]>
Commit | Line | Data |
---|---|---|
f1c236f8 | 1 | OpenSSL CHANGES |
651d0aff RE |
2 | _______________ |
3 | ||
c5e8580e | 4 | Changes between 0.9.6 and 0.9.7 [xx XXX 2000] |
a43cf9fa | 5 | |
02ee8626 DSH |
6 | *) Fix bug in PKCS#12 key generation routines. This was triggered |
7 | if a 3DES key was generated with a 0 initial byte. Include | |
8 | PKCS12_BROKEN_KEYGEN compilation option to retain the old | |
9 | (but broken) behaviour. | |
10 | [Steve Henson] | |
11 | ||
6e678305 RL |
12 | *) Enhance bctest to search for a working bc along $PATH and print |
13 | it when found. | |
14 | [Tim Rice <tim@multitalents.net> via Richard Levitte] | |
15 | ||
791bd0cd DSH |
16 | *) Add a 'copy_extensions' option to the 'ca' utility. This copies |
17 | extensions from a certificate request to the certificate. | |
18 | [Steve Henson] | |
19 | ||
535d79da DSH |
20 | *) Allow multiple 'certopt' and 'nameopt' options to be separated |
21 | by commas. Add 'namopt' and 'certopt' options to the 'ca' config | |
22 | file: this allows the display of the certificate about to be | |
23 | signed to be customised, to allow certain fields to be included | |
24 | or excluded and extension details. The old system didn't display | |
25 | multicharacter strings properly, omitted fields not in the policy | |
26 | and couldn't display additional details such as extensions. | |
27 | [Steve Henson] | |
28 | ||
5d809414 BM |
29 | *) Fix memory leaks in err.c: free err_data string if necessary; |
30 | don't write to the wrong index in ERR_set_error_data. | |
f51cf14b BM |
31 | [Bodo Moeller] |
32 | ||
48fe4d62 | 33 | *) Function EC_POINTs_mul for simultaneous scalar multiplication |
38374911 BM |
34 | of an arbitrary number of elliptic curve points, optionally |
35 | including the generator defined for the EC_GROUP. | |
36 | EC_POINT_mul is a simple wrapper function for the typical case | |
37 | that the point list has just one item (besides the optional | |
38 | generator). | |
48fe4d62 BM |
39 | [Bodo Moeller] |
40 | ||
41 | *) First EC_METHODs for curves over GF(p): | |
42 | ||
43 | EC_GFp_simple_method() uses the basic BN_mod_mul and BN_mod_sqr | |
44 | operations and provides various method functions that can also | |
45 | operate with faster implementations of modular arithmetic. | |
46 | ||
47 | EC_GFp_mont_method() reuses most functions that are part of | |
48 | EC_GFp_simple_method, but uses Montgomery arithmetic. | |
49 | ||
50 | [Bodo Moeller; point addition and point doubling | |
51 | implementation directly derived from source code provided by | |
52 | Lenka Fibikova <fibikova@exp-math.uni-essen.de>] | |
53 | ||
54 | *) Framework for elliptic curves (crypto/ec/ec.h, crypto/ec/ec_lcl.h, | |
55 | crypto/ec/ec_lib.c): | |
56 | ||
6f8f4431 BM |
57 | Curves are EC_GROUP objects (with an optional group generator) |
58 | based on EC_METHODs that are built into the library. | |
48fe4d62 BM |
59 | |
60 | Points are EC_POINT objects based on EC_GROUP objects. | |
61 | ||
62 | Most of the framework would be able to handle curves over arbitrary | |
6f8f4431 BM |
63 | finite fields, but as there are no obvious types for fields other |
64 | than GF(p), some functions are limited to that for now. | |
48fe4d62 BM |
65 | [Bodo Moeller] |
66 | ||
251cb4cf RL |
67 | *) Add the -HTTP option to s_server. It is similar to -WWW, but requires |
68 | that the file contains a complete HTTP response. | |
69 | [Richard Levitte] | |
70 | ||
b4f682d3 DSH |
71 | *) Add the ec directory to mkdef.pl and mkfiles.pl. In mkdef.pl |
72 | change the def and num file printf format specifier from "%-40sXXX" | |
73 | to "%-39s XXX". The latter will always guarantee a space after the | |
74 | field while the former will cause them to run together if the field | |
75 | is 40 of more characters long. | |
76 | [Steve Henson] | |
77 | ||
13588350 DSH |
78 | *) Constify the cipher and digest 'method' functions and structures |
79 | and modify related functions to take constant EVP_MD and EVP_CIPHER | |
80 | pointers. | |
81 | [Steve Henson] | |
82 | ||
c1081080 BM |
83 | *) Implement ssl23_peek (analogous to ssl23_read), which previously |
84 | did not exist. | |
85 | [Bodo Moeller] | |
86 | ||
bb62a8b0 BM |
87 | *) Replace rdtsc with _emit statements for VC++ version 5. |
88 | [Jeremy Cooper <jeremy@baymoo.org>] | |
bd9e2e4c | 89 | |
