[thirdparty/openssl.git] / CHANGES


 OpenSSL CHANGES
 _______________

 Changes between 0.9.5a and 0.9.6  [xx XXX 2000]

  *) Fix BN_mul_word for the case where the word is 0. (We have to use
     BN_zero, we may not return a BIGNUM with an array consisting of
     words set to zero.)
     [Bodo Moeller]

  *) Avoid calling abort() from within the library when problems are
     detected, except if preprocessor symbols have been defined
     (such as REF_CHECK, BN_DEBUG etc.).
     [Bodo Moeller]

  *) New openssl application 'rsautl'. This utility can be
     used for low level RSA operations. DER public key
     BIO/fp routines also added.
     [Steve Henson]

  *) New Configure entry and patches for compiling on QNX 4.
     [Andreas Schneider <andreas@ds3.etech.fh-hamburg.de>]

  *) A demo state-machine implementation was sponsored by
     Nuron (http://www.nuron.com/) and is now available in
     demos/state_machine.
     [Ben Laurie]

  *) New options added to the 'dgst' utility for signature
     generation and verification.
     [Steve Henson]

  *) Unrecognized PKCS#7 content types are now handled via a
     catch all ASN1_TYPE structure. This allows unsupported
     types to be stored as a "blob" and an application can
     encode and decode it manually.
     [Steve Henson]

  *) Fix various signed/unsigned issues to make a_strex.c
     compile under VC++.
     [Oscar Jacobsson <oscar.jacobsson@celocom.com>]

  *) ASN1 fixes. i2d_ASN1_OBJECT was not returning the correct
     length if passed a buffer. ASN1_INTEGER_to_BN failed
     if passed a NULL BN and its argument was negative.
     [Steve Henson, pointed out by Sven Heiberg <sven@tartu.cyber.ee>]

  *) Modification to PKCS#7 encoding routines to output definite
     length encoding. Since currently the whole structures are in
     memory there's not real point in using indefinite length 
     constructed encoding. However if OpenSSL is compiled with
     the flag PKCS7_INDEFINITE_ENCODING the old form is used.
     [Steve Henson]

  *) Added BIO_vprintf() and BIO_vsnprintf().
     [Richard Levitte]

  *) Added more prefixes to parse for in the the strings written
     through a logging bio, to cover all the levels that are available
     through syslog.  The prefixes are now:

	PANIC, EMERG, EMR	=>	LOG_EMERG
	ALERT, ALR		=>	LOG_ALERT
	CRIT, CRI		=>	LOG_CRIT
	ERROR, ERR		=>	LOG_ERR
	WARNING, WARN, WAR	=>	LOG_WARNING
	NOTICE, NOTE, NOT	=>	LOG_NOTICE
	INFO, INF		=>	LOG_INFO
	DEBUG, DBG		=>	LOG_DEBUG

     and as before, if none of those prefixes are present at the
     beginning of the string, LOG_ERR is chosen.

     On Win32, the LOG_* levels are mapped according to this:

	LOG_EMERG, LOG_ALERT, LOG_CRIT, LOG_ERR	=> EVENTLOG_ERROR_TYPE
	LOG_WARNING				=> EVENTLOG_WARNING_TYPE
	LOG_NOTICE, LOG_INFO, LOG_DEBUG		=> EVENTLOG_INFORMATION_TYPE

     [Richard Levitte]

  *) Made it possible to reconfigure with just the configuration
     argument "reconf" or "reconfigure".  The command line arguments
     are stored in Makefile.ssl in the variable CONFIGURE_ARGS,
     and are retrieved from there when reconfiguring.
     [Richard Levitte]

  *) MD4 implemented.
     [Assar Westerlund <assar@sics.se>, Richard Levitte]

  *) Add the arguments -CAfile and -CApath to the pkcs12 utility.
     [Richard Levitte]

  *) The obj_dat.pl script was messing up the sorting of object
     names. The reason was that it compared the quoted version
     of strings as a result "OCSP" > "OCSP Signing" because
     " > SPACE. Changed script to store unquoted versions of
     names and add quotes on output. It was also omitting some
     names from the lookup table if they were given a default
     value (that is if SN is missing it is given the same
     value as LN and vice versa), these are now added on the
     grounds that if an object has a name we should be able to
     look it up. Finally added warning output when duplicate
     short or long names are found.
     [Steve Henson]

  *) Changes needed for Tandem NSK.
     [Scott Uroff scott@xypro.com]

  *) Fix SSL 2.0 rollback checking: Due to an off-by-one error in
     RSA_padding_check_SSLv23(), special padding was never detected
     and thus the SSL 3.0/TLS 1.0 countermeasure against protocol
     version rollback attacks was not effective.

