]>
Commit | Line | Data |
---|---|---|
81a6c781 | 1 | |
f1c236f8 | 2 | OpenSSL CHANGES |
651d0aff RE |
3 | _______________ |
4 | ||
0f32c841 | 5 | Changes between 0.9.8f and 0.9.9 [xx XXX xxxx] |
3ff55e96 | 6 | |
9cfc8a9d DSH |
7 | *) Add option -stream to use PKCS#7 streaming in smime utility. New |
8 | function i2d_PKCS7_bio_stream() and PEM_write_PKCS7_bio_stream() | |
9 | to output in BER and PEM format. | |
10 | [Steve Henson] | |
11 | ||
47b71e6e DSH |
12 | *) Experimental support for use of HMAC via EVP_PKEY interface. This |
13 | allows HMAC to be handled via the EVP_DigestSign*() interface. The | |
14 | EVP_PKEY "key" in this case is the HMAC key, potentially allowing | |
2022cfe0 DSH |
15 | ENGINE support for HMAC keys which are unextractable. New -mac and |
16 | -macopt options to dgst utility. | |
47b71e6e DSH |
17 | [Steve Henson] |
18 | ||
d952c79a DSH |
19 | *) New option -sigopt to dgst utility. Update dgst to use |
20 | EVP_Digest{Sign,Verify}*. These two changes make it possible to use | |
21 | alternative signing paramaters such as X9.31 or PSS in the dgst | |
22 | utility. | |
23 | [Steve Henson] | |
24 | ||
fd5bc65c BM |
25 | *) Change ssl_cipher_apply_rule(), the internal function that does |
26 | the work each time a ciphersuite string requests enabling | |
27 | ("foo+bar"), moving ("+foo+bar"), disabling ("-foo+bar", or | |
28 | removing ("!foo+bar") a class of ciphersuites: Now it maintains | |
29 | the order of disabled ciphersuites such that those ciphersuites | |
30 | that most recently went from enabled to disabled not only stay | |
31 | in order with respect to each other, but also have higher priority | |
32 | than other disabled ciphersuites the next time ciphersuites are | |
33 | enabled again. | |
34 | ||
35 | This means that you can now say, e.g., "PSK:-PSK:HIGH" to enable | |
36 | the same ciphersuites as with "HIGH" alone, but in a specific | |
37 | order where the PSK ciphersuites come first (since they are the | |
38 | most recently disabled ciphersuites when "HIGH" is parsed). | |
39 | ||
40 | Also, change ssl_create_cipher_list() (using this new | |
41 | funcionality) such that between otherwise identical | |
42 | cihpersuites, ephemeral ECDH is preferred over ephemeral DH in | |
43 | the default order. | |
44 | [Bodo Moeller] | |
45 | ||
0a05123a BM |
46 | *) Change ssl_create_cipher_list() so that it automatically |
47 | arranges the ciphersuites in reasonable order before starting | |
48 | to process the rule string. Thus, the definition for "DEFAULT" | |
49 | (SSL_DEFAULT_CIPHER_LIST) now is just "ALL:!aNULL:!eNULL", but | |
50 | remains equivalent to "AES:ALL:!aNULL:!eNULL:+aECDH:+kRSA:+RC4:@STRENGTH". | |
51 | This makes it much easier to arrive at a reasonable default order | |
52 | in applications for which anonymous ciphers are OK (meaning | |
53 | that you can't actually use DEFAULT). | |
54 | [Bodo Moeller; suggested by Victor Duchovni] | |
55 | ||
52b8dad8 BM |
56 | *) Split the SSL/TLS algorithm mask (as used for ciphersuite string |
57 | processing) into multiple integers instead of setting | |
58 | "SSL_MKEY_MASK" bits, "SSL_AUTH_MASK" bits, "SSL_ENC_MASK", | |
59 | "SSL_MAC_MASK", and "SSL_SSL_MASK" bits all in a single integer. | |
60 | (These masks as well as the individual bit definitions are hidden | |
61 | away into the non-exported interface ssl/ssl_locl.h, so this | |
62 | change to the definition of the SSL_CIPHER structure shouldn't | |
