]>
Commit | Line | Data |
---|---|---|
81a6c781 | 1 | |
f1c236f8 | 2 | OpenSSL CHANGES |
651d0aff RE |
3 | _______________ |
4 | ||
1b9a59c3 | 5 | Changes between 1.0.1e and 1.0.2 [xx XXX xxxx] |
b9115239 | 6 | |
904348a4 DSH |
7 | *) New functions OPENSSL_gmtime_diff and ASN1_TIME_diff to find the |
8 | difference in days and seconds between two tm or ASN1_TIME structures. | |
9 | [Steve Henson] | |
10 | ||
171c4da5 DSH |
11 | *) Add -rev test option to s_server to just reverse order of characters |
12 | received by client and send back to server. Also prints an abbreviated | |
13 | summary of the connection parameters. | |
14 | [Steve Henson] | |
15 | ||
04611fb0 DSH |
16 | *) New option -brief for s_client and s_server to print out a brief summary |
17 | of connection parameters. | |
18 | [Steve Henson] | |
19 | ||
e27711cf T |
20 | *) Add callbacks for arbitrary TLS extensions. |
21 | [Trevor Perrin <trevp@trevp.net> and Ben Laurie] | |
22 | ||
57912ed3 DSH |
23 | *) New option -crl_download in several openssl utilities to download CRLs |
24 | from CRLDP extension in certificates. | |
25 | [Steve Henson] | |
26 | ||
e318431e DSH |
27 | *) New options -CRL and -CRLform for s_client and s_server for CRLs. |
28 | [Steve Henson] | |
29 | ||
6a10f38d DSH |
30 | *) New function X509_CRL_diff to generate a delta CRL from the difference |
31 | of two full CRLs. Add support to "crl" utility. | |
32 | [Steve Henson] | |
33 | ||
75f53531 DSH |
34 | *) New functions to set lookup_crls function and to retrieve |
35 | X509_STORE from X509_STORE_CTX. | |
36 | [Steve Henson] | |
37 | ||
2aa3ef78 DSH |
38 | *) Print out deprecated issuer and subject unique ID fields in |
39 | certificates. | |
40 | [Steve Henson] | |
41 | ||
5c8d41be DSH |
42 | *) Extend OCSP I/O functions so they can be used for simple general purpose |
43 | HTTP as well as OCSP. New wrapper function which can be used to download | |
44 | CRLs using the OCSP API. | |
45 | [Steve Henson] | |
46 | ||
15387e4c DSH |
47 | *) Delegate command line handling in s_client/s_server to SSL_CONF APIs. |
48 | [Steve Henson] | |
49 | ||
49ef33fa DSH |
50 | *) SSL_CONF* functions. These provide a common framework for application |
51 | configuration using configuration files or command lines. | |
52 | [Steve Henson] | |
53 | ||
bc200e69 DSH |
54 | *) SSL/TLS tracing code. This parses out SSL/TLS records using the |
55 | message callback and prints the results. Needs compile time option | |
56 | "enable-ssl-trace". New options to s_client and s_server to enable | |
57 | tracing. | |
58 | [Steve Henson] | |
59 | ||
78b5d89d | 60 | *) New ctrl and macro to retrieve supported points extensions. |
1b9a59c3 | 61 | Print out extension in s_server and s_client. |
78b5d89d DSH |
62 | [Steve Henson] |
63 | ||
bd9fc1d6 DSH |
64 | *) New functions to retrieve certificate signature and signature |
65 | OID NID. | |
66 | [Steve Henson] | |
67 | ||
1520e6c0 DSH |
68 | *) Add functions to retrieve and manipulate the raw cipherlist sent by a |
69 | client to OpenSSL. | |
70 | [Steve Henson] | |
71 | ||
ccf6a19e DSH |
72 | *) New Suite B modes for TLS code. These use and enforce the requirements |
73 | of RFC6460: restrict ciphersuites, only permit Suite B algorithms and | |
74 | only use Suite B curves. The Suite B modes can be set by using the | |
75 | strings "SUITEB128", "SUITEB192" or "SUITEB128ONLY" for the cipherstring. | |
76 | [Steve Henson] | |
77 | ||
ba8bdea7 DSH |
78 | *) New chain verification flags for Suite B levels of security. Check |
79 | algorithms are acceptable when flags are set in X509_verify_cert. | |
80 | [Steve Henson] | |
81 | ||
6660baee DSH |
82 | *) Make tls1_check_chain return a set of flags indicating checks passed |
83 | by a certificate chain. Add additional tests to handle client | |
84 | certificates: checks for matching certificate type and issuer name | |
85 | comparison. | |
86 | [Steve Henson] | |
87 | ||
25d4c925 DSH |
88 | *) If an attempt is made to use a signature algorithm not in the peer |
89 | preference list abort the handshake. If client has no suitable | |
90 | signature algorithms in response to a certificate request do not | |
91 | use the certificate. | |
92 | [Steve Henson] | |
93 | ||
44adfeb6 DSH |
94 | *) If server EC tmp key is not in client preference list abort handshake. |
95 | [Steve Henson] | |
96 | ||
b762acad DSH |
97 | *) Add support for certificate stores in CERT structure. This makes it |