c62b26fd | 90 | *) Hide BN_CTX structure details in bn_lcl.h instead of publishing them |
48fe4d62 | 91 | in <openssl/bn.h>. Also further increase BN_CTX_NUM to 32. |
c62b26fd BM |
92 | [Bodo Moeller] |
93 | ||
2dc769a1 DSH |
94 | *) Modify EVP_Digest*() routines so they now return values. Although the |
95 | internal software routines can never fail additional hardware versions | |
96 | might. | |
97 | [Steve Henson] | |
98 | ||
5277d7cb BM |
99 | *) Clean up crypto/err/err.h and change some error codes to avoid conflicts: |
100 | ||
101 | Previously ERR_R_FATAL was too small and coincided with ERR_LIB_PKCS7 | |
102 | (= ERR_R_PKCS7_LIB); it is now 64 instead of 32. | |
103 | ||
104 | ASN1 error codes | |
105 | ERR_R_NESTED_ASN1_ERROR | |
106 | ... | |
107 | ERR_R_MISSING_ASN1_EOS | |
108 | were 4 .. 9, conflicting with | |
109 | ERR_LIB_RSA (= ERR_R_RSA_LIB) | |
110 | ... | |
111 | ERR_LIB_PEM (= ERR_R_PEM_LIB). | |
112 | They are now 58 .. 63 (i.e., just below ERR_R_FATAL). | |
113 | ||
114 | Add new error code 'ERR_R_INTERNAL_ERROR'. | |
115 | [Bodo Moeller] | |
116 | ||
117 | *) Don't overuse locks in crypto/err/err.c: For data retrieval, CRYPTO_r_lock | |
118 | suffices. | |
119 | [Bodo Moeller] | |
120 | ||
bad40585 BM |
121 | *) New option '-subj arg' for 'openssl req' and 'openssl ca'. This |
122 | sets the subject name for a new request or supersedes the | |
123 | subject name in a given request. Formats that can be parsed are | |
124 | 'CN=Some Name, OU=myOU, C=IT' | |
125 | and | |
126 | 'CN=Some Name/OU=myOU/C=IT'. | |
127 | ||
128 | Add options '-batch' and '-verbose' to 'openssl req'. | |
129 | [Massimiliano Pala <madwolf@hackmasters.net>] | |
130 | ||
757a8b46 RL |
131 | *) Make it possible to reuse SSLv2 sessions. |
132 | [Richard Levitte] | |
133 | ||
62dc5aad RL |
134 | *) Introduce the possibility to access global variables through |
135 | functions on platform were that's the best way to handle exporting | |
136 | global variables in shared libraries. To enable this functionality, | |
137 | one must configure with "EXPORT_VAR_AS_FN" or defined the C macro | |
138 | "OPENSSL_EXPORT_VAR_AS_FUNCTION" in crypto/opensslconf.h (the latter | |
139 | is normally done by Configure or something similar). | |
140 | ||
141 | To implement a global variable, use the macro OPENSSL_IMPLEMENT_GLOBAL | |
142 | in the source file (foo.c) like this: | |
143 | ||
144 | OPENSSL_IMPLEMENT_GLOBAL(int,foo)=1; | |
145 | OPENSSL_IMPLEMENT_GLOBAL(double,bar); | |
146 | ||
147 | To declare a global variable, use the macros OPENSSL_DECLARE_GLOBAL | |
148 | and OPENSSL_GLOBAL_REF in the header file (foo.h) like this: | |
149 | ||
150 | OPENSSL_DECLARE_GLOBAL(int,foo); | |
151 | #define foo OPENSSL_GLOBAL_REF(foo) | |
152 | OPENSSL_DECLARE_GLOBAL(double,bar); | |
153 | #define bar OPENSSL_GLOBAL_REF(bar) | |
154 | ||
155 | The #defines are very important, and therefore so is including the | |
156 | header file everywere where the defined globals are used. | |
157 | ||
158 | The macro OPENSSL_EXPORT_VAR_AS_FUNCTION also affects the definition | |
159 | of ASN.1 items, but that structure is a bt different. | |
160 | ||
161 | The largest change is in util/mkdef.pl which has been enhanced with | |
162 | better and easier to understand logic to choose which symbols should | |
163 | go into the Windows .def files as well as a number of fixes and code | |
164 | cleanup (among others, algorithm keywords are now sorted | |
165 | lexicographically to avoid constant rewrites). | |
166 | [Richard Levitte] | |
167 | ||
f23478c3 DSH |
168 | *) In copy_email() check for >= 0 as a return value for |
169 | X509_NAME_get_index_by_NID() since 0 is a valid index. | |
170 | [Steve Henson reported by Massimiliano Pala <madwolf@opensca.org>] | |
171 | ||
3d2e469c DSH |
172 | *) In BN_div() keep a copy of the sign of 'num' before writing the |
173 | result to 'rm' because if rm==num the value will be overwritten | |
174 | and produce the wrong result if 'num' is negative: this caused | |
175 | problems with BN_mod() and BN_nnmod(). | |
176 | [Steve Henson] | |
177 | ||
fafc7f98 DSH |
178 | *) Function OCSP_request_verify(). This checks the signature on an |
179 | OCSP request and verifies the signer certificate. The signer | |
180 | certificate is just checked for a generic purpose and OCSP request | |
181 | trust settings. | |
182 | [Steve Henson] | |
183 | ||
f1965221 DSH |
