[thirdparty/openssl.git] / CHANGES


 OpenSSL CHANGES
 _______________

 Changes between 0.9.5a and 0.9.6  [xx XXX 2000]

  *) For consistency with other BIO_puts implementations, call
     buffer_write(b, ...) directly in buffer_puts instead of calling
     BIO_write(b, ...).

     In BIO_puts, increment b->num_write as in BIO_write.
     [Peter.Sylvester@EdelWeb.fr]

  *) Fix BN_mul_word for the case where the word is 0. (We have to use
     BN_zero, we may not return a BIGNUM with an array consisting of
     words set to zero.)
     [Bodo Moeller]

  *) Avoid calling abort() from within the library when problems are
     detected, except if preprocessor symbols have been defined
     (such as REF_CHECK, BN_DEBUG etc.).
     [Bodo Moeller]

  *) New openssl application 'rsautl'. This utility can be
     used for low level RSA operations. DER public key
     BIO/fp routines also added.
     [Steve Henson]

  *) New Configure entry and patches for compiling on QNX 4.
     [Andreas Schneider <andreas@ds3.etech.fh-hamburg.de>]

  *) A demo state-machine implementation was sponsored by
     Nuron (http://www.nuron.com/) and is now available in
     demos/state_machine.
     [Ben Laurie]

  *) New options added to the 'dgst' utility for signature
     generation and verification.
     [Steve Henson]

  *) Unrecognized PKCS#7 content types are now handled via a
     catch all ASN1_TYPE structure. This allows unsupported
     types to be stored as a "blob" and an application can
     encode and decode it manually.
     [Steve Henson]

  *) Fix various signed/unsigned issues to make a_strex.c
     compile under VC++.
     [Oscar Jacobsson <oscar.jacobsson@celocom.com>]

  *) ASN1 fixes. i2d_ASN1_OBJECT was not returning the correct
     length if passed a buffer. ASN1_INTEGER_to_BN failed
     if passed a NULL BN and its argument was negative.
     [Steve Henson, pointed out by Sven Heiberg <sven@tartu.cyber.ee>]

  *) Modification to PKCS#7 encoding routines to output definite
     length encoding. Since currently the whole structures are in
     memory there's not real point in using indefinite length 
     constructed encoding. However if OpenSSL is compiled with
     the flag PKCS7_INDEFINITE_ENCODING the old form is used.
     [Steve Henson]

  *) Added BIO_vprintf() and BIO_vsnprintf().
     [Richard Levitte]

  *) Added more prefixes to parse for in the the strings written
     through a logging bio, to cover all the levels that are available
     through syslog.  The prefixes are now:

	PANIC, EMERG, EMR	=>	LOG_EMERG
	ALERT, ALR		=>	LOG_ALERT
	CRIT, CRI		=>	LOG_CRIT
	ERROR, ERR		=>	LOG_ERR
	WARNING, WARN, WAR	=>	LOG_WARNING
	NOTICE, NOTE, NOT	=>	LOG_NOTICE
	INFO, INF		=>	LOG_INFO
	DEBUG, DBG		=>	LOG_DEBUG

     and as before, if none of those prefixes are present at the
     beginning of the string, LOG_ERR is chosen.

     On Win32, the LOG_* levels are mapped according to this:

	LOG_EMERG, LOG_ALERT, LOG_CRIT, LOG_ERR	=> EVENTLOG_ERROR_TYPE
	LOG_WARNING				=> EVENTLOG_WARNING_TYPE
	LOG_NOTICE, LOG_INFO, LOG_DEBUG		=> EVENTLOG_INFORMATION_TYPE

     [Richard Levitte]

  *) Made it possible to reconfigure with just the configuration
     argument "reconf" or "reconfigure".  The command line arguments
     are stored in Makefile.ssl in the variable CONFIGURE_ARGS,
     and are retrieved from there when reconfiguring.
     [Richard Levitte]

  *) MD4 implemented.
     [Assar Westerlund <assar@sics.se>, Richard Levitte]

