]>
Commit | Line | Data |
---|---|---|
81a6c781 | 1 | |
f1c236f8 | 2 | OpenSSL CHANGES |
651d0aff RE |
3 | _______________ |
4 | ||
4d94ae00 BM |
5 | Changes between 0.9.7 and 0.9.8 [xx XXX 2002] |
6 | ||
82652aaf BM |
7 | *) Add a function EC_GROUP_check_discriminant() (defined via |
8 | EC_METHOD) that verifies that the curve discriminant is non-zero. | |
9 | ||
10 | Add a function EC_GROUP_check() that makes some sanity tests | |
11 | on a EC_GROUP, its generator and order. This includes | |
12 | EC_GROUP_check_discriminant(). | |
13 | [Nils Larsch <nla@trustcenter.de>] | |
14 | ||
4d94ae00 BM |
15 | *) Add ECDSA in new directory crypto/ecdsa/. |
16 | ||
17 | Add applications 'openssl ecdsaparam' and 'openssl ecdsa' | |
18 | (these are variants of 'openssl dsaparam' and 'openssl dsa'). | |
19 | ||
20 | ECDSA support is also included in various other files across the | |
21 | library. Most notably, | |
22 | - 'openssl req' now has a '-newkey ecdsa:file' option; | |
23 | - EVP_PKCS82PKEY (crypto/evp/evp_pkey.c) now can handle ECDSA; | |
24 | - X509_PUBKEY_get (crypto/asn1/x_pubkey.c) and | |
25 | d2i_PublicKey (crypto/asn1/d2i_pu.c) have been modified to make | |
26 | them suitable for ECDSA where domain parameters must be | |
27 | extracted before the specific public key. | |
f8e21776 | 28 | [Nils Larsch <nla@trustcenter.de>] |
4d94ae00 | 29 | |
af28dd6c BM |
30 | *) Include some named elliptic curves, and add OIDs from X9.62, |
31 | SECG, and WAP/WTLS. The curves can be obtained from the new | |
32 | functions | |
4d94ae00 BM |
33 | EC_GROUP_new_by_nid() |
34 | EC_GROUP_new_by_name() | |
35 | Also add a 'nid' field to EC_GROUP objects, which can be accessed | |
36 | via | |
37 | EC_GROUP_set_nid() | |
38 | EC_GROUP_get_nid() | |
39 | [Nils Larsch <nla@trustcenter.de, Bodo Moeller] | |
40 | ||
381a146d | 41 | Changes between 0.9.6d and 0.9.7 [XX xxx 2002] |
4d94ae00 | 42 | |
85fb12d5 | 43 | *) Make object definitions compliant to LDAP (RFC2256): SN is the short |
ffbe98b7 LJ |
44 | form for "surname", serialNumber has no short form (Michael Bell |
45 | <michael.bell@rz.hu-berlin.de>). | |
46 | [Lutu Jaenicke] | |
47 | ||
85fb12d5 | 48 | *) Add an "init" command to the ENGINE config module and auto initialize |
0dc09233 DSH |
49 | ENGINEs. Without any "init" command the ENGINE will be initialized |
50 | after all ctrl commands have been executed on it. If init=1 the | |
51 | ENGINE is initailized at that point (ctrls before that point are run | |
52 | on the uninitialized ENGINE and after on the initialized one). If | |
53 | init=0 then the ENGINE will not be iniatialized at all. | |
54 | [Steve Henson] | |
55 | ||
85fb12d5 | 56 | *) Fix the 'app_verify_callback' interface so that the user-defined |
023ec151 BM |
57 | argument is actually passed to the callback: In the |
58 | SSL_CTX_set_cert_verify_callback() prototype, the callback | |
59 | declaration has been changed from | |
60 | int (*cb)() | |
61 | into | |
62 | int (*cb)(X509_STORE_CTX *,void *); | |
63 | in ssl_verify_cert_chain (ssl/ssl_cert.c), the call | |
64 | i=s->ctx->app_verify_callback(&ctx) | |
65 | has been changed into | |
66 | i=s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg). | |
67 | ||
68 | To update applications using SSL_CTX_set_cert_verify_callback(), | |
69 | a dummy argument can be added to their callback functions. | |
70 | [D. K. Smetters <smetters@parc.xerox.com>] | |
71 | ||
85fb12d5 | 72 | *) Added the '4758cca' ENGINE to support IBM 4758 cards. |
92d1bc09 GT |
73 | [Maurice Gittens <maurice@gittens.nl>, touchups by Geoff Thorpe] |
74 | ||
85fb12d5 | 75 | *) Add and OPENSSL_LOAD_CONF define which will cause |
e84be9b4 DSH |
76 | OpenSSL_add_all_algorithms() to load the openssl.cnf config file. |
77 | This allows older applications to transparently support certain | |
78 | OpenSSL features: such as crypto acceleration and dynamic ENGINE loading. | |
79 | Two new functions OPENSSL_add_all_algorithms_noconf() which will never | |
80 | load the config file and OPENSSL_add_all_algorithms_conf() which will | |
81 | always load it have also been added. | |
82 | [Steve Henson] | |
83 | ||
85fb12d5 | 84 | *) Add the OFB, CFB and CTR (all with 128 bit feedback) to AES. |
0d22b5da RL |
85 | Adjust NIDs and EVP layer. |
86 | [Stephen Sprunk <stephen@sprunk.org> and Richard Levitte] | |
87 | ||
85fb12d5 | 88 | *) Config modules support in openssl utility. |
3647bee2 DSH |
89 | |
90 | Most commands now load modules from the config file, | |
91 | though in a few (such as version) this isn't done | |
92 | because it couldn't be used for anything. | |
93 | ||
94 | In the case of ca and req the config file used is | |
95 | the same as the utility itself: that is the -config | |
96 | command line option can be used to specify an | |
97 | alternative file. | |
98 | [Steve Henson] | |
99 | ||
85fb12d5 | 100 | *) Move default behaviour from OPENSSL_config(). If appname is NULL |
92f91ff4 DSH |
101 | use "openssl_conf" if filename is NULL use default openssl config file. |
102 | [Steve Henson] | |
103 | ||
85fb12d5 | 104 | *) Add an argument to OPENSSL_config() to allow the use of an alternative |
92f91ff4 DSH |
105 | config section name. Add a new flag to tolerate a missing config file |
106 | and move code to CONF_modules_load_file(). | |
107 | [Steve Henson] | |
108 | ||
85fb12d5 | 109 | *) Support for crypto accelerator cards from Accelerated Encryption |
3cd039dd RL |
110 | Processing, www.aep.ie. (Use engine 'aep') |
111 | The support was copied from 0.9.6c [engine] and adapted/corrected | |
112 | to work with the new engine framework. | |
113 | [AEP Inc. and Richard Levitte] | |
114 | ||
85fb12d5 | 115 | *) Support for SureWare crypto accelerator cards from Baltimore |
3cd039dd RL |
116 | Technologies. (Use engine 'sureware') |
117 | The support was copied from 0.9.6c [engine] and adapted | |
118 | to work with the new engine framework. | |
119 | [Richard Levitte] | |
120 | ||
85fb12d5 | 121 | *) Have the CHIL engine fork-safe (as defined by nCipher) and actually |
1199e2d8 RL |
122 | make the newer ENGINE framework commands for the CHIL engine work. |
123 | [Toomas Kiisk <vix@cyber.ee> and Richard Levitte] | |
124 | ||
85fb12d5 | 125 | *) Make it possible to produce shared libraries on ReliantUNIX. |
a3fffd64 RL |
126 | [Robert Dahlem <Robert.Dahlem@ffm2.siemens.de> via Richard Levitte] |
127 | ||
85fb12d5 | 128 | *) Add the configuration target debug-linux-ppro. |
80bb905d RL |
129 | Make 'openssl rsa' use the general key loading routines |
130 | implemented in apps.c, and make those routines able to | |
131 | handle the key format FORMAT_NETSCAPE and the variant | |
132 | FORMAT_IISSGC. | |
133 | [Toomas Kiisk <vix@cyber.ee> via Richard Levitte] | |
134 | ||
381a146d | 135 | *) Fix a crashbug and a logic bug in hwcrhk_load_pubkey(). |
80bb905d RL |
136 | [Toomas Kiisk <vix@cyber.ee> via Richard Levitte] |
137 | ||
85fb12d5 | 138 | *) Add -keyform to rsautl, and document -engine. |
8242a6a9 RL |
139 | [Richard Levitte, inspired by Toomas Kiisk <vix@cyber.ee>] |
140 | ||
85fb12d5 | 141 | *) Change BIO_new_file (crypto/bio/bss_file.c) to use new |
a14e2d9d BM |
142 | BIO_R_NO_SUCH_FILE error code rather than the generic |
143 | ERR_R_SYS_LIB error code if fopen() fails with ENOENT. | |
144 | [Ben Laurie] | |
145 | ||
85fb12d5 | 146 | *) Add new functions |
a14e2d9d BM |
147 | ERR_peek_last_error |
148 | ERR_peek_last_error_line | |
149 | ERR_peek_last_error_line_data. | |
150 | These are similar to | |
151 | ERR_peek_error | |
152 | ERR_peek_error_line | |
153 | ERR_peek_error_line_data, | |
154 | but report on the latest error recorded rather than the first one | |
155 | still in the error queue. | |
156 | [Ben Laurie, Bodo Moeller] | |
157 | ||
85fb12d5 | 158 | *) default_algorithms option in ENGINE config module. This allows things |
df5eaa8a DSH |
159 | like: |
160 | default_algorithms = ALL | |
161 | default_algorithms = RSA, DSA, RAND, CIPHERS, DIGESTS | |
162 | [Steve Henson] | |
163 | ||
85fb12d5 | 164 | *) Prelminary ENGINE config module. |
c9501c22 DSH |
165 | [Steve Henson] |
166 | ||
85fb12d5 | 167 | *) New experimental application configuration code. |
bc37d996 DSH |
168 | [Steve Henson] |
169 | ||
85fb12d5 | 170 | *) Change the AES code to follow the same name structure as all other |
6f9079fd RL |
171 | symmetric ciphers, and behave the same way. Move everything to |
172 | the directory crypto/aes, thereby obsoleting crypto/rijndael. | |
173 | [Stephen Sprunk <stephen@sprunk.org> and Richard Levitte] | |
174 | ||
85fb12d5 | 175 | *) SECURITY: remove unsafe setjmp/signal interaction from ui_openssl.c. |
7c517a04 BL |
176 | [Ben Laurie and Theo de Raadt] |
177 | ||
85fb12d5 | 178 | *) Add option to output public keys in req command. |
21a85f19 DSH |
179 | [Massimiliano Pala madwolf@openca.org] |
180 | ||
85fb12d5 | 181 | *) Use wNAFs in EC_POINTs_mul() for improved efficiency |
76c4336c | 182 | (up to about 10% better than before for P-192 and P-224). |
3ba1f111 BM |
183 | [Bodo Moeller] |
184 | ||
85fb12d5 | 185 | *) New functions/macros |
7aa983c6 BM |
186 | |
187 | SSL_CTX_set_msg_callback(ctx, cb) | |
188 | SSL_CTX_set_msg_callback_arg(ctx, arg) | |
189 | SSL_set_msg_callback(ssl, cb) | |
190 | SSL_set_msg_callback_arg(ssl, arg) | |
191 | ||
192 | to request calling a callback function | |
193 | ||
194 | void cb(int write_p, int version, int content_type, | |
195 | const void *buf, size_t len, SSL *ssl, void *arg) | |
196 | ||
197 | whenever a protocol message has been completely received | |
198 | (write_p == 0) or sent (write_p == 1). Here 'version' is the | |
199 | protocol version according to which the SSL library interprets | |
200 | the current protocol message (SSL2_VERSION, SSL3_VERSION, or | |
201 | TLS1_VERSION). 'content_type' is 0 in the case of SSL 2.0, or | |
202 | the content type as defined in the SSL 3.0/TLS 1.0 protocol | |
203 | specification (change_cipher_spec(20), alert(21), handshake(22)). | |
204 | 'buf' and 'len' point to the actual message, 'ssl' to the | |
205 | SSL object, and 'arg' is the application-defined value set by | |
206 | SSL[_CTX]_set_msg_callback_arg(). | |
207 | ||
208 | 'openssl s_client' and 'openssl s_server' have new '-msg' options | |
209 | to enable a callback that displays all protocol messages. | |
210 | [Bodo Moeller] | |
211 | ||
85fb12d5 | 212 | *) Change the shared library support so shared libraries are built as |
a7b42009 RL |
213 | soon as the corresponding static library is finished, and thereby get |
214 | openssl and the test programs linked against the shared library. | |
215 | This still only happens when the keyword "shard" has been given to | |
216 | the configuration scripts. | |
217 | ||
218 | NOTE: shared library support is still an experimental thing, and | |
219 | backward binary compatibility is still not guaranteed. | |
220 | ["Maciej W. Rozycki" <macro@ds2.pg.gda.pl> and Richard Levitte] | |
221 | ||
85fb12d5 | 222 | *) Add support for Subject Information Access extension. |
7d5b04db DSH |
223 | [Peter Sylvester <Peter.Sylvester@EdelWeb.fr>] |
224 | ||
85fb12d5 | 225 | *) Make BUF_MEM_grow() behaviour more consistent: Initialise to zero |
48b0cf8b BM |
226 | additional bytes when new memory had to be allocated, not just |
227 | when reusing an existing buffer. | |
228 | [Bodo Moeller] | |
229 | ||
85fb12d5 | 230 | *) New command line and configuration option 'utf8' for the req command. |
1fc6d41b DSH |
231 | This allows field values to be specified as UTF8 strings. |
232 | [Steve Henson] | |
233 | ||
85fb12d5 | 234 | *) Add -multi and -mr options to "openssl speed" - giving multiple parallel |
0e211563 BL |
235 | runs for the former and machine-readable output for the latter. |
236 | [Ben Laurie] | |
237 | ||
85fb12d5 | 238 | *) Add '-noemailDN' option to 'openssl ca'. This prevents inclusion |
89da653f BM |
239 | of the e-mail address in the DN (i.e., it will go into a certificate |
240 | extension only). The new configuration file option 'email_in_dn = no' | |
241 | has the same effect. | |
242 | [Massimiliano Pala madwolf@openca.org] | |
243 | ||
85fb12d5 | 244 | *) Change all functions with names starting with des_ to be starting |
12852213 | 245 | with DES_ instead. Add wrappers that are compatible with libdes, |
2d57b73a | 246 | but are named _ossl_old_des_*. Finally, add macros that map the |
0d81c69b RL |
247 | des_* symbols to the corresponding _ossl_old_des_* if libdes |
248 | compatibility is desired. If OpenSSL 0.9.6c compatibility is | |