184 | *) Add OCSP_check_validity() function to check the validity of OCSP |
185 | responses. OCSP responses are prepared in real time and may only | |
186 | be a few seconds old. Simply checking that the current time lies | |
187 | between thisUpdate and nextUpdate max reject otherwise valid responses | |
188 | caused by either OCSP responder or client clock innacuracy. Instead | |
189 | we allow thisUpdate and nextUpdate to fall within a certain period of | |
190 | the current time. The age of the response can also optionally be | |
191 | checked. Two new options -validity_period and -status_age added to | |
192 | ocsp utility. | |
193 | [Steve Henson] | |
194 | ||
4ff18c8c DSH |
195 | *) If signature or public key algorithm is unrecognized print out its |
196 | OID rather that just UNKOWN. | |
197 | [Steve Henson] | |
198 | ||
db4a4659 DSH |
199 | *) Avoid coredump with unsupported or invalid public keys by checking if |
200 | X509_get_pubkey() fails in PKCS7_verify(). Fix memory leak when | |
201 | PKCS7_verify() fails with non detached data. | |
202 | [Steve Henson] | |
203 | ||
d7c06e9e DSH |
204 | *) Change OCSP_cert_to_id() to tolerate a NULL subject certificate and |
205 | OCSP_cert_id_new() a NULL serialNumber. This allows a partial certificate | |
206 | ID to be generated from the issuer certificate alone which can then be | |
207 | passed to OCSP_id_issuer_cmp(). | |
208 | [Steve Henson] | |
209 | ||
386828d0 DSH |
210 | *) New compilation option ASN1_ITEM_FUNCTIONS. This causes the new |
211 | ASN1 modules to export functions returning ASN1_ITEM pointers | |
212 | instead of the ASN1_ITEM structures themselves. This adds several | |
213 | new macros which allow the underlying ASN1 function/structure to | |
214 | be accessed transparently. As a result code should not use ASN1_ITEM | |
215 | references directly (such as &X509_it) but instead use the relevant | |
216 | macros (such as ASN1_ITEM_rptr(X509)). This option is to allow | |
217 | use of the new ASN1 code on platforms where exporting structures | |
218 | is problematical (for example in shared libraries) but exporting | |
219 | functions returning pointers to structures is not. | |
220 | [Steve Henson] | |
221 | ||
fa2b8db4 GT |
222 | *) Add support for overriding the generation of SSL/TLS session IDs. |
223 | These callbacks can be registered either in an SSL_CTX or per SSL. | |
224 | The purpose of this is to allow applications to control, if they wish, | |
225 | the arbitrary values chosen for use as session IDs, particularly as it | |
226 | can be useful for session caching in multiple-server environments. A | |
227 | command-line switch for testing this (and any client code that wishes | |
228 | to use such a feature) has been added to "s_server". | |
229 | [Geoff Thorpe, Lutz Jaenicke] | |
230 | ||
d399fdf8 RL |
231 | *) Modify mkdef.pl to recognise and parse prprocessor conditionals |
232 | of the form '#if defined(...) || defined(...) || ...' and | |
233 | '#if !defined(...) && !defined(...) && ...'. This also avoids | |
234 | the growing number of special cases it was previously handling. | |
235 | [Richard Levitte] | |
236 | ||
5003a61b UM |
237 | *) Don't use getenv in library functions when run as setuid/setgid. |
238 | New function OPENSSL_issetugid(). | |
239 | [Ulf Moeller] | |
240 | ||
cf1b7d96 RL |
241 | *) Make all configuration macros available for application by making |
242 | sure they are available in opensslconf.h, by giving them names starting | |
243 | with "OPENSSL_" to avoid conflicts with other packages and by making | |
244 | sure e_os2.h will cover all platform-specific cases together with | |
245 | opensslconf.h. | |
2affbab9 RL |
246 | Additionally, it is now possible to define configuration/platform- |
247 | specific names (called "system identities"). In the C code, these | |
248 | are prefixed with "OPENSSL_SYSNAME_". e_os2.h will create another | |
249 | macro with the name beginning with "OPENSSL_SYS_", which is determined | |
250 | from "OPENSSL_SYSNAME_*" or compiler-specific macros depending on | |
251 | what is available. | |
cf1b7d96 RL |
252 | [Richard Levitte] |
253 | ||
acba75c5 DSH |
254 | *) New option -set_serial to 'req' and 'x509' this allows the serial |
255 | number to use to be specified on the command line. Previously self | |
256 | signed certificates were hard coded with serial number 0 and the | |