63 | affect applications.) This give us more bits for each of these | |
64 | categories, so there is no longer a need to coagulate AES128 and | |
65 | AES256 into a single algorithm bit, and to coagulate Camellia128 | |
66 | and Camellia256 into a single algorithm bit, which has led to all | |
67 | kinds of kludges. | |
68 | ||
69 | Thus, among other things, the kludge introduced in 0.9.7m and | |
70 | 0.9.8e for masking out AES256 independently of AES128 or masking | |
71 | out Camellia256 independently of AES256 is not needed here in 0.9.9. | |
72 | ||
73 | With the change, we also introduce new ciphersuite aliases that | |
74 | so far were missing: "AES128", "AES256", "CAMELLIA128", and | |
75 | "CAMELLIA256". | |
76 | [Bodo Moeller] | |
77 | ||
357d5de5 NL |
78 | *) Add support for dsa-with-SHA224 and dsa-with-SHA256. |
79 | Use the leftmost N bytes of the signature input if the input is | |
80 | larger than the prime q (with N being the size in bytes of q). | |
81 | [Nils Larsch] | |
82 | ||
11d8cdc6 DSH |
83 | *) Very *very* experimental PKCS#7 streaming encoder support. Nothing uses |
84 | it yet and it is largely untested. | |
85 | [Steve Henson] | |
86 | ||
06e2dd03 NL |
87 | *) Add support for the ecdsa-with-SHA224/256/384/512 signature types. |
88 | [Nils Larsch] | |
89 | ||
de121164 DSH |
90 | *) Initial incomplete changes to avoid need for function casts in OpenSSL |
91 | when OPENSSL_NO_FCAST is set: some compilers (gcc 4.2 and later) reject | |
92 | their use. Safestack is reimplemented using inline functions: tests show | |
93 | that these calls are typically optimized away by compilers so they have | |
94 | no additional overhead. Update ASN1 to avoid use of legacy functions. | |
95 | [Steve Henson] | |
96 | ||
3189772e AP |
97 | *) Win32/64 targets are linked with Winsock2. |
98 | [Andy Polyakov] | |
99 | ||
010fa0b3 DSH |
100 | *) Add an X509_CRL_METHOD structure to allow CRL processing to be redirected |
101 | to external functions. This can be used to increase CRL handling | |
102 | efficiency especially when CRLs are very large by (for example) storing | |
103 | the CRL revoked certificates in a database. | |
104 | [Steve Henson] | |
105 | ||
5d20c4fb DSH |
106 | *) Overhaul of by_dir code. Add support for dynamic loading of CRLs so |
107 | new CRLs added to a directory can be used. New command line option | |
108 | -verify_return_error to s_client and s_server. This causes real errors | |
109 | to be returned by the verify callback instead of carrying on no matter | |
110 | what. This reflects the way a "real world" verify callback would behave. | |
111 | [Steve Henson] | |
112 | ||
113 | *) GOST engine, supporting several GOST algorithms and public key formats. | |
114 | Kindly donated by Cryptocom. | |
115 | [Cryptocom] | |
116 | ||
bc7535bc DSH |
117 | *) Partial support for Issuing Distribution Point CRL extension. CRLs |
118 | partitioned by DP are handled but no indirect CRL or reason partitioning | |
119 | (yet). Complete overhaul of CRL handling: now the most suitable CRL is | |
120 | selected via a scoring technique which handles IDP and AKID in CRLs. | |
121 | [Steve Henson] | |
122 | ||
123 | *) New X509_STORE_CTX callbacks lookup_crls() and lookup_certs() which | |
124 | will ultimately be used for all verify operations: this will remove the | |
125 | X509_STORE dependency on certificate verification and allow alternative | |
