]>
Commit | Line | Data |
---|---|---|
f1c236f8 | 1 | OpenSSL CHANGES |
651d0aff RE |
2 | _______________ |
3 | ||
c5e8580e RL |
4 | Changes between 0.9.6 and 0.9.7 [xx XXX 2000] |
5 | ||
c6a926d9 LJ |
6 | *) Store verify_result within SSL_SESSION also for client side to |
7 | avoid potential security hole. (Re-used sessions on the client side | |
8 | always resulted in verify_result==X509_V_OK, not using the original | |
9 | result of the server certificate verification.) | |
10 | [Lutz Jaenicke] | |
11 | ||
499e167f | 12 | *) Make BN_mod_inverse faster by explicitly handling small quotients |
bdec3c53 BM |
13 | in the Euclid loop. (Speed gain about 20% for small moduli [256 or |
14 | 512 bits], about 30% for larger ones [1024 or 2048 bits].) | |
499e167f BM |
15 | [Bodo Moeller] |
16 | ||
000e2177 BM |
17 | *) Disable ssl2_peek and ssl3_peek (i.e., both implementations |
18 | of SSL_peek) because they both are completely broken. | |
19 | They will be fixed RSN by adding an additional 'peek' parameter | |
20 | to the internal read functions. | |
21 | [Bodo Moeller] | |
22 | ||
dcbd0d74 BM |
23 | *) New function BN_kronecker. |
24 | [Bodo Moeller] | |
25 | ||
26 | *) Fix BN_gcd so that it works on negative inputs; the result is | |
27 | positive unless both parameters are zero. | |
28 | Previously something reasonably close to an infinite loop was | |
29 | possible because numbers could be growing instead of shrinking | |
30 | in the implementation of Euclid's algorithm. | |
31 | [Bodo Moeller] | |
32 | ||
33 | *) Fix BN_is_word() and BN_is_one() macros to take into account the | |
34 | sign of the number in question. | |
35 | ||
36 | Fix BN_is_word(a,w) to work correctly for w == 0. | |
37 | ||
38 | The old BN_is_word(a,w) macro is now called BN_abs_is_word(a,w) | |
39 | because its test if the absolute value of 'a' equals 'w'. | |
40 | Note that BN_abs_is_word does *not* handle w == 0 reliably; | |
41 | it exists mostly for use in the implementations of BN_is_zero(), | |
42 | BN_is_one(), and BN_is_word(). | |
43 | [Bodo Moeller] | |
44 | ||
ef8b6017 GT |
45 | *) Initialise "ex_data" member of RSA/DSA/DH structures prior to calling |
46 | the method-specific "init()" handler. Also clean up ex_data after | |
47 | calling the method-specific "finish()" handler. Previously, this was | |
48 | happening the other way round. | |
0ac87024 GT |
49 | [Geoff Thorpe] |
50 | ||
78a0c1f1 BM |
51 | *) New function BN_swap. |
52 | [Bodo Moeller] | |
53 | ||
54 | *) Use BN_nnmod instead of BN_mod in crypto/bn/bn_exp.c so that | |
55 | the exponentiation functions are more likely to produce reasonable | |
56 | results on negative inputs. | |
57 | [Bodo Moeller] | |
58 | ||
59 | *) Change BN_mod_mul so that the result is always non-negative. | |
60 | Previously, it could be negative if one of the factors was negative; | |
61 | I don't think anyone really wanted that behaviour. | |
62 | [Bodo Moeller] | |
63 | ||
64 | *) Move BN_mod_... functions into new file crypto/bn/bn_mod.c | |
65 | (except for exponentation, which stays in crypto/bn/bn_exp.c, | |
66 | and BN_mod_mul_reciprocal, which stays in crypto/bn/bn_recp.c) | |
67 | and add new functions: | |
5acaa495 | 68 | |
78a0c1f1 BM |
69 | BN_nnmod |
70 | BN_mod_sqr | |
71 | BN_mod_add | |
5acaa495 | 72 | BN_mod_add_quick |
78a0c1f1 | 73 | BN_mod_sub |
5acaa495 BM |
74 | BN_mod_sub_quick |
75 | BN_mod_lshift1 | |
76 | BN_mod_lshift1_quick | |
77 | BN_mod_lshift | |
78 | BN_mod_lshift_quick | |
79 | ||
78a0c1f1 | 80 | These functions always generate non-negative results. |
5acaa495 | 81 | |
78a0c1f1 BM |
82 | BN_nnmod otherwise is like BN_mod (if BN_mod computes a remainder r |
83 | such that |m| < r < 0, BN_nnmod will output rem + |m| instead). | |
5acaa495 BM |
84 | |
85 | BN_mod_XXX_quick(r, a, [b,] m) generates the same result as | |
86 | BN_mod_XXX(r, a, [b,] m, ctx), but requires that a [and b] | |
87 | be reduced modulo m. | |
78a0c1f1 BM |
88 | [Lenka Fibikova <fibikova@exp-math.uni-essen.de>, Bodo Moeller] |
89 | ||
baa257f1 RL |
90 | *) Remove a few calls to bn_wexpand() in BN_sqr() (the one in there |
91 | was actually never needed) and in BN_mul(). The removal in BN_mul() | |
