]>
Commit | Line | Data |
---|---|---|
f1c236f8 | 1 | OpenSSL CHANGES |
651d0aff RE |
2 | _______________ |
3 | ||
c5e8580e | 4 | Changes between 0.9.6 and 0.9.7 [xx XXX 2000] |
a43cf9fa | 5 | |
8cff6331 DSH |
6 | *) Tolerate nonRepudiation as being valid for S/MIME signing and certSign |
7 | keyUsage if basicConstraints absent for a CA. | |
8 | [Steve Henson] | |
9 | ||
903872d6 RL |
10 | *) Make SMIME_write_PKCS7() write mail header values with a format that |
11 | is more generally accepted (no spaces before the semicolon), since | |
12 | some programs can't parse those values properly otherwise. Also make | |
13 | sure BIO's that break lines after each write do not create invalid | |
14 | headers. | |
15 | [Richard Levitte] | |
16 | ||
b8470240 DSH |
17 | *) Make sk_sort() tolerate a NULL argument. |
18 | [Steve Henson reported by Massimiliano Pala <madwolf@comune.modena.it>] | |
19 | ||
50d51991 DSH |
20 | *) New OCSP verify flag OCSP_TRUSTOTHER. When set the "other" certificates |
21 | passed by the function are trusted implicitly. If any of them signed the | |
22 | reponse then it is assumed to be valid and is not verified. | |
23 | [Steve Henson] | |
24 | ||
a342cc5a DSH |
25 | *) Zero the premaster secret after deriving the master secret in |
26 | DH ciphersuites. | |
27 | [Steve Henson] | |
28 | ||
a43cf9fa DSH |
29 | *) In PKCS7_set_type() initialise content_type in PKCS7_ENC_CONTENT |
30 | to data. This was previously part of the PKCS7 ASN1 code. This | |
31 | was causing problems with OpenSSL created PKCS#12 and PKCS#7 structures. | |
32 | [Steve Henson, reported by Kenneth R. Robinette | |
33 | <support@securenetterm.com>] | |
34 | ||
35 | *) Add CRYPTO_push_info() and CRYPTO_pop_info() calls to new ASN1 | |
36 | routines: without these tracing memory leaks is very painful. | |
37 | Fix leaks in PKCS12 and PKCS7 routines. | |
38 | [Steve Henson] | |
39 | ||
75802000 UM |
40 | *) Fix for Irix with NO_ASM. |
41 | ["Bruce W. Forsberg" <bruce.forsberg@baesystems.com>] | |
42 | ||
ae0665b8 BM |
43 | *) Add some EVP_add_digest_alias registrations (as found in |
44 | OpenSSL_add_all_digests()), to SSL_library_init() | |
45 | aka OpenSSL_add_ssl_algorithms(). This provides improved | |
46 | compatibility with peers using X.509 certificates | |
47 | with unconventional AlgorithmIdentifier OIDs. | |
48 | [Bodo Moeller] | |
49 | ||
893b76c5 UM |
50 | *) ./config script fixes. |
51 | [Ulf Moeller, Richard Levitte] | |
52 | ||
ba8e2824 DSH |
53 | *) Make X509_time_adj() cope with the new behaviour of ASN1_TIME_new(). |
54 | Previously it initialised the 'type' argument to V_ASN1_UTCTIME which | |
55 | effectively meant GeneralizedTime would never be used. Now it | |
56 | is initialised to -1 but X509_time_adj() now has to check the value | |
57 | and use ASN1_TIME_set() if the value is not V_ASN1_UTCTIME or | |
58 | V_ASN1_GENERALIZEDTIME, without this it always uses GeneralizedTime. | |
59 | [Steve Henson, reported by Kenneth R. Robinette | |
60 | <support@securenetterm.com>] | |
61 | ||
8e8972bb DSH |
62 | *) Fixes to BN_to_ASN1_INTEGER when bn is zero. This would previously |
63 | result in a zero length in the ASN1_INTEGER structure which was | |
64 | not consistent with the structure when d2i_ASN1_INTEGER() was used | |
65 | and would cause ASN1_INTEGER_cmp() to fail. Enhance s2i_ASN1_INTEGER() | |
66 | to cope with hex and negative integers. Fix bug in i2a_ASN1_INTEGER() | |
67 | where it did not print out a minus for negative ASN1_INTEGER. | |