126 | lookup methods. X509_STORE based implementations of these two callbacks. | |
127 | [Steve Henson] | |
128 | ||
f6e7d014 DSH |
129 | *) Allow multiple CRLs to exist in an X509_STORE with matching issuer names. |
130 | Modify get_crl() to find a valid (unexpired) CRL if possible. | |
131 | [Steve Henson] | |
132 | ||
edc54021 DSH |
133 | *) New function X509_CRL_match() to check if two CRLs are identical. Normally |
134 | this would be called X509_CRL_cmp() but that name is already used by | |
135 | a function that just compares CRL issuer names. Cache several CRL | |
136 | extensions in X509_CRL structure and cache CRLDP in X509. | |
137 | [Steve Henson] | |
138 | ||
450ea834 DSH |
139 | *) Store a "canonical" representation of X509_NAME structure (ASN1 Name) |
140 | this maps equivalent X509_NAME structures into a consistent structure. | |
141 | Name comparison can then be performed rapidly using memcmp(). | |
142 | [Steve Henson] | |
143 | ||
454dbbc5 DSH |
144 | *) Non-blocking OCSP request processing. Add -timeout option to ocsp |
145 | utility. | |
c1c6c0bf DSH |
146 | [Steve Henson] |
147 | ||
b7683e3a DSH |
148 | *) Allow digests to supply their own micalg string for S/MIME type using |
149 | the ctrl EVP_MD_CTRL_MICALG. | |
150 | [Steve Henson] | |
151 | ||
152 | *) During PKCS7 signing pass the PKCS7 SignerInfo structure to the | |
153 | EVP_PKEY_METHOD before and after signing via the EVP_PKEY_CTRL_PKCS7_SIGN | |
154 | ctrl. It can then customise the structure before and/or after signing | |
155 | if necessary. | |
156 | [Steve Henson] | |
157 | ||
0ee2166c DSH |
158 | *) New function OBJ_add_sigid() to allow application defined signature OIDs |
159 | to be added to OpenSSLs internal tables. New function OBJ_sigid_free() | |
160 | to free up any added signature OIDs. | |
161 | [Steve Henson] | |
162 | ||
5ba4bf35 DSH |
163 | *) New functions EVP_CIPHER_do_all(), EVP_CIPHER_do_all_sorted(), |
164 | EVP_MD_do_all() and EVP_MD_do_all_sorted() to enumerate internal | |
165 | digest and cipher tables. New options added to openssl utility: | |
166 | list-message-digest-algorithms and list-cipher-algorithms. | |
167 | [Steve Henson] | |
168 | ||
48fc582f BM |
169 | *) In addition to the numerical (unsigned long) thread ID, provide |
170 | for a pointer (void *) thread ID. This helps accomodate systems | |
171 | that do not provide an unsigned long thread ID. OpenSSL assumes | |
172 | it is in the same thread iff both the numerical and the pointer | |
173 | thread ID agree; so applications are just required to define one | |
174 | of them appropriately (e.g., by using a pointer to a per-thread | |
175 | memory object malloc()ed by the application for the pointer-type | |
176 | thread ID). Exactly analoguous to the existing functions | |
177 | ||
178 | void CRYPTO_set_id_callback(unsigned long (*func)(void)); | |
179 | unsigned long (*CRYPTO_get_id_callback(void))(void); | |
180 | unsigned long CRYPTO_thread_id(void); | |
181 | ||
182 | we now have additional functions | |
183 | ||
184 | void CRYPTO_set_idptr_callback(void *(*func)(void)); | |
185 | void *(*CRYPTO_get_idptr_callback(void))(void); | |
186 | void *CRYPTO_thread_idptr(void); | |
187 | ||
188 | also in <openssl/crypto.h>. The default value for | |
189 | CRYPTO_thread_idptr() if the application has not provided its own | |
190 | callback is &errno. | |
191 | [Bodo Moeller] | |
192 | ||
c4e7870a BM |
193 | *) Change the array representation of binary polynomials: the list |
