[thirdparty/openssl.git] / CHANGES

 OpenSSL CHANGES
 _______________

 Changes between 0.9.6 and 0.9.7  [xx XXX 2000]

  *) Move OCSP client related routines to ocsp_cl.c. These
     provide utility functions which an application needing
     to issue a request to an OCSP responder and analyse the
     response will typically need: as opposed to those which an
     OCSP responder itself would need which will be added later.

     OCSP_request_sign() signs an OCSP request with an API similar
     to PKCS7_sign(). OCSP_response_status() returns status of OCSP
     response. OCSP_response_get1_basic() extracts basic response
     from response. OCSP_resp_find_status(): finds and extracts status
     information from an OCSP_CERTID structure (which will be created
     when the request structure is built). These are built from lower
     level functions which work on OCSP_SINGLERESP structures but
     wont normally be used unless the application wishes to examine
     extensions in the OCSP response for example.

     Replace nonce routines with a pair of functions.
     OCSP_request_add1_nonce() adds a nonce value and optionally
     generates a random value. OCSP_check_nonce() checks the
     validity of the nonce in an OCSP response.
     [Steve Henson]

  *) Change function OCSP_request_add() to OCSP_request_add0_id().
     This doesn't copy the supplied OCSP_CERTID and avoids the
     need to free up the newly created id. Change return type
     to OCSP_ONEREQ to return the internal OCSP_ONEREQ structure.
     This can then be used to add extensions to the request.
     Deleted OCSP_request_new(), since most of its functionality
     is now in OCSP_REQUEST_new() (and the case insensitive name
     clash) apart from the ability to set the request name which
     will be added elsewhere.
     [Steve Henson]

  *) Update OCSP API. Remove obsolete extensions argument from
     various functions. Extensions are now handled using the new
     OCSP extension code. New simple OCSP HTTP function which 
     can be used to send requests and parse the response.
     [Steve Henson]

  *) Fix the PKCS#7 (S/MIME) code to work with new ASN1. Two new
     ASN1_ITEM structures help with sign and verify. PKCS7_ATTR_SIGN
     uses the special reorder version of SET OF to sort the attributes
     and reorder them to match the encoded order. This resolves a long
     standing problem: a verify on a PKCS7 structure just after signing
     it used to fail because the attribute order did not match the
     encoded order. PKCS7_ATTR_VERIFY does not reorder the attributes:
     it uses the received order. This is necessary to tolerate some broken
     software that does not order SET OF. This is handled by encoding
     as a SEQUENCE OF but using implicit tagging (with UNIVERSAL class)
     to produce the required SET OF.
     [Steve Henson]

  *) Have mk1mf.pl generate the macros OPENSSL_BUILD_SHLIBCRYPTO and
     OPENSSL_BUILD_SHLIBSSL and use them appropriately in the header
     files to get correct declarations of the ASN.1 item variables.
     [Richard Levitte]

  *) Rewrite of PKCS#12 code to use new ASN1 functionality. Replace many
     PKCS#12 macros with real functions. Fix two unrelated ASN1 bugs:
     asn1_check_tlen() would sometimes attempt to use 'ctx' when it was
     NULL and ASN1_TYPE was not dereferenced properly in asn1_ex_c2i().
     New ASN1 macro: DECLARE_ASN1_ITEM() which just declares the relevant
     ASN1_ITEM and no wrapper functions.
     [Steve Henson]

  *) New functions or ASN1_item_d2i_fp() and ASN1_item_d2i_bio(). These
     replace the old function pointer based I/O routines. Change most of
     the *_d2i_bio() and *_d2i_fp() functions to use these.
     [Steve Henson]

  *) Enhance mkdef.pl to be more accepting about spacing in C preprocessor
     lines, recognice more "algorithms" that can be deselected, and make
     it complain about algorithm deselection that isn't recognised.
     [Richard Levitte]

