]>
Commit | Line | Data |
---|---|---|
1 | ||
2 | OpenSSL CHANGES | |
3 | _______________ | |
4 | ||
5 | Changes between 0.9.6 and 0.9.7 [xx XXX 2001] | |
6 | ||
7 | Both OpenSSL 0.9.6a (bugfix release, 5 Apr 2001) and OpenSSL 0.9.7 | |
8 | are based on OpenSSL 0.9.6. | |
9 | Change log entries are tagged as follows: | |
10 | -) applies to 0.9.6a (/0.9.6b) only | |
11 | *) applies to 0.9.6a (/0.9.6b) and 0.9.7 | |
12 | +) applies to 0.9.7 only | |
13 | ||
14 | +) Change the key loading routines for ENGINEs to use the same kind | |
15 | callback (pem_password_cb) as all other routines that need this | |
16 | kind of callback. | |
17 | [Richard Levitte] | |
18 | ||
19 | *) Fix for compatibility mode trust settings: ignore trust settings | |
20 | unless some valid trust or reject settings are present. | |
21 | [Steve Henson] | |
22 | ||
23 | *) Fix for blowfish EVP: its a variable length cipher. | |
24 | [Steve Henson] | |
25 | ||
26 | +) Increase ENTROPY_NEEDED to 32 bytes, as Rijndael can operate with | |
27 | 256 bit (=32 byte) keys. Of course seeding with more entropy bytes | |
28 | than this minimum value is recommended. | |
29 | [Lutz Jaenicke] | |
30 | ||
31 | +) New random seeder for OpenVMS, using the system process statistics | |
32 | that are easily reachable. | |
33 | [Richard Levitte] | |
34 | ||
35 | +) Windows apparently can't transparently handle global | |
36 | variables defined in DLLs. Initialisations such as: | |
37 | ||
38 | const ASN1_ITEM *it = &ASN1_INTEGER_it; | |
39 | ||
40 | wont compile. This is used by the any applications that need to | |
41 | delcare their own ASN1 modules. This was fixed by adding the option | |
42 | EXPORT_VAR_AS_FN to all Win32 platforms, although this isn't strictly | |
43 | needed for static libraries under Win32. | |
44 | [Steve Henson] | |
45 | ||
46 | +) New functions X509_PURPOSE_set() and X509_TRUST_set() to handle | |
47 | setting of purpose and trust fields. New X509_STORE trust and | |
48 | purpose functions and tidy up setting in other SSL functions. | |
49 | [Steve Henson] | |
50 | ||
51 | +) Add copies of X509_STORE_CTX fields and callbacks to X509_STORE | |
52 | structure. These are inherited by X509_STORE_CTX when it is | |
53 | initialised. This allows various defaults to be set in the | |
54 | X509_STORE structure (such as flags for CRL checking and custom | |
55 | purpose or trust settings) for functions which only use X509_STORE_CTX | |
56 | internally such as S/MIME. | |
57 | ||
58 | Modify X509_STORE_CTX_purpose_inherit() so it only sets purposes and | |
59 | trust settings if they are not set in X509_STORE. This allows X509_STORE | |
60 | purposes and trust (in S/MIME for example) to override any set by default. | |
61 | ||
62 | Add command line options for CRL checking to smime, s_client and s_server | |
63 | applications. | |
64 | [Steve Henson] | |
65 | ||
66 | +) Initial CRL based revocation checking. If the CRL checking flag(s) | |
67 | are set then the CRL is looked up in the X509_STORE structure and | |
68 | its validity and signature checked, then if the certificate is found | |
69 | in the CRL the verify fails with a revoked error. | |
70 | ||
71 | Various new CRL related callbacks added to X509_STORE_CTX structure. | |
72 | ||
73 | Command line options added to 'verify' application to support this. | |
74 | ||
75 | This needs some additional work, such as being able to handle multiple | |
76 | CRLs with different times, extension based lookup (rather than just | |
77 | by subject name) and ultimately more complete V2 CRL extension | |
78 | handling. | |
79 | [Steve Henson] | |
80 | ||
81 | +) Add a general user interface API. This is designed to replace things | |
82 | like des_read_password and friends (backward compatibility functions | |
83 | using this new API are provided). The purpose is to remove prompting | |
84 | functions from the DES code section as well as provide for prompting | |
85 | through dialog boxes in a window system and the like. | |
86 | [Richard Levitte] | |
87 | ||
88 | *) In versions up to 0.9.6, RAND_file_name() resorted to file ".rnd" | |
89 | in the current directory if neither $RANDFILE nor $HOME was set. | |
90 | RAND_file_name() in 0.9.6a returned NULL in this case. This has | |
91 | caused some confusion to Windows users who haven't defined $HOME. | |
92 | Thus RAND_file_name() is changed again: e_os.h can define a | |
93 | DEFAULT_HOME, which will be used if $HOME is not set. | |
94 | For Windows, we use "C:"; on other platforms, we still require | |
95 | environment variables. | |
96 | ||
97 | +) Add "ex_data" support to ENGINE so implementations can add state at a | |
98 | per-structure level rather than having to store it globally. | |
99 | [Geoff] | |
100 | ||
101 | +) Make it possible for ENGINE structures to be copied when retrieved by | |
102 | ENGINE_by_id() if the ENGINE specifies a new flag: ENGINE_FLAGS_BY_ID_COPY. | |
103 | This causes the "original" ENGINE structure to act like a template, | |
104 | analogous to the RSA vs. RSA_METHOD type of separation. Because of this | |
105 | operational state can be localised to each ENGINE structure, despite the | |
106 | fact they all share the same "methods". New ENGINE structures returned in | |
107 | this case have no functional references and the return value is the single | |
108 | structural reference. This matches the single structural reference returned | |
109 | by ENGINE_by_id() normally, when it is incremented on the pre-existing | |
110 | ENGINE structure. | |
111 | [Geoff] | |
112 | ||
113 | *) Fix various bugs related to DSA S/MIME verification. Handle missing | |
114 | parameters in DSA public key structures and return an error in the | |
115 | DSA routines if parameters are absent. | |
116 | [Steve Henson] | |
117 | ||
118 | +) Fix ASN1 decoder when decoding type ANY and V_ASN1_OTHER: since this | |
119 | needs to match any other type at all we need to manually clear the | |
120 | tag cache. | |
121 | [Steve Henson] | |
122 | ||
123 | +) Changes to the "openssl engine" utility to include; | |
124 | - verbosity levels ('-v', '-vv', and '-vvv') that provide information | |
125 | about an ENGINE's available control commands. | |
126 | - executing control commands from command line arguments using the | |
127 | '-pre' and '-post' switches. '-post' is only used if '-t' is | |
128 | specified and the ENGINE is successfully initialised. The syntax for | |
129 | the individual commands are colon-separated, for example; | |
130 | openssl engine chil -pre FORK_CHECK:0 -pre SO_PATH:/lib/test.so | |
131 | [Geoff] | |
132 | ||
133 | +) New dynamic control command support for ENGINEs. ENGINEs can now | |
134 | declare their own commands (numbers), names (strings), descriptions, | |