68 | [Steve Henson] | |
69 | ||
57108f0a BM |
70 | *) Fix 'openssl passwd -1'. |
71 | [Bodo Moeller] | |
72 | ||
73758d43 DSH |
73 | *) Add summary printout to ocsp utility. The various functions which |
74 | convert status values to strings have been renamed to: | |
75 | OCSP_response_status_str(), OCSP_cert_status_str() and | |
76 | OCSP_crl_reason_str() and are no longer static. New options | |
77 | to verify nonce values and to disable verification. OCSP response | |
78 | printout format cleaned up. | |
79 | [Steve Henson] | |
80 | ||
e8af92fc DSH |
81 | *) Add additional OCSP certificate checks. These are those specified |
82 | in RFC2560. This consists of two separate checks: the CA of the | |
83 | certificate being checked must either be the OCSP signer certificate | |
84 | or the issuer of the OCSP signer certificate. In the latter case the | |
85 | OCSP signer certificate must contain the OCSP signing extended key | |
86 | usage. This check is performed by attempting to match the OCSP | |
87 | signer or the OCSP signer CA to the issuerNameHash and issuerKeyHash | |
88 | in the OCSP_CERTID structures of the response. | |
89 | [Steve Henson] | |
90 | ||
81f169e9 DSH |
91 | *) Initial OCSP certificate verification added to OCSP_basic_verify() |
92 | and related routines. This uses the standard OpenSSL certificate | |
93 | verify routines to perform initial checks (just CA validity) and | |
94 | to obtain the certificate chain. Then additional checks will be | |
95 | performed on the chain. Currently the root CA is checked to see | |
96 | if it is explicitly trusted for OCSP signing. This is used to set | |
97 | a root CA as a global signing root: that is any certificate that | |
98 | chains to that CA is an acceptable OCSP signing certificate. | |
99 | [Steve Henson] | |
100 | ||
dfebac32 BM |
101 | *) New '-extfile ...' option to 'openssl ca' for reading X.509v3 |
102 | extensions from a separate configuration file. | |
103 | As when reading extensions from the main configuration file, | |
104 | the '-extensions ...' option may be used for specifying the | |
105 | section to use. | |
106 | [Massimiliano Pala <madwolf@comune.modena.it>] | |
107 | ||
6308af19 DSH |
108 | *) Change PKCS12_key_gen_asc() so it can cope with non null |
109 | terminated strings whose length is passed in the passlen | |
110 | parameter, for example from PEM callbacks. This was done | |
111 | by adding an extra length parameter to asc2uni(). | |
112 | [Steve Henson, reported by <oddissey@samsung.co.kr>] | |
113 | ||
5782ceb2 DSH |
114 | *) New OCSP utility. Allows OCSP requests to be generated or |
115 | read. The request can be sent to a responder and the output | |
116 | parsed, outputed or printed in text form. Not complete yet: | |
117 | still needs to check the OCSP response validity. | |
118 | [Steve Henson] | |
119 | ||
c67cdb50 BM |
120 | *) New subcommands for 'openssl ca': |
121 | 'openssl ca -status <serial>' prints the status of the cert with | |
122 | the given serial number (according to the index file). | |
123 | 'openssl ca -updatedb' updates the expiry status of certificates | |
124 | in the index file. | |
125 | [Massimiliano Pala <madwolf@comune.modena.it>] | |
126 | ||
d199858e BM |
127 | *) New '-newreq-nodes' command option to CA.pl. This is like |
128 | '-newreq', but calls 'openssl req' with the '-nodes' option | |
129 | so that the resulting key is not encrypted. | |
130 | [Damien Miller <djm@mindrot.org>] | |
131 | ||
10a2975a RL |
