]>
Commit | Line | Data |
---|---|---|
81a6c781 | 1 | |
f1c236f8 | 2 | OpenSSL CHANGES |
651d0aff RE |
3 | _______________ |
4 | ||
bf3d6c0c | 5 | Changes between 0.9.8a and 0.9.9 [xx XXX xxxx] |
28e4fe34 | 6 | |
1aeb3da8 BM |
7 | *) Add initial support for TLS extensions, specifically for the server_name |
8 | extension so far. The SSL_SESSION, SSL_CTX, and SSL data structures now | |
9 | have new members for a host name. The SSL data structure has an | |
10 | additional member SSL_CTX *initial_ctx so that new sessions can be | |
11 | stored in that context to allow for session resumption, even after the | |
12 | SSL has been switched to a new SSL_CTX in reaction to a client's | |
13 | server_name extension. | |
f1fd4544 BM |
14 | |
15 | New functions (subject to change): | |
16 | ||
17 | SSL_get_servername() | |
18 | SSL_get_servername_type() | |
19 | SSL_set_SSL_CTX() | |
20 | ||
21 | New CTRL codes and macros (subject to change): | |
22 | ||
23 | SSL_CTRL_SET_TLSEXT_SERVERNAME_CB | |
24 | - SSL_CTX_set_tlsext_servername_callback() | |
25 | SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG | |
26 | - SSL_CTX_set_tlsext_servername_arg() | |
27 | SSL_CTRL_SET_TLSEXT_HOSTNAME - SSL_set_tlsext_hostname() | |
b1277b99 | 28 | |
241520e6 BM |
29 | openssl s_client has a new '-servername ...' option. |
30 | ||
31 | openssl s_server has new options '-servername_host ...', '-cert2 ...', | |
32 | '-key2 ...', '-servername_fatal' (subject to change). This allows | |
33 | testing the HostName extension for a specific single host name ('-cert' | |
34 | and '-key' remain fallbacks for handshakes without HostName | |
35 | negotiation). If the unrecogninzed_name alert has to be sent, this by | |
36 | default is a warning; it becomes fatal with the '-servername_fatal' | |
37 | option. | |
b1277b99 | 38 | |
e8e5b46e | 39 | [Peter Sylvester, Remy Allais, Christophe Renou] |
b1277b99 | 40 | |
ed26604a AP |
41 | *) Whirlpool hash implementation is added. |
42 | [Andy Polyakov] | |
43 | ||
0cb9d93d AP |
44 | *) BIGNUM code on 64-bit SPARCv9 targets is switched from bn(64,64) to |
45 | bn(64,32). Because of instruction set limitations it doesn't have | |
46 | any negative impact on performance. This was done mostly in order | |
47 | to make it possible to share assembler modules, such as bn_mul_mont | |
48 | implementations, between 32- and 64-bit builds without hassle. | |
49 | [Andy Polyakov] | |
50 | ||
d804f86b BM |
51 | *) Disable rogue ciphersuites: |
52 | ||
53 | - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5") | |
54 | - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5") | |
55 | - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5") | |
56 | ||
57 | The latter two were purportedly from | |
58 | draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really | |
59 | appear there. | |
60 | ||
61 | Other ciphersuites from draft-ietf-tls-56-bit-ciphersuites-01.txt | |
62 | remain enabled for now, but are just as unofficial, and the ID | |
63 | has long expired; these will probably disappear soon. | |
64 | [Bodo Moeller] | |
65 | ||
8dee9f84 BM |
66 | *) Move code previously exiled into file crypto/ec/ec2_smpt.c |
67 | to ec2_smpl.c, and no longer require the OPENSSL_EC_BIN_PT_COMP | |
68 | macro. | |
69 | [Bodo Moeller] | |
70 | ||
4d524040 AP |
71 | *) New candidate for BIGNUM assembler implementation, bn_mul_mont, |
72 | dedicated Montgomery multiplication procedure, is introduced. | |
73 | BN_MONT_CTX is modified to allow bn_mul_mont to reach for higher | |
74 | "64-bit" performance on certain 32-bit targets. | |
75 | [Andy Polyakov] | |
76 | ||
566dda07 DSH |
77 | *) New option SSL_OP_NO_COMP to disable use of compression selectively |
78 | in SSL structures. New SSL ctrl to set maximum send fragment size. | |
79 | Save memory by seeting the I/O buffer sizes dynamically instead of | |
80 | using the maximum available value. | |
81 | [Steve Henson] | |
82 | ||
13e4670c BM |
83 | *) New option -V for 'openssl ciphers'. This prints the ciphersuite code |