135 | and input types for run-time discovery by calling applications. A | |
136 | subset of these commands are implicitly classed as "executable" | |
137 | depending on their input type, and only these can be invoked through | |
138 | the new string-based API function ENGINE_ctrl_cmd_string(). (Eg. this | |
139 | can be based on user input, config files, etc). The distinction is | |
140 | that "executable" commands cannot return anything other than a boolean | |
141 | result and can only support numeric or string input, whereas some | |
142 | discoverable commands may only be for direct use through | |
143 | ENGINE_ctrl(), eg. supporting the exchange of binary data, function | |
144 | pointers, or other custom uses. The "executable" commands are to | |
145 | support parameterisations of ENGINE behaviour that can be | |
146 | unambiguously defined by ENGINEs and used consistently across any | |
147 | OpenSSL-based application. Commands have been added to all the | |
148 | existing hardware-supporting ENGINEs, noticeably "SO_PATH" to allow | |
149 | control over shared-library paths without source code alterations. | |
150 | [Geoff] | |
151 | ||
152 | +) Changed all ENGINE implementations to dynamically allocate their | |
153 | ENGINEs rather than declaring them statically. Apart from this being | |
154 | necessary with the removal of the ENGINE_FLAGS_MALLOCED distinction, | |
155 | this also allows the implementations to compile without using the | |
156 | internal engine_int.h header. | |
157 | [Geoff] | |
158 | ||
159 | +) Minor adjustment to "rand" code. RAND_get_rand_method() now returns a | |
160 | 'const' value. Any code that should be able to modify a RAND_METHOD | |
161 | should already have non-const pointers to it (ie. they should only | |
162 | modify their own ones). | |
163 | [Geoff] | |
164 | ||
165 | +) Made a variety of little tweaks to the ENGINE code. | |
166 | - "atalla" and "ubsec" string definitions were moved from header files | |
167 | to C code. "nuron" string definitions were placed in variables | |
168 | rather than hard-coded - allowing parameterisation of these values | |
169 | later on via ctrl() commands. | |
170 | - Removed unused "#if 0"'d code. | |
171 | - Fixed engine list iteration code so it uses ENGINE_free() to release | |
172 | structural references. | |
173 | - Constified the RAND_METHOD element of ENGINE structures. | |
174 | - Constified various get/set functions as appropriate and added | |
175 | missing functions (including a catch-all ENGINE_cpy that duplicates | |
176 | all ENGINE values onto a new ENGINE except reference counts/state). | |
177 | - Removed NULL parameter checks in get/set functions. Setting a method | |
178 | or function to NULL is a way of cancelling out a previously set | |
179 | value. Passing a NULL ENGINE parameter is just plain stupid anyway | |
180 | and doesn't justify the extra error symbols and code. | |
181 | - Deprecate the ENGINE_FLAGS_MALLOCED define and move the area for | |
182 | flags from engine_int.h to engine.h. | |
183 | - Changed prototypes for ENGINE handler functions (init(), finish(), | |
184 | ctrl(), key-load functions, etc) to take an (ENGINE*) parameter. | |
185 | [Geoff] | |
186 | ||
187 | *) Move 'if (!initialized) RAND_poll()' into regions protected by | |
188 | CRYPTO_LOCK_RAND. This is not strictly necessary, but avoids | |
189 | having multiple threads call RAND_poll() concurrently. | |
190 | [Bodo Moeller] | |
191 | ||
192 | *) In crypto/rand/md_rand.c, replace 'add_do_not_lock' flag by a | |
193 | combination of a flag and a thread ID variable. | |
194 | Otherwise while one thread is in ssleay_rand_bytes (which sets the | |
195 | flag), *other* threads can enter ssleay_add_bytes without obeying | |
196 | the CRYPTO_LOCK_RAND lock (and may even illegaly release the lock | |
197 | that they do not hold after the first thread unsets add_do_not_lock). | |
198 | [Bodo Moeller] | |
199 | ||
200 | +) Implement binary inversion algorithm for BN_mod_inverse in addition | |
201 | to the algorithm using long divison. The binary algorithm can be | |
202 | used only if the modulus is odd. On 32-bit systems, it is faster | |
203 | only for relatively small moduli (roughly 20-30% for 128-bit moduli, | |
204 | roughly 5-15% for 256-bit moduli), so we use it only for moduli | |
205 | up to 450 bits. In 64-bit environments, the binary algorithm | |
206 | appears to be advantageous for much longer moduli; here we use it | |
207 | for moduli up to 2048 bits. | |
208 | [Bodo Moeller] | |
209 | ||
210 | *) Change bctest again: '-x' expressions are not available in all | |
211 | versions of 'test'. | |
212 | [Bodo Moeller] | |
213 | ||
214 | -) OpenSSL 0.9.6a released [5 Apr 2001] | |
215 | ||
216 | *) Fix a couple of memory leaks in PKCS7_dataDecode() | |
217 | [Steve Henson, reported by Heyun Zheng <hzheng@atdsprint.com>] | |
218 | ||
219 | *) Change Configure and Makefiles to provide EXE_EXT, which will contain | |
220 | the default extension for executables, if any. Also, make the perl | |
221 | scripts that use symlink() to test if it really exists and use "cp" | |
222 | if it doesn't. All this made OpenSSL compilable and installable in | |
223 | CygWin. | |
224 | [Richard Levitte] | |
225 | ||
226 | +) Rewrite CHOICE field setting in ASN1_item_ex_d2i(). The old code | |
227 | could not support the combine flag in choice fields. | |
228 | [Steve Henson] | |
229 | ||
230 | -) Fix for asn1_GetSequence() for indefinite length constructed data. | |
231 | If SEQUENCE is length is indefinite just set c->slen to the total | |
232 | amount of data available. | |
233 | [Steve Henson, reported by shige@FreeBSD.org] | |
234 | [This change does not apply to 0.9.7.] | |
235 | ||
236 | *) Change bctest to avoid here-documents inside command substitution | |
237 | (workaround for FreeBSD /bin/sh bug). | |
238 | For compatibility with Ultrix, avoid shell functions (introduced | |
239 | in the bctest version that searches along $PATH). | |
240 | [Bodo Moeller] | |
241 | ||
242 | *) Rename 'des_encrypt' to 'des_encrypt1'. This avoids the clashes | |
243 | with des_encrypt() defined on some operating systems, like Solaris | |
244 | and UnixWare. | |
245 | [Richard Levitte] | |
246 | ||
247 | *) Check the result of RSA-CRT (see D. Boneh, R. DeMillo, R. Lipton: | |
248 | On the Importance of Eliminating Errors in Cryptographic | |
249 | Computations, J. Cryptology 14 (2001) 2, 101-119, | |
250 | http://theory.stanford.edu/~dabo/papers/faults.ps.gz). | |
251 | [Ulf Moeller] | |
252 | ||
253 | *) MIPS assembler BIGNUM division bug fix. | |
254 | [Andy Polyakov] | |
255 | ||
256 | *) Disabled incorrect Alpha assembler code. | |