  *) Add the arguments -CAfile and -CApath to the pkcs12 utility.
     [Richard Levitte]

  *) The obj_dat.pl script was messing up the sorting of object
     names. The reason was that it compared the quoted version
     of strings as a result "OCSP" > "OCSP Signing" because
     " > SPACE. Changed script to store unquoted versions of
     names and add quotes on output. It was also omitting some
     names from the lookup table if they were given a default
     value (that is if SN is missing it is given the same
     value as LN and vice versa), these are now added on the
     grounds that if an object has a name we should be able to
     look it up. Finally added warning output when duplicate
     short or long names are found.
     [Steve Henson]

  *) Changes needed for Tandem NSK.
     [Scott Uroff scott@xypro.com]

  *) Fix SSL 2.0 rollback checking: Due to an off-by-one error in
     RSA_padding_check_SSLv23(), special padding was never detected
     and thus the SSL 3.0/TLS 1.0 countermeasure against protocol
     version rollback attacks was not effective.

     In s23_clnt.c, don't use special rollback-attack detection padding
     (RSA_SSLV23_PADDING) if SSL 2.0 is the only protocol enabled in the
     client; similarly, in s23_srvr.c, don't do the rollback check if
     SSL 2.0 is the only protocol enabled in the server.
     [Bodo Moeller]

  *) Make it possible to get hexdumps of unprintable data with 'openssl
     asn1parse'.  By implication, the functions ASN1_parse_dump() and
     BIO_dump_indent() are added.
     [Richard Levitte]

  *) New functions ASN1_STRING_print_ex() and X509_NAME_print_ex()
     these print out strings and name structures based on various
     flags including RFC2253 support and proper handling of
     multibyte characters. Added options to the 'x509' utility 
     to allow the various flags to be set.
     [Steve Henson]

  *) Various fixes to use ASN1_TIME instead of ASN1_UTCTIME.
     Also change the functions X509_cmp_current_time() and
     X509_gmtime_adj() work with an ASN1_TIME structure,
     this will enable certificates using GeneralizedTime in validity
     dates to be checked.
     [Steve Henson]

  *) Make the NEG_PUBKEY_BUG code (which tolerates invalid
     negative public key encodings) on by default,
     NO_NEG_PUBKEY_BUG can be set to disable it.
     [Steve Henson]

  *) New function c2i_ASN1_OBJECT() which acts on ASN1_OBJECT
     content octets. An i2c_ASN1_OBJECT is unnecessary because
     the encoding can be trivially obtained from the structure.
     [Steve Henson]

  *) crypto/err.c locking bugfix: Use write locks (CRYPTO_w_[un]lock),
     not read locks (CRYPTO_r_[un]lock).
     [Bodo Moeller]

  *) A first attempt at creating official support for shared
     libraries through configuration.  I've kept it so the
     default is static libraries only, and the OpenSSL programs
     are always statically linked for now, but there are
     preparations for dynamic linking in place.
     This has been tested on Linux and True64.
     [Richard Levitte]