132 | *) New configuration for the GNU Hurd. |
133 | [Jonathan Bartlett <johnnyb@wolfram.com> via Richard Levitte] | |
134 | ||
9b4dc830 DSH |
135 | *) Initial code to implement OCSP basic response verify. This |
136 | is currently incomplete. Currently just finds the signer's | |
137 | certificate and verifies the signature on the response. | |
138 | [Steve Henson] | |
139 | ||
673b3fde BM |
140 | *) New SSLeay_version code SSLEAY_DIR to determine the compiled-in |
141 | value of OPENSSLDIR. This is available via the new '-d' option | |
142 | to 'openssl version', and is also included in 'openssl version -a'. | |
143 | [Bodo Moeller] | |
144 | ||
c06648f7 BM |
145 | *) Fix C code generated by 'openssl dsaparam -C': If a BN_bin2bn |
146 | call failed, free the DSA structure. | |
147 | [Bodo Moeller] | |
148 | ||
a5435e8b BM |
149 | *) Allowing defining memory allocation callbacks that will be given |
150 | file name and line number information in additional arguments | |
151 | (a const char* and an int). The basic functionality remains, as | |
152 | well as the original possibility to just replace malloc(), | |
153 | realloc() and free() by functions that do not know about these | |
154 | additional arguments. To register and find out the current | |
155 | settings for extended allocation functions, the following | |
156 | functions are provided: | |
65a22e8e RL |
157 | |
158 | CRYPTO_set_mem_ex_functions | |
159 | CRYPTO_set_locked_mem_ex_functions | |
160 | CRYPTO_get_mem_ex_functions | |
161 | CRYPTO_get_locked_mem_ex_functions | |
162 | ||
a5435e8b BM |
163 | These work the same way as CRYPTO_set_mem_functions and friends. |
164 | CRYPTO_get_[locked_]mem_functions now writes 0 where such an | |
165 | extended allocation function is enabled. | |
166 | Similarly, CRYPTO_get_[locked_]mem_ex_functions writes 0 where | |
167 | a conventional allocation function is enabled. | |
168 | [Richard Levitte, Bodo Moeller] | |
65a22e8e | 169 | |
cbf0f45f DSH |
170 | *) Fix to uni2asc() to cope with zero length Unicode strings. |
171 | These are present in some PKCS#12 files. | |
172 | [Steve Henson] | |
173 | ||
3c914840 GT |
174 | *) Finish off removing the remaining LHASH function pointer casts. |
175 | There should no longer be any prototype-casting required when using | |
56a67adb GT |
176 | the LHASH abstraction, and any casts that remain are "bugs". See |
177 | the callback types and macros at the head of lhash.h for details | |
178 | (and "OBJ_cleanup" in crypto/objects/obj_dat.c as an example). | |
3c914840 GT |
179 | [Geoff Thorpe] |
180 | ||
599c0353 LJ |
181 | *) Add automatic query of EGD sockets in RAND_poll() for the unix variant. |
182 | If an EGD or PRNGD is running and enough entropy is returned, automatic | |
183 | seeding like with /dev/[u]random will be performed. | |
184 | Positions tried are: /etc/entropy, /var/run/egd-pool. | |
185 | [Lutz Jaenicke] | |
186 | ||
0c61e299 | 187 | *) Change the Unix RAND_poll() variant to be able to poll several |
361ef5f4 RL |
188 | random devices, as specified by DEVRANDOM, until a sufficient amount |
189 | of data has been collected. We spend at most 10 ms on each file | |
190 | (select timeout) and read in non-blocking mode. DEVRANDOM now | |
191 | defaults to the list "/dev/urandom", "/dev/random", "/dev/srandom" | |
192 | (previously it was just the string "/dev/urandom"), so on typical | |
193 | platforms the 10 ms delay will never occur. | |
194 | Also separate out the Unix variant to its own file, rand_unix.c. | |
