[thirdparty/openssl.git] / CHANGES


 OpenSSL CHANGES
 _______________

 Changes between 0.9.4 and 0.9.5  [xx XXX 1999]

  *) Add various utility functions to handle SPKACs, these were previously
     handled by poking round in the structure internals. Added new function
     NETSCAPE_SPKI_print() to print out SPKAC and a new utility 'spkac' to
     print, verify and generate SPKACs. Based on an original idea from
     Massimiliano Pala <madwolf@comune.modena.it> but extensively modified.
     [Steve Henson]

  *) RIPEMD160 is operational on all platforms and is back in 'make test'.
     [Andy Polyakov]

  *) Allow the config file extension section to be overwritten on the
     command line. Based on an original idea from Massimiliano Pala
     <madwolf@comune.modena.it>. The new option is called -extensions
     and can be applied to ca, req and x509. Also -reqexts to override
     the request extensions in req and -crlexts to override the crl extensions
     in ca.
     [Steve Henson]

  *) Add new feature to the SPKAC handling in ca.  Now you can include
     the same field multiple times by preceding it by "XXXX." for example:
     1.OU="Unit name 1"
     2.OU="Unit name 2"
     this is the same syntax as used in the req config file.
     [Steve Henson]

  *) Allow certificate extensions to be added to certificate requests. These
     are specified in a 'req_extensions' option of the req section of the
     config file. They can be printed out with the -text option to req but
     are otherwise ignored at present.
     [Steve Henson]

  *) Fix a horrible bug in enc_read() in crypto/evp/bio_enc.c: if the first data
     read consists of only the final block it would not decrypted because
     EVP_CipherUpdate() would correctly report zero bytes had been decrypted.
     A misplaced 'break' also meant the decrypted final block might not be
     copied until the next read.
     [Steve Henson]

  *) Initial support for DH_METHOD. Again based on RSA_METHOD. Also added
     a few extra parameters to the DH structure: these will be useful if
     for example we want the value of 'q' or implement X9.42 DH.
     [Steve Henson]

  *) Initial support for DSA_METHOD. This is based on the RSA_METHOD and
     provides hooks that allow the default DSA functions or functions on a
     "per key" basis to be replaced. This allows hardware acceleration and
     hardware key storage to be handled without major modification to the
     library. Also added low level modexp hooks and CRYPTO_EX structure and 
     associated functions.
     [Steve Henson]

  *) Add a new flag to memory BIOs, BIO_FLAG_MEM_RDONLY. This marks the BIO
     as "read only": it can't be written to and the buffer it points to will
     not be freed. Reading from a read only BIO is much more efficient than
     a normal memory BIO. This was added because there are several times when
     an area of memory needs to be read from a BIO. The previous method was
     to create a memory BIO and write the data to it, this results in two
     copies of the data and an O(n^2) reading algorithm. There is a new
     function BIO_new_mem_buf() which creates a read only memory BIO from
     an area of memory. Also modified the PKCS#7 routines to use read only
     memory BIOSs.
     [Steve Henson]

  *) Bugfix: ssl23_get_client_hello did not work properly when called in
     state SSL23_ST_SR_CLNT_HELLO_B, i.e. when the first 7 bytes of
     a SSLv2-compatible client hello for SSLv3 or TLSv1 could be read,
     but a retry condition occured while trying to read the rest.
     [Bodo Moeller]

  *) The PKCS7_ENC_CONTENT_new() function was setting the content type as
     NID_pkcs7_encrypted by default: this was wrong since this should almost
     always be NID_pkcs7_data. Also modified the PKCS7_set_type() to handle
     the encrypted data type: this is a more sensible place to put it and it
     allows the PKCS#12 code to be tidied up that duplicated this
     functionality.
     [Steve Henson]

  *) Changed obj_dat.pl script so it takes its input and output files on
     the command line. This should avoid shell escape redirection problems
     under Win32.
     [Steve Henson]

  *) Initial support for certificate extension requests, these are included
     in things like Xenroll certificate requests. Included functions to allow
     extensions to be obtained and added.
     [Steve Henson]

  *) -crlf option to s_client and s_server for sending newlines as
     CRLF (as required by many protocols).
     [Bodo Moeller]

 Changes between 0.9.3a and 0.9.4  [09 Aug 1999]
  
  *) Install libRSAglue.a when OpenSSL is built with RSAref.
     [Ralf S. Engelschall]

  *) A few more ``#ifndef NO_FP_API / #endif'' pairs for consistency.
     [Andrija Antonijevic <TheAntony2@bigfoot.com>]

  *) Fix -startdate and -enddate (which was missing) arguments to 'ca'
     program.
     [Steve Henson]

  *) New function DSA_dup_DH, which duplicates DSA parameters/keys as
     DH parameters/keys (q is lost during that conversion, but the resulting
     DH parameters contain its length).

