[thirdparty/openssl.git] / CHANGES


 OpenSSL CHANGES
 _______________

 Changes between 0.9.5a and 0.9.6  [xx XXX 2000]

  *) The type-safe stack code has been rejigged. It is now only compiled
     in when OpenSSL is configured with the DEBUG_SAFESTACK option and
     by default all type-specific stack functions are "#define"d back to
     standard stack functions. This results in more streamlined output
     but retains the type-safety checking possibilities of the original
     approach.
     [Geoff Thorpe]

  *) The STACK code has been cleaned up, and certain type declarations
     that didn't make a lot of sense have been brought in line. This has
     also involved a cleanup of sorts in safestack.h to more correctly
     map type-safe stack functions onto their plain stack counterparts.
     This work has also resulted in a variety of "const"ifications of
     lots of the code, especially "_cmp" operations which should normally
     be prototyped with "const" parameters anyway.
     [Geoff Thorpe]

  *) When generating bytes for the first time in md_rand.c, 'stir the pool'
     by seeding with STATE_SIZE dummy bytes (with zero entropy count).
     (The PRNG state consists of two parts, the large pool 'state' and 'md',
     where all of 'md' is used each time the PRNG is used, but 'state'
     is used only indexed by a cyclic counter. As entropy may not be
     well distributed from the beginning, 'md' is important as a
     chaining variable. However, the output function chains only half
     of 'md', i.e. 80 bits.  ssleay_rand_add, on the other hand, chains
     all of 'md', and seeding with STATE_SIZE dummy bytes will result
     in all of 'state' being rewritten, with the new values depending
     on virtually all of 'md'.  This overcomes the 80 bit limitation.)
     [Bodo Moeller]

  *) In ssl/s2_clnt.c and ssl/s3_clnt.c, call ERR_clear_error() when
     the handshake is continued after ssl_verify_cert_chain();
     otherwise, if SSL_VERIFY_NONE is set, remaining error codes
     can lead to 'unexplainable' connection aborts later.
     [Bodo Moeller; problem tracked down by Lutz Jaenicke]

  *) Major EVP API cipher revision.
     Add hooks for extra EVP features. This allows various cipher
     parameters to be set in the EVP interface. Support added for variable
     key length ciphers via the EVP_CIPHER_CTX_set_key_length() function and
     setting of RC2 and RC5 parameters.

     Modify EVP_OpenInit() and EVP_SealInit() to cope with variable key length
     ciphers.

     Remove lots of duplicated code from the EVP library. For example *every*
     cipher init() function handles the 'iv' in the same way according to the
     cipher mode. They also all do nothing if the 'key' parameter is NULL and
     for CFB and OFB modes they zero ctx->num.

     New functionality allows removal of S/MIME code RC2 hack.

     Most of the routines have the same form and so can be declared in terms
     of macros.

     By shifting this to the top level EVP_CipherInit() it can be removed from
     all individual ciphers. If the cipher wants to handle IVs or keys
     differently it can set the EVP_CIPH_CUSTOM_IV or EVP_CIPH_ALWAYS_CALL_INIT
     flags.

     Change lots of functions like EVP_EncryptUpdate() to now return a
     value: although software versions of the algorithms cannot fail
     any installed hardware versions can.
     [Steve Henson]

  *) Implement SSL_OP_TLS_ROLLBACK_BUG: In ssl3_get_client_key_exchange, if
     this option is set, tolerate broken clients that send the negotiated
     protocol version number instead of the requested protocol version
     number.
     [Bodo Moeller]

  *) Call dh_tmp_cb (set by ..._TMP_DH_CB) with correct 'is_export' flag;
     i.e. non-zero for export ciphersuites, zero otherwise.
     Previous versions had this flag inverted, inconsistent with
     rsa_tmp_cb (..._TMP_RSA_CB).
     [Bodo Moeller; problem reported by Amit Chopra]

  *) Add missing DSA library text string. Work around for some IIS
     key files with invalid SEQUENCE encoding.
     [Steve Henson]

  *) Add a document (doc/standards.txt) that list all kinds of standards
     and so on that are implemented in OpenSSL.
     [Richard Levitte]

  *) Enhance c_rehash script. Old version would mishandle certificates
     with the same subject name hash and wouldn't handle CRLs at all.
     Added -fingerprint option to crl utility, to support new c_rehash
     features.
     [Steve Henson]