194 | of degrees of non-zero coefficients is now terminated with -1. | |
195 | Previously it was terminated with 0, which was also part of the | |
196 | value; thus, the array representation was not applicable to | |
197 | polynomials where t^0 has coefficient zero. This change makes | |
198 | the array representation useful in a more general context. | |
199 | [Douglas Stebila] | |
200 | ||
89bbe14c BM |
201 | *) Various modifications and fixes to SSL/TLS cipher string |
202 | handling. For ECC, the code now distinguishes between fixed ECDH | |
203 | with RSA certificates on the one hand and with ECDSA certificates | |
204 | on the other hand, since these are separate ciphersuites. The | |
205 | unused code for Fortezza ciphersuites has been removed. | |
206 | ||
207 | For consistency with EDH, ephemeral ECDH is now called "EECDH" | |
208 | (not "ECDHE"). For consistency with the code for DH | |
209 | certificates, use of ECDH certificates is now considered ECDH | |
210 | authentication, not RSA or ECDSA authentication (the latter is | |
211 | merely the CA's signing algorithm and not actively used in the | |
212 | protocol). | |
213 | ||
214 | The temporary ciphersuite alias "ECCdraft" is no longer | |
215 | available, and ECC ciphersuites are no longer excluded from "ALL" | |
216 | and "DEFAULT". The following aliases now exist for RFC 4492 | |
217 | ciphersuites, most of these by analogy with the DH case: | |
218 | ||
219 | kECDHr - ECDH cert, signed with RSA | |
220 | kECDHe - ECDH cert, signed with ECDSA | |
221 | kECDH - ECDH cert (signed with either RSA or ECDSA) | |
222 | kEECDH - ephemeral ECDH | |
223 | ECDH - ECDH cert or ephemeral ECDH | |
224 | ||
225 | aECDH - ECDH cert | |
226 | aECDSA - ECDSA cert | |
227 | ECDSA - ECDSA cert | |
228 | ||
229 | AECDH - anonymous ECDH | |
230 | EECDH - non-anonymous ephemeral ECDH (equivalent to "kEECDH:-AECDH") | |
231 | ||
232 | [Bodo Moeller] | |
233 | ||
fb7b3932 DSH |
234 | *) Add additional S/MIME capabilities for AES and GOST ciphers if supported. |
235 | Use correct micalg parameters depending on digest(s) in signed message. | |
236 | [Steve Henson] | |
237 | ||
01b8b3c7 DSH |
238 | *) Add engine support for EVP_PKEY_ASN1_METHOD. Add functions to process |
239 | an ENGINE asn1 method. Support ENGINE lookups in the ASN1 code. | |
240 | [Steve Henson] | |
de9fcfe3 | 241 | |
58aa573a | 242 | *) Initial engine support for EVP_PKEY_METHOD. New functions to permit |
c9777d26 DSH |
243 | an engine to register a method. Add ENGINE lookups for methods and |
244 | functional reference processing. | |
58aa573a DSH |
245 | [Steve Henson] |
246 | ||
91c9e621 DSH |
247 | *) New functions EVP_Digest{Sign,Verify)*. These are enchance versions of |
248 | EVP_{Sign,Verify}* which allow an application to customise the signature | |
249 | process. | |
250 | [Steve Henson] | |
251 | ||
55311921 DSH |
252 | *) New -resign option to smime utility. This adds one or more signers |
253 | to an existing PKCS#7 signedData structure. Also -md option to use an | |
254 | alternative message digest algorithm for signing. | |
255 | [Steve Henson] | |
256 | ||
a6e7fcd1 DSH |
257 | *) Tidy up PKCS#7 routines and add new functions to make it easier to |
258 | create PKCS7 structures containing multiple signers. Update smime | |
259 | application to support multiple signers. | |
260 | [Steve Henson] | |
261 | ||
121dd39f DSH |
262 | *) New -macalg option to pkcs12 utility to allow setting of an alternative |