98 | possible to have different stores per SSL structure or one store in | |
99 | the parent SSL_CTX. Include distint stores for certificate chain | |
100 | verification and chain building. New ctrl SSL_CTRL_BUILD_CERT_CHAIN | |
101 | to build and store a certificate chain in CERT structure: returing | |
102 | an error if the chain cannot be built: this will allow applications | |
103 | to test if a chain is correctly configured. | |
104 | ||
105 | Note: if the CERT based stores are not set then the parent SSL_CTX | |
106 | store is used to retain compatibility with existing behaviour. | |
107 | ||
108 | [Steve Henson] | |
109 | ||
b28fbdfa DSH |
110 | *) New function ssl_set_client_disabled to set a ciphersuite disabled |
111 | mask based on the current session, check mask when sending client | |
112 | hello and checking the requested ciphersuite. | |
113 | [Steve Henson] | |
114 | ||
a897502c DSH |
115 | *) New ctrls to retrieve and set certificate types in a certificate |
116 | request message. Print out received values in s_client. If certificate | |
117 | types is not set with custom values set sensible values based on | |
118 | supported signature algorithms. | |
119 | [Steve Henson] | |
120 | ||
04c32cdd DSH |
121 | *) Support for distinct client and server supported signature algorithms. |
122 | [Steve Henson] | |
123 | ||
623a5e24 DSH |
124 | *) Add certificate callback. If set this is called whenever a certificate |
125 | is required by client or server. An application can decide which | |
126 | certificate chain to present based on arbitrary criteria: for example | |
127 | supported signature algorithms. Add very simple example to s_server. | |
128 | This fixes many of the problems and restrictions of the existing client | |
129 | certificate callback: for example you can now clear an existing | |
130 | certificate and specify the whole chain. | |
131 | [Steve Henson] | |
132 | ||
484f8762 DSH |
133 | *) Add new "valid_flags" field to CERT_PKEY structure which determines what |
134 | the certificate can be used for (if anything). Set valid_flags field | |
135 | in new tls1_check_chain function. Simplify ssl_set_cert_masks which used | |
136 | to have similar checks in it. | |
137 | ||
138 | Add new "cert_flags" field to CERT structure and include a "strict mode". | |
139 | This enforces some TLS certificate requirements (such as only permitting | |
140 | certificate signature algorithms contained in the supported algorithms | |
141 | extension) which some implementations ignore: this option should be used | |
142 | with caution as it could cause interoperability issues. | |
143 | [Steve Henson] | |
144 | ||
c70a1fee DSH |
145 | *) Update and tidy signature algorithm extension processing. Work out |
146 | shared signature algorithms based on preferences and peer algorithms | |
147 | and print them out in s_client and s_server. Abort handshake if no | |
148 | shared signature algorithms. | |
149 | [Steve Henson] | |
150 | ||
0b362de5 DSH |
151 | *) Add new functions to allow customised supported signature algorithms |
152 | for SSL and SSL_CTX structures. Add options to s_client and s_server | |
153 | to support them. | |
154 | [Steve Henson] | |
155 | ||
d312f7be DSH |
156 | *) New function SSL_certs_clear() to delete all references to certificates |
157 | from an SSL structure. Before this once a certificate had been added | |
158 | it couldn't be removed. | |
159 | [Steve Henson] | |
160 | ||
70cd3c6b DSH |
161 | *) Integrate hostname, email address and IP address checking with certificate |
162 | verification. New verify options supporting checking in opensl utility. | |
163 | [Steve Henson] | |
164 | ||
45da1efc DSH |
165 | *) Fixes and wildcard matching support to hostname and email checking |
166 | functions. Add manual page. | |
167 | [Florian Weimer (Red Hat Product Security Team)] | |
168 | ||
169 | *) New functions to check a hostname email or IP address against a | |
170 | certificate. Add options x509 utility to print results of checks against | |
171 | a certificate. | |
172 | [Steve Henson] | |
173 | ||
d65b8b21 BL |
174 | *) Fix OCSP checking. |
175 | [Rob Stradling <rob.stradling@comodo.com> and Ben Laurie] | |
176 | ||
177 | *) Backport support for partial chain verification: if an intermediate | |
178 | certificate is explicitly trusted (using -addtrust option to x509 | |
179 | utility for example) the verification is sucessful even if the chain | |
180 | is not complete. | |
181 | The OCSP checking fix depends on this backport. | |