     In s23_clnt.c, don't use special rollback-attack detection padding
     (RSA_SSLV23_PADDING) if SSL 2.0 is the only protocol enabled in the
     client; similarly, in s23_srvr.c, don't do the rollback check if
     SSL 2.0 is the only protocol enabled in the server.
     [Bodo Moeller]

  *) Make it possible to get hexdumps of unprintable data with 'openssl
     asn1parse'.  By implication, the functions ASN1_parse_dump() and
     BIO_dump_indent() are added.
     [Richard Levitte]

  *) New functions ASN1_STRING_print_ex() and X509_NAME_print_ex()
     these print out strings and name structures based on various
     flags including RFC2253 support and proper handling of
     multibyte characters. Added options to the 'x509' utility 
     to allow the various flags to be set.
     [Steve Henson]

  *) Various fixes to use ASN1_TIME instead of ASN1_UTCTIME.
     Also change the functions X509_cmp_current_time() and
     X509_gmtime_adj() work with an ASN1_TIME structure,
     this will enable certificates using GeneralizedTime in validity
     dates to be checked.
     [Steve Henson]

  *) Make the NEG_PUBKEY_BUG code (which tolerates invalid
     negative public key encodings) on by default,
     NO_NEG_PUBKEY_BUG can be set to disable it.
     [Steve Henson]

  *) New function c2i_ASN1_OBJECT() which acts on ASN1_OBJECT
     content octets. An i2c_ASN1_OBJECT is unnecessary because
     the encoding can be trivially obtained from the structure.
     [Steve Henson]

  *) crypto/err.c locking bugfix: Use write locks (CRYPTO_w_[un]lock),
     not read locks (CRYPTO_r_[un]lock).
     [Bodo Moeller]

  *) A first attempt at creating official support for shared
     libraries through configuration.  I've kept it so the
     default is static libraries only, and the OpenSSL programs
     are always statically linked for now, but there are
     preparations for dynamic linking in place.
     This has been tested on Linux and True64.
     [Richard Levitte]

