]>
Commit | Line | Data |
---|---|---|
81a6c781 | 1 | |
f1c236f8 | 2 | OpenSSL CHANGES |
651d0aff RE |
3 | _______________ |
4 | ||
a9d2bc49 | 5 | Changes between 0.9.6 and 0.9.7 [xx XXX 2001] |
a43cf9fa | 6 | |
e9ad0d2c | 7 | OpenSSL 0.9.6a/0.9.6b (bugfix releases, 5 Apr 2001 and 9 July 2001) |
e3fefbfd | 8 | and OpenSSL 0.9.7 were developed in parallel, based on OpenSSL 0.9.6. |
e9ad0d2c | 9 | |
a9d2bc49 | 10 | Change log entries are tagged as follows: |
daba492c BM |
11 | -) applies to 0.9.6a/0.9.6b/0.9.6c only |
12 | *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7 | |
a9d2bc49 BM |
13 | +) applies to 0.9.7 only |
14 | ||
20d2186c DSH |
15 | +) Modify the behaviour of EVP_DigestInit() and EVP_DigestFinal() to retain |
16 | compatibility with existing code. In particular the 'ctx' parameter is | |
17 | not assumed to be valid before the call to EVP_DigestInit() and it is tidied | |
18 | up after a call to EVP_DigestFinal(). A new function EVP_DigestFinal_ex() | |
19 | but does not free up the ctx. Also change function EVP_MD_CTX_copy() to | |
20 | assume the destination is uninitialized: EVP_MD_CTX_copy_ex() do assumes | |
21 | the destiation is valid. Also modify all the OpenSSL digest calls to call | |
22 | EVP_DigestInit_ex(), EVP_DigestFinal_ex() and EVP_MD_CTX_copy_ex(). | |
23 | [Steve Henson] | |
24 | ||
48948d53 BM |
25 | +) Change ssl3_get_message (ssl/s3_both.c) and the functions using it |
26 | so that complete 'Handshake' protocol structures are kept in memory | |
27 | instead of overwriting 'msg_type' and 'length' with 'body' data. | |
28 | [Bodo Moeller] | |
29 | ||
30 | *) Fix ssl3_get_message (ssl/s3_both.c) to handle message fragmentation | |
31 | correctly. | |
32 | [Bodo Moeller] | |
33 | ||
285046ec RL |
34 | +) Add an implementation of SSL_add_dir_cert_subjects_to_stack for Win32. |
35 | [Massimo Santin via Richard Levitte] | |
36 | ||
07cee702 GT |
37 | +) Major restructuring to the underlying ENGINE code. This includes |
38 | reduction of linker bloat, separation of pure "ENGINE" manipulation | |
39 | (initialisation, etc) from functionality dealing with implementations | |
40 | of specific crypto iterfaces. This change also introduces integrated | |
41 | support for symmetric ciphers and digest implementations - so ENGINEs | |
42 | can now accelerate these by providing EVP_CIPHER and EVP_MD | |
43 | implementations of their own. This is detailed in crypto/engine/README | |
44 | as it couldn't be adequately described here. However, there are a few | |
45 | API changes worth noting - some RSA, DSA, DH, and RAND functions that | |
46 | were changed in the original introduction of ENGINE code have now | |
47 | reverted back - the hooking from this code to ENGINE is now a good | |
48 | deal more passive and at run-time, operations deal directly with | |
49 | RSA_METHODs, DSA_METHODs (etc) as they did before, rather than | |
50 | dereferencing through an ENGINE pointer any more. Also, the ENGINE | |
51 | functions dealing with BN_MOD_EXP[_CRT] handlers have been removed - | |
52 | they were not being used by the framework as there is no concept of a | |
53 | BIGNUM_METHOD and they could not be generalised to the new | |
54 | 'ENGINE_TABLE' mechanism that underlies the new code. Similarly, | |
55 | ENGINE_cpy() has been removed as it cannot be consistently defined in | |
56 | the new code. | |
57 | [Geoff Thorpe] | |
58 | ||
d46c1a81 DSH |
59 | +) Change ASN1_GENERALIZEDTIME_check() to allow fractional seconds. |
60 | [Steve Henson] | |
61 | ||
89eeccac RL |
62 | +) Change mkdef.pl to sort symbols that get the same entry number, |
63 | and make sure the automatically generated functions ERR_load_* | |
64 | become part of libeay.num as well. | |
65 | [Richard Levitte] | |
66 | ||
3b0b5aba BM |
67 | *) Avoid infinite loop in ssl3_get_message (ssl/s3_both.c) if a |
68 | client receives HelloRequest while in a handshake. | |
69 | [Bodo Moeller; bug noticed by Andy Schneider <andy.schneider@bjss.co.uk>] | |
70 | ||
6b0e9fac BM |
71 | +) New function SSL_renegotiate_pending(). This returns true once |
72 | renegotiation has been requested (either SSL_renegotiate() call | |
73 | or HelloRequest/ClientHello receveived from the peer) and becomes | |
74 | false once a handshake has been completed. | |
75 | (For servers, SSL_renegotiate() followed by SSL_do_handshake() | |