182 | [Steve Henson and Rob Stradling <rob.stradling@comodo.com>] | |
183 | ||
9d2006d8 DSH |
184 | *) Add -trusted_first option which attempts to find certificates in the |
185 | trusted store even if an untrusted chain is also supplied. | |
186 | [Steve Henson] | |
187 | ||
988037fe AP |
188 | *) MIPS assembly pack updates: support for MIPS32r2 and SmartMIPS ASE, |
189 | platform support for Linux and Android. | |
190 | [Andy Polyakov] | |
191 | ||
0e05b51f AP |
192 | *) Support for linux-x32, ILP32 environment in x86_64 framework. |
193 | [Andy Polyakov] | |
194 | ||
1b9a59c3 | 195 | *) RFC 5878 (TLS Authorization Extensions) support. |
4e14996e BL |
196 | [Emilia Kasper, Adam Langley, Ben Laurie (Google)] |
197 | ||
1dded7f7 DSH |
198 | *) Experimental multi-implementation support for FIPS capable OpenSSL. |
199 | When in FIPS mode the approved implementations are used as normal, | |
200 | when not in FIPS mode the internal unapproved versions are used instead. | |
201 | This means that the FIPS capable OpenSSL isn't forced to use the | |
202 | (often lower perfomance) FIPS implementations outside FIPS mode. | |
203 | [Steve Henson] | |
204 | ||
c3cb0691 DSH |
205 | *) Transparently support X9.42 DH parameters when calling |
206 | PEM_read_bio_DHparameters. This means existing applications can handle | |
207 | the new parameter format automatically. | |
208 | [Steve Henson] | |
209 | ||
491734eb DSH |
210 | *) Initial experimental support for X9.42 DH parameter format: mainly |
211 | to support use of 'q' parameter for RFC5114 parameters. | |
212 | [Steve Henson] | |
213 | ||
e811eff5 DSH |
214 | *) Add DH parameters from RFC5114 including test data to dhtest. |
215 | [Steve Henson] | |
216 | ||
e46c807e DSH |
217 | *) Support for automatic EC temporary key parameter selection. If enabled |
218 | the most preferred EC parameters are automatically used instead of | |
219 | hardcoded fixed parameters. Now a server just has to call: | |
220 | SSL_CTX_set_ecdh_auto(ctx, 1) and the server will automatically | |
221 | support ECDH and use the most appropriate parameters. | |
222 | [Steve Henson] | |
223 | ||
6b870763 DSH |
224 | *) Enhance and tidy EC curve and point format TLS extension code. Use |
225 | static structures instead of allocation if default values are used. | |
226 | New ctrls to set curves we wish to support and to retrieve shared curves. | |
227 | Print out shared curves in s_server. New options to s_server and s_client | |
228 | to set list of supported curves. | |
229 | [Steve Henson] | |
230 | ||
55058181 DSH |
231 | *) New ctrls to retrieve supported signature algorithms and |
232 | supported curve values as an array of NIDs. Extend openssl utility | |
233 | to print out received values. | |
234 | [Steve Henson] | |
235 | ||
a068a1d0 DSH |
236 | *) Add new APIs EC_curve_nist2nid and EC_curve_nid2nist which convert |
237 | between NIDs and the more common NIST names such as "P-256". Enhance | |
238 | ecparam utility and ECC method to recognise the NIST names for curves. | |
239 | [Steve Henson] | |
240 | ||
37b16c84 DSH |
241 | *) Enhance SSL/TLS certificate chain handling to support different |
242 | chains for each certificate instead of one chain in the parent SSL_CTX. | |
243 | [Steve Henson] | |
244 | ||
c523eb98 DSH |
245 | *) Support for fixed DH ciphersuite client authentication: where both |
246 | server and client use DH certificates with common parameters. | |
247 | [Steve Henson] | |
248 | ||
0ffa4997 DSH |
249 | *) Support for fixed DH ciphersuites: those requiring DH server |
250 | certificates. | |
251 | [Steve Henson] | |
b9115239 | 252 | |
1b9a59c3 BM |
253 | Changes between 1.0.1d and 1.0.1e [11 Feb 2013] |
254 | ||
255 | *) Correct fix for CVE-2013-0169. The original didn't work on AES-NI | |
256 | supporting platforms or when small records were transferred. | |
257 | [Andy Polyakov, Steve Henson] | |
258 | ||
259 | Changes between 1.0.1c and 1.0.1d [5 Feb 2013] | |
260 | ||
261 | *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time. | |
262 | ||
263 | This addresses the flaw in CBC record processing discovered by | |
264 | Nadhem Alfardan and Kenny Paterson. Details of this attack can be found | |
265 | at: http://www.isg.rhul.ac.uk/tls/ | |
266 | ||
267 | Thanks go to Nadhem Alfardan and Kenny Paterson of the Information | |
268 | Security Group at Royal Holloway, University of London | |
269 | (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and | |
270 |