92 | required a small change in bn_mul_part_recursive() and the addition | |
93 | of the static functions bn_cmp_part_words(), bn_sub_part_words() | |
94 | and bn_add_part_words() which do the same thing as bn_cmp_words(), | |
95 | bn_sub_words() and bn_add_words() except they take arrays with | |
96 | differing sizes. | |
97 | [Richard Levitte] | |
98 | ||
db70a3fd BM |
99 | *) In 'openssl passwd', verify passwords read from the terminal |
100 | unless the '-salt' option is used (which usually means that | |
101 | verification would just waste user's time since the resulting | |
102 | hash is going to be compared with some given password hash) | |
103 | or the new '-noverify' option is used. | |
104 | ||
105 | This is an incompatible change, but it does not affect | |
106 | non-interactive use of 'openssl passwd' (passwords on the command | |
107 | line, '-stdin' option, '-in ...' option) and thus should not | |
108 | cause any problems. | |
109 | [Bodo Moeller] | |
110 | ||
ccb9643f RL |
111 | *) Remove all references to RSAref, since there's no more need for it. |
112 | [Richard Levitte] | |
113 | ||
7f7b8d68 BM |
114 | *) Increase BN_CTX_NUM (the number of BIGNUMs in a BN_CTX) to 16. |
115 | The previous value, 12, was not always sufficient for BN_mod_exp(). | |
116 | [Bodo Moeller] | |
117 | ||
e06433d9 RL |
118 | *) Make DSO load along a path given through an environment variable |
119 | (SHLIB_PATH) with shl_load(). | |
120 | [Richard Levitte] | |
121 | ||
10e473e9 | 122 | *) Constify the ENGINE code as a result of BIGNUM constification. |
55b3c877 RL |
123 | Also constify the RSA code and most things related to it. In a |
124 | few places, most notable in the depth of the ASN.1 code, ugly | |
125 | casts back to non-const were required (to be solved at a later | |
126 | time) | |
10e473e9 RL |
127 | [Richard Levitte] |
128 | ||
e7ef1a56 RL |
129 | *) Make it so the openssl application has all engines loaded by default. |
130 | [Richard Levitte] | |
131 | ||
020fc820 RL |
132 | *) Constify the BIGNUM routines a little more. |
133 | [Richard Levitte] | |
134 | ||
6b77e6d7 RL |
135 | *) Make sure that shared libraries get the internal name engine with |
136 | the full version number and not just 0. This should mark the | |
137 | shared libraries as not backward compatible. Of course, this should | |
138 | be changed again when we can guarantee backward binary compatibility. | |
139 | [Richard Levitte] | |
140 | ||
11c0f120 RL |
141 | *) Add the following functions: |
142 | ||
143 | ENGINE_load_cswift() | |
144 | ENGINE_load_chil() | |
145 | ENGINE_load_atalla() | |
146 | ENGINE_load_nuron() | |
147 | ENGINE_load_builtin_engines() | |
148 | ||
149 | That way, an application can itself choose if external engines that | |
150 | are built-in in OpenSSL shall ever be used or not. The benefit is | |
151 | that applications won't have to be linked with libdl or other dso | |
152 | libraries unless it's really needed. | |
153 | ||
154 | Changed 'openssl engine' to load all engines on demand. | |
155 | Changed the engine header files to avoid the duplication of some | |
156 | declarations (they differed!). | |
157 | [Richard Levitte] | |
158 | ||
69e7805f RL |
159 | *) 'openssl engine' can now list capabilities. |
160 | [Richard Levitte] | |
161 | ||
e264cfe1 RL |
162 | *) Better error reporting in 'openssl engine'. |
163 | [Richard Levitte] | |
164 | ||
15d52ddb BM |
165 | *) Never call load_dh_param(NULL) in s_server. |
166 | [Bodo Moeller] | |
167 | ||
14c6d27d RL |
168 | *) Add engine application. It can currently list engines by name and |
169 | identity, and test if they are actually available. | |
170 | [Richard Levitte] | |
171 | ||
dcea8e12 RL |
172 | *) Add support for shared libraries under Irix. |
173 | [Albert Chin-A-Young <china@thewrittenword.com>] | |
174 | ||
501ebf16 RL |
175 | *) Improve RPM specification file by forcing symbolic linking and making |
176 | sure the installed documentation is also owned by root.root. | |
177 | [Damien Miller <djm@mindrot.org>] | |
178 | ||
815c83f7 RL |
179 | *) Add configuration option to build on Linux on both big-endian and |
