[thirdparty/openssl.git] / CHANGES


 OpenSSL CHANGES
 _______________

 Changes between 0.9.7c and 0.9.8  [xx XXX xxxx]

  *) An audit of the BIGNUM code is underway, for which debugging code is
     enabled when BN_DEBUG is defined. This makes stricter enforcements on what
     is considered valid when processing BIGNUMs, and causes execution to
     assert() when a problem is discovered. If BN_DEBUG_RAND is defined,
     further steps are taken to deliberately pollute unused data in BIGNUM
     structures to try and expose faulty code further on. For now, openssl will
     (in its default mode of operation) continue to tolerate the inconsistent
     forms that it has tolerated in the past, but authors and packagers should
     consider trying openssl and their own applications when compiled with
     these debugging symbols defined. It will help highlight potential bugs in
     their own code, and will improve the test coverage for OpenSSL itself. At
     some point, these tighter rules will become openssl's default to improve
     maintainability, though the assert()s and other overheads will remain only
     in debugging configurations. See bn.h for more details.
     [Geoff Thorpe]

  *) BN_CTX_init() has been deprecated, as BN_CTX is an opaque structure
     that can only be obtained through BN_CTX_new() (which implicitly
     initialises it). The presence of this function only made it possible
     to overwrite an existing structure (and cause memory leaks).
     [Geoff Thorpe]

  *) Because of the callback-based approach for implementing LHASH as a
     template type, lh_insert() adds opaque objects to hash-tables and
     lh_doall() or lh_doall_arg() are typically used with a destructor callback
     to clean up those corresponding objects before destroying the hash table
     (and losing the object pointers). So some over-zealous constifications in
     LHASH have been relaxed so that lh_insert() does not take (nor store) the
     objects as "const" and the lh_doall[_arg] callback wrappers are not
     prototyped to have "const" restrictions on the object pointers they are
     given (and so aren't required to cast them away any more).
     [Geoff Thorpe]

  *) The tmdiff.h API was so ugly and minimal that our own timing utility
     (speed) prefers to use its own implementation. The two implementations
     haven't been consolidated as yet (volunteers?) but the tmdiff API has had
     its object type properly exposed (MS_TM) instead of casting to/from "char
     *". This may still change yet if someone realises MS_TM and "ms_time_***"
     aren't necessarily the greatest nomenclatures - but this is what was used
     internally to the implementation so I've used that for now.
     [Geoff Thorpe]

  *) Ensure that deprecated functions do not get compiled when
     OPENSSL_NO_DEPRECATED is defined. Some "openssl" subcommands and a few of
     the self-tests were still using deprecated key-generation functions so
     these have been updated also.
     [Geoff Thorpe]

  *) Reorganise PKCS#7 code to separate the digest location functionality
     into PKCS7_find_digest(), digest addtion into PKCS7_bio_add_digest().
     New function PKCS7_set_digest() to set the digest type for PKCS#7
     digestedData type. Add additional code to correctly generate the
     digestedData type and add support for this type in PKCS7 initialization
     functions.
     [Steve Henson]

  *) New function PKCS7_set0_type_other() this initializes a PKCS7 
     structure of type "other".
     [Steve Henson]

  *) Fix prime generation loop in crypto/bn/bn_prime.pl by making
     sure the loop does correctly stop and breaking ("division by zero")
     modulus operations are not performed. The (pre-generated) prime
     table crypto/bn/bn_prime.h was already correct, but it could not be
     re-generated on some platforms because of the "division by zero"
     situation in the script.
     [Ralf S. Engelschall]

  *) Update support for ECC-based TLS ciphersuites according to
     draft-ietf-tls-ecc-03.txt: the KDF1 key derivation function with
     SHA-1 now is only used for "small" curves (where the
     representation of a field element takes up to 24 bytes); for
     larger curves, the field element resulting from ECDH is directly
     used as premaster secret.
     [Douglas Stebila (Sun Microsystems Laboratories)]

  *) Add code for kP+lQ timings to crypto/ec/ectest.c, and add SEC2
     curve secp160r1 to the tests.
     [Douglas Stebila (Sun Microsystems Laboratories)]