  *) New ASN1 functions to handle dup, sign, verify, digest, pack and
     unpack operations in terms of ASN1_ITEM. Modify existing wrappers
     to use new functions. Add NO_ASN1_OLD which can be set to remove
     some old style ASN1 functions: this can be used to determine if old
     code will still work when these eventually go away.
     [Steve Henson]

  *) New extension functions for OCSP structures, these follow the
     same conventions as certificates and CRLs.
     [Steve Henson]

  *) New function X509V3_add1_i2d(). This automatically encodes and
     adds an extension. Its behaviour can be customised with various
     flags to append, replace or delete. Various wrappers added for
     certifcates and CRLs.
     [Steve Henson]

  *) Fix to avoid calling the underlying ASN1 print routine when
     an extension cannot be parsed. Correct a typo in the
     OCSP_SERVICELOC extension. Tidy up print OCSP format.
     [Steve Henson]

  *) Increase s2->wbuf allocation by one byte in ssl2_new (ssl/s2_lib.c).
     Otherwise do_ssl_write (ssl/s2_pkt.c) will write beyond buffer limits
     when writing a 32767 byte record.
     [Bodo Moeller; problem reported by Eric Day <eday@concentric.net>]

  *) In RSA_eay_public_{en,ed}crypt and RSA_eay_mod_exp (rsa_eay.c),
     obtain lock CRYPTO_LOCK_RSA before setting rsa->_method_mod_{n,p,q}.

     (RSA objects have a reference count access to which is protected
     by CRYPTO_LOCK_RSA [see rsa_lib.c, s3_srvr.c, ssl_cert.c, ssl_rsa.c],
     so they are meant to be shared between threads.)
     [Bodo Moeller, Geoff Thorpe; original patch submitted by
     "Reddie, Steven" <Steven.Reddie@ca.com>]

  *) Make mkdef.pl parse some of the ASN1 macros and add apropriate
     entries for variables.
     [Steve Henson]

  *) Fix a deadlock in CRYPTO_mem_leaks().
     [Bodo Moeller]

  *) Add functionality to apps/openssl.c for detecting locking
     problems: As the program is single-threaded, all we have
     to do is register a locking callback using an array for
     storing which locks are currently held by the program.
     [Bodo Moeller]

  *) Use a lock around the call to CRYPTO_get_ex_new_index() in
     SSL_get_ex_data_X509_STORE_idx(), which is used in
     ssl_verify_cert_chain() and thus can be called at any time
     during TLS/SSL handshakes so that thread-safety is essential.
     Unfortunately, the ex_data design is not at all suited
     for multi-threaded use, so it probably should be abolished.
     [Bodo Moeller]

  *) Added Broadcom "ubsec" ENGINE to OpenSSL.
     [Broadcom, tweaked and integrated by Geoff Thorpe]

  *) Move common extension printing code to new function
     X509V3_print_extensions(). Reorganise OCSP print routines and
     implement some needed OCSP ASN1 functions. Add OCSP extensions.
     [Steve Henson]

  *) New function X509_signature_print() to remove duplication in some
     print routines.
     [Steve Henson]

  *) Add a special meaning when SET OF and SEQUENCE OF flags are both
     set (this was treated exactly the same as SET OF previously). This
     is used to reorder the STACK representing the structure to match the
     encoding. This will be used to get round a problem where a PKCS7
     structure which was signed could not be verified because the STACK
     order did not reflect the encoded order.
     [Steve Henson]

  *) Reimplement the OCSP ASN1 module using the new code.
     [Steve Henson]

  *) Update the X509V3 code to permit the use of an ASN1_ITEM structure
     for its ASN1 operations. The old style function pointers still exist
     for now but they will eventually go away.
     [Steve Henson]

  *) Merge in replacement ASN1 code from the ASN1 branch. This almost
     completely replaces the old ASN1 functionality with a table driven
     encoder and decoder which interprets an ASN1_ITEM structure describing
     the ASN1 module. Compatibility with the existing ASN1 API (i2d,d2i) is
     largely maintained. Almost all of the old asn1_mac.h macro based ASN1
     has also been converted to the new form.
     [Steve Henson]

