]>
Commit | Line | Data |
---|---|---|
1 | ||
2 | OpenSSL CHANGES | |
3 | _______________ | |
4 | ||
5 | Changes between 0.9.8e and 0.9.9 [xx XXX xxxx] | |
6 | ||
7 | *) Win32/64 targets are linked with Winsock2. | |
8 | [Andy Polyakov] | |
9 | ||
10 | *) Add an X509_CRL_METHOD structure to allow CRL processing to be redirected | |
11 | to external functions. This can be used to increase CRL handling | |
12 | efficiency especially when CRLs are very large by (for example) storing | |
13 | the CRL revoked certificates in a database. | |
14 | [Steve Henson] | |
15 | ||
16 | *) Overhaul of by_dir code. Add support for dynamic loading of CRLs so | |
17 | new CRLs added to a directory can be used. New command line option | |
18 | -verify_return_error to s_client and s_server. This causes real errors | |
19 | to be returned by the verify callback instead of carrying on no matter | |
20 | what. This reflects the way a "real world" verify callback would behave. | |
21 | [Steve Henson] | |
22 | ||
23 | *) GOST engine, supporting several GOST algorithms and public key formats. | |
24 | Kindly donated by Cryptocom. | |
25 | [Cryptocom] | |
26 | ||
27 | *) Partial support for Issuing Distribution Point CRL extension. CRLs | |
28 | partitioned by DP are handled but no indirect CRL or reason partitioning | |
29 | (yet). Complete overhaul of CRL handling: now the most suitable CRL is | |
30 | selected via a scoring technique which handles IDP and AKID in CRLs. | |
31 | [Steve Henson] | |
32 | ||
33 | *) New X509_STORE_CTX callbacks lookup_crls() and lookup_certs() which | |
34 | will ultimately be used for all verify operations: this will remove the | |
35 | X509_STORE dependency on certificate verification and allow alternative | |
36 | lookup methods. X509_STORE based implementations of these two callbacks. | |
37 | [Steve Henson] | |
38 | ||
39 | *) Allow multiple CRLs to exist in an X509_STORE with matching issuer names. | |
40 | Modify get_crl() to find a valid (unexpired) CRL if possible. | |
41 | [Steve Henson] | |
42 | ||
43 | *) New function X509_CRL_match() to check if two CRLs are identical. Normally | |
44 | this would be called X509_CRL_cmp() but that name is already used by | |
45 | a function that just compares CRL issuer names. Cache several CRL | |
46 | extensions in X509_CRL structure and cache CRLDP in X509. | |
47 | [Steve Henson] | |
48 | ||
49 | *) Store a "canonical" representation of X509_NAME structure (ASN1 Name) | |
50 | this maps equivalent X509_NAME structures into a consistent structure. | |
51 | Name comparison can then be performed rapidly using memcmp(). | |
52 | [Steve Henson] | |
53 | ||
54 | *) Non-blocking OCSP request processing. Add -timeout option to ocsp | |
55 | utility. | |
56 | [Steve Henson] | |
57 | ||
58 | *) Allow digests to supply their own micalg string for S/MIME type using | |
59 | the ctrl EVP_MD_CTRL_MICALG. | |
60 | [Steve Henson] | |
61 | ||
62 | *) During PKCS7 signing pass the PKCS7 SignerInfo structure to the | |
63 | EVP_PKEY_METHOD before and after signing via the EVP_PKEY_CTRL_PKCS7_SIGN | |
64 | ctrl. It can then customise the structure before and/or after signing | |
65 | if necessary. | |
66 | [Steve Henson] | |
67 | ||
68 | *) New function OBJ_add_sigid() to allow application defined signature OIDs | |
69 | to be added to OpenSSLs internal tables. New function OBJ_sigid_free() | |
70 | to free up any added signature OIDs. | |
71 | [Steve Henson] | |
72 | ||
73 | *) New functions EVP_CIPHER_do_all(), EVP_CIPHER_do_all_sorted(), | |
74 | EVP_MD_do_all() and EVP_MD_do_all_sorted() to enumerate internal | |
75 | digest and cipher tables. New options added to openssl utility: | |
76 | list-message-digest-algorithms and list-cipher-algorithms. | |