257 | [Richard Levitte] | |
258 | ||
259 | -) Fix PKCS#7 decode routines so they correctly update the length | |
260 | after reading an EOC for the EXPLICIT tag. | |
261 | [Steve Henson] | |
262 | [This change does not apply to 0.9.7.] | |
263 | ||
264 | *) Fix bug in PKCS#12 key generation routines. This was triggered | |
265 | if a 3DES key was generated with a 0 initial byte. Include | |
266 | PKCS12_BROKEN_KEYGEN compilation option to retain the old | |
267 | (but broken) behaviour. | |
268 | [Steve Henson] | |
269 | ||
270 | *) Enhance bctest to search for a working bc along $PATH and print | |
271 | it when found. | |
272 | [Tim Rice <tim@multitalents.net> via Richard Levitte] | |
273 | ||
274 | +) Add a 'copy_extensions' option to the 'ca' utility. This copies | |
275 | extensions from a certificate request to the certificate. | |
276 | [Steve Henson] | |
277 | ||
278 | +) Allow multiple 'certopt' and 'nameopt' options to be separated | |
279 | by commas. Add 'namopt' and 'certopt' options to the 'ca' config | |
280 | file: this allows the display of the certificate about to be | |
281 | signed to be customised, to allow certain fields to be included | |
282 | or excluded and extension details. The old system didn't display | |
283 | multicharacter strings properly, omitted fields not in the policy | |
284 | and couldn't display additional details such as extensions. | |
285 | [Steve Henson] | |
286 | ||
287 | *) Fix memory leaks in err.c: free err_data string if necessary; | |
288 | don't write to the wrong index in ERR_set_error_data. | |
289 | [Bodo Moeller] | |
290 | ||
291 | +) Function EC_POINTs_mul for simultaneous scalar multiplication | |
292 | of an arbitrary number of elliptic curve points, optionally | |
293 | including the generator defined for the EC_GROUP. | |
294 | EC_POINT_mul is a simple wrapper function for the typical case | |
295 | that the point list has just one item (besides the optional | |
296 | generator). | |
297 | [Bodo Moeller] | |
298 | ||
299 | +) First EC_METHODs for curves over GF(p): | |
300 | ||
301 | EC_GFp_simple_method() uses the basic BN_mod_mul and BN_mod_sqr | |
302 | operations and provides various method functions that can also | |
303 | operate with faster implementations of modular arithmetic. | |
304 | ||
305 | EC_GFp_mont_method() reuses most functions that are part of | |
306 | EC_GFp_simple_method, but uses Montgomery arithmetic. | |
307 | ||
308 | [Bodo Moeller; point addition and point doubling | |
309 | implementation directly derived from source code provided by | |
310 | Lenka Fibikova <fibikova@exp-math.uni-essen.de>] | |
311 | ||
312 | +) Framework for elliptic curves (crypto/ec/ec.h, crypto/ec/ec_lcl.h, | |
313 | crypto/ec/ec_lib.c): | |
314 | ||
315 | Curves are EC_GROUP objects (with an optional group generator) | |
316 | based on EC_METHODs that are built into the library. | |
317 | ||
318 | Points are EC_POINT objects based on EC_GROUP objects. | |
319 | ||
320 | Most of the framework would be able to handle curves over arbitrary | |
321 | finite fields, but as there are no obvious types for fields other | |
322 | than GF(p), some functions are limited to that for now. | |
323 | [Bodo Moeller] | |
324 | ||
325 | +) Add the -HTTP option to s_server. It is similar to -WWW, but requires | |
326 | that the file contains a complete HTTP response. | |
327 | [Richard Levitte] | |
328 | ||
329 | +) Add the ec directory to mkdef.pl and mkfiles.pl. In mkdef.pl | |
330 | change the def and num file printf format specifier from "%-40sXXX" | |
331 | to "%-39s XXX". The latter will always guarantee a space after the | |
332 | field while the former will cause them to run together if the field | |
333 | is 40 of more characters long. | |
334 | [Steve Henson] | |
335 | ||
336 | +) Constify the cipher and digest 'method' functions and structures | |
337 | and modify related functions to take constant EVP_MD and EVP_CIPHER | |
338 | pointers. | |
339 | [Steve Henson] | |
340 | ||
341 | *) Implement ssl23_peek (analogous to ssl23_read), which previously | |
342 | did not exist. | |
343 | [Bodo Moeller] | |
344 | ||
345 | *) Replace rdtsc with _emit statements for VC++ version 5. | |
346 | [Jeremy Cooper <jeremy@baymoo.org>] | |
347 | ||
348 | +) Hide BN_CTX structure details in bn_lcl.h instead of publishing them | |
349 | in <openssl/bn.h>. Also further increase BN_CTX_NUM to 32. | |
350 | [Bodo Moeller] | |
351 | ||
352 | +) Modify EVP_Digest*() routines so they now return values. Although the | |
353 | internal software routines can never fail additional hardware versions | |
354 | might. | |
355 | [Steve Henson] | |
356 | ||
357 | +) Clean up crypto/err/err.h and change some error codes to avoid conflicts: | |
358 | ||
359 | Previously ERR_R_FATAL was too small and coincided with ERR_LIB_PKCS7 | |
360 | (= ERR_R_PKCS7_LIB); it is now 64 instead of 32. | |
361 | ||
362 | ASN1 error codes | |
363 | ERR_R_NESTED_ASN1_ERROR | |
364 | ... | |
365 | ERR_R_MISSING_ASN1_EOS | |
366 | were 4 .. 9, conflicting with | |
367 | ERR_LIB_RSA (= ERR_R_RSA_LIB) | |
368 | ... | |
369 | ERR_LIB_PEM (= ERR_R_PEM_LIB). | |
370 | They are now 58 .. 63 (i.e., just below ERR_R_FATAL). | |
371 | ||
372 | Add new error code 'ERR_R_INTERNAL_ERROR'. | |
373 | [Bodo Moeller] | |
374 | ||
375 | +) Don't overuse locks in crypto/err/err.c: For data retrieval, CRYPTO_r_lock | |
376 | suffices. | |
377 | [Bodo Moeller] | |
378 | ||
379 | +) New option '-subj arg' for 'openssl req' and 'openssl ca'. This | |
380 | sets the subject name for a new request or supersedes the | |
381 | subject name in a given request. Formats that can be parsed are | |
382 | 'CN=Some Name, OU=myOU, C=IT' | |
383 | and | |
384 | 'CN=Some Name/OU=myOU/C=IT'. | |
385 | ||
386 | Add options '-batch' and '-verbose' to 'openssl req'. | |
387 | [Massimiliano Pala <madwolf@hackmasters.net>] | |
388 | ||
389 | *) Make it possible to reuse SSLv2 sessions. | |
390 | [Richard Levitte] | |
391 | ||
392 | +) Introduce the possibility to access global variables through | |
393 | functions on platform were that's the best way to handle exporting | |
394 | global variables in shared libraries. To enable this functionality, | |
395 | one must configure with "EXPORT_VAR_AS_FN" or defined the C macro | |
396 | "OPENSSL_EXPORT_VAR_AS_FUNCTION" in crypto/opensslconf.h (the latter | |
397 | is normally done by Configure or something similar). | |
398 | ||
399 | To implement a global variable, use the macro OPENSSL_IMPLEMENT_GLOBAL | |
400 | in the source file (foo.c) like this: | |
401 | ||
402 | OPENSSL_IMPLEMENT_GLOBAL(int,foo)=1; | |
403 | OPENSSL_IMPLEMENT_GLOBAL(double,bar); | |
404 | ||
405 | To declare a global variable, use the macros OPENSSL_DECLARE_GLOBAL | |