257 | CA options of 'x509' had to use a serial number in a file which was | |
258 | auto incremented. | |
259 | [Steve Henson] | |
260 | ||
934397ec BM |
261 | *) Avoid false positives in memory leak detection code (crypto/mem_dbg.c) |
262 | due to incorrect handling of multi-threading: | |
263 | ||
264 | 1. Fix timing glitch in the MemCheck_off() portion of CRYPTO_mem_ctrl(). | |
265 | ||
266 | 2. Fix logical glitch in is_MemCheck_on() aka CRYPTO_is_mem_check_on(). | |
267 | ||
268 | 3. Count how many times MemCheck_off() has been called so that | |
269 | nested use can be treated correctly. This also avoids | |
270 | inband-signalling in the previous code (which relied on the | |
271 | assumption that thread ID 0 is impossible). | |
272 | [Bodo Moeller] | |
273 | ||
a6b7ffdd DSH |
274 | *) New options to 'ca' utility to support V2 CRL entry extensions. |
275 | Currently CRL reason, invalidity date and hold instruction are | |
276 | supported. Add new CRL extensions to V3 code and some new objects. | |
277 | [Steve Henson] | |
278 | ||
f30d34f3 LJ |
279 | *) Add "-rand" option also to s_client and s_server. |
280 | [Lutz Jaenicke] | |
281 | ||
f2e5ca84 DSH |
282 | *) New function EVP_CIPHER_CTX_set_padding() this is used to |
283 | disable standard block padding (aka PKCS#5 padding) in the EVP | |
284 | API, which was previously mandatory. This means that the data is | |
285 | not padded in any way and so the total length much be a multiple | |
286 | of the block size, otherwise an error occurs. | |
287 | [Steve Henson] | |
288 | ||
cdc7b8cc DSH |
289 | *) Initial (incomplete) OCSP SSL support. |
290 | [Steve Henson] | |
291 | ||
720235ee UM |
292 | *) Fix CPU detection on Irix 6.x. |
293 | [Kurt Hockenbury <khockenb@stevens-tech.edu> and | |
294 | "Bruce W. Forsberg" <bruce.forsberg@baesystems.com>] | |
295 | ||
67c18019 DSH |
296 | *) New function OCSP_parse_url(). This splits up a URL into its host, |
297 | port and path components: primarily to parse OCSP URLs. New -url | |
298 | option to ocsp utility. | |
299 | [Steve Henson] | |
300 | ||
46a58ab9 DSH |
301 | *) New nonce behavior. The return value of OCSP_check_nonce() now |
302 | reflects the various checks performed. Applications can decide | |
303 | whether to tolerate certain situations such as an absent nonce | |
304 | in a response when one was present in a request: the ocsp application | |
305 | just prints out a warning. New function OCSP_add1_basic_nonce() | |
306 | this is to allow responders to include a nonce in a response even if | |
307 | the request is nonce-less. | |
308 | [Steve Henson] | |
309 | ||
94fcd013 DSH |
310 | *) Use the cached encoding of an X509_NAME structure rather than |
311 | copying it. This is apparently the reason for the libsafe "errors" | |
312 | but the code is actually correct. | |
313 | [Steve Henson] | |
314 | ||
620cea37 BM |
315 | *) Disable stdin buffering in load_cert (apps/apps.c) so that no certs are |
316 | skipped when using openssl x509 multiple times on a single input file, | |
317 | e.g. "(openssl x509 -out cert1; openssl x509 -out cert2) <certs". | |
318 | [Bodo Moeller] | |
319 | ||
ccb08f98 DSH |
320 | *) Make ASN1_UTCTIME_set_string() and ASN1_GENERALIZEDTIME_set_string() |
321 | set string type: to handle setting ASN1_TIME structures. Fix ca | |
322 | utility to correctly initialize revocation date of CRLs. | |
323 | [Steve Henson] | |
324 | ||
836f9960 LJ |
325 | *) New option SSL_OP_CIPHER_SERVER_PREFERENCE allows the server to override |
326 | the clients preferred ciphersuites and rather use its own preferences. | |
327 | Should help to work around M$ SGC (Server Gated Cryptography) bug in | |
328 | Internet Explorer by ensuring unchanged hash method during stepup. | |
329 | [Lutz Jaenicke] | |
330 | ||
c47c6196 DSH |
331 | *) Make mkdef.pl recognise all DECLARE_ASN1 macros, change rijndael |
332 | to aes and add a new 'exist' option to print out symbols that don't | |
333 | appear to exist. | |
334 | [Steve Henson] | |
335 | ||
8c950429 DSH |
336 | *) Additional options to ocsp utility to allow flags to be set and |
337 | additional certificates supplied. | |
338 | [Steve Henson] | |
339 | ||
9235adbf RL |
340 | *) Add the option -VAfile to 'openssl ocsp', so the user can give the |
341 | OCSP client a number of certificate to only verify the response | |
342 | signature against. | |