263 | digest MAC. | |
264 | [Steve Henson] | |
265 | ||
856640b5 | 266 | *) Initial support for PKCS#5 v2.0 PRFs other than default SHA1 HMAC. |
b8f702a0 | 267 | Reorganize PBE internals to lookup from a static table using NIDs, |
6d3a1eac DSH |
268 | add support for HMAC PBE OID translation. Add a EVP_CIPHER ctrl: |
269 | EVP_CTRL_PBE_PRF_NID this allows a cipher to specify an alternative | |
270 | PRF which will be automatically used with PBES2. | |
856640b5 DSH |
271 | [Steve Henson] |
272 | ||
34b3c72e | 273 | *) Replace the algorithm specific calls to generate keys in "req" with the |
959e8dfe DSH |
274 | new API. |
275 | [Steve Henson] | |
276 | ||
399a6f0b DSH |
277 | *) Update PKCS#7 enveloped data routines to use new API. This is now |
278 | supported by any public key method supporting the encrypt operation. A | |
279 | ctrl is added to allow the public key algorithm to examine or modify | |
280 | the PKCS#7 RecipientInfo structure if it needs to: for RSA this is | |
281 | a no op. | |
282 | [Steve Henson] | |
28e4fe34 | 283 | |
03919683 DSH |
284 | *) Add a ctrl to asn1 method to allow a public key algorithm to express |
285 | a default digest type to use. In most cases this will be SHA1 but some | |
286 | algorithms (such as GOST) need to specify an alternative digest. The | |
287 | return value indicates how strong the prefernce is 1 means optional and | |
288 | 2 is mandatory (that is it is the only supported type). Modify | |
289 | ASN1_item_sign() to accept a NULL digest argument to indicate it should | |
290 | use the default md. Update openssl utilities to use the default digest | |
291 | type for signing if it is not explicitly indicated. | |
292 | [Steve Henson] | |
293 | ||
ee1d9ec0 DSH |
294 | *) Use OID cross reference table in ASN1_sign() and ASN1_verify(). New |
295 | EVP_MD flag EVP_MD_FLAG_PKEY_METHOD_SIGNATURE. This uses the relevant | |
296 | signing method from the key type. This effectively removes the link | |
297 | between digests and public key types. | |
298 | [Steve Henson] | |
299 | ||
d2027098 DSH |
300 | *) Add an OID cross reference table and utility functions. Its purpose is to |
301 | translate between signature OIDs such as SHA1WithrsaEncryption and SHA1, | |
302 | rsaEncryption. This will allow some of the algorithm specific hackery | |
303 | needed to use the correct OID to be removed. | |
304 | [Steve Henson] | |
305 | ||
492a9e24 DSH |
306 | *) Remove algorithm specific dependencies when setting PKCS7_SIGNER_INFO |
307 | structures for PKCS7_sign(). They are now set up by the relevant public | |
308 | key ASN1 method. | |
309 | [Steve Henson] | |
310 | ||
9ca7047d DSH |
311 | *) Add provisional EC pkey method with support for ECDSA and ECDH. |
312 | [Steve Henson] | |
313 | ||
ffb1ac67 DSH |
314 | *) Add support for key derivation (agreement) in the API, DH method and |
315 | pkeyutl. | |
316 | [Steve Henson] | |
317 | ||
3ba0885a DSH |
318 | *) Add DSA pkey method and DH pkey methods, extend DH ASN1 method to support |
319 | public and private key formats. As a side effect these add additional | |
320 | command line functionality not previously available: DSA signatures can be | |
321 | generated and verified using pkeyutl and DH key support and generation in | |
322 | pkey, genpkey. | |
323 | [Steve Henson] | |
324 | ||
4700aea9 UM |
325 | *) BeOS support. |
326 | [Oliver Tappe <zooey@hirschkaefer.de>] | |
327 | ||