84 | in addition to the text details. | |
85 | [Bodo Moeller] | |
86 | ||
1ef7acfe DSH |
87 | *) Very, very preliminary EXPERIMENTAL support for printing of general |
88 | ASN1 structures. This currently produces rather ugly output and doesn't | |
89 | handle several customised structures at all. | |
90 | [Steve Henson] | |
91 | ||
a0156a92 DSH |
92 | *) Integrated support for PVK file format and some related formats such |
93 | as MS PUBLICKEYBLOB and PRIVATEKEYBLOB. Command line switches to support | |
94 | these in the 'rsa' and 'dsa' utilities. | |
95 | [Steve Henson] | |
96 | ||
eea374fd DSH |
97 | *) Support for PKCS#1 RSAPublicKey format on rsa utility command line. |
98 | [Steve Henson] | |
99 | ||
45e27385 DSH |
100 | *) Remove the ancient ASN1_METHOD code. This was only ever used in one |
101 | place for the (very old) "NETSCAPE" format certificates which are now | |
102 | handled using new ASN1 code equivalents. | |
eea374fd | 103 | [Steve Henson] |
45e27385 | 104 | |
4ebb342f NL |
105 | *) Let the TLSv1_method() etc. functions return a 'const' SSL_METHOD |
106 | pointer and make the SSL_METHOD parameter in SSL_CTX_new, | |
107 | SSL_CTX_set_ssl_version and SSL_set_ssl_method 'const'. | |
108 | [Nils Larsch] | |
109 | ||
9aa9d70d | 110 | *) Modify CRL distribution points extension code to print out previously |
0745d089 DSH |
111 | unsupported fields. Enhance extension setting code to allow setting of |
112 | all fields. | |
9aa9d70d DSH |
113 | [Steve Henson] |
114 | ||
0537f968 | 115 | *) Add print and set support for Issuing Distribution Point CRL extension. |
231493c9 | 116 | [Steve Henson] |
28e4fe34 | 117 | |
998ac55e RL |
118 | Changes between 0.9.8a and 0.9.8b [XX xxx XXXX] |
119 | ||
31676a35 DSH |
120 | *) Link in manifests for VC++ if needed. |
121 | [Austin Ziegler <halostatue@gmail.com>] | |
122 | ||
d56349a2 BM |
123 | *) Update support for ECC-based TLS ciphersuites according to |
124 | draft-ietf-tls-ecc-12.txt with proposed changes. | |
125 | [Douglas Stebila] | |
126 | ||
b40228a6 DSH |
127 | *) New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free() to support |
128 | opaque EVP_CIPHER_CTX handling. | |
129 | [Steve Henson] | |
130 | ||
ad2695b1 DSH |
131 | *) Fixes and enhancements to zlib compression code. We now only use |
132 | "zlib1.dll" and use the default __cdecl calling convention on Win32 | |
133 | to conform with the standards mentioned here: | |
134 | http://www.zlib.net/DLL_FAQ.txt | |
135 | Static zlib linking now works on Windows and the new --with-zlib-include | |
136 | --with-zlib-lib options to Configure can be used to supply the location | |
137 | of the headers and library. Gracefully handle case where zlib library | |
138 | can't be loaded. | |
139 | [Steve Henson] | |
140 | ||
452ae49d DSH |
141 | *) Several fixes and enhancements to the OID generation code. The old code |
142 | sometimes allowed invalid OIDs (1.X for X >= 40 for example), couldn't | |
143 | handle numbers larger than ULONG_MAX, truncated printing and had a | |
144 | non standard OBJ_obj2txt() behaviour. | |
145 | [Steve Henson] | |
146 | ||
fbf002bb DSH |
147 | *) Add support for building of engines under engine/ as shared libraries |
148 | under VC++ build system. | |
149 | [Steve Henson] | |
150 | ||
998ac55e RL |
151 | *) Corrected the numerous bugs in the Win32 path splitter in DSO. |
152 | Hopefully, we will not see any false combination of paths any more. | |
153 | [Richard Levitte] | |
154 | ||
d357be38 MC |
155 | Changes between 0.9.8 and 0.9.8a [11 Oct 2005] |
156 | ||
157 | *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING | |
158 | (part of SSL_OP_ALL). This option used to disable the | |
159 | countermeasure against man-in-the-middle protocol-version | |
160 | rollback in the SSL 2.0 server implementation, which is a bad | |
04fac373 | 161 | idea. (CVE-2005-2969) |
d357be38 MC |
162 | |
163 | [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center | |