406 | and OPENSSL_GLOBAL_REF in the header file (foo.h) like this: | |
407 | ||
408 | OPENSSL_DECLARE_GLOBAL(int,foo); | |
409 | #define foo OPENSSL_GLOBAL_REF(foo) | |
410 | OPENSSL_DECLARE_GLOBAL(double,bar); | |
411 | #define bar OPENSSL_GLOBAL_REF(bar) | |
412 | ||
413 | The #defines are very important, and therefore so is including the | |
414 | header file everywere where the defined globals are used. | |
415 | ||
416 | The macro OPENSSL_EXPORT_VAR_AS_FUNCTION also affects the definition | |
417 | of ASN.1 items, but that structure is a bt different. | |
418 | ||
419 | The largest change is in util/mkdef.pl which has been enhanced with | |
420 | better and easier to understand logic to choose which symbols should | |
421 | go into the Windows .def files as well as a number of fixes and code | |
422 | cleanup (among others, algorithm keywords are now sorted | |
423 | lexicographically to avoid constant rewrites). | |
424 | [Richard Levitte] | |
425 | ||
426 | *) In copy_email() check for >= 0 as a return value for | |
427 | X509_NAME_get_index_by_NID() since 0 is a valid index. | |
428 | [Steve Henson reported by Massimiliano Pala <madwolf@opensca.org>] | |
429 | ||
430 | +) In BN_div() keep a copy of the sign of 'num' before writing the | |
431 | result to 'rm' because if rm==num the value will be overwritten | |
432 | and produce the wrong result if 'num' is negative: this caused | |
433 | problems with BN_mod() and BN_nnmod(). | |
434 | [Steve Henson] | |
435 | ||
436 | +) Function OCSP_request_verify(). This checks the signature on an | |
437 | OCSP request and verifies the signer certificate. The signer | |
438 | certificate is just checked for a generic purpose and OCSP request | |
439 | trust settings. | |
440 | [Steve Henson] | |
441 | ||
442 | +) Add OCSP_check_validity() function to check the validity of OCSP | |
443 | responses. OCSP responses are prepared in real time and may only | |
444 | be a few seconds old. Simply checking that the current time lies | |
445 | between thisUpdate and nextUpdate max reject otherwise valid responses | |
446 | caused by either OCSP responder or client clock innacuracy. Instead | |
447 | we allow thisUpdate and nextUpdate to fall within a certain period of | |
448 | the current time. The age of the response can also optionally be | |
449 | checked. Two new options -validity_period and -status_age added to | |
450 | ocsp utility. | |
451 | [Steve Henson] | |
452 | ||
453 | +) If signature or public key algorithm is unrecognized print out its | |
454 | OID rather that just UNKOWN. | |
455 | [Steve Henson] | |
456 | ||
457 | *) Avoid coredump with unsupported or invalid public keys by checking if | |
458 | X509_get_pubkey() fails in PKCS7_verify(). Fix memory leak when | |
459 | PKCS7_verify() fails with non detached data. | |
460 | [Steve Henson] | |
461 | ||
462 | +) Change OCSP_cert_to_id() to tolerate a NULL subject certificate and | |
463 | OCSP_cert_id_new() a NULL serialNumber. This allows a partial certificate | |
464 | ID to be generated from the issuer certificate alone which can then be | |
465 | passed to OCSP_id_issuer_cmp(). | |
466 | [Steve Henson] | |
467 | ||
468 | +) New compilation option ASN1_ITEM_FUNCTIONS. This causes the new | |
469 | ASN1 modules to export functions returning ASN1_ITEM pointers | |
470 | instead of the ASN1_ITEM structures themselves. This adds several | |
471 | new macros which allow the underlying ASN1 function/structure to | |
472 | be accessed transparently. As a result code should not use ASN1_ITEM | |
473 | references directly (such as &X509_it) but instead use the relevant | |
474 | macros (such as ASN1_ITEM_rptr(X509)). This option is to allow | |
475 | use of the new ASN1 code on platforms where exporting structures | |
476 | is problematical (for example in shared libraries) but exporting | |
477 | functions returning pointers to structures is not. | |
478 | [Steve Henson] | |
479 | ||
480 | +) Add support for overriding the generation of SSL/TLS session IDs. | |
481 | These callbacks can be registered either in an SSL_CTX or per SSL. | |
482 | The purpose of this is to allow applications to control, if they wish, | |
483 | the arbitrary values chosen for use as session IDs, particularly as it | |
484 | can be useful for session caching in multiple-server environments. A | |
485 | command-line switch for testing this (and any client code that wishes | |
486 | to use such a feature) has been added to "s_server". | |
487 | [Geoff Thorpe, Lutz Jaenicke] | |
488 | ||
489 | +) Modify mkdef.pl to recognise and parse prprocessor conditionals | |
490 | of the form '#if defined(...) || defined(...) || ...' and | |
491 | '#if !defined(...) && !defined(...) && ...'. This also avoids | |
492 | the growing number of special cases it was previously handling. | |
493 | [Richard Levitte] | |
494 | ||
495 | *) Don't use getenv in library functions when run as setuid/setgid. | |
496 | New function OPENSSL_issetugid(). | |
497 | [Ulf Moeller] | |
498 | ||
499 | +) Make all configuration macros available for application by making | |
500 | sure they are available in opensslconf.h, by giving them names starting | |
501 | with "OPENSSL_" to avoid conflicts with other packages and by making | |
502 | sure e_os2.h will cover all platform-specific cases together with | |
503 | opensslconf.h. | |
504 | Additionally, it is now possible to define configuration/platform- | |
505 | specific names (called "system identities"). In the C code, these | |
506 | are prefixed with "OPENSSL_SYSNAME_". e_os2.h will create another | |
507 | macro with the name beginning with "OPENSSL_SYS_", which is determined | |
508 | from "OPENSSL_SYSNAME_*" or compiler-specific macros depending on | |
509 | what is available. | |
510 | [Richard Levitte] | |
511 | ||
512 | +) New option -set_serial to 'req' and 'x509' this allows the serial | |
513 | number to use to be specified on the command line. Previously self | |
514 | signed certificates were hard coded with serial number 0 and the | |
515 | CA options of 'x509' had to use a serial number in a file which was | |
516 | auto incremented. | |
517 | [Steve Henson] | |
518 | ||
519 | *) Avoid false positives in memory leak detection code (crypto/mem_dbg.c) | |
520 | due to incorrect handling of multi-threading: | |
521 | ||
522 | 1. Fix timing glitch in the MemCheck_off() portion of CRYPTO_mem_ctrl(). | |
523 | ||
524 | 2. Fix logical glitch in is_MemCheck_on() aka CRYPTO_is_mem_check_on(). | |
525 | ||
526 | 3. Count how many times MemCheck_off() has been called so that | |
527 | nested use can be treated correctly. This also avoids | |
528 | inband-signalling in the previous code (which relied on the | |