249 | desired, the des_* symbols will be mapped to DES_*, with one | |
250 | exception. | |
12852213 | 251 | |
0d81c69b RL |
252 | Since we provide two compatibility mappings, the user needs to |
253 | define the macro OPENSSL_DES_LIBDES_COMPATIBILITY if libdes | |
254 | compatibility is desired. The default (i.e., when that macro | |
255 | isn't defined) is OpenSSL 0.9.6c compatibility. | |
256 | ||
257 | There are also macros that enable and disable the support of old | |
258 | des functions altogether. Those are OPENSSL_ENABLE_OLD_DES_SUPPORT | |
259 | and OPENSSL_DISABLE_OLD_DES_SUPPORT. If none or both of those | |
260 | are defined, the default will apply: to support the old des routines. | |
261 | ||
262 | In either case, one must include openssl/des.h to get the correct | |
263 | definitions. Do not try to just include openssl/des_old.h, that | |
264 | won't work. | |
c2e4f17c RL |
265 | |
266 | NOTE: This is a major break of an old API into a new one. Software | |
267 | authors are encouraged to switch to the DES_ style functions. Some | |
268 | time in the future, des_old.h and the libdes compatibility functions | |
0d81c69b RL |
269 | will be disable (i.e. OPENSSL_DISABLE_OLD_DES_SUPPORT will be the |
270 | default), and then completely removed. | |
c2e4f17c RL |
271 | [Richard Levitte] |
272 | ||
85fb12d5 | 273 | *) Test for certificates which contain unsupported critical extensions. |
f1558bb4 DSH |
274 | If such a certificate is found during a verify operation it is |
275 | rejected by default: this behaviour can be overridden by either | |
276 | handling the new error X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION or | |
277 | by setting the verify flag X509_V_FLAG_IGNORE_CRITICAL. A new function | |
278 | X509_supported_extension() has also been added which returns 1 if a | |
279 | particular extension is supported. | |
280 | [Steve Henson] | |
281 | ||
85fb12d5 | 282 | *) Modify the behaviour of EVP cipher functions in similar way to digests |
581f1c84 DSH |
283 | to retain compatibility with existing code. |
284 | [Steve Henson] | |
285 | ||
85fb12d5 | 286 | *) Modify the behaviour of EVP_DigestInit() and EVP_DigestFinal() to retain |
50d194af DSH |
287 | compatibility with existing code. In particular the 'ctx' parameter does |
288 | not have to be to be initialized before the call to EVP_DigestInit() and | |
289 | it is tidied up after a call to EVP_DigestFinal(). New function | |
290 | EVP_DigestFinal_ex() which does not tidy up the ctx. Similarly function | |
291 | EVP_MD_CTX_copy() changed to not require the destination to be | |
292 | initialized valid and new function EVP_MD_CTX_copy_ex() added which | |
293 | requires the destination to be valid. | |
294 | ||
295 | Modify all the OpenSSL digest calls to use EVP_DigestInit_ex(), | |
296 | EVP_DigestFinal_ex() and EVP_MD_CTX_copy_ex(). | |
20d2186c DSH |
297 | [Steve Henson] |
298 | ||
85fb12d5 | 299 | *) Change ssl3_get_message (ssl/s3_both.c) and the functions using it |
48948d53 BM |
300 | so that complete 'Handshake' protocol structures are kept in memory |
301 | instead of overwriting 'msg_type' and 'length' with 'body' data. | |
302 | [Bodo Moeller] | |
303 | ||
85fb12d5 | 304 | *) Add an implementation of SSL_add_dir_cert_subjects_to_stack for Win32. |
285046ec RL |
305 | [Massimo Santin via Richard Levitte] |
306 | ||
85fb12d5 | 307 | *) Major restructuring to the underlying ENGINE code. This includes |
07cee702 GT |
308 | reduction of linker bloat, separation of pure "ENGINE" manipulation |
309 | (initialisation, etc) from functionality dealing with implementations | |
310 | of specific crypto iterfaces. This change also introduces integrated | |
311 | support for symmetric ciphers and digest implementations - so ENGINEs | |
312 | can now accelerate these by providing EVP_CIPHER and EVP_MD | |
313 | implementations of their own. This is detailed in crypto/engine/README | |
314 | as it couldn't be adequately described here. However, there are a few | |
315 | API changes worth noting - some RSA, DSA, DH, and RAND functions that | |
316 | were changed in the original introduction of ENGINE code have now | |
317 | reverted back - the hooking from this code to ENGINE is now a good | |
318 | deal more passive and at run-time, operations deal directly with | |
319 | RSA_METHODs, DSA_METHODs (etc) as they did before, rather than | |
320 | dereferencing through an ENGINE pointer any more. Also, the ENGINE | |
321 | functions dealing with BN_MOD_EXP[_CRT] handlers have been removed - | |
322 | they were not being used by the framework as there is no concept of a | |
323 | BIGNUM_METHOD and they could not be generalised to the new | |
324 | 'ENGINE_TABLE' mechanism that underlies the new code. Similarly, | |
325 | ENGINE_cpy() has been removed as it cannot be consistently defined in | |
326 | the new code. | |
327 | [Geoff Thorpe] | |
328 | ||
85fb12d5 | 329 | *) Change ASN1_GENERALIZEDTIME_check() to allow fractional seconds. |
d46c1a81 DSH |
330 | [Steve Henson] |
331 | ||
85fb12d5 | 332 | *) Change mkdef.pl to sort symbols that get the same entry number, |
89eeccac RL |
333 | and make sure the automatically generated functions ERR_load_* |
334 | become part of libeay.num as well. | |
335 | [Richard Levitte] | |
336 | ||
85fb12d5 | 337 | *) New function SSL_renegotiate_pending(). This returns true once |
6b0e9fac BM |
338 | renegotiation has been requested (either SSL_renegotiate() call |
339 | or HelloRequest/ClientHello receveived from the peer) and becomes | |
340 | false once a handshake has been completed. | |
341 | (For servers, SSL_renegotiate() followed by SSL_do_handshake() | |
342 | sends a HelloRequest, but does not ensure that a handshake takes | |
343 | place. SSL_renegotiate_pending() is useful for checking if the | |
344 | client has followed the request.) | |
345 | [Bodo Moeller] | |
346 | ||
85fb12d5 | 347 | *) New SSL option SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION. |
6b0e9fac BM |
348 | By default, clients may request session resumption even during |
349 | renegotiation (if session ID contexts permit); with this option, | |
350 | session resumption is possible only in the first handshake. | |
351 | [Bodo Moeller] | |
352 | ||
85fb12d5 | 353 | *) Add some demos for certificate and certificate request creation. |
96bd6f73 DSH |
354 | [Steve Henson] |
355 | ||
85fb12d5 | 356 | *) Make maximum certificate chain size accepted from the peer application |
c0f5dd07 LJ |
357 | settable (SSL*_get/set_max_cert_list()), as proposed by |
358 | "Douglas E. Engert" <deengert@anl.gov>. | |
359 | [Lutz Jaenicke] | |
360 | ||
85fb12d5 | 361 | *) Add support for shared libraries for Unixware-7 |
b26ca340 | 362 | (Boyd Lynn Gerber <gerberb@zenez.com>). |
6c36f7a9 LJ |
363 | [Lutz Jaenicke] |
364 | ||
85fb12d5 | 365 | *) Add a "destroy" handler to ENGINEs that allows structural cleanup to |
908efd3b GT |
366 | be done prior to destruction. Use this to unload error strings from |
367 | ENGINEs that load their own error strings. NB: This adds two new API | |
368 | functions to "get" and "set" this destroy handler in an ENGINE. | |
a9ed4da8 | 369 | [Geoff Thorpe] |
908efd3b | 370 | |
85fb12d5 | 371 | *) Alter all existing ENGINE implementations (except "openssl" and |
541814c4 GT |
372 | "openbsd") to dynamically instantiate their own error strings. This |
373 | makes them more flexible to be built both as statically-linked ENGINEs | |
374 | and self-contained shared-libraries loadable via the "dynamic" ENGINE. | |
375 | Also, add stub code to each that makes building them as self-contained | |
376 | shared-libraries easier (see README.ENGINE). | |
377 | [Geoff Thorpe] | |
378 | ||
85fb12d5 | 379 | *) Add a "dynamic" ENGINE that provides a mechanism for binding ENGINE |
541814c4 GT |
380 | implementations into applications that are completely implemented in |
381 | self-contained shared-libraries. The "dynamic" ENGINE exposes control | |
382 | commands that can be used to configure what shared-library to load and | |
383 | to control aspects of the way it is handled. Also, made an update to | |
384 | the README.ENGINE file that brings its information up-to-date and | |
385 | provides some information and instructions on the "dynamic" ENGINE | |
386 | (ie. how to use it, how to build "dynamic"-loadable ENGINEs, etc). | |
387 | [Geoff Thorpe] | |
388 | ||
85fb12d5 | 389 | *) Make it possible to unload ranges of ERR strings with a new |
5b166395 GT |
390 | "ERR_unload_strings" function. |
391 | [Geoff Thorpe] | |
392 | ||
85fb12d5 | 393 | *) Add a copy() function to EVP_MD. |
26188931 BL |
394 | [Ben Laurie] |
395 | ||
85fb12d5 | 396 | *) Make EVP_MD routines take a context pointer instead of just the |
e3fefbfd | 397 | md_data void pointer. |
26188931 BL |
398 | [Ben Laurie] |
399 | ||
85fb12d5 | 400 | *) Add flags to EVP_MD and EVP_MD_CTX. EVP_MD_FLAG_ONESHOT indicates |
26188931 BL |
401 | that the digest can only process a single chunk of data |
402 | (typically because it is provided by a piece of | |
403 | hardware). EVP_MD_CTX_FLAG_ONESHOT indicates that the application | |
404 | is only going to provide a single chunk of data, and hence the | |
405 | framework needn't accumulate the data for oneshot drivers. | |
406 | [Ben Laurie] | |
407 | ||
85fb12d5 | 408 | *) As with "ERR", make it possible to replace the underlying "ex_data" |
36026dfc GT |
409 | functions. This change also alters the storage and management of global |
410 | ex_data state - it's now all inside ex_data.c and all "class" code (eg. | |
411 | RSA, BIO, SSL_CTX, etc) no longer stores its own STACKS and per-class | |
412 | index counters. The API functions that use this state have been changed | |
413 | to take a "class_index" rather than pointers to the class's local STACK | |
414 | and counter, and there is now an API function to dynamically create new | |
415 | classes. This centralisation allows us to (a) plug a lot of the | |
416 | thread-safety problems that existed, and (b) makes it possible to clean | |
417 | up all allocated state using "CRYPTO_cleanup_all_ex_data()". W.r.t. (b) | |
418 | such data would previously have always leaked in application code and | |
419 | workarounds were in place to make the memory debugging turn a blind eye | |
420 | to it. Application code that doesn't use this new function will still | |
421 | leak as before, but their memory debugging output will announce it now | |
422 | rather than letting it slide. | |
6ee2a136 BM |
423 | |
424 | Besides the addition of CRYPTO_cleanup_all_ex_data(), another API change | |
425 | induced by the "ex_data" overhaul is that X509_STORE_CTX_init() now | |
426 | has a return value to indicate success or failure. | |
36026dfc GT |
427 | [Geoff Thorpe] |
428 | ||
85fb12d5 | 429 | *) Make it possible to replace the underlying "ERR" functions such that the |
0783bf15 GT |
430 | global state (2 LHASH tables and 2 locks) is only used by the "default" |
431 | implementation. This change also adds two functions to "get" and "set" | |
432 | the implementation prior to it being automatically set the first time | |
433 | any other ERR function takes place. Ie. an application can call "get", | |
434 | pass the return value to a module it has just loaded, and that module | |
435 | can call its own "set" function using that value. This means the | |
436 | module's "ERR" operations will use (and modify) the error state in the | |
437 | application and not in its own statically linked copy of OpenSSL code. | |
438 | [Geoff Thorpe] | |
439 | ||
85fb12d5 | 440 | *) Give DH, DSA, and RSA types their own "**_up_ref()" function to increment |
eb6dc02b GT |
441 | reference counts. This performs normal REF_PRINT/REF_CHECK macros on |
442 | the operation, and provides a more encapsulated way for external code | |
443 | (crypto/evp/ and ssl/) to do this. Also changed the evp and ssl code | |
444 | to use these functions rather than manually incrementing the counts. | |
3cad81f6 BM |
445 | |
446 | Also rename "DSO_up()" function to more descriptive "DSO_up_ref()". | |
eb6dc02b GT |
447 | [Geoff Thorpe] |
448 | ||
85fb12d5 | 449 | *) Add EVP test program. |
0e360199 BL |
450 | [Ben Laurie] |
451 | ||
85fb12d5 | 452 | *) Add symmetric cipher support to ENGINE. Expect the API to change! |
354c3ace BL |
453 | [Ben Laurie] |
454 | ||
85fb12d5 | 455 | *) New CRL functions: X509_CRL_set_version(), X509_CRL_set_issuer_name() |
35bf3541 DSH |
456 | X509_CRL_set_lastUpdate(), X509_CRL_set_nextUpdate(), X509_CRL_sort(), |