  *) Change BN_mod_exp_recp so that negative moduli are tolerated
     (the sign is ignored).  Similarly, ignore the sign in BN_MONT_CTX_set
     so that BN_mod_exp_mont and BN_mod_exp_mont_word work
     for negative moduli.
     [Bodo Moeller]

  *) Fix BN_uadd and BN_usub: Always return non-negative results instead
     of not touching the result's sign bit.
     [Bodo Moeller]

  *) BN_div bugfix: If the result is 0, the sign (res->neg) must not be
     set.
     [Bodo Moeller]

  *) Changed the LHASH code to use prototypes for callbacks, and created
     macros to declare and implement thin (optionally static) functions
     that provide type-safety and avoid function pointer casting for the
     type-specific callbacks.
     [Geoff Thorpe]

  *) Use better test patterns in bntest.
Commit	Line	Data
f1c236f8	1	OpenSSL CHANGES
651d0aff RE	2	_______________
651d0aff RE	3
c5e8580e RL	4	Changes between 0.9.6 and 0.9.7 [xx XXX 2000]
c5e8580e RL	5
0b33bc65 DSH	6	*) Move OCSP client related routines to ocsp_cl.c. These
	7	provide utility functions which an application needing
	8	to issue a request to an OCSP responder and analyse the
	9	response will typically need: as opposed to those which an
	10	OCSP responder itself would need which will be added later.
	11
	12	OCSP_request_sign() signs an OCSP request with an API similar
	13	to PKCS7_sign(). OCSP_response_status() returns status of OCSP
	14	response. OCSP_response_get1_basic() extracts basic response
	15	from response. OCSP_resp_find_status(): finds and extracts status
	16	information from an OCSP_CERTID structure (which will be created
	17	when the request structure is built). These are built from lower
	18	level functions which work on OCSP_SINGLERESP structures but
	19	wont normally be used unless the application wishes to examine
	20	extensions in the OCSP response for example.
	21
	22	Replace nonce routines with a pair of functions.
	23	OCSP_request_add1_nonce() adds a nonce value and optionally
	24	generates a random value. OCSP_check_nonce() checks the
	25	validity of the nonce in an OCSP response.
	26	[Steve Henson]
	27
	28	*) Change function OCSP_request_add() to OCSP_request_add0_id().
8e961835 DSH	29	This doesn't copy the supplied OCSP_CERTID and avoids the
	30	need to free up the newly created id. Change return type
	31	to OCSP_ONEREQ to return the internal OCSP_ONEREQ structure.
	32	This can then be used to add extensions to the request.
	33	Deleted OCSP_request_new(), since most of its functionality
	34	is now in OCSP_REQUEST_new() (and the case insensitive name
	35	clash) apart from the ability to set the request name which
	36	will be added elsewhere.
	37	[Steve Henson]
	38
bf0d176e DSH	39	*) Update OCSP API. Remove obsolete extensions argument from
	40	various functions. Extensions are now handled using the new
	41	OCSP extension code. New simple OCSP HTTP function which
	42	can be used to send requests and parse the response.
	43	[Steve Henson]
	44
ec5add87 DSH	45	*) Fix the PKCS#7 (S/MIME) code to work with new ASN1. Two new
	46	ASN1_ITEM structures help with sign and verify. PKCS7_ATTR_SIGN
	47	uses the special reorder version of SET OF to sort the attributes
	48	and reorder them to match the encoded order. This resolves a long
	49	standing problem: a verify on a PKCS7 structure just after signing
	50	it used to fail because the attribute order did not match the
	51	encoded order. PKCS7_ATTR_VERIFY does not reorder the attributes:
	52	it uses the received order. This is necessary to tolerate some broken
	53	software that does not order SET OF. This is handled by encoding
	54	as a SEQUENCE OF but using implicit tagging (with UNIVERSAL class)
	55	to produce the required SET OF.
	56	[Steve Henson]
	57
a6574c21 RL	58	*) Have mk1mf.pl generate the macros OPENSSL_BUILD_SHLIBCRYPTO and
	59	OPENSSL_BUILD_SHLIBSSL and use them appropriately in the header
	60	files to get correct declarations of the ASN.1 item variables.
	61	[Richard Levitte]
	62
ecbe0781 DSH	63	*) Rewrite of PKCS#12 code to use new ASN1 functionality. Replace many
	64	PKCS#12 macros with real functions. Fix two unrelated ASN1 bugs:
	65	asn1_check_tlen() would sometimes attempt to use 'ctx' when it was
	66	NULL and ASN1_TYPE was not dereferenced properly in asn1_ex_c2i().
	67	New ASN1 macro: DECLARE_ASN1_ITEM() which just declares the relevant
	68	ASN1_ITEM and no wrapper functions.
	69	[Steve Henson]
	70
4e1209eb DSH	71	*) New functions or ASN1_item_d2i_fp() and ASN1_item_d2i_bio(). These
	72	replace the old function pointer based I/O routines. Change most of
	73	the _d2i_bio() and _d2i_fp() functions to use these.
	74	[Steve Henson]
	75
3f07fe09 RL	76	*) Enhance mkdef.pl to be more accepting about spacing in C preprocessor
	77	lines, recognice more "algorithms" that can be deselected, and make
	78	it complain about algorithm deselection that isn't recognised.
	79	[Richard Levitte]
	80
78d3b819	81	*) New ASN1 functions to handle dup, sign, verify, digest, pack and
73e92de5 DSH	82	unpack operations in terms of ASN1_ITEM. Modify existing wrappers
	83	to use new functions. Add NO_ASN1_OLD which can be set to remove
	84	some old style ASN1 functions: this can be used to determine if old
	85	code will still work when these eventually go away.
09ab755c DSH	86	[Steve Henson]
09ab755c DSH	87
ec558b65 DSH	88	*) New extension functions for OCSP structures, these follow the
	89	same conventions as certificates and CRLs.
	90	[Steve Henson]
	91
57d2f217 DSH	92	*) New function X509V3_add1_i2d(). This automatically encodes and
	93	adds an extension. Its behaviour can be customised with various
	94	flags to append, replace or delete. Various wrappers added for
	95	certifcates and CRLs.
	96	[Steve Henson]
	97
5755cab4 DSH	98	*) Fix to avoid calling the underlying ASN1 print routine when
	99	an extension cannot be parsed. Correct a typo in the
	100	OCSP_SERVICELOC extension. Tidy up print OCSP format.
	101	[Steve Henson]
	102
3880cd35 BM	103	*) Increase s2->wbuf allocation by one byte in ssl2_new (ssl/s2_lib.c).
	104	Otherwise do_ssl_write (ssl/s2_pkt.c) will write beyond buffer limits
	105	when writing a 32767 byte record.
	106	[Bodo Moeller; problem reported by Eric Day <eday@concentric.net>]
	107
f640ee90	108	*) In RSA_eay_public_{en,ed}crypt and RSA_eay_mod_exp (rsa_eay.c),
126fe085	109	obtain lock CRYPTO_LOCK_RSA before setting rsa->_method_mod_{n,p,q}.
f640ee90 BM	110
	111	(RSA objects have a reference count access to which is protected
	112	by CRYPTO_LOCK_RSA [see rsa_lib.c, s3_srvr.c, ssl_cert.c, ssl_rsa.c],
	113	so they are meant to be shared between threads.)
126fe085 BM	114	[Bodo Moeller, Geoff Thorpe; original patch submitted by
126fe085 BM	115	"Reddie, Steven" <Steven.Reddie@ca.com>]
f640ee90	116
9c67ab2f DSH	117	*) Make mkdef.pl parse some of the ASN1 macros and add apropriate
9c67ab2f DSH	118	entries for variables.
5755cab4	119	[Steve Henson]
9c67ab2f	120