343 | [Richard Levitte] | |
344 | ||
57e7d3ce UM |
345 | *) Add new function BN_rand_range(), and fix DSA_sign_setup() to prevent |
346 | Bleichenbacher's DSA attack. | |
f2bc6684 BM |
347 | Extend BN_[pseudo_]rand: As before, top=1 forces the highest two bits |
348 | to be set and top=0 forces the highest bit to be set; top=-1 is new | |
349 | and leaves the highest bit random. | |
35ed8cb8 | 350 | [Ulf Moeller, Bodo Moeller] |
57e7d3ce | 351 | |
deb2c1a1 DSH |
352 | *) Update Rijndael code to version 3.0 and change EVP AES ciphers to |
353 | handle the new API. Currently only ECB, CBC modes supported. Add new | |
354 | AES OIDs. Add TLS AES ciphersuites as described in the "AES Ciphersuites | |
355 | for TLS" draft-ietf-tls-ciphersuite-03.txt. | |
356 | [Ben Laurie, Steve Henson] | |
357 | ||
9eea2be6 BM |
358 | *) In the NCONF_...-based implementations for CONF_... queries |
359 | (crypto/conf/conf_lib.c), if the input LHASH is NULL, avoid using | |
360 | a temporary CONF structure with the data component set to NULL | |
361 | (which gives segmentation faults in lh_retrieve). | |
362 | Instead, use NULL for the CONF pointer in CONF_get_string and | |
363 | CONF_get_number (which may use environment variables) and directly | |
364 | return NULL from CONF_get_section. | |
365 | [Bodo Moeller] | |
366 | ||
741a9690 UM |
367 | *) Fix potential buffer overrun for EBCDIC. |
368 | [Ulf Moeller] | |
369 | ||
26e083cc DSH |
370 | *) New function OCSP_copy_nonce() to copy nonce value (if present) from |
371 | request to response. | |
372 | [Steve Henson] | |
373 | ||
02e4fbed DSH |
374 | *) Functions for OCSP responders. OCSP_request_onereq_count(), |
375 | OCSP_request_onereq_get0(), OCSP_onereq_get0_id() and OCSP_id_get0_info() | |
376 | extract information from a certificate request. OCSP_response_create() | |
377 | creates a response and optionally adds a basic response structure. | |
378 | OCSP_basic_add1_status() adds a complete single response to a basic | |
379 | reponse and returns the OCSP_SINGLERESP structure just added (to allow | |
380 | extensions to be included for example). OCSP_basic_add1_cert() adds a | |
381 | certificate to a basic response and OCSP_basic_sign() signs a basic | |
382 | response with various flags. New helper functions ASN1_TIME_check() | |
383 | (checks validity of ASN1_TIME structure) and ASN1_TIME_to_generalizedtime() | |
384 | (converts ASN1_TIME to GeneralizedTime). | |
385 | [Steve Henson] | |
386 | ||
88ce56f8 DSH |
387 | *) Various new functions. EVP_Digest() combines EVP_Digest{Init,Update,Final}() |
388 | in a single operation. X509_get0_pubkey_bitstr() extracts the public_key | |
389 | structure from a certificate. X509_pubkey_digest() digests tha public_key | |
390 | contents: this is used in various key identifiers. | |
391 | [Steve Henson] | |
392 | ||
8cff6331 DSH |
393 | *) Tolerate nonRepudiation as being valid for S/MIME signing and certSign |
394 | keyUsage if basicConstraints absent for a CA. | |
395 | [Steve Henson] | |
396 | ||
903872d6 RL |
397 | *) Make SMIME_write_PKCS7() write mail header values with a format that |
398 | is more generally accepted (no spaces before the semicolon), since | |
399 | some programs can't parse those values properly otherwise. Also make | |
400 | sure BIO's that break lines after each write do not create invalid | |
401 | headers. | |
402 | [Richard Levitte] | |
403 | ||
b8470240 DSH |
404 | *) Make sk_sort() tolerate a NULL argument. |
405 | [Steve Henson reported by Massimiliano Pala <madwolf@comune.modena.it>] | |
406 | ||
50d51991 DSH |
407 | *) New OCSP verify flag OCSP_TRUSTOTHER. When set the "other" certificates |
408 | passed by the function are trusted implicitly. If any of them signed the | |
409 | reponse then it is assumed to be valid and is not verified. | |
410 | [Steve Henson] | |
411 | ||
a342cc5a DSH |
412 | *) Zero the premaster secret after deriving the master secret in |
413 | DH ciphersuites. | |
414 | [Steve Henson] | |
415 | ||
a43cf9fa DSH |
416 | *) In PKCS7_set_type() initialise content_type in PKCS7_ENC_CONTENT |
417 | to data. This was previously part of the PKCS7 ASN1 code. This | |
418 | was causing problems with OpenSSL created PKCS#12 and PKCS#7 structures. | |
419 | [Steve Henson, reported by Kenneth R. Robinette | |
420 | <support@securenetterm.com>] | |
421 | ||