     For 1024-bit p, DSA_generate_parameters followed by DSA_dup_DH is
     much faster than DH_generate_parameters (which creates parameters
     where p = 2*q + 1), and also the smaller q makes DH computations
     much more efficient (160-bit exponentiation instead of 1024-bit
     exponentiation); so this provides a convenient way to support DHE
     ciphersuites in SSL/TLS servers (see ssl/ssltest.c).  It is of
     utter importance to use
         SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
     or
         SSL_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
     when such DH parameters are used, because otherwise small subgroup
     attacks may become possible!
     [Bodo Moeller]

  *) Avoid memory leak in i2d_DHparams.
     [Bodo Moeller]

  *) Allow the -k option to be used more than once in the enc program:
     this allows the same encrypted message to be read by multiple recipients.
     [Steve Henson]

  *) New function OBJ_obj2txt(buf, buf_len, a, no_name), this converts
     an ASN1_OBJECT to a text string. If the "no_name" parameter is set then
     it will always use the numerical form of the OID, even if it has a short
     or long name.
     [Steve Henson]

  *) Added an extra RSA flag: RSA_FLAG_EXT_PKEY. Previously the rsa_mod_exp
     method only got called if p,q,dmp1,dmq1,iqmp components were present,
     otherwise bn_mod_exp was called. In the case of hardware keys for example
     no private key components need be present and it might store extra data
     in the RSA structure, which cannot be accessed from bn_mod_exp. By setting
     RSA_FLAG_EXT_PKEY rsa_mod_exp will always be called for private key
     operations.
     [Steve Henson]

  *) Added support for SPARC Linux.
     [Andy Polyakov]

  *) pem_password_cb function type incompatibly changed from
          typedef int pem_password_cb(char *buf, int size, int rwflag);
     to
          ....(char *buf, int size, int rwflag, void *userdata);
     so that applications can pass data to their callbacks:
     The PEM[_ASN1]_{read,write}... functions and macros now take an
     additional void * argument, which is just handed through whenever
     the password callback is called.
     [Damien Miller <dmiller@ilogic.com.au>, with tiny changes by Bodo Moeller]

     New function SSL_CTX_set_default_passwd_cb_userdata.

     Compatibility note: As many C implementations push function arguments
     onto the stack in reverse order, the new library version is likely to
     interoperate with programs that have been compiled with the old
     pem_password_cb definition (PEM_whatever takes some data that
     happens to be on the stack as its last argument, and the callback
     just ignores this garbage); but there is no guarantee whatsoever that
     this will work.

  *) The -DPLATFORM="\"$(PLATFORM)\"" definition and the similar -DCFLAGS=...
     (both in crypto/Makefile.ssl for use by crypto/cversion.c) caused
     problems not only on Windows, but also on some Unix platforms.
     To avoid problematic command lines, these definitions are now in an
     auto-generated file crypto/buildinf.h (created by crypto/Makefile.ssl
     for standard "make" builds, by util/mk1mf.pl for "mk1mf" builds).
     [Bodo Moeller]

  *) MIPS III/IV assembler module is reimplemented.
     [Andy Polyakov]