328 | *) New make target "install_html_docs" installs HTML renditions of the | |
329 | manual pages. | |
330 | [Oliver Tappe <zooey@hirschkaefer.de>] | |
331 | ||
f5cda4cb DSH |
332 | *) New utility "genpkey" this is analagous to "genrsa" etc except it can |
333 | generate keys for any algorithm. Extend and update EVP_PKEY_METHOD to | |
334 | support key and parameter generation and add initial key generation | |
335 | functionality for RSA. | |
336 | [Steve Henson] | |
337 | ||
f733a5ef DSH |
338 | *) Add functions for main EVP_PKEY_method operations. The undocumented |
339 | functions EVP_PKEY_{encrypt,decrypt} have been renamed to | |
340 | EVP_PKEY_{encrypt,decrypt}_old. | |
341 | [Steve Henson] | |
342 | ||
0b6f3c66 DSH |
343 | *) Initial definitions for EVP_PKEY_METHOD. This will be a high level public |
344 | key API, doesn't do much yet. | |
345 | [Steve Henson] | |
346 | ||
0b33dac3 DSH |
347 | *) New function EVP_PKEY_asn1_get0_info() to retrieve information about |
348 | public key algorithms. New option to openssl utility: | |
349 | "list-public-key-algorithms" to print out info. | |
350 | [Steve Henson] | |
351 | ||
33273721 BM |
352 | *) Implement the Supported Elliptic Curves Extension for |
353 | ECC ciphersuites from draft-ietf-tls-ecc-12.txt. | |
354 | [Douglas Stebila] | |
355 | ||
246e0931 DSH |
356 | *) Don't free up OIDs in OBJ_cleanup() if they are in use by EVP_MD or |
357 | EVP_CIPHER structures to avoid later problems in EVP_cleanup(). | |
358 | [Steve Henson] | |
359 | ||
3e4585c8 | 360 | *) New utilities pkey and pkeyparam. These are similar to algorithm specific |
f5cda4cb | 361 | utilities such as rsa, dsa, dsaparam etc except they process any key |
3e4585c8 | 362 | type. |
3e84b6e1 DSH |
363 | [Steve Henson] |
364 | ||
35208f36 DSH |
365 | *) Transfer public key printing routines to EVP_PKEY_ASN1_METHOD. New |
366 | functions EVP_PKEY_print_public(), EVP_PKEY_print_private(), | |
367 | EVP_PKEY_print_param() to print public key data from an EVP_PKEY | |
368 | structure. | |
369 | [Steve Henson] | |
370 | ||
448be743 DSH |
371 | *) Initial support for pluggable public key ASN1. |
372 | De-spaghettify the public key ASN1 handling. Move public and private | |
373 | key ASN1 handling to a new EVP_PKEY_ASN1_METHOD structure. Relocate | |
374 | algorithm specific handling to a single module within the relevant | |
375 | algorithm directory. Add functions to allow (near) opaque processing | |
376 | of public and private key structures. | |
377 | [Steve Henson] | |
378 | ||
36ca4ba6 BM |
379 | *) Implement the Supported Point Formats Extension for |
380 | ECC ciphersuites from draft-ietf-tls-ecc-12.txt. | |
381 | [Douglas Stebila] | |
382 | ||
ddac1974 NL |
383 | *) Add initial support for RFC 4279 PSK TLS ciphersuites. Add members |
384 | for the psk identity [hint] and the psk callback functions to the | |
385 | SSL_SESSION, SSL and SSL_CTX structure. | |
386 | ||
387 | New ciphersuites: | |
388 | PSK-RC4-SHA, PSK-3DES-EDE-CBC-SHA, PSK-AES128-CBC-SHA, | |
389 | PSK-AES256-CBC-SHA | |
390 | ||
391 | New functions: | |
392 | SSL_CTX_use_psk_identity_hint | |
393 | SSL_get_psk_identity_hint | |
394 | SSL_get_psk_identity | |
395 | SSL_use_psk_identity_hint | |
396 | ||
397 | [Mika Kousa and Pasi Eronen of Nokia Corporation] | |
398 | ||
c7235be6 UM |
399 | *) Add RFC 3161 compliant time stamp request creation, response generation |
400 | and response verification functionality. | |
401 |