77 | [Steve Henson] | |
78 | ||
79 | *) In addition to the numerical (unsigned long) thread ID, provide | |
80 | for a pointer (void *) thread ID. This helps accomodate systems | |
81 | that do not provide an unsigned long thread ID. OpenSSL assumes | |
82 | it is in the same thread iff both the numerical and the pointer | |
83 | thread ID agree; so applications are just required to define one | |
84 | of them appropriately (e.g., by using a pointer to a per-thread | |
85 | memory object malloc()ed by the application for the pointer-type | |
86 | thread ID). Exactly analoguous to the existing functions | |
87 | ||
88 | void CRYPTO_set_id_callback(unsigned long (*func)(void)); | |
89 | unsigned long (*CRYPTO_get_id_callback(void))(void); | |
90 | unsigned long CRYPTO_thread_id(void); | |
91 | ||
92 | we now have additional functions | |
93 | ||
94 | void CRYPTO_set_idptr_callback(void *(*func)(void)); | |
95 | void *(*CRYPTO_get_idptr_callback(void))(void); | |
96 | void *CRYPTO_thread_idptr(void); | |
97 | ||
98 | also in <openssl/crypto.h>. The default value for | |
99 | CRYPTO_thread_idptr() if the application has not provided its own | |
100 | callback is &errno. | |
101 | [Bodo Moeller] | |
102 | ||
103 | *) Change the array representation of binary polynomials: the list | |
104 | of degrees of non-zero coefficients is now terminated with -1. | |
105 | Previously it was terminated with 0, which was also part of the | |
106 | value; thus, the array representation was not applicable to | |
107 | polynomials where t^0 has coefficient zero. This change makes | |
108 | the array representation useful in a more general context. | |
109 | [Douglas Stebila] | |
110 | ||
111 | *) Various modifications and fixes to SSL/TLS cipher string | |
112 | handling. For ECC, the code now distinguishes between fixed ECDH | |
113 | with RSA certificates on the one hand and with ECDSA certificates | |
114 | on the other hand, since these are separate ciphersuites. The | |
115 | unused code for Fortezza ciphersuites has been removed. | |
116 | ||
117 | For consistency with EDH, ephemeral ECDH is now called "EECDH" | |
118 | (not "ECDHE"). For consistency with the code for DH | |
119 | certificates, use of ECDH certificates is now considered ECDH | |
120 | authentication, not RSA or ECDSA authentication (the latter is | |
121 | merely the CA's signing algorithm and not actively used in the | |
122 | protocol). | |
123 | ||
124 | The temporary ciphersuite alias "ECCdraft" is no longer | |
125 | available, and ECC ciphersuites are no longer excluded from "ALL" | |
126 | and "DEFAULT". The following aliases now exist for RFC 4492 | |
127 | ciphersuites, most of these by analogy with the DH case: | |
128 | ||
129 | kECDHr - ECDH cert, signed with RSA | |
130 | kECDHe - ECDH cert, signed with ECDSA | |
131 | kECDH - ECDH cert (signed with either RSA or ECDSA) | |
132 | kEECDH - ephemeral ECDH | |
133 | ECDH - ECDH cert or ephemeral ECDH | |
134 | ||
135 | aECDH - ECDH cert | |
136 | aECDSA - ECDSA cert | |
137 | ECDSA - ECDSA cert | |
138 | ||
139 | AECDH - anonymous ECDH | |
140 | EECDH - non-anonymous ephemeral ECDH (equivalent to "kEECDH:-AECDH") | |
141 | ||
142 | [Bodo Moeller] | |
143 | ||
144 | *) Add additional S/MIME capabilities for AES and GOST ciphers if supported. | |
145 | Use correct micalg parameters depending on digest(s) in signed message. | |
146 | [Steve Henson] | |
147 | ||
148 | *) Add engine support for EVP_PKEY_ASN1_METHOD. Add functions to process | |
149 | an ENGINE asn1 method. Support ENGINE lookups in the ASN1 code. | |
150 | [Steve Henson] | |
151 | ||
152 | *) Initial engine support for EVP_PKEY_METHOD. New functions to permit | |