422 | *) Add CRYPTO_push_info() and CRYPTO_pop_info() calls to new ASN1 | |
423 | routines: without these tracing memory leaks is very painful. | |
424 | Fix leaks in PKCS12 and PKCS7 routines. | |
425 | [Steve Henson] | |
426 | ||
75802000 UM |
427 | *) Fix for Irix with NO_ASM. |
428 | ["Bruce W. Forsberg" <bruce.forsberg@baesystems.com>] | |
429 | ||
ae0665b8 BM |
430 | *) Add some EVP_add_digest_alias registrations (as found in |
431 | OpenSSL_add_all_digests()), to SSL_library_init() | |
432 | aka OpenSSL_add_ssl_algorithms(). This provides improved | |
433 | compatibility with peers using X.509 certificates | |
434 | with unconventional AlgorithmIdentifier OIDs. | |
435 | [Bodo Moeller] | |
436 | ||
893b76c5 UM |
437 | *) ./config script fixes. |
438 | [Ulf Moeller, Richard Levitte] | |
439 | ||
ba8e2824 DSH |
440 | *) Make X509_time_adj() cope with the new behaviour of ASN1_TIME_new(). |
441 | Previously it initialised the 'type' argument to V_ASN1_UTCTIME which | |
442 | effectively meant GeneralizedTime would never be used. Now it | |
443 | is initialised to -1 but X509_time_adj() now has to check the value | |
444 | and use ASN1_TIME_set() if the value is not V_ASN1_UTCTIME or | |
445 | V_ASN1_GENERALIZEDTIME, without this it always uses GeneralizedTime. | |
446 | [Steve Henson, reported by Kenneth R. Robinette | |
447 | <support@securenetterm.com>] | |
448 | ||
8e8972bb DSH |
449 | *) Fixes to BN_to_ASN1_INTEGER when bn is zero. This would previously |
450 | result in a zero length in the ASN1_INTEGER structure which was | |
451 | not consistent with the structure when d2i_ASN1_INTEGER() was used | |
452 | and would cause ASN1_INTEGER_cmp() to fail. Enhance s2i_ASN1_INTEGER() | |
453 | to cope with hex and negative integers. Fix bug in i2a_ASN1_INTEGER() | |
454 | where it did not print out a minus for negative ASN1_INTEGER. | |
455 | [Steve Henson] | |
456 | ||
57108f0a BM |
457 | *) Fix 'openssl passwd -1'. |
458 | [Bodo Moeller] | |
459 | ||
73758d43 DSH |
460 | *) Add summary printout to ocsp utility. The various functions which |
461 | convert status values to strings have been renamed to: | |
462 | OCSP_response_status_str(), OCSP_cert_status_str() and | |
463 | OCSP_crl_reason_str() and are no longer static. New options | |
464 | to verify nonce values and to disable verification. OCSP response | |
465 | printout format cleaned up. | |
466 | [Steve Henson] | |
467 | ||
e8af92fc DSH |
468 | *) Add additional OCSP certificate checks. These are those specified |
469 | in RFC2560. This consists of two separate checks: the CA of the | |
470 | certificate being checked must either be the OCSP signer certificate | |
471 | or the issuer of the OCSP signer certificate. In the latter case the | |
472 | OCSP signer certificate must contain the OCSP signing extended key | |
473 | usage. This check is performed by attempting to match the OCSP | |
474 | signer or the OCSP signer CA to the issuerNameHash and issuerKeyHash | |
475 | in the OCSP_CERTID structures of the response. | |
476 | [Steve Henson] | |
477 | ||
81f169e9 DSH |
478 | *) Initial OCSP certificate verification added to OCSP_basic_verify() |
479 | and related routines. This uses the standard OpenSSL certificate | |
480 | verify routines to perform initial checks (just CA validity) and | |
481 | to obtain the certificate chain. Then additional checks will be | |
482 | performed on the chain. Currently the root CA is checked to see | |
483 | if it is explicitly trusted for OCSP signing. This is used to set | |
484 | a root CA as a global signing root: that is any certificate that | |
485 | chains to that CA is an acceptable OCSP signing certificate. | |
486 | [Steve Henson] | |
487 | ||
dfebac32 BM |
488 | *) New '-extfile ...' option to 'openssl ca' for reading X.509v3 |
489 | extensions from a separate configuration file. | |
490 | As when reading extensions from the main configuration file, | |
491 | the '-extensions ...' option may be used for specifying the | |
492 | section to use. | |
493 | [Massimiliano Pala <madwolf@comune.modena.it>] | |
494 | ||
6308af19 DSH |
495 | *) Change PKCS12_key_gen_asc() so it can cope with non null |
496 | terminated strings whose length is passed in the passlen | |
497 | parameter, for example from PEM callbacks. This was done | |
498 | by adding an extra length parameter to asc2uni(). | |
499 | [Steve Henson, reported by <oddissey@samsung.co.kr>] | |