164 | for Information Security, National Institute of Advanced Industrial | |
165 | Science and Technology [AIST], Japan)] | |
2bd2cd9b | 166 | |
f022c177 DSH |
167 | *) Add two function to clear and return the verify parameter flags. |
168 | [Steve Henson] | |
169 | ||
6e119bb0 NL |
170 | *) Keep cipherlists sorted in the source instead of sorting them at |
171 | runtime, thus removing the need for a lock. | |
172 | [Nils Larsch] | |
173 | ||
770bc596 | 174 | *) Avoid some small subgroup attacks in Diffie-Hellman. |
bf3d6c0c BL |
175 | [Nick Mathewson and Ben Laurie] |
176 | ||
177 | *) Add functions for well-known primes. | |
178 | [Nick Mathewson] | |
179 | ||
0491e058 AP |
180 | *) Extended Windows CE support. |
181 | [Satoshi Nakamura and Andy Polyakov] | |
a1006c37 | 182 | |
f3b656b2 DSH |
183 | *) Initialize SSL_METHOD structures at compile time instead of during |
184 | runtime, thus removing the need for a lock. | |
185 | [Steve Henson] | |
186 | ||
8f2e4fdf DSH |
187 | *) Make PKCS7_decrypt() work even if no certificate is supplied by |
188 | attempting to decrypt each encrypted key in turn. Add support to | |
189 | smime utility. | |
190 | [Steve Henson] | |
2bd2cd9b RL |
191 | |
192 | Changes between 0.9.7h and 0.9.8 [05 Jul 2005] | |
12bdb643 | 193 | |
c8310124 RL |
194 | *) Add libcrypto.pc and libssl.pc for those who feel they need them. |
195 | [Richard Levitte] | |
196 | ||
197 | *) Change CA.sh and CA.pl so they don't bundle the CSR and the private | |
198 | key into the same file any more. | |
199 | [Richard Levitte] | |
200 | ||
8d3509b9 AP |
201 | *) Add initial support for Win64, both IA64 and AMD64/x64 flavors. |
202 | [Andy Polyakov] | |
203 | ||
cbdac46d DSH |
204 | *) Add -utf8 command line and config file option to 'ca'. |
205 | [Stefan <stf@udoma.org] | |
206 | ||
c8310124 RL |
207 | *) Removed the macro des_crypt(), as it seems to conflict with some |
208 | libraries. Use DES_crypt(). | |
209 | [Richard Levitte] | |
210 | ||
a2c32e2d GT |
211 | *) Correct naming of the 'chil' and '4758cca' ENGINEs. This |
212 | involves renaming the source and generated shared-libs for | |
213 | both. The engines will accept the corrected or legacy ids | |
214 | ('ncipher' and '4758_cca' respectively) when binding. NB, | |
215 | this only applies when building 'shared'. | |
216 | [Corinna Vinschen <vinschen@redhat.com> and Geoff Thorpe] | |
217 | ||
b6995add DSH |
218 | *) Add attribute functions to EVP_PKEY structure. Modify |
219 | PKCS12_create() to recognize a CSP name attribute and | |
220 | use it. Make -CSP option work again in pkcs12 utility. | |
221 | [Steve Henson] | |
222 | ||
800e400d NL |
223 | *) Add new functionality to the bn blinding code: |
224 | - automatic re-creation of the BN_BLINDING parameters after | |
225 | a fixed number of uses (currently 32) | |
226 | - add new function for parameter creation | |
227 | - introduce flags to control the update behaviour of the | |
228 | BN_BLINDING parameters | |
229 | - hide BN_BLINDING structure | |
230 | Add a second BN_BLINDING slot to the RSA structure to improve | |
231 | performance when a single RSA object is shared among several | |
232 | threads. | |
233 | [Nils Larsch] | |
234 | ||
36d16f8e BL |
235 | *) Add support for DTLS. |
236 | [Nagendra Modadugu <nagendra@cs.stanford.edu> and Ben Laurie] | |
237 | ||
dc0ed30c NL |
238 | *) Add support for DER encoded private keys (SSL_FILETYPE_ASN1) |
239 | to SSL_CTX_use_PrivateKey_file() and SSL_use_PrivateKey_file() | |
240 | [Walter Goulet] | |
241 | ||
6049399b NL |
242 | *) Remove buggy and incompletet DH cert support from |
243 | ssl/ssl_rsa.c and ssl/s3_both.c | |
244 | [Nils Larsch] | |
245 | ||
12bdb643 NL |
246 | *) Use SHA-1 instead of MD5 as the default digest algorithm for |
247 | the apps/openssl applications. | |
248 | [Nils Larsch] | |
4d94ae00 | 249 | |
41a15c4f BL |
250 | *) Compile clean with "-Wall -Wmissing-prototypes |
251 | -Wstrict-prototypes -Wmissing-declarations -Werror". Currently | |
252 | DEBUG_SAFESTACK must also be set. | |
