#ifndef NO_FP_API / #endif'' pairs for consistency.
411 [Andrija Antonijevic <TheAntony2@bigfoot.com>]
412
ed7f60fb
DSH		 413 *) Fix -startdate and -enddate (which was missing) arguments to 'ca'
414 program.
415 [Steve Henson]
416
48c843c3
BM		 417 *) New function DSA_dup_DH, which duplicates DSA parameters/keys as
418 DH parameters/keys (q is lost during that conversion, but the resulting
419 DH parameters contain its length).
420
421 For 1024-bit p, DSA_generate_parameters followed by DSA_dup_DH is
422 much faster than DH_generate_parameters (which creates parameters
423 where p = 2*q + 1), and also the smaller q makes DH computations
424 much more efficient (160-bit exponentiation instead of 1024-bit
425 exponentiation); so this provides a convenient way to support DHE
426 ciphersuites in SSL/TLS servers (see ssl/ssltest.c). It is of
427 utter importance to use
428 SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
429 or
430 SSL_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
431 when such DH parameters are used, because otherwise small subgroup
432 attacks may become possible!
433 [Bodo Moeller]
434
435 *) Avoid memory leak in i2d_DHparams.
436 [Bodo Moeller]
437
922180d7
DSH		 438 *) Allow the -k option to be used more than once in the enc program:
439 this allows the same encrypted message to be read by multiple recipients.
440 [Steve Henson]
441
3e3d2ea2
DSH		 442 *) New function OBJ_obj2txt(buf, buf_len, a, no_name), this converts
443 an ASN1_OBJECT to a text string. If the "no_name" parameter is set then
444 it will always use the numerical form of the OID, even if it has a short
445 or long name.
446 [Steve Henson]
447
770d19b8
DSH		 448 *) Added an extra RSA flag: RSA_FLAG_EXT_PKEY. Previously the rsa_mod_exp
449 method only got called if p,q,dmp1,dmq1,iqmp components were present,
450 otherwise bn_mod_exp was called. In the case of hardware keys for example
451 no private key components need be present and it might store extra data
96c2201b
BM		 452 in the RSA structure, which cannot be accessed from bn_mod_exp.
453 By setting RSA_FLAG_EXT_PKEY rsa_mod_exp will always be called for
454 private key operations.
770d19b8
DSH		 455 [Steve Henson]
456
a0618e3e
AP		 457 *) Added support for SPARC Linux.
458 [Andy Polyakov]
459
74678cc2
BM		 460 *) pem_password_cb function type incompatibly changed from
461 typedef int pem_password_cb(char *buf, int size, int rwflag);
462 to
463 ....(char *buf, int size, int rwflag, void *userdata);
464 so that applications can pass data to their callbacks:
465 The PEM[_ASN1]_{read,write}... functions and macros now take an
466 additional void * argument, which is just handed through whenever
467 the password callback is called.
96c2201b 468 [Damien Miller <dmiller@ilogic.com.au>; tiny changes by Bodo Moeller]
74678cc2
BM		 469
470 New function SSL_CTX_set_default_passwd_cb_userdata.
471
472 Compatibility note: As many C implementations push function arguments
473 onto the stack in reverse order, the new library version is likely to
474 interoperate with programs that have been compiled with the old
475 pem_password_cb definition (PEM_whatever takes some data that
476 happens to be on the stack as its last argument, and the callback
477 just ignores this garbage); but there is no guarantee whatsoever that
478 this will work.
0cceb1c7 479
664b9985
BM		 480 *) The -DPLATFORM="\"$(PLATFORM)\"" definition and the similar -DCFLAGS=...
481 (both in crypto/Makefile.ssl for use by crypto/cversion.c) caused
482 problems not only on Windows, but also on some Unix platforms.
2e0fc875 483 To avoid problematic command lines, these definitions are now in an
57119943
BM		 484 auto-generated file crypto/buildinf.h (created by crypto/Makefile.ssl
485 for standard "make" builds, by util/mk1mf.pl for "mk1mf" builds).
664b9985
BM		 486 [Bodo Moeller]
487
7363455f
AP		 488 *) MIPS III/IV assembler module is reimplemented.
489 [Andy Polyakov]
490
6434450c
UM		 491 *) More DES library cleanups: remove references to srand/rand and
492 delete an unused file.
493