180 | little-endian MIPS. | |
181 | [Ralf Baechle <ralf@uni-koblenz.de>] | |
182 | ||
3aba98e7 RL |
183 | *) Give the OpenSSL applications more possibilities to make use of |
184 | keys (public as well as private) handled by engines. | |
185 | [Richard Levitte] | |
186 | ||
7c155330 RL |
187 | *) Add OCSP code that comes from CertCo. |
188 | [Richard Levitte] | |
189 | ||
34a14882 | 190 | *) Add VMS support for the Rijndael code. |
5270e702 RL |
191 | [Richard Levitte] |
192 | ||
193 | *) Added untested support for Nuron crypto accelerator. | |
194 | [Ben Laurie] | |
195 | ||
196 | *) Add support for external cryptographic devices. This code was | |
197 | previously distributed separately as the "engine" branch. | |
198 | [Geoff Thorpe, Richard Levitte] | |
199 | ||
1df586be GT |
200 | *) Rework the filename-translation in the DSO code. It is now possible to |
201 | have far greater control over how a "name" is turned into a filename | |
202 | depending on the operating environment and any oddities about the | |
203 | different shared library filenames on each system. | |
204 | [Geoff Thorpe] | |
205 | ||
53400da7 RL |
206 | *) Support threads on FreeBSD-elf in Configure. |
207 | [Richard Levitte] | |
208 | ||
0fd44e2d RL |
209 | *) Add the possibility to create shared libraries on HP-UX |
210 | [Richard Levitte] | |
211 | ||
627ec355 DSH |
212 | *) Fix for SHA1 assembly problem with MASM: it produces |
213 | warnings about corrupt line number information when assembling | |
214 | with debugging information. This is caused by the overlapping | |
215 | of two sections. | |
216 | [Bernd Matthes <mainbug@celocom.de>, Steve Henson] | |
217 | ||
567f17cf RL |
218 | *) NCONF changes. |
219 | NCONF_get_number() has no error checking at all. As a replacement, | |
220 | NCONF_get_number_e() is defined (_e for "error checking") and is | |
221 | promoted strongly. The old NCONF_get_number is kept around for | |
222 | binary backward compatibility. | |
223 | Make it possible for methods to load from something other than a BIO, | |
224 | by providing a function pointer that is given a name instead of a BIO. | |
225 | For example, this could be used to load configuration data from an | |
226 | LDAP server. | |
227 | [Richard Levitte] | |
228 | ||
71d525c9 DSH |
229 | *) Fix typo in get_cert_by_subject() in by_dir.c |
230 | [Jean-Marc Desperrier <jean-marc.desperrier@certplus.com>] | |
231 | ||
a22fb399 RL |
232 | *) Rework the system to generate shared libraries: |
233 | ||
234 | - Make note of the expected extension for the shared libraries and | |
235 | if there is a need for symbolic links from for example libcrypto.so.0 | |
236 | to libcrypto.so.0.9.7. There is extended info in Configure for | |
237 | that. | |
238 | ||
239 | - Make as few rebuilds of the shared libraries as possible. | |
240 | ||
241 | - Still avoid linking the OpenSSL programs with the shared libraries. | |
242 | ||
243 | - When installing, install the shared libraries separately from the | |
244 | static ones. | |
245 | [Richard Levitte] | |
246 | ||
924046ce DSH |
247 | *) Fix for non blocking accept BIOs. Added new I/O special reason |
248 | BIO_RR_ACCEPT to cover this case. Previously use of accept BIOs | |
249 | with non blocking I/O was not possible because no retry code was | |
250 | implemented. Also added new SSL code SSL_WANT_ACCEPT to cover | |
251 | this case. | |
252 | [Steve Henson] | |
253 | ||
3ab56511 RL |
254 | *) Added the beginnings of Rijndael support. |
255 | [Ben Laurie] | |
256 | ||
d0c98589 | 257 | *) Fix for bug in DirectoryString mask setting. Add support for |
8ca533e3 DSH |
258 | X509_NAME_print_ex() in 'req' and X509_print_ex() function |
259 | to allow certificate printing to more controllable, additional | |
260 | 'certopt' option to 'x509' to allow new printing options to be | |
261 | set. | |
d0c98589 DSH |
262 | [Steve Henson] |
263 | ||
ef71cb6d RL |
264 | *) Clean old EAY MD5 hack from e_os.h. |
265 | [Richard Levitte] | |
266 | ||
3a0afe1e BM |
267 | *) Fix SSL_CTX_set_read_ahead macro to actually use its argument. |
268 | ||
269 | Copy SSL_CTX's read_ahead flag to SSL object directly in SSL_new | |