529 | assumption that thread ID 0 is impossible). | |
530 | [Bodo Moeller] | |
531 | ||
532 | +) New options to 'ca' utility to support V2 CRL entry extensions. | |
533 | Currently CRL reason, invalidity date and hold instruction are | |
534 | supported. Add new CRL extensions to V3 code and some new objects. | |
535 | [Steve Henson] | |
536 | ||
537 | *) Add "-rand" option also to s_client and s_server. | |
538 | [Lutz Jaenicke] | |
539 | ||
540 | +) New function EVP_CIPHER_CTX_set_padding() this is used to | |
541 | disable standard block padding (aka PKCS#5 padding) in the EVP | |
542 | API, which was previously mandatory. This means that the data is | |
543 | not padded in any way and so the total length much be a multiple | |
544 | of the block size, otherwise an error occurs. | |
545 | [Steve Henson] | |
546 | ||
547 | +) Initial (incomplete) OCSP SSL support. | |
548 | [Steve Henson] | |
549 | ||
550 | *) Fix CPU detection on Irix 6.x. | |
551 | [Kurt Hockenbury <khockenb@stevens-tech.edu> and | |
552 | "Bruce W. Forsberg" <bruce.forsberg@baesystems.com>] | |
553 | ||
554 | +) New function OCSP_parse_url(). This splits up a URL into its host, | |
555 | port and path components: primarily to parse OCSP URLs. New -url | |
556 | option to ocsp utility. | |
557 | [Steve Henson] | |
558 | ||
559 | +) New nonce behavior. The return value of OCSP_check_nonce() now | |
560 | reflects the various checks performed. Applications can decide | |
561 | whether to tolerate certain situations such as an absent nonce | |
562 | in a response when one was present in a request: the ocsp application | |
563 | just prints out a warning. New function OCSP_add1_basic_nonce() | |
564 | this is to allow responders to include a nonce in a response even if | |
565 | the request is nonce-less. | |
566 | [Steve Henson] | |
567 | ||
568 | *) Fix X509_NAME bug which produced incorrect encoding if X509_NAME | |
569 | was empty. | |
570 | [This change does not apply to 0.9.7.] | |
571 | ||
572 | *) Use the cached encoding of an X509_NAME structure rather than | |
573 | copying it. This is apparently the reason for the libsafe "errors" | |
574 | but the code is actually correct. | |
575 | [Steve Henson] | |
576 | ||
577 | +) Disable stdin buffering in load_cert (apps/apps.c) so that no certs are | |
578 | skipped when using openssl x509 multiple times on a single input file, | |
579 | e.g. "(openssl x509 -out cert1; openssl x509 -out cert2) <certs". | |
580 | [Bodo Moeller] | |
581 | ||
582 | +) Make ASN1_UTCTIME_set_string() and ASN1_GENERALIZEDTIME_set_string() | |
583 | set string type: to handle setting ASN1_TIME structures. Fix ca | |
584 | utility to correctly initialize revocation date of CRLs. | |
585 | [Steve Henson] | |
586 | ||
587 | +) New option SSL_OP_CIPHER_SERVER_PREFERENCE allows the server to override | |
588 | the clients preferred ciphersuites and rather use its own preferences. | |
589 | Should help to work around M$ SGC (Server Gated Cryptography) bug in | |
590 | Internet Explorer by ensuring unchanged hash method during stepup. | |
591 | [Lutz Jaenicke] | |
592 | ||
593 | +) Make mkdef.pl recognise all DECLARE_ASN1 macros, change rijndael | |
594 | to aes and add a new 'exist' option to print out symbols that don't | |
595 | appear to exist. | |
596 | [Steve Henson] | |
597 | ||
598 | +) Additional options to ocsp utility to allow flags to be set and | |
599 | additional certificates supplied. | |
600 | [Steve Henson] | |
601 | ||
602 | +) Add the option -VAfile to 'openssl ocsp', so the user can give the | |
603 | OCSP client a number of certificate to only verify the response | |
604 | signature against. | |
605 | [Richard Levitte] | |
606 | ||
607 | *) Add new function BN_rand_range(), and fix DSA_sign_setup() to prevent | |
608 | Bleichenbacher's DSA attack. | |
609 | Extend BN_[pseudo_]rand: As before, top=1 forces the highest two bits | |
610 | to be set and top=0 forces the highest bit to be set; top=-1 is new | |
611 | and leaves the highest bit random. | |
612 | [Ulf Moeller, Bodo Moeller] | |
613 | ||
614 | +) Update Rijndael code to version 3.0 and change EVP AES ciphers to | |
615 | handle the new API. Currently only ECB, CBC modes supported. Add new | |
616 | AES OIDs. Add TLS AES ciphersuites as described in the "AES Ciphersuites | |
617 | for TLS" draft-ietf-tls-ciphersuite-03.txt. | |
618 | [Ben Laurie, Steve Henson] | |
619 | ||
620 | *) In the NCONF_...-based implementations for CONF_... queries | |
621 | (crypto/conf/conf_lib.c), if the input LHASH is NULL, avoid using | |
622 | a temporary CONF structure with the data component set to NULL | |
623 | (which gives segmentation faults in lh_retrieve). | |
624 | Instead, use NULL for the CONF pointer in CONF_get_string and | |
625 | CONF_get_number (which may use environment variables) and directly | |
626 | return NULL from CONF_get_section. | |
627 | [Bodo Moeller] | |
628 | ||
629 | *) Fix potential buffer overrun for EBCDIC. | |
630 | [Ulf Moeller] | |
631 | ||
632 | +) New function OCSP_copy_nonce() to copy nonce value (if present) from | |
633 | request to response. | |
634 | [Steve Henson] | |
635 | ||
636 | +) Functions for OCSP responders. OCSP_request_onereq_count(), | |
637 | OCSP_request_onereq_get0(), OCSP_onereq_get0_id() and OCSP_id_get0_info() | |
638 | extract information from a certificate request. OCSP_response_create() | |
639 | creates a response and optionally adds a basic response structure. | |
640 | OCSP_basic_add1_status() adds a complete single response to a basic | |
641 | reponse and returns the OCSP_SINGLERESP structure just added (to allow | |
642 | extensions to be included for example). OCSP_basic_add1_cert() adds a | |
643 | certificate to a basic response and OCSP_basic_sign() signs a basic | |
644 | response with various flags. New helper functions ASN1_TIME_check() | |
645 | (checks validity of ASN1_TIME structure) and ASN1_TIME_to_generalizedtime() | |
646 | (converts ASN1_TIME to GeneralizedTime). | |
647 | [Steve Henson] | |
648 | ||
649 | +) Various new functions. EVP_Digest() combines EVP_Digest{Init,Update,Final}() | |
650 | in a single operation. X509_get0_pubkey_bitstr() extracts the public_key | |
651 | structure from a certificate. X509_pubkey_digest() digests tha public_key | |
652 | contents: this is used in various key identifiers. | |
653 | [Steve Henson] | |
654 | ||
655 | *) Tolerate nonRepudiation as being valid for S/MIME signing and certSign | |
656 | keyUsage if basicConstraints absent for a CA. | |
657 | [Steve Henson] | |
658 | ||
659 | *) Make SMIME_write_PKCS7() write mail header values with a format that | |
660 | is more generally accepted (no spaces before the semicolon), since | |