  *) Eliminate non-ANSI declarations in crypto.h and stack.h.
Commit	Line	Data
651d0aff	1
f1c236f8	2	OpenSSL CHANGES
651d0aff RE	3	_______________
651d0aff RE	4
c90341a1 RL	5	Changes between 0.9.5a and 0.9.6 [xx XXX 2000]
c90341a1 RL	6
e41c8d6a GT	7	*) The type-safe stack code has been rejigged. It is now only compiled
	8	in when OpenSSL is configured with the DEBUG_SAFESTACK option and
	9	by default all type-specific stack functions are "#define"d back to
	10	standard stack functions. This results in more streamlined output
	11	but retains the type-safety checking possibilities of the original
	12	approach.
	13	[Geoff Thorpe]
	14
ccd86b68 GT	15	*) The STACK code has been cleaned up, and certain type declarations
	16	that didn't make a lot of sense have been brought in line. This has
	17	also involved a cleanup of sorts in safestack.h to more correctly
	18	map type-safe stack functions onto their plain stack counterparts.
	19	This work has also resulted in a variety of "const"ifications of
	20	lots of the code, especially "_cmp" operations which should normally
	21	be prototyped with "const" parameters anyway.
	22	[Geoff Thorpe]
	23
361ee973 BM	24	*) When generating bytes for the first time in md_rand.c, 'stir the pool'
	25	by seeding with STATE_SIZE dummy bytes (with zero entropy count).
	26	(The PRNG state consists of two parts, the large pool 'state' and 'md',
	27	where all of 'md' is used each time the PRNG is used, but 'state'
	28	is used only indexed by a cyclic counter. As entropy may not be
	29	well distributed from the beginning, 'md' is important as a
	30	chaining variable. However, the output function chains only half
	31	of 'md', i.e. 80 bits. ssleay_rand_add, on the other hand, chains
	32	all of 'md', and seeding with STATE_SIZE dummy bytes will result
	33	in all of 'state' being rewritten, with the new values depending
	34	on virtually all of 'md'. This overcomes the 80 bit limitation.)
	35	[Bodo Moeller]
	36
49528751 DSH	37	*) In ssl/s2_clnt.c and ssl/s3_clnt.c, call ERR_clear_error() when
	38	the handshake is continued after ssl_verify_cert_chain();
	39	otherwise, if SSL_VERIFY_NONE is set, remaining error codes
	40	can lead to 'unexplainable' connection aborts later.
	41	[Bodo Moeller; problem tracked down by Lutz Jaenicke]
	42
	43	*) Major EVP API cipher revision.
	44	Add hooks for extra EVP features. This allows various cipher
	45	parameters to be set in the EVP interface. Support added for variable
	46	key length ciphers via the EVP_CIPHER_CTX_set_key_length() function and
	47	setting of RC2 and RC5 parameters.
	48
	49	Modify EVP_OpenInit() and EVP_SealInit() to cope with variable key length
	50	ciphers.
	51
	52	Remove lots of duplicated code from the EVP library. For example every
360370d9 DSH	53	cipher init() function handles the 'iv' in the same way according to the
	54	cipher mode. They also all do nothing if the 'key' parameter is NULL and
	55	for CFB and OFB modes they zero ctx->num.
	56
49528751 DSH	57	New functionality allows removal of S/MIME code RC2 hack.
49528751 DSH	58
57ae2e24 DSH	59	Most of the routines have the same form and so can be declared in terms
	60	of macros.
	61
360370d9 DSH	62	By shifting this to the top level EVP_CipherInit() it can be removed from
	63	all individual ciphers. If the cipher wants to handle IVs or keys
	64	differently it can set the EVP_CIPH_CUSTOM_IV or EVP_CIPH_ALWAYS_CALL_INIT
	65	flags.
be06a934 DSH	66
	67	Change lots of functions like EVP_EncryptUpdate() to now return a
	68	value: although software versions of the algorithms cannot fail
	69	any installed hardware versions can.
7f060601 DSH	70	[Steve Henson]
7f060601 DSH	71
2c05c494 BM	72	*) Implement SSL_OP_TLS_ROLLBACK_BUG: In ssl3_get_client_key_exchange, if
	73	this option is set, tolerate broken clients that send the negotiated
	74	protocol version number instead of the requested protocol version
	75	number.
	76	[Bodo Moeller]
	77
	78	*) Call dh_tmp_cb (set by ..._TMP_DH_CB) with correct 'is_export' flag;
	79	i.e. non-zero for export ciphersuites, zero otherwise.
	80	Previous versions had this flag inverted, inconsistent with
	81	rsa_tmp_cb (..._TMP_RSA_CB).
	82	[Bodo Moeller; problem reported by Amit Chopra]
	83
b4b41f48 DSH	84	*) Add missing DSA library text string. Work around for some IIS
	85	key files with invalid SEQUENCE encoding.
	86	[Steve Henson]
	87
6d7cce48 RL	88	*) Add a document (doc/standards.txt) that list all kinds of standards
	89	and so on that are implemented in OpenSSL.
	90	[Richard Levitte]
	91
439df508 DSH	92	*) Enhance c_rehash script. Old version would mishandle certificates
	93	with the same subject name hash and wouldn't handle CRLs at all.
	94	Added -fingerprint option to crl utility, to support new c_rehash
	95	features.
	96	[Steve Henson]
	97
0e1c0612	98	*) Eliminate non-ANSI declarations in crypto.h and stack.h.
2c05c494	99