500 | ||
5782ceb2 DSH |
501 | *) New OCSP utility. Allows OCSP requests to be generated or |
502 | read. The request can be sent to a responder and the output | |
503 | parsed, outputed or printed in text form. Not complete yet: | |
504 | still needs to check the OCSP response validity. | |
505 | [Steve Henson] | |
506 | ||
c67cdb50 BM |
507 | *) New subcommands for 'openssl ca': |
508 | 'openssl ca -status <serial>' prints the status of the cert with | |
509 | the given serial number (according to the index file). | |
510 | 'openssl ca -updatedb' updates the expiry status of certificates | |
511 | in the index file. | |
512 | [Massimiliano Pala <madwolf@comune.modena.it>] | |
513 | ||
d199858e BM |
514 | *) New '-newreq-nodes' command option to CA.pl. This is like |
515 | '-newreq', but calls 'openssl req' with the '-nodes' option | |
516 | so that the resulting key is not encrypted. | |
517 | [Damien Miller <djm@mindrot.org>] | |
518 | ||
10a2975a RL |
519 | *) New configuration for the GNU Hurd. |
520 | [Jonathan Bartlett <johnnyb@wolfram.com> via Richard Levitte] | |
521 | ||
9b4dc830 DSH |
522 | *) Initial code to implement OCSP basic response verify. This |
523 | is currently incomplete. Currently just finds the signer's | |
524 | certificate and verifies the signature on the response. | |
525 | [Steve Henson] | |
526 | ||
673b3fde BM |
527 | *) New SSLeay_version code SSLEAY_DIR to determine the compiled-in |
528 | value of OPENSSLDIR. This is available via the new '-d' option | |
529 | to 'openssl version', and is also included in 'openssl version -a'. | |
530 | [Bodo Moeller] | |
531 | ||
c06648f7 BM |
532 | *) Fix C code generated by 'openssl dsaparam -C': If a BN_bin2bn |
533 | call failed, free the DSA structure. | |
534 | [Bodo Moeller] | |
535 | ||
a5435e8b BM |
536 | *) Allowing defining memory allocation callbacks that will be given |
537 | file name and line number information in additional arguments | |
538 | (a const char* and an int). The basic functionality remains, as | |
539 | well as the original possibility to just replace malloc(), | |
540 | realloc() and free() by functions that do not know about these | |
541 | additional arguments. To register and find out the current | |
542 | settings for extended allocation functions, the following | |
543 | functions are provided: | |
65a22e8e RL |
544 | |
545 | CRYPTO_set_mem_ex_functions | |
546 | CRYPTO_set_locked_mem_ex_functions | |
547 | CRYPTO_get_mem_ex_functions | |
548 | CRYPTO_get_locked_mem_ex_functions | |
549 | ||
a5435e8b BM |
550 | These work the same way as CRYPTO_set_mem_functions and friends. |
551 | CRYPTO_get_[locked_]mem_functions now writes 0 where such an | |
552 | extended allocation function is enabled. | |
553 | Similarly, CRYPTO_get_[locked_]mem_ex_functions writes 0 where | |
554 | a conventional allocation function is enabled. | |
555 | [Richard Levitte, Bodo Moeller] | |
65a22e8e | 556 | |
cbf0f45f DSH |
557 | *) Fix to uni2asc() to cope with zero length Unicode strings. |
558 | These are present in some PKCS#12 files. | |
559 | [Steve Henson] | |
560 | ||
3c914840 GT |
561 | *) Finish off removing the remaining LHASH function pointer casts. |
562 | There should no longer be any prototype-casting required when using | |
56a67adb GT |
563 | the LHASH abstraction, and any casts that remain are "bugs". See |
564 | the callback types and macros at the head of lhash.h for details | |
565 | (and "OBJ_cleanup" in crypto/objects/obj_dat.c as an example). | |
3c914840 GT |
566 | [Geoff Thorpe] |
567 | ||
599c0353 LJ |
568 | *) Add automatic query of EGD sockets in RAND_poll() for the unix variant. |
569 | If an EGD or PRNGD is running and enough entropy is returned, automatic | |
570 | seeding like with /dev/[u]random will be performed. | |
571 | Positions tried are: /etc/entropy, /var/run/egd-pool. | |
572 | [Lutz Jaenicke] | |
573 | ||
0c61e299 | 574 | *) Change the Unix RAND_poll() variant to be able to poll several |
361ef5f4 RL |
575 | random devices, as specified by DEVRANDOM, until a sufficient amount |
576 | of data has been collected. We spend at most 10 ms on each file | |
577 | (select timeout) and read in non-blocking mode. DEVRANDOM now | |
578 | defaults to the list "/dev/urandom", "/dev/random", "/dev/srandom" | |
579 | (previously it was just the string "/dev/urandom"), so on typical | |