457 | X509_REVOKED_set_serialNumber(), and X509_REVOKED_set_revocationDate(). | |
458 | These allow a CRL to be built without having to access X509_CRL fields | |
459 | directly. Modify 'ca' application to use new functions. | |
460 | [Steve Henson] | |
461 | ||
85fb12d5 | 462 | *) Move SSL_OP_TLS_ROLLBACK_BUG out of the SSL_OP_ALL list of recommended |
06da6e49 | 463 | bug workarounds. Rollback attack detection is a security feature. |
6383bbe5 | 464 | The problem will only arise on OpenSSL servers when TLSv1 is not |
06da6e49 LJ |
465 | available (sslv3_server_method() or SSL_OP_NO_TLSv1). |
466 | Software authors not wanting to support TLSv1 will have special reasons | |
467 | for their choice and can explicitly enable this option. | |
468 | [Bodo Moeller, Lutz Jaenicke] | |
469 | ||
85fb12d5 | 470 | *) Rationalise EVP so it can be extended: don't include a union of |
dbad1690 BL |
471 | cipher/digest structures, add init/cleanup functions. This also reduces |
472 | the number of header dependencies. | |
4f4b1924 BM |
473 | Usage example: |
474 | ||
475 | EVP_MD_CTX md; | |
476 | ||
477 | EVP_MD_CTX_init(&md); /* new function call */ | |
478 | EVP_DigestInit(&md, EVP_sha1()); | |
479 | EVP_DigestUpdate(&md, in, len); | |
480 | EVP_DigestFinal(&md, out, NULL); | |
481 | EVP_MD_CTX_cleanup(&md); /* new function call */ | |
482 | ||
dbad1690 BL |
483 | [Ben Laurie] |
484 | ||
85fb12d5 | 485 | *) Make DES key schedule conform to the usual scheme, as well as |
8408f4fb BL |
486 | correcting its structure. This means that calls to DES functions |
487 | now have to pass a pointer to a des_key_schedule instead of a | |
488 | plain des_key_schedule (which was actually always a pointer | |
4f4b1924 BM |
489 | anyway): E.g., |
490 | ||
491 | des_key_schedule ks; | |
492 | ||
493 | des_set_key_checked(..., &ks); | |
494 | des_ncbc_encrypt(..., &ks, ...); | |
495 | ||
496 | (Note that a later change renames 'des_...' into 'DES_...'.) | |
dbad1690 BL |
497 | [Ben Laurie] |
498 | ||
85fb12d5 | 499 | *) Initial reduction of linker bloat: the use of some functions, such as |
19da1300 DSH |
500 | PEM causes large amounts of unused functions to be linked in due to |
501 | poor organisation. For example pem_all.c contains every PEM function | |
502 | which has a knock on effect of linking in large amounts of (unused) | |
503 | ASN1 code. Grouping together similar functions and splitting unrelated | |
504 | functions prevents this. | |
505 | [Steve Henson] | |
506 | ||
85fb12d5 | 507 | *) Cleanup of EVP macros. |
381a146d | 508 | [Ben Laurie] |
6aecef81 | 509 | |
85fb12d5 | 510 | *) Change historical references to {NID,SN,LN}_des_ede and ede3 to add the |
381a146d LJ |
511 | correct _ecb suffix. |
512 | [Ben Laurie] | |
c518ade1 | 513 | |
85fb12d5 | 514 | *) Add initial OCSP responder support to ocsp application. The |
ee306a13 DSH |
515 | revocation information is handled using the text based index |
516 | use by the ca application. The responder can either handle | |
517 | requests generated internally, supplied in files (for example | |
518 | via a CGI script) or using an internal minimal server. | |
519 | [Steve Henson] | |
520 | ||
85fb12d5 | 521 | *) Add configuration choices to get zlib compression for TLS. |
e452de9d RL |
522 | [Richard Levitte] |
523 | ||
85fb12d5 | 524 | *) Changes to Kerberos SSL for RFC 2712 compliance: |
0665dd68 RL |
525 | 1. Implemented real KerberosWrapper, instead of just using |
526 | KRB5 AP_REQ message. [Thanks to Simon Wilkinson <sxw@sxw.org.uk>] | |
527 | 2. Implemented optional authenticator field of KerberosWrapper. | |
528 | ||
529 | Added openssl-style ASN.1 macros for Kerberos ticket, ap_req, | |
530 | and authenticator structs; see crypto/krb5/. | |
531 | ||
532 | Generalized Kerberos calls to support multiple Kerberos libraries. | |
533 | [Vern Staats <staatsvr@asc.hpc.mil>, | |
534 | Jeffrey Altman <jaltman@columbia.edu> | |
535 | via Richard Levitte] | |
536 | ||
85fb12d5 | 537 | *) Cause 'openssl speed' to use fully hard-coded DSA keys as it |
af436bc1 GT |
538 | already does with RSA. testdsa.h now has 'priv_key/pub_key' |
539 | values for each of the key sizes rather than having just | |
540 | parameters (and 'speed' generating keys each time). | |
541 | [Geoff Thorpe] | |
542 | ||
85fb12d5 | 543 | *) Speed up EVP routines. |
f31b1250 BL |
544 | Before: |
545 | encrypt | |
546 | type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes | |
547 | des-cbc 4408.85k 5560.51k 5778.46k 5862.20k 5825.16k | |
548 | des-cbc 4389.55k 5571.17k 5792.23k 5846.91k 5832.11k | |
549 | des-cbc 4394.32k 5575.92k 5807.44k 5848.37k 5841.30k | |
550 | decrypt | |
551 | des-cbc 3482.66k 5069.49k 5496.39k 5614.16k 5639.28k | |
552 | des-cbc 3480.74k 5068.76k 5510.34k 5609.87k 5635.52k | |
553 | des-cbc 3483.72k 5067.62k 5504.60k 5708.01k 5724.80k | |
554 | After: | |
555 | encrypt | |
c148d709 | 556 | des-cbc 4660.16k 5650.19k 5807.19k 5827.13k 5783.32k |
f31b1250 | 557 | decrypt |
c148d709 | 558 | des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k |
f31b1250 BL |
559 | [Ben Laurie] |
560 | ||
85fb12d5 | 561 | *) Added the OS2-EMX target. |
c80410c5 RL |
562 | ["Brian Havard" <brianh@kheldar.apana.org.au> and Richard Levitte] |
563 | ||
85fb12d5 | 564 | *) Rewrite apps to use NCONF routines instead of the old CONF. New functions |
b7a26e6d DSH |
565 | to support NCONF routines in extension code. New function CONF_set_nconf() |
566 | to allow functions which take an NCONF to also handle the old LHASH | |
567 | structure: this means that the old CONF compatible routines can be | |
568 | retained (in particular wrt extensions) without having to duplicate the | |
569 | code. New function X509V3_add_ext_nconf_sk to add extensions to a stack. | |
570 | [Steve Henson] | |
571 | ||
85fb12d5 | 572 | *) Enhance the general user interface with mechanisms for inner control |
e3fefbfd | 573 | and with possibilities to have yes/no kind of prompts. |
235dd0a2 RL |
574 | [Richard Levitte] |
575 | ||
85fb12d5 | 576 | *) Change all calls to low level digest routines in the library and |
323f289c DSH |
577 | applications to use EVP. Add missing calls to HMAC_cleanup() and |
578 | don't assume HMAC_CTX can be copied using memcpy(). | |
579 | [Verdon Walker <VWalker@novell.com>, Steve Henson] | |
580 | ||
85fb12d5 | 581 | *) Add the possibility to control engines through control names but with |
839590f5 RL |
582 | arbitrary arguments instead of just a string. |
583 | Change the key loaders to take a UI_METHOD instead of a callback | |
584 | function pointer. NOTE: this breaks binary compatibility with earlier | |
585 | versions of OpenSSL [engine]. | |
e3fefbfd | 586 | Adapt the nCipher code for these new conditions and add a card insertion |
839590f5 RL |
587 | callback. |
588 | [Richard Levitte] | |
589 | ||
85fb12d5 | 590 | *) Enhance the general user interface with mechanisms to better support |
9ad0f681 RL |
591 | dialog box interfaces, application-defined prompts, the possibility |
592 | to use defaults (for example default passwords from somewhere else) | |
e3fefbfd | 593 | and interrupts/cancellations. |
9ad0f681 RL |
594 | [Richard Levitte] |
595 | ||
85fb12d5 | 596 | *) Tidy up PKCS#12 attribute handling. Add support for the CSP name |
f2a253e0 DSH |
597 | attribute in PKCS#12 files, add new -CSP option to pkcs12 utility. |
598 | [Steve Henson] | |
599 | ||
85fb12d5 | 600 | *) Fix a memory leak in 'sk_dup()' in the case reallocation fails. (Also |
e3fefbfd | 601 | tidy up some unnecessarily weird code in 'sk_new()'). |
d918f851 GT |
602 | [Geoff, reported by Diego Tartara <dtartara@novamens.com>] |
603 | ||
85fb12d5 | 604 | *) Change the key loading routines for ENGINEs to use the same kind |
79bb8d00 RL |
605 | callback (pem_password_cb) as all other routines that need this |
606 | kind of callback. | |
607 | [Richard Levitte] | |
608 | ||
85fb12d5 | 609 | *) Increase ENTROPY_NEEDED to 32 bytes, as Rijndael can operate with |
e8734731 LJ |
610 | 256 bit (=32 byte) keys. Of course seeding with more entropy bytes |
611 | than this minimum value is recommended. | |
7e978372 | 612 | [Lutz Jaenicke] |
4831e626 | 613 | |
85fb12d5 | 614 | *) New random seeder for OpenVMS, using the system process statistics |
496da8b9 RL |
615 | that are easily reachable. |
616 | [Richard Levitte] | |
617 | ||
85fb12d5 | 618 | *) Windows apparently can't transparently handle global |
4831e626 DSH |
619 | variables defined in DLLs. Initialisations such as: |
620 | ||
621 | const ASN1_ITEM *it = &ASN1_INTEGER_it; | |
622 | ||
623 | wont compile. This is used by the any applications that need to | |
e3fefbfd | 624 | declare their own ASN1 modules. This was fixed by adding the option |
4831e626 DSH |
625 | EXPORT_VAR_AS_FN to all Win32 platforms, although this isn't strictly |
626 | needed for static libraries under Win32. | |
627 | [Steve Henson] | |
628 | ||
85fb12d5 | 629 | *) New functions X509_PURPOSE_set() and X509_TRUST_set() to handle |
926a56bf DSH |
630 | setting of purpose and trust fields. New X509_STORE trust and |
631 | purpose functions and tidy up setting in other SSL functions. | |
632 | [Steve Henson] | |
633 | ||
85fb12d5 | 634 | *) Add copies of X509_STORE_CTX fields and callbacks to X509_STORE |
bdee69f7 DSH |
635 | structure. These are inherited by X509_STORE_CTX when it is |
636 | initialised. This allows various defaults to be set in the | |
637 | X509_STORE structure (such as flags for CRL checking and custom | |
638 | purpose or trust settings) for functions which only use X509_STORE_CTX | |
639 | internally such as S/MIME. | |
640 | ||
641 | Modify X509_STORE_CTX_purpose_inherit() so it only sets purposes and | |
642 | trust settings if they are not set in X509_STORE. This allows X509_STORE | |
643 | purposes and trust (in S/MIME for example) to override any set by default. | |
644 | ||
645 | Add command line options for CRL checking to smime, s_client and s_server | |
646 | applications. | |
647 | [Steve Henson] | |
648 | ||
85fb12d5 | 649 | *) Initial CRL based revocation checking. If the CRL checking flag(s) |
b545dc67 DSH |
650 | are set then the CRL is looked up in the X509_STORE structure and |
651 | its validity and signature checked, then if the certificate is found | |
652 | in the CRL the verify fails with a revoked error. | |
653 | ||
654 | Various new CRL related callbacks added to X509_STORE_CTX structure. | |
655 | ||
656 | Command line options added to 'verify' application to support this. | |
657 | ||
658 | This needs some additional work, such as being able to handle multiple | |
659 | CRLs with different times, extension based lookup (rather than just | |
660 | by subject name) and ultimately more complete V2 CRL extension | |
661 | handling. | |
662 | [Steve Henson] | |
663 | ||
85fb12d5 | 664 | *) Add a general user interface API (crypto/ui/). This is designed |
8a774dc9 BM |
665 | to replace things like des_read_password and friends (backward |
666 | compatibility functions using this new API are provided). | |
667 | The purpose is to remove prompting functions from the DES code | |
668 | section as well as provide for prompting through dialog boxes in | |
669 | a window system and the like. | |
a63d5eaa RL |
670 | [Richard Levitte] |
671 | ||
85fb12d5 | 672 | *) Add "ex_data" support to ENGINE so implementations can add state at a |
e5a77633 GT |
673 | per-structure level rather than having to store it globally. |
674 | [Geoff] | |
675 | ||
85fb12d5 | 676 | *) Make it possible for ENGINE structures to be copied when retrieved by |
e5a77633 GT |
677 | ENGINE_by_id() if the ENGINE specifies a new flag: ENGINE_FLAGS_BY_ID_COPY. |
678 | This causes the "original" ENGINE structure to act like a template, | |
679 | analogous to the RSA vs. RSA_METHOD type of separation. Because of this | |
680 | operational state can be localised to each ENGINE structure, despite the | |
681 | fact they all share the same "methods". New ENGINE structures returned in | |
682 | this case have no functional references and the return value is the single | |
683 | structural reference. This matches the single structural reference returned | |
684 | by ENGINE_by_id() normally, when it is incremented on the pre-existing | |
685 | ENGINE structure. | |
686 | [Geoff] | |
687 | ||
85fb12d5 | 688 | *) Fix ASN1 decoder when decoding type ANY and V_ASN1_OTHER: since this |
c962479b DSH |
689 | needs to match any other type at all we need to manually clear the |
690 | tag cache. | |
691 | [Steve Henson] | |
692 | ||