253 | [Ben Laurie] | |
254 | ||
c9a112f5 | 255 | *) Change ./Configure so that certain algorithms can be disabled by default. |
ecc5ef87 BM |
256 | The new counterpiece to "no-xxx" is "enable-xxx". |
257 | ||
258 | The patented RC5 and MDC2 algorithms will now be disabled unless | |
259 | "enable-rc5" and "enable-mdc2", respectively, are specified. | |
260 | ||
261 | (IDEA remains enabled despite being patented. This is because IDEA | |
262 | is frequently required for interoperability, and there is no license | |
263 | fee for non-commercial use. As before, "no-idea" can be used to | |
264 | avoid this algorithm.) | |
265 | ||
c9a112f5 BM |
266 | [Bodo Moeller] |
267 | ||
6951c23a RL |
268 | *) Add processing of proxy certificates (see RFC 3820). This work was |
269 | sponsored by KTH (The Royal Institute of Technology in Stockholm) and | |
270 | EGEE (Enabling Grids for E-science in Europe). | |
271 | [Richard Levitte] | |
272 | ||
ea681ba8 AP |
273 | *) RC4 performance overhaul on modern architectures/implementations, such |
274 | as Intel P4, IA-64 and AMD64. | |
275 | [Andy Polyakov] | |
276 | ||
401ee37a DSH |
277 | *) New utility extract-section.pl. This can be used specify an alternative |
278 | section number in a pod file instead of having to treat each file as | |
279 | a separate case in Makefile. This can be done by adding two lines to the | |
280 | pod file: | |
281 | ||
282 | =for comment openssl_section:XXX | |
283 | ||
284 | The blank line is mandatory. | |
285 | ||
286 | [Steve Henson] | |
287 | ||
826a42a0 DSH |
288 | *) New arguments -certform, -keyform and -pass for s_client and s_server |
289 | to allow alternative format key and certificate files and passphrase | |
290 | sources. | |
291 | [Steve Henson] | |
292 | ||
5d7c222d DSH |
293 | *) New structure X509_VERIFY_PARAM which combines current verify parameters, |
294 | update associated structures and add various utility functions. | |
295 | ||
296 | Add new policy related verify parameters, include policy checking in | |
297 | standard verify code. Enhance 'smime' application with extra parameters | |
298 | to support policy checking and print out. | |
299 | [Steve Henson] | |
300 | ||
30fe028f GT |
301 | *) Add a new engine to support VIA PadLock ACE extensions in the VIA C3 |
302 | Nehemiah processors. These extensions support AES encryption in hardware | |
303 | as well as RNG (though RNG support is currently disabled). | |
304 | [Michal Ludvig <michal@logix.cz>, with help from Andy Polyakov] | |
305 | ||
df11e1e9 GT |
306 | *) Deprecate BN_[get|set]_params() functions (they were ignored internally). |
307 | [Geoff Thorpe] | |
308 | ||
ad500340 AP |
309 | *) New FIPS 180-2 algorithms, SHA-224/-256/-384/-512 are implemented. |
310 | [Andy Polyakov and a number of other people] | |
311 | ||
e14f4aab AP |
312 | *) Improved PowerPC platform support. Most notably BIGNUM assembler |
313 | implementation contributed by IBM. | |
314 | [Suresh Chari, Peter Waltenberg, Andy Polyakov] | |
315 | ||
bcfea9fb GT |
316 | *) The new 'RSA_generate_key_ex' function now takes a BIGNUM for the public |
317 | exponent rather than 'unsigned long'. There is a corresponding change to | |
318 | the new 'rsa_keygen' element of the RSA_METHOD structure. | |
319 | [Jelte Jansen, Geoff Thorpe] | |
320 | ||
d5f686d8 BM |
321 | *) Functionality for creating the initial serial number file is now |
322 | moved from CA.pl to the 'ca' utility with a new option -create_serial. | |
323 | ||
324 | (Before OpenSSL 0.9.7e, CA.pl used to initialize the serial | |
325 | number file to 1, which is bound to cause problems. To avoid | |
326 | the problems while respecting compatibility between different 0.9.7 | |
327 | patchlevels, 0.9.7e employed 'openssl x509 -next_serial' in | |
328 | CA.pl for serial number initialization. With the new release 0.9.8, | |
329 | we can fix the problem directly in the 'ca' utility.) | |
64674bcc DSH |
330 | [Steve Henson] |
331 | ||
3a87a9b9 GT |