153 | an engine to register a method. Add ENGINE lookups for methods and | |
154 | functional reference processing. | |
155 | [Steve Henson] | |
156 | ||
157 | *) New functions EVP_Digest{Sign,Verify)*. These are enchance versions of | |
158 | EVP_{Sign,Verify}* which allow an application to customise the signature | |
159 | process. | |
160 | [Steve Henson] | |
161 | ||
162 | *) New -resign option to smime utility. This adds one or more signers | |
163 | to an existing PKCS#7 signedData structure. Also -md option to use an | |
164 | alternative message digest algorithm for signing. | |
165 | [Steve Henson] | |
166 | ||
167 | *) Tidy up PKCS#7 routines and add new functions to make it easier to | |
168 | create PKCS7 structures containing multiple signers. Update smime | |
169 | application to support multiple signers. | |
170 | [Steve Henson] | |
171 | ||
172 | *) New -macalg option to pkcs12 utility to allow setting of an alternative | |
173 | digest MAC. | |
174 | [Steve Henson] | |
175 | ||
176 | *) Initial support for PKCS#5 v2.0 PRFs other than default SHA1 HMAC. | |
177 | Reorganize PBE internals to lookup from a static table using NIDs, | |
178 | add support for HMAC PBE OID translation. Add a EVP_CIPHER ctrl: | |
179 | EVP_CTRL_PBE_PRF_NID this allows a cipher to specify an alternative | |
180 | PRF which will be automatically used with PBES2. | |
181 | [Steve Henson] | |
182 | ||
183 | *) Replace the algorithm specific calls to generate keys in "req" with the | |
184 | new API. | |
185 | [Steve Henson] | |
186 | ||
187 | *) Update PKCS#7 enveloped data routines to use new API. This is now | |
188 | supported by any public key method supporting the encrypt operation. A | |
189 | ctrl is added to allow the public key algorithm to examine or modify | |
190 | the PKCS#7 RecipientInfo structure if it needs to: for RSA this is | |
191 | a no op. | |
192 | [Steve Henson] | |
193 | ||
194 | *) Add a ctrl to asn1 method to allow a public key algorithm to express | |
195 | a default digest type to use. In most cases this will be SHA1 but some | |
196 | algorithms (such as GOST) need to specify an alternative digest. The | |
197 | return value indicates how strong the prefernce is 1 means optional and | |
198 | 2 is mandatory (that is it is the only supported type). Modify | |
199 | ASN1_item_sign() to accept a NULL digest argument to indicate it should | |
200 | use the default md. Update openssl utilities to use the default digest | |
201 | type for signing if it is not explicitly indicated. | |
202 | [Steve Henson] | |
203 | ||
204 | *) Use OID cross reference table in ASN1_sign() and ASN1_verify(). New | |
205 | EVP_MD flag EVP_MD_FLAG_PKEY_METHOD_SIGNATURE. This uses the relevant | |
206 | signing method from the key type. This effectively removes the link | |
207 | between digests and public key types. | |
208 | [Steve Henson] | |
209 | ||
210 | *) Add an OID cross reference table and utility functions. Its purpose is to | |
211 | translate between signature OIDs such as SHA1WithrsaEncryption and SHA1, | |
212 | rsaEncryption. This will allow some of the algorithm specific hackery | |
213 | needed to use the correct OID to be removed. | |
214 | [Steve Henson] | |
215 | ||
216 | *) Remove algorithm specific dependencies when setting PKCS7_SIGNER_INFO | |
217 | structures for PKCS7_sign(). They are now set up by the relevant public | |
218 | key ASN1 method. | |
219 | [Steve Henson] | |
220 | ||
221 | *) Add provisional EC pkey method with support for ECDSA and ECDH. | |
222 | [Steve Henson] | |
223 | ||
224 | *) Add support for key derivation (agreement) in the API, DH method and | |
225 | pkeyutl. | |
226 | [Steve Henson] | |
227 | ||