661 | some programs can't parse those values properly otherwise. Also make | |
662 | sure BIO's that break lines after each write do not create invalid | |
663 | headers. | |
664 | [Richard Levitte] | |
665 | ||
666 | +) Make sk_sort() tolerate a NULL argument. | |
667 | [Steve Henson reported by Massimiliano Pala <madwolf@comune.modena.it>] | |
668 | ||
669 | +) New OCSP verify flag OCSP_TRUSTOTHER. When set the "other" certificates | |
670 | passed by the function are trusted implicitly. If any of them signed the | |
671 | reponse then it is assumed to be valid and is not verified. | |
672 | [Steve Henson] | |
673 | ||
674 | -) Make the CRL encoding routines work with empty SEQUENCE OF. The | |
675 | macros previously used would not encode an empty SEQUENCE OF | |
676 | and break the signature. | |
677 | [Steve Henson] | |
678 | [This change does not apply to 0.9.7.] | |
679 | ||
680 | *) Zero the premaster secret after deriving the master secret in | |
681 | DH ciphersuites. | |
682 | [Steve Henson] | |
683 | ||
684 | +) In PKCS7_set_type() initialise content_type in PKCS7_ENC_CONTENT | |
685 | to data. This was previously part of the PKCS7 ASN1 code. This | |
686 | was causing problems with OpenSSL created PKCS#12 and PKCS#7 structures. | |
687 | [Steve Henson, reported by Kenneth R. Robinette | |
688 | <support@securenetterm.com>] | |
689 | ||
690 | +) Add CRYPTO_push_info() and CRYPTO_pop_info() calls to new ASN1 | |
691 | routines: without these tracing memory leaks is very painful. | |
692 | Fix leaks in PKCS12 and PKCS7 routines. | |
693 | [Steve Henson] | |
694 | ||
695 | *) Add some EVP_add_digest_alias registrations (as found in | |
696 | OpenSSL_add_all_digests()) to SSL_library_init() | |
697 | aka OpenSSL_add_ssl_algorithms(). This provides improved | |
698 | compatibility with peers using X.509 certificates | |
699 | with unconventional AlgorithmIdentifier OIDs. | |
700 | [Bodo Moeller] | |
701 | ||
702 | *) Fix for Irix with NO_ASM. | |
703 | ["Bruce W. Forsberg" <bruce.forsberg@baesystems.com>] | |
704 | ||
705 | *) ./config script fixes. | |
706 | [Ulf Moeller, Richard Levitte] | |
707 | ||
708 | +) Make X509_time_adj() cope with the new behaviour of ASN1_TIME_new(). | |
709 | Previously it initialised the 'type' argument to V_ASN1_UTCTIME which | |
710 | effectively meant GeneralizedTime would never be used. Now it | |
711 | is initialised to -1 but X509_time_adj() now has to check the value | |
712 | and use ASN1_TIME_set() if the value is not V_ASN1_UTCTIME or | |
713 | V_ASN1_GENERALIZEDTIME, without this it always uses GeneralizedTime. | |
714 | [Steve Henson, reported by Kenneth R. Robinette | |
715 | <support@securenetterm.com>] | |
716 | ||
717 | +) Fixes to BN_to_ASN1_INTEGER when bn is zero. This would previously | |
718 | result in a zero length in the ASN1_INTEGER structure which was | |
719 | not consistent with the structure when d2i_ASN1_INTEGER() was used | |
720 | and would cause ASN1_INTEGER_cmp() to fail. Enhance s2i_ASN1_INTEGER() | |
721 | to cope with hex and negative integers. Fix bug in i2a_ASN1_INTEGER() | |
722 | where it did not print out a minus for negative ASN1_INTEGER. | |
723 | [Steve Henson] | |
724 | ||
725 | *) Fix 'openssl passwd -1'. | |
726 | [Bodo Moeller] | |
727 | ||
728 | +) Add summary printout to ocsp utility. The various functions which | |
729 | convert status values to strings have been renamed to: | |
730 | OCSP_response_status_str(), OCSP_cert_status_str() and | |
731 | OCSP_crl_reason_str() and are no longer static. New options | |
732 | to verify nonce values and to disable verification. OCSP response | |
733 | printout format cleaned up. | |
734 | [Steve Henson] | |
735 | ||
736 | +) Add additional OCSP certificate checks. These are those specified | |
737 | in RFC2560. This consists of two separate checks: the CA of the | |
738 | certificate being checked must either be the OCSP signer certificate | |
739 | or the issuer of the OCSP signer certificate. In the latter case the | |
740 | OCSP signer certificate must contain the OCSP signing extended key | |
741 | usage. This check is performed by attempting to match the OCSP | |
742 | signer or the OCSP signer CA to the issuerNameHash and issuerKeyHash | |
743 | in the OCSP_CERTID structures of the response. | |
744 | [Steve Henson] | |
745 | ||
746 | +) Initial OCSP certificate verification added to OCSP_basic_verify() | |
747 | and related routines. This uses the standard OpenSSL certificate | |
748 | verify routines to perform initial checks (just CA validity) and | |
749 | to obtain the certificate chain. Then additional checks will be | |
750 | performed on the chain. Currently the root CA is checked to see | |
751 | if it is explicitly trusted for OCSP signing. This is used to set | |
752 | a root CA as a global signing root: that is any certificate that | |
753 | chains to that CA is an acceptable OCSP signing certificate. | |
754 | [Steve Henson] | |
755 | ||
756 | +) New '-extfile ...' option to 'openssl ca' for reading X.509v3 | |
757 | extensions from a separate configuration file. | |
758 | As when reading extensions from the main configuration file, | |
759 | the '-extensions ...' option may be used for specifying the | |
760 | section to use. | |
761 | [Massimiliano Pala <madwolf@comune.modena.it>] | |
762 | ||
763 | *) Change PKCS12_key_gen_asc() so it can cope with non null | |
764 | terminated strings whose length is passed in the passlen | |
765 | parameter, for example from PEM callbacks. This was done | |
766 | by adding an extra length parameter to asc2uni(). | |
767 | [Steve Henson, reported by <oddissey@samsung.co.kr>] | |
768 | ||
769 | +) New OCSP utility. Allows OCSP requests to be generated or | |
770 | read. The request can be sent to a responder and the output | |
771 | parsed, outputed or printed in text form. Not complete yet: | |
772 | still needs to check the OCSP response validity. | |
773 | [Steve Henson] | |
774 | ||
775 | +) New subcommands for 'openssl ca': | |
776 | 'openssl ca -status <serial>' prints the status of the cert with | |
777 | the given serial number (according to the index file). | |
778 | 'openssl ca -updatedb' updates the expiry status of certificates | |
779 | in the index file. | |
780 | [Massimiliano Pala <madwolf@comune.modena.it>] | |
781 | ||
782 | +) New '-newreq-nodes' command option to CA.pl. This is like | |
783 | '-newreq', but calls 'openssl req' with the '-nodes' option | |
784 | so that the resulting key is not encrypted. | |
785 | [Damien Miller <djm@mindrot.org>] | |
786 | ||
787 | +) New configuration for the GNU Hurd. | |
788 | [Jonathan Bartlett <johnnyb@wolfram.com> via Richard Levitte] | |
789 | ||