  *) More DES library cleanups: remove references to srand/rand and
     delete an unused file.
Commit	Line	Data
651d0aff	1
f1c236f8	2	OpenSSL CHANGES
651d0aff RE	3	_______________
651d0aff RE	4
d91e201e RE	5	Changes between 0.9.4 and 0.9.5 [xx XXX 1999]
d91e201e RE	6
8ce97163 DSH	7	*) Add various utility functions to handle SPKACs, these were previously
	8	handled by poking round in the structure internals. Added new function
	9	NETSCAPE_SPKI_print() to print out SPKAC and a new utility 'spkac' to
	10	print, verify and generate SPKACs. Based on an original idea from
	11	Massimiliano Pala <madwolf@comune.modena.it> but extensively modified.
	12	[Steve Henson]
	13
2d4287da AP	14	*) RIPEMD160 is operational on all platforms and is back in 'make test'.
	15	[Andy Polyakov]
	16
87a25f90 DSH	17	*) Allow the config file extension section to be overwritten on the
	18	command line. Based on an original idea from Massimiliano Pala
	19	<madwolf@comune.modena.it>. The new option is called -extensions
	20	and can be applied to ca, req and x509. Also -reqexts to override
	21	the request extensions in req and -crlexts to override the crl extensions
	22	in ca.
	23	[Steve Henson]
	24
f9150e54 DSH	25	*) Add new feature to the SPKAC handling in ca. Now you can include
	26	the same field multiple times by preceding it by "XXXX." for example:
	27	1.OU="Unit name 1"
	28	2.OU="Unit name 2"
	29	this is the same syntax as used in the req config file.
	30	[Steve Henson]
	31
c79b16e1 DSH	32	*) Allow certificate extensions to be added to certificate requests. These
	33	are specified in a 'req_extensions' option of the req section of the
	34	config file. They can be printed out with the -text option to req but
	35	are otherwise ignored at present.
	36	[Steve Henson]
	37
7b65c329 DSH	38	*) Fix a horrible bug in enc_read() in crypto/evp/bio_enc.c: if the first data
	39	read consists of only the final block it would not decrypted because
	40	EVP_CipherUpdate() would correctly report zero bytes had been decrypted.
	41	A misplaced 'break' also meant the decrypted final block might not be
	42	copied until the next read.
	43	[Steve Henson]
	44
13066cee DSH	45	*) Initial support for DH_METHOD. Again based on RSA_METHOD. Also added
	46	a few extra parameters to the DH structure: these will be useful if
	47	for example we want the value of 'q' or implement X9.42 DH.
	48	[Steve Henson]
	49
c0711f7f DSH	50	*) Initial support for DSA_METHOD. This is based on the RSA_METHOD and
	51	provides hooks that allow the default DSA functions or functions on a
	52	"per key" basis to be replaced. This allows hardware acceleration and
	53	hardware key storage to be handled without major modification to the
	54	library. Also added low level modexp hooks and CRYPTO_EX structure and
	55	associated functions.
	56	[Steve Henson]
	57
8484721a DSH	58	*) Add a new flag to memory BIOs, BIO_FLAG_MEM_RDONLY. This marks the BIO
	59	as "read only": it can't be written to and the buffer it points to will
	60	not be freed. Reading from a read only BIO is much more efficient than
	61	a normal memory BIO. This was added because there are several times when
	62	an area of memory needs to be read from a BIO. The previous method was
	63	to create a memory BIO and write the data to it, this results in two
	64	copies of the data and an O(n^2) reading algorithm. There is a new
	65	function BIO_new_mem_buf() which creates a read only memory BIO from
	66	an area of memory. Also modified the PKCS#7 routines to use read only
	67	memory BIOSs.
	68	[Steve Henson]
	69
de1915e4 BM	70	*) Bugfix: ssl23_get_client_hello did not work properly when called in
	71	state SSL23_ST_SR_CLNT_HELLO_B, i.e. when the first 7 bytes of
	72	a SSLv2-compatible client hello for SSLv3 or TLSv1 could be read,
	73	but a retry condition occured while trying to read the rest.
	74	[Bodo Moeller]
	75
c6c34506 DSH	76	*) The PKCS7_ENC_CONTENT_new() function was setting the content type as
	77	NID_pkcs7_encrypted by default: this was wrong since this should almost
	78	always be NID_pkcs7_data. Also modified the PKCS7_set_type() to handle
	79	the encrypted data type: this is a more sensible place to put it and it
	80	allows the PKCS#12 code to be tidied up that duplicated this
	81	functionality.
	82	[Steve Henson]
	83
fd520577 DSH	84	*) Changed obj_dat.pl script so it takes its input and output files on
	85	the command line. This should avoid shell escape redirection problems
	86	under Win32.
	87	[Steve Henson]
	88
87c49f62	89	*) Initial support for certificate extension requests, these are included