332 | *) Reduced header interdepencies by declaring more opaque objects in |
333 | ossl_typ.h. As a consequence, including some headers (eg. engine.h) will | |
334 | give fewer recursive includes, which could break lazy source code - so | |
335 | this change is covered by the OPENSSL_NO_DEPRECATED symbol. As always, | |
336 | developers should define this symbol when building and using openssl to | |
337 | ensure they track the recommended behaviour, interfaces, [etc], but | |
338 | backwards-compatible behaviour prevails when this isn't defined. | |
339 | [Geoff Thorpe] | |
340 | ||
bf5773fa DSH |
341 | *) New function X509_POLICY_NODE_print() which prints out policy nodes. |
342 | [Steve Henson] | |
343 | ||
216659eb DSH |
344 | *) Add new EVP function EVP_CIPHER_CTX_rand_key and associated functionality. |
345 | This will generate a random key of the appropriate length based on the | |
346 | cipher context. The EVP_CIPHER can provide its own random key generation | |
347 | routine to support keys of a specific form. This is used in the des and | |
348 | 3des routines to generate a key of the correct parity. Update S/MIME | |
349 | code to use new functions and hence generate correct parity DES keys. | |
350 | Add EVP_CHECK_DES_KEY #define to return an error if the key is not | |
351 | valid (weak or incorrect parity). | |
352 | [Steve Henson] | |
353 | ||
e1a27eb3 DSH |
354 | *) Add a local set of CRLs that can be used by X509_verify_cert() as well |
355 | as looking them up. This is useful when the verified structure may contain | |
356 | CRLs, for example PKCS#7 signedData. Modify PKCS7_verify() to use any CRLs | |
357 | present unless the new PKCS7_NO_CRL flag is asserted. | |
358 | [Steve Henson] | |
359 | ||
6446e0c3 DSH |
360 | *) Extend ASN1 oid configuration module. It now additionally accepts the |
361 | syntax: | |
362 | ||
363 | shortName = some long name, 1.2.3.4 | |
364 | [Steve Henson] | |
365 | ||
5c98b2ca GT |
366 | *) Reimplemented the BN_CTX implementation. There is now no more static |
367 | limitation on the number of variables it can handle nor the depth of the | |
368 | "stack" handling for BN_CTX_start()/BN_CTX_end() pairs. The stack | |
369 | information can now expand as required, and rather than having a single | |
370 | static array of bignums, BN_CTX now uses a linked-list of such arrays | |
371 | allowing it to expand on demand whilst maintaining the usefulness of | |
372 | BN_CTX's "bundling". | |
373 | [Geoff Thorpe] | |
374 | ||
46ef873f GT |
375 | *) Add a missing BN_CTX parameter to the 'rsa_mod_exp' callback in RSA_METHOD |
376 | to allow all RSA operations to function using a single BN_CTX. | |
377 | [Geoff Thorpe] | |
378 | ||
4acc3e90 DSH |
379 | *) Preliminary support for certificate policy evaluation and checking. This |
380 | is initially intended to pass the tests outlined in "Conformance Testing | |
381 | of Relying Party Client Certificate Path Processing Logic" v1.07. | |
382 | [Steve Henson] | |
383 | ||
7f663ce4 GT |
384 | *) bn_dup_expand() has been deprecated, it was introduced in 0.9.7 and |
385 | remained unused and not that useful. A variety of other little bignum | |
386 | tweaks and fixes have also been made continuing on from the audit (see | |
387 | below). | |
388 | [Geoff Thorpe] | |
389 | ||
875a644a RL |
390 | *) Constify all or almost all d2i, c2i, s2i and r2i functions, along with |
391 | associated ASN1, EVP and SSL functions and old ASN1 macros. | |
7f663ce4 | 392 | [Richard Levitte] |
875a644a | 393 | |
b6358c89 GT |
394 | *) BN_zero() only needs to set 'top' and 'neg' to zero for correct results, |
395 | and this should never fail. So the return value from the use of | |
396 | BN_set_word() (which can fail due to needless expansion) is now deprecated; | |
397 | if OPENSSL_NO_DEPRECATED is defined, BN_zero() is a void macro. | |
398 | [Geoff Thorpe] | |
399 | ||
9e051bac GT |
400 | *) BN_CTX_get() should return zero-valued bignums, providing the same |
401 | initialised value as BN_new(). | |
402 |