1456d186 BM	121	*) Fix a deadlock in CRYPTO_mem_leaks().
	122	[Bodo Moeller]
	123
3ac82faa BM	124	*) Add functionality to apps/openssl.c for detecting locking
	125	problems: As the program is single-threaded, all we have
	126	to do is register a locking callback using an array for
	127	storing which locks are currently held by the program.
3ac82faa BM	128	[Bodo Moeller]
	129
	130	*) Use a lock around the call to CRYPTO_get_ex_new_index() in
	131	SSL_get_ex_data_X509_STORE_idx(), which is used in
	132	ssl_verify_cert_chain() and thus can be called at any time
	133	during TLS/SSL handshakes so that thread-safety is essential.
	134	Unfortunately, the ex_data design is not at all suited
	135	for multi-threaded use, so it probably should be abolished.
	136	[Bodo Moeller]
	137
2a86064f GT	138	*) Added Broadcom "ubsec" ENGINE to OpenSSL.
	139	[Broadcom, tweaked and integrated by Geoff Thorpe]
	140
2c15d426 DSH	141	*) Move common extension printing code to new function
2c15d426 DSH	142	X509V3_print_extensions(). Reorganise OCSP print routines and
c08523d8	143	implement some needed OCSP ASN1 functions. Add OCSP extensions.
2c15d426 DSH	144	[Steve Henson]
2c15d426 DSH	145
de487514 DSH	146	*) New function X509_signature_print() to remove duplication in some
	147	print routines.
	148	[Steve Henson]
	149
06db4253 DSH	150	*) Add a special meaning when SET OF and SEQUENCE OF flags are both
	151	set (this was treated exactly the same as SET OF previously). This
	152	is used to reorder the STACK representing the structure to match the
	153	encoding. This will be used to get round a problem where a PKCS7
	154	structure which was signed could not be verified because the STACK
	155	order did not reflect the encoded order.
	156	[Steve Henson]
	157
36f554d4 DSH	158	*) Reimplement the OCSP ASN1 module using the new code.
	159	[Steve Henson]
	160
2aff7727 DSH	161	*) Update the X509V3 code to permit the use of an ASN1_ITEM structure
	162	for its ASN1 operations. The old style function pointers still exist
	163	for now but they will eventually go away.
	164	[Steve Henson]
	165
9d6b1ce6	166	*) Merge in replacement ASN1 code from the ASN1 branch. This almost
5755cab4 DSH	167	completely replaces the old ASN1 functionality with a table driven
	168	encoder and decoder which interprets an ASN1_ITEM structure describing
	169	the ASN1 module. Compatibility with the existing ASN1 API (i2d,d2i) is
	170	largely maintained. Almost all of the old asn1_mac.h macro based ASN1
	171	has also been converted to the new form.
9d6b1ce6 DSH	172	[Steve Henson]
9d6b1ce6 DSH	173
8dea52fa BM	174	*) Change BN_mod_exp_recp so that negative moduli are tolerated
	175	(the sign is ignored). Similarly, ignore the sign in BN_MONT_CTX_set
	176	so that BN_mod_exp_mont and BN_mod_exp_mont_word work
	177	for negative moduli.
	178	[Bodo Moeller]
	179
	180	*) Fix BN_uadd and BN_usub: Always return non-negative results instead
	181	of not touching the result's sign bit.
	182	[Bodo Moeller]
	183
80d89e6a BM	184	*) BN_div bugfix: If the result is 0, the sign (res->neg) must not be
	185	set.
	186	[Bodo Moeller]
	187
f1919c3d GT	188	*) Changed the LHASH code to use prototypes for callbacks, and created
	189	macros to declare and implement thin (optionally static) functions
	190	that provide type-safety and avoid function pointer casting for the
	191	type-specific callbacks.
	192	[Geoff Thorpe]
	193
1946cd8b UM	194	*) Use better test patterns in bntest.
	195