195 | For VMS, there's a currently-empty rand_vms.c. | |
0c61e299 RL |
196 | [Richard Levitte] |
197 | ||
0b33bc65 DSH |
198 | *) Move OCSP client related routines to ocsp_cl.c. These |
199 | provide utility functions which an application needing | |
200 | to issue a request to an OCSP responder and analyse the | |
201 | response will typically need: as opposed to those which an | |
202 | OCSP responder itself would need which will be added later. | |
203 | ||
204 | OCSP_request_sign() signs an OCSP request with an API similar | |
205 | to PKCS7_sign(). OCSP_response_status() returns status of OCSP | |
206 | response. OCSP_response_get1_basic() extracts basic response | |
207 | from response. OCSP_resp_find_status(): finds and extracts status | |
208 | information from an OCSP_CERTID structure (which will be created | |
209 | when the request structure is built). These are built from lower | |
210 | level functions which work on OCSP_SINGLERESP structures but | |
211 | wont normally be used unless the application wishes to examine | |
212 | extensions in the OCSP response for example. | |
213 | ||
214 | Replace nonce routines with a pair of functions. | |
215 | OCSP_request_add1_nonce() adds a nonce value and optionally | |
216 | generates a random value. OCSP_check_nonce() checks the | |
217 | validity of the nonce in an OCSP response. | |
218 | [Steve Henson] | |
219 | ||
220 | *) Change function OCSP_request_add() to OCSP_request_add0_id(). | |
8e961835 DSH |
221 | This doesn't copy the supplied OCSP_CERTID and avoids the |
222 | need to free up the newly created id. Change return type | |
223 | to OCSP_ONEREQ to return the internal OCSP_ONEREQ structure. | |
224 | This can then be used to add extensions to the request. | |
225 | Deleted OCSP_request_new(), since most of its functionality | |
226 | is now in OCSP_REQUEST_new() (and the case insensitive name | |
227 | clash) apart from the ability to set the request name which | |
228 | will be added elsewhere. | |
229 | [Steve Henson] | |
230 | ||
bf0d176e DSH |
231 | *) Update OCSP API. Remove obsolete extensions argument from |
232 | various functions. Extensions are now handled using the new | |
233 | OCSP extension code. New simple OCSP HTTP function which | |
234 | can be used to send requests and parse the response. | |
235 | [Steve Henson] | |
236 | ||
ec5add87 DSH |
237 | *) Fix the PKCS#7 (S/MIME) code to work with new ASN1. Two new |
238 | ASN1_ITEM structures help with sign and verify. PKCS7_ATTR_SIGN | |
239 | uses the special reorder version of SET OF to sort the attributes | |
240 | and reorder them to match the encoded order. This resolves a long | |
241 | standing problem: a verify on a PKCS7 structure just after signing | |
242 | it used to fail because the attribute order did not match the | |
243 | encoded order. PKCS7_ATTR_VERIFY does not reorder the attributes: | |
244 | it uses the received order. This is necessary to tolerate some broken | |
245 | software that does not order SET OF. This is handled by encoding | |
246 | as a SEQUENCE OF but using implicit tagging (with UNIVERSAL class) | |
247 | to produce the required SET OF. | |
248 | [Steve Henson] | |
249 | ||
a6574c21 RL |
250 | *) Have mk1mf.pl generate the macros OPENSSL_BUILD_SHLIBCRYPTO and |
251 | OPENSSL_BUILD_SHLIBSSL and use them appropriately in the header | |
252 | files to get correct declarations of the ASN.1 item variables. | |
253 | [Richard Levitte] | |
254 | ||
ecbe0781 DSH |