  *) Randomness polling function for Win9x, as described in:
     Peter Gutmann, Software Generation of Practically Strong
     Random Numbers.
Commit	Line	Data
651d0aff	1
f1c236f8	2	OpenSSL CHANGES
651d0aff RE	3	_______________
651d0aff RE	4
c90341a1 RL	5	Changes between 0.9.5a and 0.9.6 [xx XXX 2000]
c90341a1 RL	6
affadbef BM	7	*) For consistency with other BIO_puts implementations, call
	8	buffer_write(b, ...) directly in buffer_puts instead of calling
	9	BIO_write(b, ...).
22c7ea40 BM	10
22c7ea40 BM	11	In BIO_puts, increment b->num_write as in BIO_write.
affadbef BM	12	[Peter.Sylvester@EdelWeb.fr]
affadbef BM	13
bbb8de09 BM	14	*) Fix BN_mul_word for the case where the word is 0. (We have to use
	15	BN_zero, we may not return a BIGNUM with an array consisting of
	16	words set to zero.)
	17	[Bodo Moeller]
	18
	19	*) Avoid calling abort() from within the library when problems are
	20	detected, except if preprocessor symbols have been defined
	21	(such as REF_CHECK, BN_DEBUG etc.).
	22	[Bodo Moeller]
	23
bd08a2bd DSH	24	*) New openssl application 'rsautl'. This utility can be
	25	used for low level RSA operations. DER public key
	26	BIO/fp routines also added.
	27	[Steve Henson]
	28
a545c6f6 BM	29	*) New Configure entry and patches for compiling on QNX 4.
	30	[Andreas Schneider <andreas@ds3.etech.fh-hamburg.de>]
	31
7049ef5f BL	32	*) A demo state-machine implementation was sponsored by
	33	Nuron (http://www.nuron.com/) and is now available in
	34	demos/state_machine.
	35	[Ben Laurie]
	36
7df1c720 DSH	37	*) New options added to the 'dgst' utility for signature
	38	generation and verification.
	39	[Steve Henson]
	40
d096b524 DSH	41	*) Unrecognized PKCS#7 content types are now handled via a
	42	catch all ASN1_TYPE structure. This allows unsupported
	43	types to be stored as a "blob" and an application can
	44	encode and decode it manually.
	45	[Steve Henson]
	46
7df1c720	47	*) Fix various signed/unsigned issues to make a_strex.c
469938cb DSH	48	compile under VC++.
	49	[Oscar Jacobsson <oscar.jacobsson@celocom.com>]
	50
	51	*) ASN1 fixes. i2d_ASN1_OBJECT was not returning the correct
	52	length if passed a buffer. ASN1_INTEGER_to_BN failed
	53	if passed a NULL BN and its argument was negative.
	54	[Steve Henson, pointed out by Sven Heiberg <sven@tartu.cyber.ee>]
	55
eaa28181 DSH	56	*) Modification to PKCS#7 encoding routines to output definite
	57	length encoding. Since currently the whole structures are in
	58	memory there's not real point in using indefinite length
	59	constructed encoding. However if OpenSSL is compiled with
	60	the flag PKCS7_INDEFINITE_ENCODING the old form is used.
	61	[Steve Henson]
	62
e6629837 RL	63	*) Added BIO_vprintf() and BIO_vsnprintf().
	64	[Richard Levitte]
	65
6fd5a047 RL	66	*) Added more prefixes to parse for in the the strings written
	67	through a logging bio, to cover all the levels that are available
	68	through syslog. The prefixes are now:
	69
	70	PANIC, EMERG, EMR => LOG_EMERG
	71	ALERT, ALR => LOG_ALERT
	72	CRIT, CRI => LOG_CRIT
	73	ERROR, ERR => LOG_ERR
	74	WARNING, WARN, WAR => LOG_WARNING
	75	NOTICE, NOTE, NOT => LOG_NOTICE
	76	INFO, INF => LOG_INFO
	77	DEBUG, DBG => LOG_DEBUG
	78
	79	and as before, if none of those prefixes are present at the
	80	beginning of the string, LOG_ERR is chosen.
	81
	82	On Win32, the LOG_* levels are mapped according to this:
	83
	84	LOG_EMERG, LOG_ALERT, LOG_CRIT, LOG_ERR => EVENTLOG_ERROR_TYPE
	85	LOG_WARNING => EVENTLOG_WARNING_TYPE
	86	LOG_NOTICE, LOG_INFO, LOG_DEBUG => EVENTLOG_INFORMATION_TYPE
	87
	88	[Richard Levitte]
	89
368f8554 RL	90	*) Made it possible to reconfigure with just the configuration
	91	argument "reconf" or "reconfigure". The command line arguments