76 | sends a HelloRequest, but does not ensure that a handshake takes | |
77 | place. SSL_renegotiate_pending() is useful for checking if the | |
78 | client has followed the request.) | |
79 | [Bodo Moeller] | |
80 | ||
81 | +) New SSL option SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION. | |
82 | By default, clients may request session resumption even during | |
83 | renegotiation (if session ID contexts permit); with this option, | |
84 | session resumption is possible only in the first handshake. | |
85 | [Bodo Moeller] | |
86 | ||
2260ad21 BM |
87 | *) Bugfix in ssl3_accept (ssl/s3_srvr.c): Case SSL3_ST_SW_HELLO_REQ_C |
88 | should end in 'break', not 'goto end' which circuments various | |
b49124f6 BM |
89 | cleanups done in state SSL_ST_OK. But session related stuff |
90 | must be disabled for SSL_ST_OK in the case that we just sent a | |
91 | HelloRequest. | |
2260ad21 BM |
92 | |
93 | Also avoid some overhead by not calling ssl_init_wbio_buffer() | |
94 | before just sending a HelloRequest. | |
b49124f6 | 95 | [Bodo Moeller, Eric Rescorla <ekr@rtfm.com>] |
8e2f6b79 | 96 | |
ee60d9fb BM |
97 | *) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't |
98 | reveal whether illegal block cipher padding was found or a MAC | |
99 | verification error occured. (Neither SSLerr() codes nor alerts | |
100 | are directly visible to potential attackers, but the information | |
101 | may leak via logfiles.) | |
102 | ||
103 | Similar changes are not required for the SSL 2.0 implementation | |
104 | because the number of padding bytes is sent in clear for SSL 2.0, | |
105 | and the extra bytes are just ignored. However ssl/s2_pkt.c | |
106 | failed to verify that the purported number of padding bytes is in | |
107 | the legal range. | |
108 | [Bodo Moeller] | |
109 | ||
96bd6f73 DSH |
110 | +) Add some demos for certificate and certificate request creation. |
111 | [Steve Henson] | |
112 | ||
c0f5dd07 LJ |
113 | +) Make maximum certificate chain size accepted from the peer application |
114 | settable (SSL*_get/set_max_cert_list()), as proposed by | |
115 | "Douglas E. Engert" <deengert@anl.gov>. | |
116 | [Lutz Jaenicke] | |
117 | ||
6c36f7a9 LJ |
118 | +) Add support for shared libraries for Unixware-7 and support including |
119 | shared libraries for OpenUNIX-8 (Boyd Lynn Gerber <gerberb@zenez.com>). | |
120 | [Lutz Jaenicke] | |
121 | ||
a9ed4da8 BM |
122 | *) Improve RSA_padding_check_PKCS1_OAEP() check again to avoid |
123 | 'wristwatch attack' using huge encoding parameters (cf. | |
124 | James H. Manger's CRYPTO 2001 paper). Note that the | |
125 | RSA_PKCS1_OAEP_PADDING case of RSA_private_decrypt() does not use | |
e3fefbfd | 126 | encoding parameters and hence was not vulnerable. |
a9ed4da8 BM |
127 | [Bodo Moeller] |
128 | ||
4450107a | 129 | +) Add a "destroy" handler to ENGINEs that allows structural cleanup to |
908efd3b GT |
130 | be done prior to destruction. Use this to unload error strings from |
131 | ENGINEs that load their own error strings. NB: This adds two new API | |
132 | functions to "get" and "set" this destroy handler in an ENGINE. | |
a9ed4da8 | 133 | [Geoff Thorpe] |
908efd3b | 134 | |
4450107a | 135 | +) Alter all existing ENGINE implementations (except "openssl" and |
541814c4 GT |
136 | "openbsd") to dynamically instantiate their own error strings. This |
137 | makes them more flexible to be built both as statically-linked ENGINEs | |
138 | and self-contained shared-libraries loadable via the "dynamic" ENGINE. | |
139 | Also, add stub code to each that makes building them as self-contained | |
140 | shared-libraries easier (see README.ENGINE). | |
141 | [Geoff Thorpe] | |
142 | ||
4450107a | 143 | +) Add a "dynamic" ENGINE that provides a mechanism for binding ENGINE |
541814c4 GT |
144 | implementations into applications that are completely implemented in |
145 | self-contained shared-libraries. The "dynamic" ENGINE exposes control | |
146 | commands that can be used to configure what shared-library to load and | |
147 | to control aspects of the way it is handled. Also, made an update to | |
148 | the README.ENGINE file that brings its information up-to-date and | |
149 | provides some information and instructions on the "dynamic" ENGINE | |
150 | (ie. how to use it, how to build "dynamic"-loadable ENGINEs, etc). | |
151 | [Geoff Thorpe] | |
152 | ||
d98a4b73 UM |
153 | *) BN_sqr() bug fix. |
154 |