255 | *) Rewrite of PKCS#12 code to use new ASN1 functionality. Replace many |
256 | PKCS#12 macros with real functions. Fix two unrelated ASN1 bugs: | |
257 | asn1_check_tlen() would sometimes attempt to use 'ctx' when it was | |
258 | NULL and ASN1_TYPE was not dereferenced properly in asn1_ex_c2i(). | |
259 | New ASN1 macro: DECLARE_ASN1_ITEM() which just declares the relevant | |
260 | ASN1_ITEM and no wrapper functions. | |
261 | [Steve Henson] | |
262 | ||
4e1209eb DSH |
263 | *) New functions or ASN1_item_d2i_fp() and ASN1_item_d2i_bio(). These |
264 | replace the old function pointer based I/O routines. Change most of | |
265 | the *_d2i_bio() and *_d2i_fp() functions to use these. | |
266 | [Steve Henson] | |
267 | ||
3f07fe09 RL |
268 | *) Enhance mkdef.pl to be more accepting about spacing in C preprocessor |
269 | lines, recognice more "algorithms" that can be deselected, and make | |
270 | it complain about algorithm deselection that isn't recognised. | |
271 | [Richard Levitte] | |
272 | ||
78d3b819 | 273 | *) New ASN1 functions to handle dup, sign, verify, digest, pack and |
73e92de5 DSH |
274 | unpack operations in terms of ASN1_ITEM. Modify existing wrappers |
275 | to use new functions. Add NO_ASN1_OLD which can be set to remove | |
276 | some old style ASN1 functions: this can be used to determine if old | |
277 | code will still work when these eventually go away. | |
09ab755c DSH |
278 | [Steve Henson] |
279 | ||
ec558b65 DSH |
280 | *) New extension functions for OCSP structures, these follow the |
281 | same conventions as certificates and CRLs. | |
282 | [Steve Henson] | |
283 | ||
57d2f217 DSH |
284 | *) New function X509V3_add1_i2d(). This automatically encodes and |
285 | adds an extension. Its behaviour can be customised with various | |
286 | flags to append, replace or delete. Various wrappers added for | |
287 | certifcates and CRLs. | |
288 | [Steve Henson] | |
289 | ||
5755cab4 DSH |
290 | *) Fix to avoid calling the underlying ASN1 print routine when |
291 | an extension cannot be parsed. Correct a typo in the | |
292 | OCSP_SERVICELOC extension. Tidy up print OCSP format. | |
293 | [Steve Henson] | |
294 | ||
3880cd35 BM |
295 | *) Increase s2->wbuf allocation by one byte in ssl2_new (ssl/s2_lib.c). |
296 | Otherwise do_ssl_write (ssl/s2_pkt.c) will write beyond buffer limits | |
297 | when writing a 32767 byte record. | |
298 | [Bodo Moeller; problem reported by Eric Day <eday@concentric.net>] | |
299 | ||
f640ee90 | 300 | *) In RSA_eay_public_{en,ed}crypt and RSA_eay_mod_exp (rsa_eay.c), |
126fe085 | 301 | obtain lock CRYPTO_LOCK_RSA before setting rsa->_method_mod_{n,p,q}. |
f640ee90 BM |
302 | |
303 | (RSA objects have a reference count access to which is protected | |
304 | by CRYPTO_LOCK_RSA [see rsa_lib.c, s3_srvr.c, ssl_cert.c, ssl_rsa.c], | |
305 | so they are meant to be shared between threads.) | |
126fe085 BM |
306 | [Bodo Moeller, Geoff Thorpe; original patch submitted by |
307 | "Reddie, Steven" <Steven.Reddie@ca.com>] | |
f640ee90 | 308 | |
9c67ab2f DSH |
309 | *) Make mkdef.pl parse some of the ASN1 macros and add apropriate |
310 | entries for variables. | |
5755cab4 | 311 | [Steve Henson] |
9c67ab2f | 312 | |
1456d186 BM |
313 | *) Fix a deadlock in CRYPTO_mem_leaks(). |
314 | [Bodo Moeller] | |
315 | ||
3ac82faa BM |
316 | *) Add functionality to apps/openssl.c for detecting locking |
317 | problems: As the program is single-threaded, all we have | |
318 | to do is register a locking callback using an array for | |