fd520577 DSH	90	in things like Xenroll certificate requests. Included functions to allow
fd520577 DSH	91	extensions to be obtained and added.
87c49f62 DSH	92	[Steve Henson]
87c49f62 DSH	93
1b1a6e78 BM	94	*) -crlf option to s_client and s_server for sending newlines as
	95	CRLF (as required by many protocols).
	96	[Bodo Moeller]
	97
9a577e29	98	Changes between 0.9.3a and 0.9.4 [09 Aug 1999]
dfbaf956	99
9a577e29	100	*) Install libRSAglue.a when OpenSSL is built with RSAref.
dfbaf956	101	[Ralf S. Engelschall]
74678cc2	102
96395158 RE	103	*) A few more ``#ifndef NO_FP_API / #endif'' pairs for consistency.
	104	[Andrija Antonijevic <TheAntony2@bigfoot.com>]
	105
ed7f60fb DSH	106	*) Fix -startdate and -enddate (which was missing) arguments to 'ca'
	107	program.
	108	[Steve Henson]
	109
48c843c3 BM	110	*) New function DSA_dup_DH, which duplicates DSA parameters/keys as
	111	DH parameters/keys (q is lost during that conversion, but the resulting
	112	DH parameters contain its length).
	113
	114	For 1024-bit p, DSA_generate_parameters followed by DSA_dup_DH is
	115	much faster than DH_generate_parameters (which creates parameters
	116	where p = 2*q + 1), and also the smaller q makes DH computations
	117	much more efficient (160-bit exponentiation instead of 1024-bit
	118	exponentiation); so this provides a convenient way to support DHE
	119	ciphersuites in SSL/TLS servers (see ssl/ssltest.c). It is of
	120	utter importance to use
	121	SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
	122	or
	123	SSL_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
	124	when such DH parameters are used, because otherwise small subgroup
	125	attacks may become possible!
	126	[Bodo Moeller]
	127
	128	*) Avoid memory leak in i2d_DHparams.
	129	[Bodo Moeller]
	130
922180d7 DSH	131	*) Allow the -k option to be used more than once in the enc program:
	132	this allows the same encrypted message to be read by multiple recipients.
	133	[Steve Henson]
	134
3e3d2ea2 DSH	135	*) New function OBJ_obj2txt(buf, buf_len, a, no_name), this converts
	136	an ASN1_OBJECT to a text string. If the "no_name" parameter is set then
	137	it will always use the numerical form of the OID, even if it has a short
	138	or long name.
	139	[Steve Henson]
	140
770d19b8 DSH	141	*) Added an extra RSA flag: RSA_FLAG_EXT_PKEY. Previously the rsa_mod_exp
	142	method only got called if p,q,dmp1,dmq1,iqmp components were present,
	143	otherwise bn_mod_exp was called. In the case of hardware keys for example
	144	no private key components need be present and it might store extra data
	145	in the RSA structure, which cannot be accessed from bn_mod_exp. By setting
	146	RSA_FLAG_EXT_PKEY rsa_mod_exp will always be called for private key
	147	operations.
	148	[Steve Henson]
	149
a0618e3e AP	150	*) Added support for SPARC Linux.
	151	[Andy Polyakov]
	152
74678cc2 BM	153	*) pem_password_cb function type incompatibly changed from
	154	typedef int pem_password_cb(char *buf, int size, int rwflag);
	155	to
	156	....(char buf, int size, int rwflag, void userdata);
	157	so that applications can pass data to their callbacks:
	158	The PEM[_ASN1]_{read,write}... functions and macros now take an
	159	additional void * argument, which is just handed through whenever
	160	the password callback is called.
	161	[Damien Miller <dmiller@ilogic.com.au>, with tiny changes by Bodo Moeller]
	162
	163	New function SSL_CTX_set_default_passwd_cb_userdata.
	164
	165	Compatibility note: As many C implementations push function arguments
	166	onto the stack in reverse order, the new library version is likely to
	167	interoperate with programs that have been compiled with the old
	168	pem_password_cb definition (PEM_whatever takes some data that
	169	happens to be on the stack as its last argument, and the callback
	170	just ignores this garbage); but there is no guarantee whatsoever that
	171	this will work.
0cceb1c7	172
664b9985 BM	173	*) The -DPLATFORM="\"$(PLATFORM)\"" definition and the similar -DCFLAGS=...
	174	(both in crypto/Makefile.ssl for use by crypto/cversion.c) caused
	175	problems not only on Windows, but also on some Unix platforms.
2e0fc875	176	To avoid problematic command lines, these definitions are now in an
57119943 BM	177	auto-generated file crypto/buildinf.h (created by crypto/Makefile.ssl
57119943 BM	178	for standard "make" builds, by util/mk1mf.pl for "mk1mf" builds).
664b9985 BM	179	[Bodo Moeller]
664b9985 BM	180
7363455f AP	181	*) MIPS III/IV assembler module is reimplemented.
	182	[Andy Polyakov]
	183
6434450c UM	184	*) More DES library cleanups: remove references to srand/rand and
	185	delete an unused file.
	186