228 | *) Add DSA pkey method and DH pkey methods, extend DH ASN1 method to support | |
229 | public and private key formats. As a side effect these add additional | |
230 | command line functionality not previously available: DSA signatures can be | |
231 | generated and verified using pkeyutl and DH key support and generation in | |
232 | pkey, genpkey. | |
233 | [Steve Henson] | |
234 | ||
235 | *) BeOS support. | |
236 | [Oliver Tappe <zooey@hirschkaefer.de>] | |
237 | ||
238 | *) New make target "install_html_docs" installs HTML renditions of the | |
239 | manual pages. | |
240 | [Oliver Tappe <zooey@hirschkaefer.de>] | |
241 | ||
242 | *) New utility "genpkey" this is analagous to "genrsa" etc except it can | |
243 | generate keys for any algorithm. Extend and update EVP_PKEY_METHOD to | |
244 | support key and parameter generation and add initial key generation | |
245 | functionality for RSA. | |
246 | [Steve Henson] | |
247 | ||
248 | *) Add functions for main EVP_PKEY_method operations. The undocumented | |
249 | functions EVP_PKEY_{encrypt,decrypt} have been renamed to | |
250 | EVP_PKEY_{encrypt,decrypt}_old. | |
251 | [Steve Henson] | |
252 | ||
253 | *) Initial definitions for EVP_PKEY_METHOD. This will be a high level public | |
254 | key API, doesn't do much yet. | |
255 | [Steve Henson] | |
256 | ||
257 | *) New function EVP_PKEY_asn1_get0_info() to retrieve information about | |
258 | public key algorithms. New option to openssl utility: | |
259 | "list-public-key-algorithms" to print out info. | |
260 | [Steve Henson] | |
261 | ||
262 | *) Implement the Supported Elliptic Curves Extension for | |
263 | ECC ciphersuites from draft-ietf-tls-ecc-12.txt. | |
264 | [Douglas Stebila] | |
265 | ||
266 | *) Don't free up OIDs in OBJ_cleanup() if they are in use by EVP_MD or | |
267 | EVP_CIPHER structures to avoid later problems in EVP_cleanup(). | |
268 | [Steve Henson] | |
269 | ||
270 | *) New utilities pkey and pkeyparam. These are similar to algorithm specific | |
271 | utilities such as rsa, dsa, dsaparam etc except they process any key | |
272 | type. | |
273 | [Steve Henson] | |
274 | ||
275 | *) Transfer public key printing routines to EVP_PKEY_ASN1_METHOD. New | |
276 | functions EVP_PKEY_print_public(), EVP_PKEY_print_private(), | |
277 | EVP_PKEY_print_param() to print public key data from an EVP_PKEY | |
278 | structure. | |
279 | [Steve Henson] | |
280 | ||
281 | *) Initial support for pluggable public key ASN1. | |
282 | De-spaghettify the public key ASN1 handling. Move public and private | |
283 | key ASN1 handling to a new EVP_PKEY_ASN1_METHOD structure. Relocate | |
284 | algorithm specific handling to a single module within the relevant | |
285 | algorithm directory. Add functions to allow (near) opaque processing | |
286 | of public and private key structures. | |
287 | [Steve Henson] | |
288 | ||
289 | *) Implement the Supported Point Formats Extension for | |
290 | ECC ciphersuites from draft-ietf-tls-ecc-12.txt. | |
291 | [Douglas Stebila] | |
292 | ||
293 | *) Add initial support for RFC 4279 PSK TLS ciphersuites. Add members | |
294 | for the psk identity [hint] and the psk callback functions to the | |
295 | SSL_SESSION, SSL and SSL_CTX structure. | |
296 | ||
297 | New ciphersuites: | |
298 | PSK-RC4-SHA, PSK-3DES-EDE-CBC-SHA, PSK-AES128-CBC-SHA, | |
299 | PSK-AES256-CBC-SHA | |
300 | ||
301 | New functions: | |
302 | SSL_CTX_use_psk_identity_hint | |
303 | SSL_get_psk_identity_hint | |
304 | SSL_get_psk_identity | |
305 | SSL_use_psk_identity_hint | |
306 | ||
307 | [Mika Kousa and Pasi Eronen of Nokia Corporation] | |
308 | ||
309 | *) Add RFC 3161 compliant time stamp request creation, response generation | |
310 | and response verification functionality. | |
311 |