85fb12d5 | 693 | *) Changes to the "openssl engine" utility to include; |
2a8a10ed GT |
694 | - verbosity levels ('-v', '-vv', and '-vvv') that provide information |
695 | about an ENGINE's available control commands. | |
696 | - executing control commands from command line arguments using the | |
697 | '-pre' and '-post' switches. '-post' is only used if '-t' is | |
698 | specified and the ENGINE is successfully initialised. The syntax for | |
699 | the individual commands are colon-separated, for example; | |
700 | openssl engine chil -pre FORK_CHECK:0 -pre SO_PATH:/lib/test.so | |
701 | [Geoff] | |
702 | ||
85fb12d5 | 703 | *) New dynamic control command support for ENGINEs. ENGINEs can now |
2a8a10ed GT |
704 | declare their own commands (numbers), names (strings), descriptions, |
705 | and input types for run-time discovery by calling applications. A | |
706 | subset of these commands are implicitly classed as "executable" | |
707 | depending on their input type, and only these can be invoked through | |
708 | the new string-based API function ENGINE_ctrl_cmd_string(). (Eg. this | |
709 | can be based on user input, config files, etc). The distinction is | |
710 | that "executable" commands cannot return anything other than a boolean | |
711 | result and can only support numeric or string input, whereas some | |
712 | discoverable commands may only be for direct use through | |
713 | ENGINE_ctrl(), eg. supporting the exchange of binary data, function | |
714 | pointers, or other custom uses. The "executable" commands are to | |
715 | support parameterisations of ENGINE behaviour that can be | |
716 | unambiguously defined by ENGINEs and used consistently across any | |
717 | OpenSSL-based application. Commands have been added to all the | |
718 | existing hardware-supporting ENGINEs, noticeably "SO_PATH" to allow | |
719 | control over shared-library paths without source code alterations. | |
720 | [Geoff] | |
721 | ||
85fb12d5 | 722 | *) Changed all ENGINE implementations to dynamically allocate their |
2a8a10ed GT |
723 | ENGINEs rather than declaring them statically. Apart from this being |
724 | necessary with the removal of the ENGINE_FLAGS_MALLOCED distinction, | |
725 | this also allows the implementations to compile without using the | |
726 | internal engine_int.h header. | |
727 | [Geoff] | |
728 | ||
85fb12d5 | 729 | *) Minor adjustment to "rand" code. RAND_get_rand_method() now returns a |
4d6115a5 GT |
730 | 'const' value. Any code that should be able to modify a RAND_METHOD |
731 | should already have non-const pointers to it (ie. they should only | |
732 | modify their own ones). | |
733 | [Geoff] | |
734 | ||
85fb12d5 | 735 | *) Made a variety of little tweaks to the ENGINE code. |
4d6115a5 GT |
736 | - "atalla" and "ubsec" string definitions were moved from header files |
737 | to C code. "nuron" string definitions were placed in variables | |
738 | rather than hard-coded - allowing parameterisation of these values | |
739 | later on via ctrl() commands. | |
740 | - Removed unused "#if 0"'d code. | |
741 | - Fixed engine list iteration code so it uses ENGINE_free() to release | |
742 | structural references. | |
743 | - Constified the RAND_METHOD element of ENGINE structures. | |
744 | - Constified various get/set functions as appropriate and added | |
745 | missing functions (including a catch-all ENGINE_cpy that duplicates | |
746 | all ENGINE values onto a new ENGINE except reference counts/state). | |
747 | - Removed NULL parameter checks in get/set functions. Setting a method | |
e13ae96d | 748 | or function to NULL is a way of cancelling out a previously set |
4d6115a5 GT |
749 | value. Passing a NULL ENGINE parameter is just plain stupid anyway |
750 | and doesn't justify the extra error symbols and code. | |
751 | - Deprecate the ENGINE_FLAGS_MALLOCED define and move the area for | |
752 | flags from engine_int.h to engine.h. | |
753 | - Changed prototypes for ENGINE handler functions (init(), finish(), | |
754 | ctrl(), key-load functions, etc) to take an (ENGINE*) parameter. | |
755 | [Geoff] | |
756 | ||
85fb12d5 | 757 | *) Implement binary inversion algorithm for BN_mod_inverse in addition |
e3fefbfd | 758 | to the algorithm using long division. The binary algorithm can be |
1f224bf0 BM |
759 | used only if the modulus is odd. On 32-bit systems, it is faster |
760 | only for relatively small moduli (roughly 20-30% for 128-bit moduli, | |
761 | roughly 5-15% for 256-bit moduli), so we use it only for moduli | |
762 | up to 450 bits. In 64-bit environments, the binary algorithm | |
763 | appears to be advantageous for much longer moduli; here we use it | |
764 | for moduli up to 2048 bits. | |
7d0d0996 BM |
765 | [Bodo Moeller] |
766 | ||
85fb12d5 | 767 | *) Rewrite CHOICE field setting in ASN1_item_ex_d2i(). The old code |
722ca278 DSH |
768 | could not support the combine flag in choice fields. |
769 | [Steve Henson] | |
770 | ||
85fb12d5 | 771 | *) Add a 'copy_extensions' option to the 'ca' utility. This copies |
791bd0cd DSH |
772 | extensions from a certificate request to the certificate. |
773 | [Steve Henson] | |
774 | ||
85fb12d5 | 775 | *) Allow multiple 'certopt' and 'nameopt' options to be separated |
535d79da DSH |
776 | by commas. Add 'namopt' and 'certopt' options to the 'ca' config |
777 | file: this allows the display of the certificate about to be | |
778 | signed to be customised, to allow certain fields to be included | |
779 | or excluded and extension details. The old system didn't display | |
780 | multicharacter strings properly, omitted fields not in the policy | |
781 | and couldn't display additional details such as extensions. | |
782 | [Steve Henson] | |
783 | ||
85fb12d5 | 784 | *) Function EC_POINTs_mul for multiple scalar multiplication |
3ba1f111 BM |
785 | of an arbitrary number of elliptic curve points |
786 | \sum scalars[i]*points[i], | |
787 | optionally including the generator defined for the EC_GROUP: | |
788 | scalar*generator + \sum scalars[i]*points[i]. | |
789 | ||
38374911 BM |
790 | EC_POINT_mul is a simple wrapper function for the typical case |
791 | that the point list has just one item (besides the optional | |
792 | generator). | |
48fe4d62 BM |
793 | [Bodo Moeller] |
794 | ||
85fb12d5 | 795 | *) First EC_METHODs for curves over GF(p): |
48fe4d62 BM |
796 | |
797 | EC_GFp_simple_method() uses the basic BN_mod_mul and BN_mod_sqr | |
798 | operations and provides various method functions that can also | |
799 | operate with faster implementations of modular arithmetic. | |
800 | ||
801 | EC_GFp_mont_method() reuses most functions that are part of | |
802 | EC_GFp_simple_method, but uses Montgomery arithmetic. | |
803 | ||
804 | [Bodo Moeller; point addition and point doubling | |
805 | implementation directly derived from source code provided by | |
806 | Lenka Fibikova <fibikova@exp-math.uni-essen.de>] | |
807 | ||
85fb12d5 | 808 | *) Framework for elliptic curves (crypto/ec/ec.h, crypto/ec/ec_lcl.h, |
48fe4d62 BM |
809 | crypto/ec/ec_lib.c): |
810 | ||
6f8f4431 BM |
811 | Curves are EC_GROUP objects (with an optional group generator) |
812 | based on EC_METHODs that are built into the library. | |
48fe4d62 BM |
813 | |
814 | Points are EC_POINT objects based on EC_GROUP objects. | |
815 | ||
816 | Most of the framework would be able to handle curves over arbitrary | |
6f8f4431 BM |
817 | finite fields, but as there are no obvious types for fields other |
818 | than GF(p), some functions are limited to that for now. | |
48fe4d62 BM |
819 | [Bodo Moeller] |
820 | ||
85fb12d5 | 821 | *) Add the -HTTP option to s_server. It is similar to -WWW, but requires |
251cb4cf RL |
822 | that the file contains a complete HTTP response. |
823 | [Richard Levitte] | |
824 | ||
85fb12d5 | 825 | *) Add the ec directory to mkdef.pl and mkfiles.pl. In mkdef.pl |
b4f682d3 DSH |
826 | change the def and num file printf format specifier from "%-40sXXX" |
827 | to "%-39s XXX". The latter will always guarantee a space after the | |
828 | field while the former will cause them to run together if the field | |
829 | is 40 of more characters long. | |
830 | [Steve Henson] | |
831 | ||
85fb12d5 | 832 | *) Constify the cipher and digest 'method' functions and structures |
13588350 DSH |
833 | and modify related functions to take constant EVP_MD and EVP_CIPHER |
834 | pointers. | |
835 | [Steve Henson] | |
836 | ||
85fb12d5 | 837 | *) Hide BN_CTX structure details in bn_lcl.h instead of publishing them |
48fe4d62 | 838 | in <openssl/bn.h>. Also further increase BN_CTX_NUM to 32. |
c62b26fd BM |
839 | [Bodo Moeller] |
840 | ||
85fb12d5 | 841 | *) Modify EVP_Digest*() routines so they now return values. Although the |
2dc769a1 DSH |
842 | internal software routines can never fail additional hardware versions |
843 | might. | |
844 | [Steve Henson] | |
845 | ||
85fb12d5 | 846 | *) Clean up crypto/err/err.h and change some error codes to avoid conflicts: |
5277d7cb BM |
847 | |
848 | Previously ERR_R_FATAL was too small and coincided with ERR_LIB_PKCS7 | |
849 | (= ERR_R_PKCS7_LIB); it is now 64 instead of 32. | |
850 | ||
851 | ASN1 error codes | |
852 | ERR_R_NESTED_ASN1_ERROR | |
853 | ... | |
854 | ERR_R_MISSING_ASN1_EOS | |
855 | were 4 .. 9, conflicting with | |
856 | ERR_LIB_RSA (= ERR_R_RSA_LIB) | |
857 | ... | |
858 | ERR_LIB_PEM (= ERR_R_PEM_LIB). | |
859 | They are now 58 .. 63 (i.e., just below ERR_R_FATAL). | |
860 | ||
861 | Add new error code 'ERR_R_INTERNAL_ERROR'. | |
862 | [Bodo Moeller] | |
863 | ||
85fb12d5 | 864 | *) Don't overuse locks in crypto/err/err.c: For data retrieval, CRYPTO_r_lock |
5277d7cb BM |
865 | suffices. |
866 | [Bodo Moeller] | |
867 | ||
85fb12d5 | 868 | *) New option '-subj arg' for 'openssl req' and 'openssl ca'. This |
bad40585 BM |
869 | sets the subject name for a new request or supersedes the |
870 | subject name in a given request. Formats that can be parsed are | |
871 | 'CN=Some Name, OU=myOU, C=IT' | |
872 | and | |
873 | 'CN=Some Name/OU=myOU/C=IT'. | |
874 | ||
875 | Add options '-batch' and '-verbose' to 'openssl req'. | |
876 | [Massimiliano Pala <madwolf@hackmasters.net>] | |
877 | ||
85fb12d5 | 878 | *) Introduce the possibility to access global variables through |
62dc5aad RL |
879 | functions on platform were that's the best way to handle exporting |
880 | global variables in shared libraries. To enable this functionality, | |
881 | one must configure with "EXPORT_VAR_AS_FN" or defined the C macro | |
882 | "OPENSSL_EXPORT_VAR_AS_FUNCTION" in crypto/opensslconf.h (the latter | |
883 | is normally done by Configure or something similar). | |
884 | ||
885 | To implement a global variable, use the macro OPENSSL_IMPLEMENT_GLOBAL | |
886 | in the source file (foo.c) like this: | |
887 | ||
888 | OPENSSL_IMPLEMENT_GLOBAL(int,foo)=1; | |
889 | OPENSSL_IMPLEMENT_GLOBAL(double,bar); | |
890 | ||
891 | To declare a global variable, use the macros OPENSSL_DECLARE_GLOBAL | |
892 | and OPENSSL_GLOBAL_REF in the header file (foo.h) like this: | |
893 | ||
894 | OPENSSL_DECLARE_GLOBAL(int,foo); | |
895 | #define foo OPENSSL_GLOBAL_REF(foo) | |
896 | OPENSSL_DECLARE_GLOBAL(double,bar); | |
897 | #define bar OPENSSL_GLOBAL_REF(bar) | |
898 | ||
899 | The #defines are very important, and therefore so is including the | |
e3fefbfd | 900 | header file everywhere where the defined globals are used. |
62dc5aad RL |
901 | |
902 | The macro OPENSSL_EXPORT_VAR_AS_FUNCTION also affects the definition | |
e3fefbfd | 903 | of ASN.1 items, but that structure is a bit different. |
62dc5aad RL |
904 | |
905 | The largest change is in util/mkdef.pl which has been enhanced with | |
906 | better and easier to understand logic to choose which symbols should | |
907 | go into the Windows .def files as well as a number of fixes and code | |
908 | cleanup (among others, algorithm keywords are now sorted | |
909 | lexicographically to avoid constant rewrites). | |
910 | [Richard Levitte] | |
911 | ||
85fb12d5 | 912 | *) In BN_div() keep a copy of the sign of 'num' before writing the |
3d2e469c DSH |
913 | result to 'rm' because if rm==num the value will be overwritten |
914 | and produce the wrong result if 'num' is negative: this caused | |
915 | problems with BN_mod() and BN_nnmod(). | |
916 | [Steve Henson] | |
917 | ||
85fb12d5 | 918 | *) Function OCSP_request_verify(). This checks the signature on an |
fafc7f98 DSH |
919 | OCSP request and verifies the signer certificate. The signer |
920 | certificate is just checked for a generic purpose and OCSP request | |