	92	are stored in Makefile.ssl in the variable CONFIGURE_ARGS,
	93	and are retrieved from there when reconfiguring.
	94	[Richard Levitte]
	95
3009458e	96	*) MD4 implemented.
bb531a0a	97	[Assar Westerlund <assar@sics.se>, Richard Levitte]
3009458e	98
88364bc2 RL	99	*) Add the arguments -CAfile and -CApath to the pkcs12 utility.
	100	[Richard Levitte]
	101
d4fbe318 DSH	102	*) The obj_dat.pl script was messing up the sorting of object
	103	names. The reason was that it compared the quoted version
	104	of strings as a result "OCSP" > "OCSP Signing" because
	105	" > SPACE. Changed script to store unquoted versions of
	106	names and add quotes on output. It was also omitting some
	107	names from the lookup table if they were given a default
	108	value (that is if SN is missing it is given the same
	109	value as LN and vice versa), these are now added on the
	110	grounds that if an object has a name we should be able to
	111	look it up. Finally added warning output when duplicate
	112	short or long names are found.
	113	[Steve Henson]
	114
2d978cbd	115	*) Changes needed for Tandem NSK.
d4fbe318	116	[Scott Uroff scott@xypro.com]
2d978cbd	117
aa826d88 BM	118	*) Fix SSL 2.0 rollback checking: Due to an off-by-one error in
	119	RSA_padding_check_SSLv23(), special padding was never detected
	120	and thus the SSL 3.0/TLS 1.0 countermeasure against protocol
	121	version rollback attacks was not effective.
	122
37569e64 BM	123	In s23_clnt.c, don't use special rollback-attack detection padding
	124	(RSA_SSLV23_PADDING) if SSL 2.0 is the only protocol enabled in the
	125	client; similarly, in s23_srvr.c, don't do the rollback check if
	126	SSL 2.0 is the only protocol enabled in the server.
	127	[Bodo Moeller]
	128
ca1e465f RL	129	*) Make it possible to get hexdumps of unprintable data with 'openssl
	130	asn1parse'. By implication, the functions ASN1_parse_dump() and
	131	BIO_dump_indent() are added.
	132	[Richard Levitte]
	133
a657546f DSH	134	*) New functions ASN1_STRING_print_ex() and X509_NAME_print_ex()
	135	these print out strings and name structures based on various
	136	flags including RFC2253 support and proper handling of
	137	multibyte characters. Added options to the 'x509' utility
	138	to allow the various flags to be set.
	139	[Steve Henson]
	140
284ef5f3 DSH	141	*) Various fixes to use ASN1_TIME instead of ASN1_UTCTIME.
	142	Also change the functions X509_cmp_current_time() and
	143	X509_gmtime_adj() work with an ASN1_TIME structure,
	144	this will enable certificates using GeneralizedTime in validity
	145	dates to be checked.
	146	[Steve Henson]
	147
	148	*) Make the NEG_PUBKEY_BUG code (which tolerates invalid
	149	negative public key encodings) on by default,
	150	NO_NEG_PUBKEY_BUG can be set to disable it.
	151	[Steve Henson]
	152
	153	*) New function c2i_ASN1_OBJECT() which acts on ASN1_OBJECT
	154	content octets. An i2c_ASN1_OBJECT is unnecessary because
	155	the encoding can be trivially obtained from the structure.
	156	[Steve Henson]
	157
fa729135 BM	158	*) crypto/err.c locking bugfix: Use write locks (CRYPTO_w_[un]lock),
	159	not read locks (CRYPTO_r_[un]lock).
	160	[Bodo Moeller]
	161
b436a982 RL	162	*) A first attempt at creating official support for shared
	163	libraries through configuration. I've kept it so the
	164	default is static libraries only, and the OpenSSL programs
	165	are always statically linked for now, but there are
	166	preparations for dynamic linking in place.
	167	This has been tested on Linux and True64.
	168	[Richard Levitte]
	169
c0722725 UM	170	*) Randomness polling function for Win9x, as described in:
	171	Peter Gutmann, Software Generation of Practically Strong
	172	Random Numbers.
	173