  *) Randomness polling function for Win9x, as described in:
     Peter Gutmann, Software Generation of Practically Strong
     Random Numbers.
Commit	Line	Data
651d0aff	1
f1c236f8	2	OpenSSL CHANGES
651d0aff RE	3	_______________
651d0aff RE	4
c90341a1 RL	5	Changes between 0.9.5a and 0.9.6 [xx XXX 2000]
c90341a1 RL	6
bbb8de09 BM	7	*) Fix BN_mul_word for the case where the word is 0. (We have to use
	8	BN_zero, we may not return a BIGNUM with an array consisting of
	9	words set to zero.)
	10	[Bodo Moeller]
	11
	12	*) Avoid calling abort() from within the library when problems are
	13	detected, except if preprocessor symbols have been defined
	14	(such as REF_CHECK, BN_DEBUG etc.).
	15	[Bodo Moeller]
	16
bd08a2bd DSH	17	*) New openssl application 'rsautl'. This utility can be
	18	used for low level RSA operations. DER public key
	19	BIO/fp routines also added.
	20	[Steve Henson]
	21
a545c6f6 BM	22	*) New Configure entry and patches for compiling on QNX 4.
	23	[Andreas Schneider <andreas@ds3.etech.fh-hamburg.de>]
	24
7049ef5f BL	25	*) A demo state-machine implementation was sponsored by
	26	Nuron (http://www.nuron.com/) and is now available in
	27	demos/state_machine.
	28	[Ben Laurie]
	29
7df1c720 DSH	30	*) New options added to the 'dgst' utility for signature
	31	generation and verification.
	32	[Steve Henson]
	33
d096b524 DSH	34	*) Unrecognized PKCS#7 content types are now handled via a
	35	catch all ASN1_TYPE structure. This allows unsupported
	36	types to be stored as a "blob" and an application can
	37	encode and decode it manually.
	38	[Steve Henson]
	39
7df1c720	40	*) Fix various signed/unsigned issues to make a_strex.c
469938cb DSH	41	compile under VC++.
	42	[Oscar Jacobsson <oscar.jacobsson@celocom.com>]
	43
	44	*) ASN1 fixes. i2d_ASN1_OBJECT was not returning the correct
	45	length if passed a buffer. ASN1_INTEGER_to_BN failed
	46	if passed a NULL BN and its argument was negative.
	47	[Steve Henson, pointed out by Sven Heiberg <sven@tartu.cyber.ee>]
	48
eaa28181 DSH	49	*) Modification to PKCS#7 encoding routines to output definite
	50	length encoding. Since currently the whole structures are in
	51	memory there's not real point in using indefinite length
	52	constructed encoding. However if OpenSSL is compiled with
	53	the flag PKCS7_INDEFINITE_ENCODING the old form is used.
	54	[Steve Henson]
	55
e6629837 RL	56	*) Added BIO_vprintf() and BIO_vsnprintf().
	57	[Richard Levitte]
	58
6fd5a047 RL	59	*) Added more prefixes to parse for in the the strings written
	60	through a logging bio, to cover all the levels that are available
	61	through syslog. The prefixes are now:
	62
	63	PANIC, EMERG, EMR => LOG_EMERG
	64	ALERT, ALR => LOG_ALERT
	65	CRIT, CRI => LOG_CRIT
	66	ERROR, ERR => LOG_ERR
	67	WARNING, WARN, WAR => LOG_WARNING
	68	NOTICE, NOTE, NOT => LOG_NOTICE
	69	INFO, INF => LOG_INFO
	70	DEBUG, DBG => LOG_DEBUG
	71
	72	and as before, if none of those prefixes are present at the
	73	beginning of the string, LOG_ERR is chosen.
	74
	75	On Win32, the LOG_* levels are mapped according to this:
	76
	77	LOG_EMERG, LOG_ALERT, LOG_CRIT, LOG_ERR => EVENTLOG_ERROR_TYPE
	78	LOG_WARNING => EVENTLOG_WARNING_TYPE
	79	LOG_NOTICE, LOG_INFO, LOG_DEBUG => EVENTLOG_INFORMATION_TYPE
	80
	81	[Richard Levitte]
	82
368f8554 RL	83	*) Made it possible to reconfigure with just the configuration
	84	argument "reconf" or "reconfigure". The command line arguments
	85	are stored in Makefile.ssl in the variable CONFIGURE_ARGS,
	86	and are retrieved from there when reconfiguring.
	87	[Richard Levitte]
	88
3009458e	89	*) MD4 implemented.
bb531a0a	90	[Assar Westerlund <assar@sics.se>, Richard Levitte]
3009458e	91
88364bc2 RL	92	*) Add the arguments -CAfile and -CApath to the pkcs12 utility.
	93	[Richard Levitte]
	94
d4fbe318 DSH	95	*) The obj_dat.pl script was messing up the sorting of object
	96	names. The reason was that it compared the quoted version
	97	of strings as a result "OCSP" > "OCSP Signing" because
	98	" > SPACE. Changed script to store unquoted versions of
	99	names and add quotes on output. It was also omitting some
	100	names from the lookup table if they were given a default
	101	value (that is if SN is missing it is given the same
	102	value as LN and vice versa), these are now added on the
	103	grounds that if an object has a name we should be able to
	104	look it up. Finally added warning output when duplicate
	105	short or long names are found.
	106	[Steve Henson]
	107
2d978cbd	108	*) Changes needed for Tandem NSK.
d4fbe318	109	[Scott Uroff scott@xypro.com]
2d978cbd	110
aa826d88 BM	111	*) Fix SSL 2.0 rollback checking: Due to an off-by-one error in
	112	RSA_padding_check_SSLv23(), special padding was never detected
	113	and thus the SSL 3.0/TLS 1.0 countermeasure against protocol
	114	version rollback attacks was not effective.
	115
37569e64 BM	116	In s23_clnt.c, don't use special rollback-attack detection padding
	117	(RSA_SSLV23_PADDING) if SSL 2.0 is the only protocol enabled in the
	118	client; similarly, in s23_srvr.c, don't do the rollback check if
	119	SSL 2.0 is the only protocol enabled in the server.
	120	[Bodo Moeller]
	121
ca1e465f RL	122	*) Make it possible to get hexdumps of unprintable data with 'openssl
	123	asn1parse'. By implication, the functions ASN1_parse_dump() and
	124	BIO_dump_indent() are added.
	125	[Richard Levitte]
	126
a657546f DSH	127	*) New functions ASN1_STRING_print_ex() and X509_NAME_print_ex()
	128	these print out strings and name structures based on various
	129	flags including RFC2253 support and proper handling of
	130	multibyte characters. Added options to the 'x509' utility
	131	to allow the various flags to be set.
	132	[Steve Henson]
	133
284ef5f3 DSH	134	*) Various fixes to use ASN1_TIME instead of ASN1_UTCTIME.
	135	Also change the functions X509_cmp_current_time() and
	136	X509_gmtime_adj() work with an ASN1_TIME structure,
	137	this will enable certificates using GeneralizedTime in validity
	138	dates to be checked.
	139	[Steve Henson]
	140
	141	*) Make the NEG_PUBKEY_BUG code (which tolerates invalid
	142	negative public key encodings) on by default,
	143	NO_NEG_PUBKEY_BUG can be set to disable it.
	144	[Steve Henson]
	145
	146	*) New function c2i_ASN1_OBJECT() which acts on ASN1_OBJECT
	147	content octets. An i2c_ASN1_OBJECT is unnecessary because
	148	the encoding can be trivially obtained from the structure.
	149	[Steve Henson]
	150
fa729135 BM	151	*) crypto/err.c locking bugfix: Use write locks (CRYPTO_w_[un]lock),
	152	not read locks (CRYPTO_r_[un]lock).
	153	[Bodo Moeller]
	154
b436a982 RL	155	*) A first attempt at creating official support for shared
	156	libraries through configuration. I've kept it so the
	157	default is static libraries only, and the OpenSSL programs
	158	are always statically linked for now, but there are
	159	preparations for dynamic linking in place.
	160	This has been tested on Linux and True64.
	161	[Richard Levitte]
	162
c0722725 UM	163	*) Randomness polling function for Win9x, as described in:
	164	Peter Gutmann, Software Generation of Practically Strong
	165	Random Numbers.
	166