921 | trust settings. | |
922 | [Steve Henson] | |
923 | ||
85fb12d5 | 924 | *) Add OCSP_check_validity() function to check the validity of OCSP |
f1965221 DSH |
925 | responses. OCSP responses are prepared in real time and may only |
926 | be a few seconds old. Simply checking that the current time lies | |
927 | between thisUpdate and nextUpdate max reject otherwise valid responses | |
e3fefbfd | 928 | caused by either OCSP responder or client clock inaccuracy. Instead |
f1965221 DSH |
929 | we allow thisUpdate and nextUpdate to fall within a certain period of |
930 | the current time. The age of the response can also optionally be | |
931 | checked. Two new options -validity_period and -status_age added to | |
932 | ocsp utility. | |
933 | [Steve Henson] | |
934 | ||
85fb12d5 | 935 | *) If signature or public key algorithm is unrecognized print out its |
e3fefbfd | 936 | OID rather that just UNKNOWN. |
4ff18c8c DSH |
937 | [Steve Henson] |
938 | ||
85fb12d5 | 939 | *) Change OCSP_cert_to_id() to tolerate a NULL subject certificate and |
d7c06e9e DSH |
940 | OCSP_cert_id_new() a NULL serialNumber. This allows a partial certificate |
941 | ID to be generated from the issuer certificate alone which can then be | |
942 | passed to OCSP_id_issuer_cmp(). | |
943 | [Steve Henson] | |
944 | ||
85fb12d5 | 945 | *) New compilation option ASN1_ITEM_FUNCTIONS. This causes the new |
386828d0 DSH |
946 | ASN1 modules to export functions returning ASN1_ITEM pointers |
947 | instead of the ASN1_ITEM structures themselves. This adds several | |
948 | new macros which allow the underlying ASN1 function/structure to | |
949 | be accessed transparently. As a result code should not use ASN1_ITEM | |
950 | references directly (such as &X509_it) but instead use the relevant | |
951 | macros (such as ASN1_ITEM_rptr(X509)). This option is to allow | |
952 | use of the new ASN1 code on platforms where exporting structures | |
953 | is problematical (for example in shared libraries) but exporting | |
954 | functions returning pointers to structures is not. | |
955 | [Steve Henson] | |
956 | ||
85fb12d5 | 957 | *) Add support for overriding the generation of SSL/TLS session IDs. |
fa2b8db4 GT |
958 | These callbacks can be registered either in an SSL_CTX or per SSL. |
959 | The purpose of this is to allow applications to control, if they wish, | |
960 | the arbitrary values chosen for use as session IDs, particularly as it | |
961 | can be useful for session caching in multiple-server environments. A | |
962 | command-line switch for testing this (and any client code that wishes | |
963 | to use such a feature) has been added to "s_server". | |
964 | [Geoff Thorpe, Lutz Jaenicke] | |
965 | ||
85fb12d5 | 966 | *) Modify mkdef.pl to recognise and parse preprocessor conditionals |
d399fdf8 RL |
967 | of the form '#if defined(...) || defined(...) || ...' and |
968 | '#if !defined(...) && !defined(...) && ...'. This also avoids | |
969 | the growing number of special cases it was previously handling. | |
970 | [Richard Levitte] | |
971 | ||
85fb12d5 | 972 | *) Make all configuration macros available for application by making |
cf1b7d96 RL |
973 | sure they are available in opensslconf.h, by giving them names starting |
974 | with "OPENSSL_" to avoid conflicts with other packages and by making | |
975 | sure e_os2.h will cover all platform-specific cases together with | |
976 | opensslconf.h. | |
2affbab9 RL |
977 | Additionally, it is now possible to define configuration/platform- |
978 | specific names (called "system identities"). In the C code, these | |
979 | are prefixed with "OPENSSL_SYSNAME_". e_os2.h will create another | |
980 | macro with the name beginning with "OPENSSL_SYS_", which is determined | |
981 | from "OPENSSL_SYSNAME_*" or compiler-specific macros depending on | |
982 | what is available. | |
cf1b7d96 RL |
983 | [Richard Levitte] |
984 | ||
85fb12d5 | 985 | *) New option -set_serial to 'req' and 'x509' this allows the serial |
acba75c5 DSH |
986 | number to use to be specified on the command line. Previously self |
987 | signed certificates were hard coded with serial number 0 and the | |
988 | CA options of 'x509' had to use a serial number in a file which was | |
989 | auto incremented. | |
990 | [Steve Henson] | |
991 | ||
85fb12d5 | 992 | *) New options to 'ca' utility to support V2 CRL entry extensions. |
a6b7ffdd DSH |
993 | Currently CRL reason, invalidity date and hold instruction are |
994 | supported. Add new CRL extensions to V3 code and some new objects. | |
995 | [Steve Henson] | |
996 | ||
85fb12d5 | 997 | *) New function EVP_CIPHER_CTX_set_padding() this is used to |
f2e5ca84 DSH |
998 | disable standard block padding (aka PKCS#5 padding) in the EVP |
999 | API, which was previously mandatory. This means that the data is | |
1000 | not padded in any way and so the total length much be a multiple | |
1001 | of the block size, otherwise an error occurs. | |
1002 | [Steve Henson] | |
1003 | ||
85fb12d5 | 1004 | *) Initial (incomplete) OCSP SSL support. |
cdc7b8cc DSH |
1005 | [Steve Henson] |
1006 | ||
85fb12d5 | 1007 | *) New function OCSP_parse_url(). This splits up a URL into its host, |
67c18019 DSH |
1008 | port and path components: primarily to parse OCSP URLs. New -url |
1009 | option to ocsp utility. | |
1010 | [Steve Henson] | |
1011 | ||
85fb12d5 | 1012 | *) New nonce behavior. The return value of OCSP_check_nonce() now |
46a58ab9 DSH |
1013 | reflects the various checks performed. Applications can decide |
1014 | whether to tolerate certain situations such as an absent nonce | |
1015 | in a response when one was present in a request: the ocsp application | |
1016 | just prints out a warning. New function OCSP_add1_basic_nonce() | |
1017 | this is to allow responders to include a nonce in a response even if | |
1018 | the request is nonce-less. | |
1019 | [Steve Henson] | |
1020 | ||
85fb12d5 | 1021 | *) Disable stdin buffering in load_cert (apps/apps.c) so that no certs are |
620cea37 BM |
1022 | skipped when using openssl x509 multiple times on a single input file, |
1023 | e.g. "(openssl x509 -out cert1; openssl x509 -out cert2) <certs". | |
1024 | [Bodo Moeller] | |
1025 | ||
85fb12d5 | 1026 | *) Make ASN1_UTCTIME_set_string() and ASN1_GENERALIZEDTIME_set_string() |
ccb08f98 DSH |
1027 | set string type: to handle setting ASN1_TIME structures. Fix ca |
1028 | utility to correctly initialize revocation date of CRLs. | |
1029 | [Steve Henson] | |
1030 | ||
85fb12d5 | 1031 | *) New option SSL_OP_CIPHER_SERVER_PREFERENCE allows the server to override |
836f9960 LJ |
1032 | the clients preferred ciphersuites and rather use its own preferences. |
1033 | Should help to work around M$ SGC (Server Gated Cryptography) bug in | |
1034 | Internet Explorer by ensuring unchanged hash method during stepup. | |
b72faddc | 1035 | (Also replaces the broken/deactivated SSL_OP_NON_EXPORT_FIRST option.) |
836f9960 LJ |
1036 | [Lutz Jaenicke] |
1037 | ||
85fb12d5 | 1038 | *) Make mkdef.pl recognise all DECLARE_ASN1 macros, change rijndael |
c47c6196 DSH |
1039 | to aes and add a new 'exist' option to print out symbols that don't |
1040 | appear to exist. | |
1041 | [Steve Henson] | |
1042 | ||
85fb12d5 | 1043 | *) Additional options to ocsp utility to allow flags to be set and |
8c950429 DSH |
1044 | additional certificates supplied. |
1045 | [Steve Henson] | |
1046 | ||
85fb12d5 | 1047 | *) Add the option -VAfile to 'openssl ocsp', so the user can give the |
9235adbf RL |
1048 | OCSP client a number of certificate to only verify the response |
1049 | signature against. | |
1050 | [Richard Levitte] | |
1051 | ||
85fb12d5 | 1052 | *) Update Rijndael code to version 3.0 and change EVP AES ciphers to |
deb2c1a1 DSH |
1053 | handle the new API. Currently only ECB, CBC modes supported. Add new |
1054 | AES OIDs. Add TLS AES ciphersuites as described in the "AES Ciphersuites | |
1055 | for TLS" draft-ietf-tls-ciphersuite-03.txt. | |
1056 | [Ben Laurie, Steve Henson] | |
1057 | ||
85fb12d5 | 1058 | *) New function OCSP_copy_nonce() to copy nonce value (if present) from |
26e083cc DSH |
1059 | request to response. |
1060 | [Steve Henson] | |
1061 | ||
85fb12d5 | 1062 | *) Functions for OCSP responders. OCSP_request_onereq_count(), |
02e4fbed DSH |
1063 | OCSP_request_onereq_get0(), OCSP_onereq_get0_id() and OCSP_id_get0_info() |
1064 | extract information from a certificate request. OCSP_response_create() | |
1065 | creates a response and optionally adds a basic response structure. | |
1066 | OCSP_basic_add1_status() adds a complete single response to a basic | |
e3fefbfd | 1067 | response and returns the OCSP_SINGLERESP structure just added (to allow |
02e4fbed DSH |
1068 | extensions to be included for example). OCSP_basic_add1_cert() adds a |
1069 | certificate to a basic response and OCSP_basic_sign() signs a basic | |
1070 | response with various flags. New helper functions ASN1_TIME_check() | |
1071 | (checks validity of ASN1_TIME structure) and ASN1_TIME_to_generalizedtime() | |
1072 | (converts ASN1_TIME to GeneralizedTime). | |
1073 | [Steve Henson] | |
1074 | ||
85fb12d5 | 1075 | *) Various new functions. EVP_Digest() combines EVP_Digest{Init,Update,Final}() |
88ce56f8 | 1076 | in a single operation. X509_get0_pubkey_bitstr() extracts the public_key |
e3fefbfd | 1077 | structure from a certificate. X509_pubkey_digest() digests the public_key |
88ce56f8 DSH |
1078 | contents: this is used in various key identifiers. |
1079 | [Steve Henson] | |
1080 | ||
85fb12d5 | 1081 | *) Make sk_sort() tolerate a NULL argument. |
b8470240 DSH |
1082 | [Steve Henson reported by Massimiliano Pala <madwolf@comune.modena.it>] |
1083 | ||
85fb12d5 | 1084 | *) New OCSP verify flag OCSP_TRUSTOTHER. When set the "other" certificates |
50d51991 | 1085 | passed by the function are trusted implicitly. If any of them signed the |
e3fefbfd | 1086 | response then it is assumed to be valid and is not verified. |
50d51991 DSH |
1087 | [Steve Henson] |
1088 | ||
85fb12d5 | 1089 | *) In PKCS7_set_type() initialise content_type in PKCS7_ENC_CONTENT |
a43cf9fa DSH |
1090 | to data. This was previously part of the PKCS7 ASN1 code. This |
1091 | was causing problems with OpenSSL created PKCS#12 and PKCS#7 structures. | |
1092 | [Steve Henson, reported by Kenneth R. Robinette | |
1093 | <support@securenetterm.com>] | |
1094 | ||
85fb12d5 | 1095 | *) Add CRYPTO_push_info() and CRYPTO_pop_info() calls to new ASN1 |
a43cf9fa DSH |
1096 | routines: without these tracing memory leaks is very painful. |
1097 | Fix leaks in PKCS12 and PKCS7 routines. | |
1098 | [Steve Henson] | |
1099 | ||
85fb12d5 | 1100 | *) Make X509_time_adj() cope with the new behaviour of ASN1_TIME_new(). |
ba8e2824 DSH |
1101 | Previously it initialised the 'type' argument to V_ASN1_UTCTIME which |
1102 | effectively meant GeneralizedTime would never be used. Now it | |
1103 | is initialised to -1 but X509_time_adj() now has to check the value | |
1104 | and use ASN1_TIME_set() if the value is not V_ASN1_UTCTIME or | |
1105 | V_ASN1_GENERALIZEDTIME, without this it always uses GeneralizedTime. | |
1106 | [Steve Henson, reported by Kenneth R. Robinette | |
1107 | <support@securenetterm.com>] | |
1108 | ||
85fb12d5 | 1109 | *) Fixes to BN_to_ASN1_INTEGER when bn is zero. This would previously |
8e8972bb DSH |
1110 | result in a zero length in the ASN1_INTEGER structure which was |
1111 | not consistent with the structure when d2i_ASN1_INTEGER() was used | |
1112 | and would cause ASN1_INTEGER_cmp() to fail. Enhance s2i_ASN1_INTEGER() | |
1113 | to cope with hex and negative integers. Fix bug in i2a_ASN1_INTEGER() | |
1114 | where it did not print out a minus for negative ASN1_INTEGER. | |
1115 | [Steve Henson] | |
1116 | ||
85fb12d5 | 1117 | *) Add summary printout to ocsp utility. The various functions which |
73758d43 DSH |
1118 | convert status values to strings have been renamed to: |
1119 | OCSP_response_status_str(), OCSP_cert_status_str() and | |
1120 | OCSP_crl_reason_str() and are no longer static. New options | |
1121 | to verify nonce values and to disable verification. OCSP response | |
1122 | printout format cleaned up. | |
1123 | [Steve Henson] | |
1124 | ||
85fb12d5 | 1125 | *) Add additional OCSP certificate checks. These are those specified |
e8af92fc DSH |
1126 | in RFC2560. This consists of two separate checks: the CA of the |
1127 | certificate being checked must either be the OCSP signer certificate | |
1128 | or the issuer of the OCSP signer certificate. In the latter case the | |