790 | +) Initial code to implement OCSP basic response verify. This | |
791 | is currently incomplete. Currently just finds the signer's | |
792 | certificate and verifies the signature on the response. | |
793 | [Steve Henson] | |
794 | ||
795 | +) New SSLeay_version code SSLEAY_DIR to determine the compiled-in | |
796 | value of OPENSSLDIR. This is available via the new '-d' option | |
797 | to 'openssl version', and is also included in 'openssl version -a'. | |
798 | [Bodo Moeller] | |
799 | ||
800 | *) Fix C code generated by 'openssl dsaparam -C': If a BN_bin2bn | |
801 | call failed, free the DSA structure. | |
802 | [Bodo Moeller] | |
803 | ||
804 | +) Allowing defining memory allocation callbacks that will be given | |
805 | file name and line number information in additional arguments | |
806 | (a const char* and an int). The basic functionality remains, as | |
807 | well as the original possibility to just replace malloc(), | |
808 | realloc() and free() by functions that do not know about these | |
809 | additional arguments. To register and find out the current | |
810 | settings for extended allocation functions, the following | |
811 | functions are provided: | |
812 | ||
813 | CRYPTO_set_mem_ex_functions | |
814 | CRYPTO_set_locked_mem_ex_functions | |
815 | CRYPTO_get_mem_ex_functions | |
816 | CRYPTO_get_locked_mem_ex_functions | |
817 | ||
818 | These work the same way as CRYPTO_set_mem_functions and friends. | |
819 | CRYPTO_get_[locked_]mem_functions now writes 0 where such an | |
820 | extended allocation function is enabled. | |
821 | Similarly, CRYPTO_get_[locked_]mem_ex_functions writes 0 where | |
822 | a conventional allocation function is enabled. | |
823 | [Richard Levitte, Bodo Moeller] | |
824 | ||
825 | *) Fix to uni2asc() to cope with zero length Unicode strings. | |
826 | These are present in some PKCS#12 files. | |
827 | [Steve Henson] | |
828 | ||
829 | +) Finish off removing the remaining LHASH function pointer casts. | |
830 | There should no longer be any prototype-casting required when using | |
831 | the LHASH abstraction, and any casts that remain are "bugs". See | |
832 | the callback types and macros at the head of lhash.h for details | |
833 | (and "OBJ_cleanup" in crypto/objects/obj_dat.c as an example). | |
834 | [Geoff Thorpe] | |
835 | ||
836 | +) Add automatic query of EGD sockets in RAND_poll() for the unix variant. | |
837 | If /dev/[u]random devices are not available or do not return enough | |
838 | entropy, EGD style sockets (served by EGD or PRNGD) will automatically | |
839 | be queried. | |
840 | The locations /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool, and | |
841 | /etc/entropy will be queried once each in this sequence, quering stops | |
842 | when enough entropy was collected without querying more sockets. | |
843 | [Lutz Jaenicke] | |
844 | ||
845 | +) Change the Unix RAND_poll() variant to be able to poll several | |
846 | random devices, as specified by DEVRANDOM, until a sufficient amount | |
847 | of data has been collected. We spend at most 10 ms on each file | |
848 | (select timeout) and read in non-blocking mode. DEVRANDOM now | |
849 | defaults to the list "/dev/urandom", "/dev/random", "/dev/srandom" | |
850 | (previously it was just the string "/dev/urandom"), so on typical | |
851 | platforms the 10 ms delay will never occur. | |
852 | Also separate out the Unix variant to its own file, rand_unix.c. | |
853 | For VMS, there's a currently-empty rand_vms.c. | |
854 | [Richard Levitte] | |
855 | ||
856 | +) Move OCSP client related routines to ocsp_cl.c. These | |
857 | provide utility functions which an application needing | |
858 | to issue a request to an OCSP responder and analyse the | |
859 | response will typically need: as opposed to those which an | |
860 | OCSP responder itself would need which will be added later. | |
861 | ||
862 | OCSP_request_sign() signs an OCSP request with an API similar | |
863 | to PKCS7_sign(). OCSP_response_status() returns status of OCSP | |
864 | response. OCSP_response_get1_basic() extracts basic response | |
865 | from response. OCSP_resp_find_status(): finds and extracts status | |
866 | information from an OCSP_CERTID structure (which will be created | |
867 | when the request structure is built). These are built from lower | |
868 | level functions which work on OCSP_SINGLERESP structures but | |
869 | wont normally be used unless the application wishes to examine | |
870 | extensions in the OCSP response for example. | |
871 | ||
872 | Replace nonce routines with a pair of functions. | |
873 | OCSP_request_add1_nonce() adds a nonce value and optionally | |
874 | generates a random value. OCSP_check_nonce() checks the | |
875 | validity of the nonce in an OCSP response. | |
876 | [Steve Henson] | |
877 | ||
878 | +) Change function OCSP_request_add() to OCSP_request_add0_id(). | |
879 | This doesn't copy the supplied OCSP_CERTID and avoids the | |
880 | need to free up the newly created id. Change return type | |
881 | to OCSP_ONEREQ to return the internal OCSP_ONEREQ structure. | |
882 | This can then be used to add extensions to the request. | |
883 | Deleted OCSP_request_new(), since most of its functionality | |
884 | is now in OCSP_REQUEST_new() (and the case insensitive name | |
885 | clash) apart from the ability to set the request name which | |
886 | will be added elsewhere. | |
887 | [Steve Henson] | |
888 | ||
889 | +) Update OCSP API. Remove obsolete extensions argument from | |
890 | various functions. Extensions are now handled using the new | |
891 | OCSP extension code. New simple OCSP HTTP function which | |
892 | can be used to send requests and parse the response. | |
893 | [Steve Henson] | |
894 | ||
895 | +) Fix the PKCS#7 (S/MIME) code to work with new ASN1. Two new | |
896 | ASN1_ITEM structures help with sign and verify. PKCS7_ATTR_SIGN | |
897 | uses the special reorder version of SET OF to sort the attributes | |
898 | and reorder them to match the encoded order. This resolves a long | |
899 | standing problem: a verify on a PKCS7 structure just after signing | |
900 | it used to fail because the attribute order did not match the | |
901 | encoded order. PKCS7_ATTR_VERIFY does not reorder the attributes: | |
902 | it uses the received order. This is necessary to tolerate some broken | |
903 | software that does not order SET OF. This is handled by encoding | |
904 | as a SEQUENCE OF but using implicit tagging (with UNIVERSAL class) | |
905 | to produce the required SET OF. | |
906 | [Steve Henson] | |
907 | ||
908 | +) Have mk1mf.pl generate the macros OPENSSL_BUILD_SHLIBCRYPTO and | |
909 | OPENSSL_BUILD_SHLIBSSL and use them appropriately in the header | |