270 | and not in SSL_clear because the latter is also used by the | |
271 | accept/connect functions; previously, the settings made by | |
272 | SSL_set_read_ahead would be lost during the handshake. | |
273 | [Bodo Moeller; problems reported by Anders Gertz <gertz@epact.se>] | |
274 | ||
88aeb646 RL |
275 | *) Correct util/mkdef.pl to be selective about disabled algorithms. |
276 | Previously, it would create entries for disableed algorithms no | |
277 | matter what. | |
278 | [Richard Levitte] | |
c5e8580e | 279 | |
0e8f2fdf | 280 | Changes between 0.9.5a and 0.9.6 [24 Sep 2000] |
bbb72003 | 281 | |
f1192b7f BM |
282 | *) In ssl23_get_client_hello, generate an error message when faced |
283 | with an initial SSL 3.0/TLS record that is too small to contain the | |
284 | first two bytes of the ClientHello message, i.e. client_version. | |
285 | (Note that this is a pathologic case that probably has never happened | |
286 | in real life.) The previous approach was to use the version number | |
5a5accdd | 287 | from the record header as a substitute; but our protocol choice |
f1192b7f BM |
288 | should not depend on that one because it is not authenticated |
289 | by the Finished messages. | |
290 | [Bodo Moeller] | |
291 | ||
d49da3aa UM |
292 | *) More robust randomness gathering functions for Windows. |
293 | [Jeffrey Altman <jaltman@columbia.edu>] | |
294 | ||
dbba890c DSH |
295 | *) For compatibility reasons if the flag X509_V_FLAG_ISSUER_CHECK is |
296 | not set then we don't setup the error code for issuer check errors | |
297 | to avoid possibly overwriting other errors which the callback does | |
298 | handle. If an application does set the flag then we assume it knows | |
299 | what it is doing and can handle the new informational codes | |
300 | appropriately. | |
301 | [Steve Henson] | |
302 | ||
6cffb201 DSH |
303 | *) Fix for a nasty bug in ASN1_TYPE handling. ASN1_TYPE is used for |
304 | a general "ANY" type, as such it should be able to decode anything | |
305 | including tagged types. However it didn't check the class so it would | |
306 | wrongly interpret tagged types in the same way as their universal | |
307 | counterpart and unknown types were just rejected. Changed so that the | |
308 | tagged and unknown types are handled in the same way as a SEQUENCE: | |
309 | that is the encoding is stored intact. There is also a new type | |
310 | "V_ASN1_OTHER" which is used when the class is not universal, in this | |
311 | case we have no idea what the actual type is so we just lump them all | |
312 | together. | |
313 | [Steve Henson] | |
314 | ||
645749ef RL |
315 | *) On VMS, stdout may very well lead to a file that is written to |
316 | in a record-oriented fashion. That means that every write() will | |
317 | write a separate record, which will be read separately by the | |
318 | programs trying to read from it. This can be very confusing. | |
319 | ||
320 | The solution is to put a BIO filter in the way that will buffer | |
321 | text until a linefeed is reached, and then write everything a | |
322 | line at a time, so every record written will be an actual line, | |
323 | not chunks of lines and not (usually doesn't happen, but I've | |
324 | seen it once) several lines in one record. BIO_f_linebuffer() is | |
325 | the answer. | |
326 | ||
327 | Currently, it's a VMS-only method, because that's where it has | |
328 | been tested well enough. | |
329 | [Richard Levitte] | |
330 | ||
fe035197 | 331 | *) Remove 'optimized' squaring variant in BN_mod_mul_montgomery, |
a45bd295 | 332 | it can return incorrect results. |
cb1fbf8e BM |
333 | (Note: The buggy variant was not enabled in OpenSSL 0.9.5a, |
334 | but it was in 0.9.6-beta[12].) | |
a45bd295 BM |
335 | [Bodo Moeller] |
336 | ||
730e37ed DSH |
337 | *) Disable the check for content being present when verifying detached |
338 | signatures in pk7_smime.c. Some versions of Netscape (wrongly) | |
339 | include zero length content when signing messages. | |
340 | [Steve Henson] | |
341 | ||
07fcf422 BM |
342 | *) New BIO_shutdown_wr macro, which invokes the BIO_C_SHUTDOWN_WR |
343 | BIO_ctrl (for BIO pairs). | |
d49da3aa | 344 |