1129 | OCSP signer certificate must contain the OCSP signing extended key | |
1130 | usage. This check is performed by attempting to match the OCSP | |
1131 | signer or the OCSP signer CA to the issuerNameHash and issuerKeyHash | |
1132 | in the OCSP_CERTID structures of the response. | |
1133 | [Steve Henson] | |
1134 | ||
85fb12d5 | 1135 | *) Initial OCSP certificate verification added to OCSP_basic_verify() |
81f169e9 DSH |
1136 | and related routines. This uses the standard OpenSSL certificate |
1137 | verify routines to perform initial checks (just CA validity) and | |
1138 | to obtain the certificate chain. Then additional checks will be | |
1139 | performed on the chain. Currently the root CA is checked to see | |
1140 | if it is explicitly trusted for OCSP signing. This is used to set | |
1141 | a root CA as a global signing root: that is any certificate that | |
1142 | chains to that CA is an acceptable OCSP signing certificate. | |
1143 | [Steve Henson] | |
1144 | ||
85fb12d5 | 1145 | *) New '-extfile ...' option to 'openssl ca' for reading X.509v3 |
dfebac32 BM |
1146 | extensions from a separate configuration file. |
1147 | As when reading extensions from the main configuration file, | |
1148 | the '-extensions ...' option may be used for specifying the | |
1149 | section to use. | |
1150 | [Massimiliano Pala <madwolf@comune.modena.it>] | |
1151 | ||
85fb12d5 | 1152 | *) New OCSP utility. Allows OCSP requests to be generated or |
5782ceb2 DSH |
1153 | read. The request can be sent to a responder and the output |
1154 | parsed, outputed or printed in text form. Not complete yet: | |
1155 | still needs to check the OCSP response validity. | |
1156 | [Steve Henson] | |
1157 | ||
85fb12d5 | 1158 | *) New subcommands for 'openssl ca': |
c67cdb50 BM |
1159 | 'openssl ca -status <serial>' prints the status of the cert with |
1160 | the given serial number (according to the index file). | |
1161 | 'openssl ca -updatedb' updates the expiry status of certificates | |
1162 | in the index file. | |
1163 | [Massimiliano Pala <madwolf@comune.modena.it>] | |
1164 | ||
85fb12d5 | 1165 | *) New '-newreq-nodes' command option to CA.pl. This is like |
d199858e BM |
1166 | '-newreq', but calls 'openssl req' with the '-nodes' option |
1167 | so that the resulting key is not encrypted. | |
1168 | [Damien Miller <djm@mindrot.org>] | |
1169 | ||
85fb12d5 | 1170 | *) New configuration for the GNU Hurd. |
10a2975a RL |
1171 | [Jonathan Bartlett <johnnyb@wolfram.com> via Richard Levitte] |
1172 | ||
85fb12d5 | 1173 | *) Initial code to implement OCSP basic response verify. This |
9b4dc830 DSH |
1174 | is currently incomplete. Currently just finds the signer's |
1175 | certificate and verifies the signature on the response. | |
1176 | [Steve Henson] | |
1177 | ||
85fb12d5 | 1178 | *) New SSLeay_version code SSLEAY_DIR to determine the compiled-in |
673b3fde BM |
1179 | value of OPENSSLDIR. This is available via the new '-d' option |
1180 | to 'openssl version', and is also included in 'openssl version -a'. | |
1181 | [Bodo Moeller] | |
1182 | ||
85fb12d5 | 1183 | *) Allowing defining memory allocation callbacks that will be given |
a5435e8b BM |
1184 | file name and line number information in additional arguments |
1185 | (a const char* and an int). The basic functionality remains, as | |
1186 | well as the original possibility to just replace malloc(), | |
1187 | realloc() and free() by functions that do not know about these | |
1188 | additional arguments. To register and find out the current | |
1189 | settings for extended allocation functions, the following | |
1190 | functions are provided: | |
65a22e8e RL |
1191 | |
1192 | CRYPTO_set_mem_ex_functions | |
1193 | CRYPTO_set_locked_mem_ex_functions | |
1194 | CRYPTO_get_mem_ex_functions | |
1195 | CRYPTO_get_locked_mem_ex_functions | |
1196 | ||
a5435e8b BM |
1197 | These work the same way as CRYPTO_set_mem_functions and friends. |
1198 | CRYPTO_get_[locked_]mem_functions now writes 0 where such an | |
1199 | extended allocation function is enabled. | |
1200 | Similarly, CRYPTO_get_[locked_]mem_ex_functions writes 0 where | |
1201 | a conventional allocation function is enabled. | |
1202 | [Richard Levitte, Bodo Moeller] | |
65a22e8e | 1203 | |
85fb12d5 | 1204 | *) Finish off removing the remaining LHASH function pointer casts. |
3c914840 | 1205 | There should no longer be any prototype-casting required when using |
56a67adb GT |
1206 | the LHASH abstraction, and any casts that remain are "bugs". See |
1207 | the callback types and macros at the head of lhash.h for details | |
1208 | (and "OBJ_cleanup" in crypto/objects/obj_dat.c as an example). | |
3c914840 GT |
1209 | [Geoff Thorpe] |
1210 | ||
85fb12d5 | 1211 | *) Add automatic query of EGD sockets in RAND_poll() for the unix variant. |
3351b8d0 LJ |
1212 | If /dev/[u]random devices are not available or do not return enough |
1213 | entropy, EGD style sockets (served by EGD or PRNGD) will automatically | |
1214 | be queried. | |
1215 | The locations /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool, and | |
1216 | /etc/entropy will be queried once each in this sequence, quering stops | |
1217 | when enough entropy was collected without querying more sockets. | |
599c0353 LJ |
1218 | [Lutz Jaenicke] |
1219 | ||
85fb12d5 | 1220 | *) Change the Unix RAND_poll() variant to be able to poll several |
361ef5f4 RL |
1221 | random devices, as specified by DEVRANDOM, until a sufficient amount |
1222 | of data has been collected. We spend at most 10 ms on each file | |
1223 | (select timeout) and read in non-blocking mode. DEVRANDOM now | |
1224 | defaults to the list "/dev/urandom", "/dev/random", "/dev/srandom" | |
1225 | (previously it was just the string "/dev/urandom"), so on typical | |
1226 | platforms the 10 ms delay will never occur. | |
1227 | Also separate out the Unix variant to its own file, rand_unix.c. | |
1228 | For VMS, there's a currently-empty rand_vms.c. | |
0c61e299 RL |
1229 | [Richard Levitte] |
1230 | ||
85fb12d5 | 1231 | *) Move OCSP client related routines to ocsp_cl.c. These |
0b33bc65 DSH |
1232 | provide utility functions which an application needing |
1233 | to issue a request to an OCSP responder and analyse the | |
1234 | response will typically need: as opposed to those which an | |
1235 | OCSP responder itself would need which will be added later. | |
1236 | ||
1237 | OCSP_request_sign() signs an OCSP request with an API similar | |
1238 | to PKCS7_sign(). OCSP_response_status() returns status of OCSP | |
1239 | response. OCSP_response_get1_basic() extracts basic response | |
1240 | from response. OCSP_resp_find_status(): finds and extracts status | |
1241 | information from an OCSP_CERTID structure (which will be created | |
1242 | when the request structure is built). These are built from lower | |
1243 | level functions which work on OCSP_SINGLERESP structures but | |
1244 | wont normally be used unless the application wishes to examine | |
1245 | extensions in the OCSP response for example. | |
1246 | ||
1247 | Replace nonce routines with a pair of functions. | |
1248 | OCSP_request_add1_nonce() adds a nonce value and optionally | |
1249 | generates a random value. OCSP_check_nonce() checks the | |
1250 | validity of the nonce in an OCSP response. | |
1251 | [Steve Henson] | |
1252 | ||
85fb12d5 | 1253 | *) Change function OCSP_request_add() to OCSP_request_add0_id(). |
8e961835 DSH |
1254 | This doesn't copy the supplied OCSP_CERTID and avoids the |
1255 | need to free up the newly created id. Change return type | |
1256 | to OCSP_ONEREQ to return the internal OCSP_ONEREQ structure. | |
1257 | This can then be used to add extensions to the request. | |
1258 | Deleted OCSP_request_new(), since most of its functionality | |
1259 | is now in OCSP_REQUEST_new() (and the case insensitive name | |
1260 | clash) apart from the ability to set the request name which | |
1261 | will be added elsewhere. | |
1262 | [Steve Henson] | |
1263 | ||
85fb12d5 | 1264 | *) Update OCSP API. Remove obsolete extensions argument from |
bf0d176e DSH |
1265 | various functions. Extensions are now handled using the new |
1266 | OCSP extension code. New simple OCSP HTTP function which | |
1267 | can be used to send requests and parse the response. | |
1268 | [Steve Henson] | |
1269 | ||
85fb12d5 | 1270 | *) Fix the PKCS#7 (S/MIME) code to work with new ASN1. Two new |
ec5add87 DSH |
1271 | ASN1_ITEM structures help with sign and verify. PKCS7_ATTR_SIGN |
1272 | uses the special reorder version of SET OF to sort the attributes | |
1273 | and reorder them to match the encoded order. This resolves a long | |
1274 | standing problem: a verify on a PKCS7 structure just after signing | |
1275 | it used to fail because the attribute order did not match the | |
1276 | encoded order. PKCS7_ATTR_VERIFY does not reorder the attributes: | |
1277 | it uses the received order. This is necessary to tolerate some broken | |
1278 | software that does not order SET OF. This is handled by encoding | |
1279 | as a SEQUENCE OF but using implicit tagging (with UNIVERSAL class) | |
1280 | to produce the required SET OF. | |
1281 | [Steve Henson] | |
1282 | ||
85fb12d5 | 1283 | *) Have mk1mf.pl generate the macros OPENSSL_BUILD_SHLIBCRYPTO and |
a6574c21 RL |
1284 | OPENSSL_BUILD_SHLIBSSL and use them appropriately in the header |
1285 | files to get correct declarations of the ASN.1 item variables. | |
1286 | [Richard Levitte] | |
1287 | ||
85fb12d5 | 1288 | *) Rewrite of PKCS#12 code to use new ASN1 functionality. Replace many |
ecbe0781 DSH |
1289 | PKCS#12 macros with real functions. Fix two unrelated ASN1 bugs: |
1290 | asn1_check_tlen() would sometimes attempt to use 'ctx' when it was | |
1291 | NULL and ASN1_TYPE was not dereferenced properly in asn1_ex_c2i(). | |
1292 | New ASN1 macro: DECLARE_ASN1_ITEM() which just declares the relevant | |
1293 | ASN1_ITEM and no wrapper functions. | |
1294 | [Steve Henson] | |
1295 | ||
85fb12d5 | 1296 | *) New functions or ASN1_item_d2i_fp() and ASN1_item_d2i_bio(). These |
4e1209eb DSH |
1297 | replace the old function pointer based I/O routines. Change most of |
1298 | the *_d2i_bio() and *_d2i_fp() functions to use these. | |
1299 | [Steve Henson] | |
1300 | ||
85fb12d5 | 1301 | *) Enhance mkdef.pl to be more accepting about spacing in C preprocessor |
3f07fe09 RL |
1302 | lines, recognice more "algorithms" that can be deselected, and make |
1303 | it complain about algorithm deselection that isn't recognised. | |
1304 | [Richard Levitte] | |
1305 | ||
85fb12d5 | 1306 | *) New ASN1 functions to handle dup, sign, verify, digest, pack and |
73e92de5 DSH |
1307 | unpack operations in terms of ASN1_ITEM. Modify existing wrappers |
1308 | to use new functions. Add NO_ASN1_OLD which can be set to remove | |
1309 | some old style ASN1 functions: this can be used to determine if old | |
1310 | code will still work when these eventually go away. | |
09ab755c DSH |
1311 | [Steve Henson] |
1312 | ||
85fb12d5 | 1313 | *) New extension functions for OCSP structures, these follow the |
ec558b65 DSH |
1314 | same conventions as certificates and CRLs. |
1315 | [Steve Henson] | |
1316 | ||
85fb12d5 | 1317 | *) New function X509V3_add1_i2d(). This automatically encodes and |
57d2f217 DSH |
1318 | adds an extension. Its behaviour can be customised with various |
1319 | flags to append, replace or delete. Various wrappers added for | |
1320 | certifcates and CRLs. | |
1321 | [Steve Henson] | |
1322 | ||
85fb12d5 | 1323 | *) Fix to avoid calling the underlying ASN1 print routine when |
5755cab4 DSH |
1324 | an extension cannot be parsed. Correct a typo in the |
1325 | OCSP_SERVICELOC extension. Tidy up print OCSP format. | |
1326 | [Steve Henson] | |
1327 | ||
85fb12d5 | 1328 | *) Make mkdef.pl parse some of the ASN1 macros and add apropriate |
9c67ab2f | 1329 | entries for variables. |
5755cab4 | 1330 | [Steve Henson] |
9c67ab2f | 1331 | |
85fb12d5 | 1332 | *) Add functionality to apps/openssl.c for detecting locking |
3ac82faa BM |
1333 | problems: As the program is single-threaded, all we have |
1334 | to do is register a locking callback using an array for | |
1335 | storing which locks are currently held by the program. | |
3ac82faa BM |
1336 | [Bodo Moeller] |
1337 | ||
85fb12d5 | 1338 | *) Use a lock around the call to CRYPTO_get_ex_new_index() in |
3ac82faa BM |
1339 | SSL_get_ex_data_X509_STORE_idx(), which is used in |
1340 | ssl_verify_cert_chain() and thus can be called at any time | |