910 | files to get correct declarations of the ASN.1 item variables. | |
911 | [Richard Levitte] | |
912 | ||
913 | +) Rewrite of PKCS#12 code to use new ASN1 functionality. Replace many | |
914 | PKCS#12 macros with real functions. Fix two unrelated ASN1 bugs: | |
915 | asn1_check_tlen() would sometimes attempt to use 'ctx' when it was | |
916 | NULL and ASN1_TYPE was not dereferenced properly in asn1_ex_c2i(). | |
917 | New ASN1 macro: DECLARE_ASN1_ITEM() which just declares the relevant | |
918 | ASN1_ITEM and no wrapper functions. | |
919 | [Steve Henson] | |
920 | ||
921 | +) New functions or ASN1_item_d2i_fp() and ASN1_item_d2i_bio(). These | |
922 | replace the old function pointer based I/O routines. Change most of | |
923 | the *_d2i_bio() and *_d2i_fp() functions to use these. | |
924 | [Steve Henson] | |
925 | ||
926 | +) Enhance mkdef.pl to be more accepting about spacing in C preprocessor | |
927 | lines, recognice more "algorithms" that can be deselected, and make | |
928 | it complain about algorithm deselection that isn't recognised. | |
929 | [Richard Levitte] | |
930 | ||
931 | +) New ASN1 functions to handle dup, sign, verify, digest, pack and | |
932 | unpack operations in terms of ASN1_ITEM. Modify existing wrappers | |
933 | to use new functions. Add NO_ASN1_OLD which can be set to remove | |
934 | some old style ASN1 functions: this can be used to determine if old | |
935 | code will still work when these eventually go away. | |
936 | [Steve Henson] | |
937 | ||
938 | +) New extension functions for OCSP structures, these follow the | |
939 | same conventions as certificates and CRLs. | |
940 | [Steve Henson] | |
941 | ||
942 | +) New function X509V3_add1_i2d(). This automatically encodes and | |
943 | adds an extension. Its behaviour can be customised with various | |
944 | flags to append, replace or delete. Various wrappers added for | |
945 | certifcates and CRLs. | |
946 | [Steve Henson] | |
947 | ||
948 | +) Fix to avoid calling the underlying ASN1 print routine when | |
949 | an extension cannot be parsed. Correct a typo in the | |
950 | OCSP_SERVICELOC extension. Tidy up print OCSP format. | |
951 | [Steve Henson] | |
952 | ||
953 | *) Increase s2->wbuf allocation by one byte in ssl2_new (ssl/s2_lib.c). | |
954 | Otherwise do_ssl_write (ssl/s2_pkt.c) will write beyond buffer limits | |
955 | when writing a 32767 byte record. | |
956 | [Bodo Moeller; problem reported by Eric Day <eday@concentric.net>] | |
957 | ||
958 | *) In RSA_eay_public_{en,ed}crypt and RSA_eay_mod_exp (rsa_eay.c), | |
959 | obtain lock CRYPTO_LOCK_RSA before setting rsa->_method_mod_{n,p,q}. | |
960 | ||
961 | (RSA objects have a reference count access to which is protected | |
962 | by CRYPTO_LOCK_RSA [see rsa_lib.c, s3_srvr.c, ssl_cert.c, ssl_rsa.c], | |
963 | so they are meant to be shared between threads.) | |
964 | [Bodo Moeller, Geoff Thorpe; original patch submitted by | |
965 | "Reddie, Steven" <Steven.Reddie@ca.com>] | |
966 | ||
967 | +) Make mkdef.pl parse some of the ASN1 macros and add apropriate | |
968 | entries for variables. | |
969 | [Steve Henson] | |
970 | ||
971 | *) Fix a deadlock in CRYPTO_mem_leaks(). | |
972 | [Bodo Moeller] | |
973 | ||
974 | +) Add functionality to apps/openssl.c for detecting locking | |
975 | problems: As the program is single-threaded, all we have | |
976 | to do is register a locking callback using an array for | |
977 | storing which locks are currently held by the program. | |
978 | [Bodo Moeller] | |
979 | ||
980 | +) Use a lock around the call to CRYPTO_get_ex_new_index() in | |
981 | SSL_get_ex_data_X509_STORE_idx(), which is used in | |
982 | ssl_verify_cert_chain() and thus can be called at any time | |
983 | during TLS/SSL handshakes so that thread-safety is essential. | |
984 | Unfortunately, the ex_data design is not at all suited | |
985 | for multi-threaded use, so it probably should be abolished. | |
986 | [Bodo Moeller] | |
987 | ||
988 | +) Added Broadcom "ubsec" ENGINE to OpenSSL. | |
989 | [Broadcom, tweaked and integrated by Geoff Thorpe] | |
990 | ||
991 | +) Move common extension printing code to new function | |
992 | X509V3_print_extensions(). Reorganise OCSP print routines and | |
993 | implement some needed OCSP ASN1 functions. Add OCSP extensions. | |
994 | [Steve Henson] | |
995 | ||
996 | +) New function X509_signature_print() to remove duplication in some | |
997 | print routines. | |
998 | [Steve Henson] | |
999 | ||
1000 | +) Add a special meaning when SET OF and SEQUENCE OF flags are both | |
1001 | set (this was treated exactly the same as SET OF previously). This | |
1002 | is used to reorder the STACK representing the structure to match the | |
1003 | encoding. This will be used to get round a problem where a PKCS7 | |
1004 | structure which was signed could not be verified because the STACK | |
1005 | order did not reflect the encoded order. | |
1006 | [Steve Henson] | |
1007 | ||
1008 | +) Reimplement the OCSP ASN1 module using the new code. | |
1009 | [Steve Henson] | |
1010 | ||
1011 | +) Update the X509V3 code to permit the use of an ASN1_ITEM structure | |
1012 | for its ASN1 operations. The old style function pointers still exist | |
1013 | for now but they will eventually go away. | |
1014 | [Steve Henson] | |
1015 | ||
1016 | +) Merge in replacement ASN1 code from the ASN1 branch. This almost | |
1017 | completely replaces the old ASN1 functionality with a table driven | |
1018 | encoder and decoder which interprets an ASN1_ITEM structure describing | |
1019 | the ASN1 module. Compatibility with the existing ASN1 API (i2d,d2i) is | |
1020 | largely maintained. Almost all of the old asn1_mac.h macro based ASN1 | |
1021 | has also been converted to the new form. | |
1022 | [Steve Henson] | |
1023 | ||
1024 | +) Change BN_mod_exp_recp so that negative moduli are tolerated | |
1025 | (the sign is ignored). Similarly, ignore the sign in BN_MONT_CTX_set | |
1026 | so that BN_mod_exp_mont and BN_mod_exp_mont_word work | |
1027 | for negative moduli. | |
1028 | [Bodo Moeller] | |
1029 | ||
1030 | +) Fix BN_uadd and BN_usub: Always return non-negative results instead | |
1031 | of not touching the result's sign bit. | |
1032 | [Bodo Moeller] | |
1033 | ||
1034 | +) BN_div bugfix: If the result is 0, the sign (res->neg) must not be | |
1035 | set. | |
1036 | [Bodo Moeller] | |
1037 | ||
1038 | +) Changed the LHASH code to use prototypes for callbacks, and created | |
1039 | macros to declare and implement thin (optionally static) functions | |
1040 | that provide type-safety and avoid function pointer casting for the | |
1041 | type-specific callbacks. | |
1042 | [Geoff Thorpe] | |
1043 | ||
1044 | *) Use better test patterns in bntest. | |
1045 |