319 | storing which locks are currently held by the program. | |
3ac82faa BM |
320 | [Bodo Moeller] |
321 | ||
322 | *) Use a lock around the call to CRYPTO_get_ex_new_index() in | |
323 | SSL_get_ex_data_X509_STORE_idx(), which is used in | |
324 | ssl_verify_cert_chain() and thus can be called at any time | |
325 | during TLS/SSL handshakes so that thread-safety is essential. | |
326 | Unfortunately, the ex_data design is not at all suited | |
327 | for multi-threaded use, so it probably should be abolished. | |
328 | [Bodo Moeller] | |
329 | ||
2a86064f GT |
330 | *) Added Broadcom "ubsec" ENGINE to OpenSSL. |
331 | [Broadcom, tweaked and integrated by Geoff Thorpe] | |
332 | ||
2c15d426 DSH |
333 | *) Move common extension printing code to new function |
334 | X509V3_print_extensions(). Reorganise OCSP print routines and | |
c08523d8 | 335 | implement some needed OCSP ASN1 functions. Add OCSP extensions. |
2c15d426 DSH |
336 | [Steve Henson] |
337 | ||
de487514 DSH |
338 | *) New function X509_signature_print() to remove duplication in some |
339 | print routines. | |
340 | [Steve Henson] | |
341 | ||
06db4253 DSH |
342 | *) Add a special meaning when SET OF and SEQUENCE OF flags are both |
343 | set (this was treated exactly the same as SET OF previously). This | |
344 | is used to reorder the STACK representing the structure to match the | |
345 | encoding. This will be used to get round a problem where a PKCS7 | |
346 | structure which was signed could not be verified because the STACK | |
347 | order did not reflect the encoded order. | |
348 | [Steve Henson] | |
349 | ||
36f554d4 DSH |
350 | *) Reimplement the OCSP ASN1 module using the new code. |
351 | [Steve Henson] | |
352 | ||
2aff7727 DSH |
353 | *) Update the X509V3 code to permit the use of an ASN1_ITEM structure |
354 | for its ASN1 operations. The old style function pointers still exist | |
355 | for now but they will eventually go away. | |
356 | [Steve Henson] | |
357 | ||
9d6b1ce6 | 358 | *) Merge in replacement ASN1 code from the ASN1 branch. This almost |
5755cab4 DSH |
359 | completely replaces the old ASN1 functionality with a table driven |
360 | encoder and decoder which interprets an ASN1_ITEM structure describing | |
361 | the ASN1 module. Compatibility with the existing ASN1 API (i2d,d2i) is | |
362 | largely maintained. Almost all of the old asn1_mac.h macro based ASN1 | |
363 | has also been converted to the new form. | |
9d6b1ce6 DSH |
364 | [Steve Henson] |
365 | ||
8dea52fa BM |
366 | *) Change BN_mod_exp_recp so that negative moduli are tolerated |
367 | (the sign is ignored). Similarly, ignore the sign in BN_MONT_CTX_set | |
368 | so that BN_mod_exp_mont and BN_mod_exp_mont_word work | |
369 | for negative moduli. | |
370 | [Bodo Moeller] | |
371 | ||
372 | *) Fix BN_uadd and BN_usub: Always return non-negative results instead | |
373 | of not touching the result's sign bit. | |
374 | [Bodo Moeller] | |
375 | ||
80d89e6a BM |
376 | *) BN_div bugfix: If the result is 0, the sign (res->neg) must not be |
377 | set. | |
378 | [Bodo Moeller] | |
379 | ||
f1919c3d GT |
380 | *) Changed the LHASH code to use prototypes for callbacks, and created |
381 | macros to declare and implement thin (optionally static) functions | |
382 | that provide type-safety and avoid function pointer casting for the | |
383 | type-specific callbacks. | |
384 | [Geoff Thorpe] | |
385 | ||
1946cd8b UM |
386 | *) Use better test patterns in bntest. |
387 |