1341 | during TLS/SSL handshakes so that thread-safety is essential. | |
1342 | Unfortunately, the ex_data design is not at all suited | |
1343 | for multi-threaded use, so it probably should be abolished. | |
1344 | [Bodo Moeller] | |
1345 | ||
85fb12d5 | 1346 | *) Added Broadcom "ubsec" ENGINE to OpenSSL. |
2a86064f GT |
1347 | [Broadcom, tweaked and integrated by Geoff Thorpe] |
1348 | ||
85fb12d5 | 1349 | *) Move common extension printing code to new function |
2c15d426 | 1350 | X509V3_print_extensions(). Reorganise OCSP print routines and |
c08523d8 | 1351 | implement some needed OCSP ASN1 functions. Add OCSP extensions. |
2c15d426 DSH |
1352 | [Steve Henson] |
1353 | ||
85fb12d5 | 1354 | *) New function X509_signature_print() to remove duplication in some |
de487514 DSH |
1355 | print routines. |
1356 | [Steve Henson] | |
1357 | ||
85fb12d5 | 1358 | *) Add a special meaning when SET OF and SEQUENCE OF flags are both |
06db4253 DSH |
1359 | set (this was treated exactly the same as SET OF previously). This |
1360 | is used to reorder the STACK representing the structure to match the | |
1361 | encoding. This will be used to get round a problem where a PKCS7 | |
1362 | structure which was signed could not be verified because the STACK | |
1363 | order did not reflect the encoded order. | |
1364 | [Steve Henson] | |
1365 | ||
85fb12d5 | 1366 | *) Reimplement the OCSP ASN1 module using the new code. |
36f554d4 DSH |
1367 | [Steve Henson] |
1368 | ||
85fb12d5 | 1369 | *) Update the X509V3 code to permit the use of an ASN1_ITEM structure |
2aff7727 DSH |
1370 | for its ASN1 operations. The old style function pointers still exist |
1371 | for now but they will eventually go away. | |
1372 | [Steve Henson] | |
1373 | ||
85fb12d5 | 1374 | *) Merge in replacement ASN1 code from the ASN1 branch. This almost |
5755cab4 DSH |
1375 | completely replaces the old ASN1 functionality with a table driven |
1376 | encoder and decoder which interprets an ASN1_ITEM structure describing | |
1377 | the ASN1 module. Compatibility with the existing ASN1 API (i2d,d2i) is | |
1378 | largely maintained. Almost all of the old asn1_mac.h macro based ASN1 | |
1379 | has also been converted to the new form. | |
9d6b1ce6 DSH |
1380 | [Steve Henson] |
1381 | ||
85fb12d5 | 1382 | *) Change BN_mod_exp_recp so that negative moduli are tolerated |
8dea52fa BM |
1383 | (the sign is ignored). Similarly, ignore the sign in BN_MONT_CTX_set |
1384 | so that BN_mod_exp_mont and BN_mod_exp_mont_word work | |
1385 | for negative moduli. | |
1386 | [Bodo Moeller] | |
1387 | ||
85fb12d5 | 1388 | *) Fix BN_uadd and BN_usub: Always return non-negative results instead |
8dea52fa BM |
1389 | of not touching the result's sign bit. |
1390 | [Bodo Moeller] | |
1391 | ||
85fb12d5 | 1392 | *) BN_div bugfix: If the result is 0, the sign (res->neg) must not be |
80d89e6a BM |
1393 | set. |
1394 | [Bodo Moeller] | |
1395 | ||
85fb12d5 | 1396 | *) Changed the LHASH code to use prototypes for callbacks, and created |
f1919c3d GT |
1397 | macros to declare and implement thin (optionally static) functions |
1398 | that provide type-safety and avoid function pointer casting for the | |
1399 | type-specific callbacks. | |
1400 | [Geoff Thorpe] | |
1401 | ||
85fb12d5 | 1402 | *) Added Kerberos Cipher Suites to be used with TLS, as written in |
a47b505e | 1403 | RFC 2712. |
33479d27 | 1404 | [Veers Staats <staatsvr@asc.hpc.mil>, |
1946cd8b | 1405 | Jeffrey Altman <jaltman@columbia.edu>, via Richard Levitte] |
33479d27 | 1406 | |
85fb12d5 | 1407 | *) Reformat the FAQ so the different questions and answers can be divided |
4b757c83 | 1408 | in sections depending on the subject. |
0ae485dc RL |
1409 | [Richard Levitte] |
1410 | ||
85fb12d5 | 1411 | *) Have the zlib compression code load ZLIB.DLL dynamically under |
20f88b9b RL |
1412 | Windows. |
1413 | [Richard Levitte] | |
1414 | ||
85fb12d5 | 1415 | *) New function BN_mod_sqrt for computing square roots modulo a prime |
aa66eba7 BM |
1416 | (using the probabilistic Tonelli-Shanks algorithm unless |
1417 | p == 3 (mod 4) or p == 5 (mod 8), which are cases that can | |
1418 | be handled deterministically). | |
6b5d39e8 BM |
1419 | [Lenka Fibikova <fibikova@exp-math.uni-essen.de>, Bodo Moeller] |
1420 | ||
85fb12d5 | 1421 | *) Make BN_mod_inverse faster by explicitly handling small quotients |
bdec3c53 BM |
1422 | in the Euclid loop. (Speed gain about 20% for small moduli [256 or |
1423 | 512 bits], about 30% for larger ones [1024 or 2048 bits].) | |
499e167f BM |
1424 | [Bodo Moeller] |
1425 | ||
85fb12d5 | 1426 | *) New function BN_kronecker. |
dcbd0d74 BM |
1427 | [Bodo Moeller] |
1428 | ||
85fb12d5 | 1429 | *) Fix BN_gcd so that it works on negative inputs; the result is |
dcbd0d74 BM |
1430 | positive unless both parameters are zero. |
1431 | Previously something reasonably close to an infinite loop was | |
1432 | possible because numbers could be growing instead of shrinking | |
1433 | in the implementation of Euclid's algorithm. | |
1434 | [Bodo Moeller] | |
1435 | ||
85fb12d5 | 1436 | *) Fix BN_is_word() and BN_is_one() macros to take into account the |
dcbd0d74 BM |
1437 | sign of the number in question. |
1438 | ||
1439 | Fix BN_is_word(a,w) to work correctly for w == 0. | |
1440 | ||
1441 | The old BN_is_word(a,w) macro is now called BN_abs_is_word(a,w) | |
1442 | because its test if the absolute value of 'a' equals 'w'. | |
1443 | Note that BN_abs_is_word does *not* handle w == 0 reliably; | |
1444 | it exists mostly for use in the implementations of BN_is_zero(), | |
1445 | BN_is_one(), and BN_is_word(). | |
1446 | [Bodo Moeller] | |
1447 | ||
85fb12d5 | 1448 | *) New function BN_swap. |
78a0c1f1 BM |
1449 | [Bodo Moeller] |
1450 | ||
85fb12d5 | 1451 | *) Use BN_nnmod instead of BN_mod in crypto/bn/bn_exp.c so that |
78a0c1f1 BM |
1452 | the exponentiation functions are more likely to produce reasonable |
1453 | results on negative inputs. | |
1454 | [Bodo Moeller] | |
1455 | ||
85fb12d5 | 1456 | *) Change BN_mod_mul so that the result is always non-negative. |
78a0c1f1 BM |
1457 | Previously, it could be negative if one of the factors was negative; |
1458 | I don't think anyone really wanted that behaviour. | |
1459 | [Bodo Moeller] | |
1460 | ||
85fb12d5 | 1461 | *) Move BN_mod_... functions into new file crypto/bn/bn_mod.c |
1946cd8b | 1462 | (except for exponentiation, which stays in crypto/bn/bn_exp.c, |
78a0c1f1 BM |
1463 | and BN_mod_mul_reciprocal, which stays in crypto/bn/bn_recp.c) |
1464 | and add new functions: | |
5acaa495 | 1465 | |
78a0c1f1 BM |
1466 | BN_nnmod |
1467 | BN_mod_sqr | |
1468 | BN_mod_add | |
5acaa495 | 1469 | BN_mod_add_quick |
78a0c1f1 | 1470 | BN_mod_sub |
5acaa495 BM |
1471 | BN_mod_sub_quick |
1472 | BN_mod_lshift1 | |
1473 | BN_mod_lshift1_quick | |
1474 | BN_mod_lshift | |
1475 | BN_mod_lshift_quick | |
1476 | ||
78a0c1f1 | 1477 | These functions always generate non-negative results. |
5acaa495 | 1478 | |
78a0c1f1 BM |
1479 | BN_nnmod otherwise is like BN_mod (if BN_mod computes a remainder r |
1480 | such that |m| < r < 0, BN_nnmod will output rem + |m| instead). | |
5acaa495 BM |
1481 | |
1482 | BN_mod_XXX_quick(r, a, [b,] m) generates the same result as | |
1483 | BN_mod_XXX(r, a, [b,] m, ctx), but requires that a [and b] | |
1484 | be reduced modulo m. | |
78a0c1f1 BM |
1485 | [Lenka Fibikova <fibikova@exp-math.uni-essen.de>, Bodo Moeller] |
1486 | ||
85fb12d5 | 1487 | *) Remove a few calls to bn_wexpand() in BN_sqr() (the one in there |
baa257f1 RL |
1488 | was actually never needed) and in BN_mul(). The removal in BN_mul() |
1489 | required a small change in bn_mul_part_recursive() and the addition | |
1946cd8b UM |
1490 | of the functions bn_cmp_part_words(), bn_sub_part_words() and |
1491 | bn_add_part_words(), which do the same thing as bn_cmp_words(), | |
baa257f1 RL |
1492 | bn_sub_words() and bn_add_words() except they take arrays with |
1493 | differing sizes. | |
1494 | [Richard Levitte] | |
1495 | ||
85fb12d5 | 1496 | *) In 'openssl passwd', verify passwords read from the terminal |
db70a3fd BM |
1497 | unless the '-salt' option is used (which usually means that |
1498 | verification would just waste user's time since the resulting | |
1499 | hash is going to be compared with some given password hash) | |
1500 | or the new '-noverify' option is used. | |
1501 | ||
1502 | This is an incompatible change, but it does not affect | |
1503 | non-interactive use of 'openssl passwd' (passwords on the command | |
1504 | line, '-stdin' option, '-in ...' option) and thus should not | |
1505 | cause any problems. | |
1506 | [Bodo Moeller] | |
1507 | ||
85fb12d5 | 1508 | *) Remove all references to RSAref, since there's no more need for it. |
ccb9643f RL |
1509 | [Richard Levitte] |
1510 | ||
85fb12d5 | 1511 | *) Make DSO load along a path given through an environment variable |
e06433d9 RL |
1512 | (SHLIB_PATH) with shl_load(). |
1513 | [Richard Levitte] | |
1514 | ||
85fb12d5 | 1515 | *) Constify the ENGINE code as a result of BIGNUM constification. |
55b3c877 RL |
1516 | Also constify the RSA code and most things related to it. In a |
1517 | few places, most notable in the depth of the ASN.1 code, ugly | |
1518 | casts back to non-const were required (to be solved at a later | |
1519 | time) | |
10e473e9 RL |
1520 | [Richard Levitte] |
1521 | ||
85fb12d5 | 1522 | *) Make it so the openssl application has all engines loaded by default. |
e7ef1a56 RL |
1523 | [Richard Levitte] |
1524 | ||
85fb12d5 | 1525 | *) Constify the BIGNUM routines a little more. |
020fc820 RL |
1526 | [Richard Levitte] |
1527 | ||
85fb12d5 | 1528 | *) Add the following functions: |
11c0f120 RL |
1529 | |
1530 | ENGINE_load_cswift() | |
1531 | ENGINE_load_chil() | |
1532 | ENGINE_load_atalla() | |
1533 | ENGINE_load_nuron() | |
1534 | ENGINE_load_builtin_engines() | |
1535 | ||
1536 | That way, an application can itself choose if external engines that | |
1537 | are built-in in OpenSSL shall ever be used or not. The benefit is | |
1538 | that applications won't have to be linked with libdl or other dso | |
1539 | libraries unless it's really needed. | |
1540 | ||
1541 | Changed 'openssl engine' to load all engines on demand. | |
1542 | Changed the engine header files to avoid the duplication of some | |
1543 | declarations (they differed!). | |
1544 | [Richard Levitte] | |
1545 | ||
85fb12d5 | 1546 | *) 'openssl engine' can now list capabilities. |
69e7805f RL |
1547 | [Richard Levitte] |
1548 | ||
85fb12d5 | 1549 | *) Better error reporting in 'openssl engine'. |
e264cfe1 RL |
1550 | [Richard Levitte] |
1551 | ||
85fb12d5 | 1552 | *) Never call load_dh_param(NULL) in s_server. |
15d52ddb BM |
1553 | [Bodo Moeller] |
1554 | ||
85fb12d5 | 1555 | *) Add engine application. It can currently list engines by name and |
14c6d27d RL |
1556 | identity, and test if they are actually available. |
1557 | [Richard Levitte] | |
1558 | ||
85fb12d5 | 1559 | *) Improve RPM specification file by forcing symbolic linking and making |
501ebf16 RL |
1560 | sure the installed documentation is also owned by root.root. |
1561 | [Damien Miller <djm@mindrot.org>] | |
1562 | ||
85fb12d5 | 1563 | *) Give the OpenSSL applications more possibilities to make use of |
3aba98e7 RL |
1564 | keys (public as well as private) handled by engines. |
1565 | [Richard Levitte] | |
1566 | ||
85fb12d5 | 1567 | *) Add OCSP code that comes from CertCo. |
7c155330 RL |
1568 | [Richard Levitte] |
1569 | ||
85fb12d5 | 1570 | *) Add VMS support for the Rijndael code. |
5270e702 RL |
1571 | [Richard Levitte] |
1572 | ||
85fb12d5 | 1573 | *) Added untested support for Nuron crypto accelerator. |
5270e702 RL |
1574 | [Ben Laurie] |
1575 | ||
85fb12d5 | 1576 | *) Add support for external cryptographic devices. This code was |
5270e702 RL |
1577 | previously distributed separately as the "engine" branch. |
1578 | [Geoff Thorpe, Richard Levitte] | |
1579 | ||
85fb12d5 | 1580 | *) Rework the filename-translation in the DSO code. It is now possible to |
1df586be GT |
1581 | have far greater control over how a "name" is turned into a filename |
1582 | depending on the operating environment and any oddities about the | |
1583 | different shared library filenames on each system. | |
1584 | [Geoff Thorpe] | |
1585 | ||
85fb12d5 | 1586 | *) Support threads on FreeBSD-elf in Configure. |
53400da7 RL |
1587 | [Richard Levitte] |
1588 | ||
85fb12d5 | 1589 | *) Fix for SHA1 assembly problem with MASM: it produces |
627ec355 DSH |
1590 | warnings about corrupt line number information when assembling |