  *) Add the possibility to load symbols globally with DSO.
Commit	Line	Data
81a6c781	1
f1c236f8	2	OpenSSL CHANGES
651d0aff RE	3	_______________
651d0aff RE	4
beab098d	5	Changes between 0.9.7c and 0.9.8 [xx XXX xxxx]
4d94ae00	6
d870740c GT	7	*) An audit of the BIGNUM code is underway, for which debugging code is
	8	enabled when BN_DEBUG is defined. This makes stricter enforcements on what
	9	is considered valid when processing BIGNUMs, and causes execution to
	10	assert() when a problem is discovered. If BN_DEBUG_RAND is defined,
	11	further steps are taken to deliberately pollute unused data in BIGNUM
	12	structures to try and expose faulty code further on. For now, openssl will
	13	(in its default mode of operation) continue to tolerate the inconsistent
	14	forms that it has tolerated in the past, but authors and packagers should
	15	consider trying openssl and their own applications when compiled with
	16	these debugging symbols defined. It will help highlight potential bugs in
	17	their own code, and will improve the test coverage for OpenSSL itself. At
	18	some point, these tighter rules will become openssl's default to improve
	19	maintainability, though the assert()s and other overheads will remain only
	20	in debugging configurations. See bn.h for more details.
	21	[Geoff Thorpe]
	22
2ce90b9b GT	23	*) BN_CTX_init() has been deprecated, as BN_CTX is an opaque structure
	24	that can only be obtained through BN_CTX_new() (which implicitly
	25	initialises it). The presence of this function only made it possible
	26	to overwrite an existing structure (and cause memory leaks).
	27	[Geoff Thorpe]
	28
8dc344cc GT	29	*) Because of the callback-based approach for implementing LHASH as a
	30	template type, lh_insert() adds opaque objects to hash-tables and
	31	lh_doall() or lh_doall_arg() are typically used with a destructor callback
	32	to clean up those corresponding objects before destroying the hash table
	33	(and losing the object pointers). So some over-zealous constifications in
	34	LHASH have been relaxed so that lh_insert() does not take (nor store) the
	35	objects as "const" and the lh_doall[_arg] callback wrappers are not
	36	prototyped to have "const" restrictions on the object pointers they are
	37	given (and so aren't required to cast them away any more).
	38	[Geoff Thorpe]
	39
0991f070 GT	40	*) The tmdiff.h API was so ugly and minimal that our own timing utility
	41	(speed) prefers to use its own implementation. The two implementations
	42	haven't been consolidated as yet (volunteers?) but the tmdiff API has had
	43	its object type properly exposed (MS_TM) instead of casting to/from "char
	44	". This may still change yet if someone realises MS_TM and "ms_time_**"
	45	aren't necessarily the greatest nomenclatures - but this is what was used
	46	internally to the implementation so I've used that for now.
	47	[Geoff Thorpe]
	48
9d473aa2	49	*) Ensure that deprecated functions do not get compiled when
2aaec9cc GT	50	OPENSSL_NO_DEPRECATED is defined. Some "openssl" subcommands and a few of
	51	the self-tests were still using deprecated key-generation functions so
	52	these have been updated also.
9d473aa2 GT	53	[Geoff Thorpe]
9d473aa2 GT	54
c5a55463 DSH	55	*) Reorganise PKCS#7 code to separate the digest location functionality
	56	into PKCS7_find_digest(), digest addtion into PKCS7_bio_add_digest().
	57	New function PKCS7_set_digest() to set the digest type for PKCS#7
	58	digestedData type. Add additional code to correctly generate the
	59	digestedData type and add support for this type in PKCS7 initialization
	60	functions.
8d9086df DSH	61	[Steve Henson]
8d9086df DSH	62
c5a55463 DSH	63	*) New function PKCS7_set0_type_other() this initializes a PKCS7
c5a55463 DSH	64	structure of type "other".
8d9086df DSH	65	[Steve Henson]
8d9086df DSH	66
6bd27f86 RE	67	*) Fix prime generation loop in crypto/bn/bn_prime.pl by making
	68	sure the loop does correctly stop and breaking ("division by zero")
	69	modulus operations are not performed. The (pre-generated) prime
	70	table crypto/bn/bn_prime.h was already correct, but it could not be
	71	re-generated on some platforms because of the "division by zero"
	72	situation in the script.
	73	[Ralf S. Engelschall]
	74
968766ca BM	75	*) Update support for ECC-based TLS ciphersuites according to
	76	draft-ietf-tls-ecc-03.txt: the KDF1 key derivation function with
	77	SHA-1 now is only used for "small" curves (where the
	78	representation of a field element takes up to 24 bytes); for
	79	larger curves, the field element resulting from ECDH is directly
	80	used as premaster secret.
	81	[Douglas Stebila (Sun Microsystems Laboratories)]
	82
652ae06b BM	83	*) Add code for kP+lQ timings to crypto/ec/ectest.c, and add SEC2
	84	curve secp160r1 to the tests.
	85	[Douglas Stebila (Sun Microsystems Laboratories)]
	86
e666c459 RL	87	*) Add the possibility to load symbols globally with DSO.
	88