1591 | with debugging information. This is caused by the overlapping | |
1592 | of two sections. | |
1593 | [Bernd Matthes <mainbug@celocom.de>, Steve Henson] | |
1594 | ||
85fb12d5 | 1595 | *) NCONF changes. |
567f17cf RL |
1596 | NCONF_get_number() has no error checking at all. As a replacement, |
1597 | NCONF_get_number_e() is defined (_e for "error checking") and is | |
1598 | promoted strongly. The old NCONF_get_number is kept around for | |
1599 | binary backward compatibility. | |
1600 | Make it possible for methods to load from something other than a BIO, | |
1601 | by providing a function pointer that is given a name instead of a BIO. | |
1602 | For example, this could be used to load configuration data from an | |
1603 | LDAP server. | |
1604 | [Richard Levitte] | |
1605 | ||
85fb12d5 | 1606 | *) Fix for non blocking accept BIOs. Added new I/O special reason |
924046ce DSH |
1607 | BIO_RR_ACCEPT to cover this case. Previously use of accept BIOs |
1608 | with non blocking I/O was not possible because no retry code was | |
1609 | implemented. Also added new SSL code SSL_WANT_ACCEPT to cover | |
1610 | this case. | |
1611 | [Steve Henson] | |
1612 | ||
85fb12d5 | 1613 | *) Added the beginnings of Rijndael support. |
3ab56511 RL |
1614 | [Ben Laurie] |
1615 | ||
85fb12d5 | 1616 | *) Fix for bug in DirectoryString mask setting. Add support for |
8ca533e3 DSH |
1617 | X509_NAME_print_ex() in 'req' and X509_print_ex() function |
1618 | to allow certificate printing to more controllable, additional | |
1619 | 'certopt' option to 'x509' to allow new printing options to be | |
1620 | set. | |
d0c98589 DSH |
1621 | [Steve Henson] |
1622 | ||
85fb12d5 | 1623 | *) Clean old EAY MD5 hack from e_os.h. |
ef71cb6d RL |
1624 | [Richard Levitte] |
1625 | ||
381a146d LJ |
1626 | Changes between 0.9.6c and 0.9.6d [XX xxx 2002] |
1627 | ||
1628 | *) Fix object definitions for Private and Enterprise: they were not | |
1629 | recognized in their shortname (=lowercase) representation. Extend | |
1630 | obj_dat.pl to issue an error when using undefined keywords instead | |
1631 | of silently ignoring the problem (Svenning Sorensen | |
1632 | <sss@sss.dnsalias.net>). | |
1633 | [Lutz Jaenicke] | |
1634 | ||
1635 | *) Fix DH_generate_parameters() so that it works for 'non-standard' | |
1636 | generators, i.e. generators other than 2 and 5. (Previously, the | |
1637 | code did not properly initialise the 'add' and 'rem' values to | |
1638 | BN_generate_prime().) | |
1639 | ||
1640 | In the new general case, we do not insist that 'generator' is | |
1641 | actually a primitive root: This requirement is rather pointless; | |
1642 | a generator of the order-q subgroup is just as good, if not | |
1643 | better. | |
1644 | [Bodo Moeller] | |
1645 | ||
1646 | *) Map new X509 verification errors to alerts. Discovered and submitted by | |
1647 | Tom Wu <tom@arcot.com>. | |
1648 | [Lutz Jaenicke] | |
1649 | ||
1650 | *) Fix ssl3_pending() (ssl/s3_lib.c) to prevent SSL_pending() from | |
1651 | returning non-zero before the data has been completely received | |
1652 | when using non-blocking I/O. | |
1653 | [Bodo Moeller; problem pointed out by John Hughes] | |
1654 | ||
1655 | *) Some of the ciphers missed the strength entry (SSL_LOW etc). | |
1656 | [Ben Laurie, Lutz Jaenicke] | |
1657 | ||
1658 | *) Fix bug in SSL_clear(): bad sessions were not removed (found by | |
1659 | Yoram Zahavi <YoramZ@gilian.com>). | |
1660 | [Lutz Jaenicke] | |
1661 | ||
1662 | *) Add information about CygWin 1.3 and on, and preserve proper | |
1663 | configuration for the versions before that. | |
1664 | [Corinna Vinschen <vinschen@redhat.com> and Richard Levitte] | |
1665 | ||
1666 | *) Make removal from session cache (SSL_CTX_remove_session()) more robust: | |
1667 | check whether we deal with a copy of a session and do not delete from | |
1668 | the cache in this case. Problem reported by "Izhar Shoshani Levi" | |
1669 | <izhar@checkpoint.com>. | |
1670 | [Lutz Jaenicke] | |
1671 | ||
1672 | *) Do not store session data into the internal session cache, if it | |
1673 | is never intended to be looked up (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP | |
1674 | flag is set). Proposed by Aslam <aslam@funk.com>. | |
1675 | [Lutz Jaenicke] | |
1676 | ||
1677 | *) Have ASN1_BIT_STRING_set_bit() really clear a bit when the requested | |
1678 | value is 0. | |
1679 | [Richard Levitte] | |
1680 | ||
1681 | *) Add the configuration target linux-s390x. | |
1682 | [Neale Ferguson <Neale.Ferguson@SoftwareAG-USA.com> via Richard Levitte] | |
1683 | ||
1684 | *) [In 0.9.6d-engine release:] | |
1685 | Fix a crashbug and a logic bug in hwcrhk_load_pubkey(). | |
1686 | [Toomas Kiisk <vix@cyber.ee> via Richard Levitte] | |
1687 | ||
1688 | *) The earlier bugfix for the SSL3_ST_SW_HELLO_REQ_C case of | |
1689 | ssl3_accept (ssl/s3_srvr.c) incorrectly used a local flag | |
1690 | variable as an indication that a ClientHello message has been | |
1691 | received. As the flag value will be lost between multiple | |
1692 | invocations of ssl3_accept when using non-blocking I/O, the | |
1693 | function may not be aware that a handshake has actually taken | |
1694 | place, thus preventing a new session from being added to the | |
1695 | session cache. | |
1696 | ||
1697 | To avoid this problem, we now set s->new_session to 2 instead of | |
1698 | using a local variable. | |
1699 | [Lutz Jaenicke, Bodo Moeller] | |
1700 | ||
1701 | *) Bugfix: Return -1 from ssl3_get_server_done (ssl3/s3_clnt.c) | |
1702 | if the SSL_R_LENGTH_MISMATCH error is detected. | |
1703 | [Geoff Thorpe, Bodo Moeller] | |
1704 | ||
1705 | *) New 'shared_ldflag' column in Configure platform table. | |
1706 | [Richard Levitte] | |
1707 | ||
1708 | *) Fix EVP_CIPHER_mode macro. | |
1709 | ["Dan S. Camper" <dan@bti.net>] | |
1710 | ||
1711 | *) Fix ssl3_read_bytes (ssl/s3_pkt.c): To ignore messages of unknown | |
1712 | type, we must throw them away by setting rr->length to 0. | |
1713 | [D P Chang <dpc@qualys.com>] | |
1714 | ||
1715 | Changes between 0.9.6b and 0.9.6c [21 dec 2001] | |
1716 | ||
1717 | *) Fix BN_rand_range bug pointed out by Dominikus Scherkl | |
1718 | <Dominikus.Scherkl@biodata.com>. (The previous implementation | |
1719 | worked incorrectly for those cases where range = 10..._2 and | |
1720 | 3*range is two bits longer than range.) | |
1721 | [Bodo Moeller] | |
1722 | ||
1723 | *) Only add signing time to PKCS7 structures if it is not already | |
1724 | present. | |
1725 | [Steve Henson] | |
1726 | ||
1727 | *) Fix crypto/objects/objects.h: "ld-ce" should be "id-ce", | |
1728 | OBJ_ld_ce should be OBJ_id_ce. | |
1729 | Also some ip-pda OIDs in crypto/objects/objects.txt were | |
1730 | incorrect (cf. RFC 3039). | |
1731 | [Matt Cooper, Frederic Giudicelli, Bodo Moeller] | |
1732 | ||
1733 | *) Release CRYPTO_LOCK_DYNLOCK when CRYPTO_destroy_dynlockid() | |
1734 | returns early because it has nothing to do. | |
1735 | [Andy Schneider <andy.schneider@bjss.co.uk>] | |
1736 | ||
1737 | *) [In 0.9.6c-engine release:] | |
1738 | Fix mutex callback return values in crypto/engine/hw_ncipher.c. | |
1739 | [Andy Schneider <andy.schneider@bjss.co.uk>] | |
1740 | ||
1741 | *) [In 0.9.6c-engine release:] | |
1742 | Add support for Cryptographic Appliance's keyserver technology. | |
1743 | (Use engine 'keyclient') | |
1744 | [Cryptographic Appliances and Geoff Thorpe] | |
1745 | ||
1746 | *) Add a configuration entry for OS/390 Unix. The C compiler 'c89' | |
1747 | is called via tools/c89.sh because arguments have to be | |
1748 | rearranged (all '-L' options must appear before the first object | |
1749 | modules). | |
1750 | [Richard Shapiro <rshapiro@abinitio.com>] | |
1751 | ||
1752 | *) [In 0.9.6c-engine release:] | |
1753 | Add support for Broadcom crypto accelerator cards, backported | |
1754 | from 0.9.7. | |
1755 | [Broadcom, Nalin Dahyabhai <nalin@redhat.com>, Mark Cox] | |
1756 | ||
1757 | *) [In 0.9.6c-engine release:] | |
1758 | Add support for SureWare crypto accelerator cards from | |
1759 | Baltimore Technologies. (Use engine 'sureware') | |
1760 | [Baltimore Technologies and Mark Cox] | |
1761 | ||
1762 | *) [In 0.9.6c-engine release:] | |
1763 | Add support for crypto accelerator cards from Accelerated | |
1764 | Encryption Processing, www.aep.ie. (Use engine 'aep') | |
1765 | [AEP Inc. and Mark Cox] | |
1766 | ||
1767 | *) Add a configuration entry for gcc on UnixWare. | |
1768 | [Gary Benson <gbenson@redhat.com>] | |
1769 | ||
1770 | *) Change ssl/s2_clnt.c and ssl/s2_srvr.c so that received handshake | |
1771 | messages are stored in a single piece (fixed-length part and | |
1772 | variable-length part combined) and fix various bugs found on the way. | |
1773 | [Bodo Moeller] | |
1774 | ||
1775 | *) Disable caching in BIO_gethostbyname(), directly use gethostbyname() | |
1776 | instead. BIO_gethostbyname() does not know what timeouts are | |
1777 | appropriate, so entries would stay in cache even when they have | |
1778 | become invalid. | |
1779 | [Bodo Moeller; problem pointed out by Rich Salz <rsalz@zolera.com> | |
1780 | ||
1781 | *) Change ssl23_get_client_hello (ssl/s23_srvr.c) behaviour when | |
1782 | faced with a pathologically small ClientHello fragment that does | |
1783 | not contain client_version: Instead of aborting with an error, | |
1784 | simply choose the highest available protocol version (i.e., | |
1785 | TLS 1.0 unless it is disabled). In practice, ClientHello | |
1786 | messages are never sent like this, but this change gives us | |
1787 | strictly correct behaviour at least for TLS. | |
1788 | [Bodo Moeller] | |
1789 | ||
1790 | *) Fix SSL handshake functions and SSL_clear() such that SSL_clear() | |
1791 | never resets s->method to s->ctx->method when called from within | |
1792 | one of the SSL handshake functions. | |
1793 | [Bodo Moeller; problem pointed out by Niko Baric] | |
1794 | ||
1795 | *) In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert | |
1796 | (sent using the client's version number) if client_version is | |
1797 | smaller than the protocol version in use. Also change | |
1798 | ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0 if | |
1799 | the client demanded SSL 3.0 but only TLS 1.0 is enabled; then | |
1800 | the client will at least see that alert. | |
1801 | [Bodo Moeller] | |
1802 | ||
1803 | *) Fix ssl3_get_message (ssl/s3_both.c) to handle message fragmentation | |
1804 | correctly. | |
1805 | [Bodo Moeller] | |
1806 | ||
1807 | *) Avoid infinite loop in ssl3_get_message (ssl/s3_both.c) if a | |
1808 | client receives HelloRequest while in a handshake. | |
1809 | [Bodo Moeller; bug noticed by Andy Schneider <andy.schneider@bjss.co.uk>] | |
1810 | ||
1811 | *) Bugfix in ssl3_accept (ssl/s3_srvr.c): Case SSL3_ST_SW_HELLO_REQ_C | |
1812 | should end in 'break', not 'goto end' which circuments various | |
1813 | cleanups done in state SSL_ST_OK. But session related stuff | |
1814 | must be disabled for SSL_ST_OK in the case that we just sent a | |
1815 | HelloRequest. | |
1816 | ||
1817 | Also avoid some overhead by not calling ssl_init_wbio_buffer() | |
1818 | before just sending a HelloRequest. | |
1819 | [Bodo Moeller, Eric Rescorla <ekr@rtfm.com>] | |
1820 | ||
1821 | *) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't | |
1822 | reveal whether illegal block cipher padding was found or a MAC | |
1823 | verification error occured. (Neither SSLerr() codes nor alerts | |
1824 | are directly visible to potential attackers, but the information | |
1825 | may leak via logfiles.) | |
1826 | ||
1827 | Similar changes are not required for the SSL 2.0 implementation | |
1828 | because the number of padding bytes is sent in clear for SSL 2.0, | |
1829 | and the extra bytes are just ignored. However ssl/s2_pkt.c | |
1830 | failed to verify that the purported number of padding bytes is in | |
1831 | the legal range. | |
1832 | [Bodo Moeller] | |
1833 | ||
1834 | *) Add OpenUNIX-8 support including shared libraries | |
1835 | (Boyd Lynn Gerber <gerberb@zenez.com>). | |
1836 | [Lutz Jaenicke] | |
1837 | ||
1838 | *) Improve RSA_padding_check_PKCS1_OAEP() check again to avoid | |
1839 | 'wristwatch attack' using huge encoding parameters (cf. | |
1840 | James H. Manger's CRYPTO 2001 paper). Note that the | |
1841 | RSA_PKCS1_OAEP_PADDING case of RSA_private_decrypt() does not use | |
1842 | encoding parameters and hence was not vulnerable. | |
1843 | [Bodo Moeller] | |
1844 | ||
1845 | *) BN_sqr() bug fix. | |
1846 |