580 | platforms the 10 ms delay will never occur. | |
581 | Also separate out the Unix variant to its own file, rand_unix.c. | |
582 | For VMS, there's a currently-empty rand_vms.c. | |
0c61e299 RL |
583 | [Richard Levitte] |
584 | ||
0b33bc65 DSH |
585 | *) Move OCSP client related routines to ocsp_cl.c. These |
586 | provide utility functions which an application needing | |
587 | to issue a request to an OCSP responder and analyse the | |
588 | response will typically need: as opposed to those which an | |
589 | OCSP responder itself would need which will be added later. | |
590 | ||
591 | OCSP_request_sign() signs an OCSP request with an API similar | |
592 | to PKCS7_sign(). OCSP_response_status() returns status of OCSP | |
593 | response. OCSP_response_get1_basic() extracts basic response | |
594 | from response. OCSP_resp_find_status(): finds and extracts status | |
595 | information from an OCSP_CERTID structure (which will be created | |
596 | when the request structure is built). These are built from lower | |
597 | level functions which work on OCSP_SINGLERESP structures but | |
598 | wont normally be used unless the application wishes to examine | |
599 | extensions in the OCSP response for example. | |
600 | ||
601 | Replace nonce routines with a pair of functions. | |
602 | OCSP_request_add1_nonce() adds a nonce value and optionally | |
603 | generates a random value. OCSP_check_nonce() checks the | |
604 | validity of the nonce in an OCSP response. | |
605 | [Steve Henson] | |
606 | ||
607 | *) Change function OCSP_request_add() to OCSP_request_add0_id(). | |
8e961835 DSH |
608 | This doesn't copy the supplied OCSP_CERTID and avoids the |
609 | need to free up the newly created id. Change return type | |
610 | to OCSP_ONEREQ to return the internal OCSP_ONEREQ structure. | |
611 | This can then be used to add extensions to the request. | |
612 | Deleted OCSP_request_new(), since most of its functionality | |
613 | is now in OCSP_REQUEST_new() (and the case insensitive name | |
614 | clash) apart from the ability to set the request name which | |
615 | will be added elsewhere. | |
616 | [Steve Henson] | |
617 | ||
bf0d176e DSH |
618 | *) Update OCSP API. Remove obsolete extensions argument from |
619 | various functions. Extensions are now handled using the new | |
620 | OCSP extension code. New simple OCSP HTTP function which | |
621 | can be used to send requests and parse the response. | |
622 | [Steve Henson] | |
623 | ||
ec5add87 DSH |
624 | *) Fix the PKCS#7 (S/MIME) code to work with new ASN1. Two new |
625 | ASN1_ITEM structures help with sign and verify. PKCS7_ATTR_SIGN | |
626 | uses the special reorder version of SET OF to sort the attributes | |
627 | and reorder them to match the encoded order. This resolves a long | |
628 | standing problem: a verify on a PKCS7 structure just after signing | |
629 | it used to fail because the attribute order did not match the | |
630 | encoded order. PKCS7_ATTR_VERIFY does not reorder the attributes: | |
631 | it uses the received order. This is necessary to tolerate some broken | |
632 | software that does not order SET OF. This is handled by encoding | |
633 | as a SEQUENCE OF but using implicit tagging (with UNIVERSAL class) | |
634 | to produce the required SET OF. | |
635 | [Steve Henson] | |
636 | ||
a6574c21 RL |
637 | *) Have mk1mf.pl generate the macros OPENSSL_BUILD_SHLIBCRYPTO and |
638 | OPENSSL_BUILD_SHLIBSSL and use them appropriately in the header | |
639 | files to get correct declarations of the ASN.1 item variables. | |
640 | [Richard Levitte] | |
641 | ||
ecbe0781 DSH |
642 | *) Rewrite of PKCS#12 code to use new ASN1 functionality. Replace many |
643 | PKCS#12 macros with real functions. Fix two unrelated ASN1 bugs: | |
644 | asn1_check_tlen() would sometimes attempt to use 'ctx' when it was | |
645 | NULL and ASN1_TYPE was not dereferenced properly in asn1_ex_c2i(). | |
646 | New ASN1 macro: DECLARE_ASN1_ITEM() which just declares the relevant | |
647 | ASN1_ITEM and no wrapper functions. | |
648 | [Steve Henson] | |
649 | ||
4e1209eb DSH |
650 | *) New functions or ASN1_item_d2i_fp() and ASN1_item_d2i_bio(). These |
651 | replace the old function pointer based I/O routines. Change most of | |
652 | the *_d2i_bio() and *_d2i_fp() functions to use these. | |
653 | [Steve Henson] | |
654 | ||
3f07fe09 RL |
655 | *) Enhance mkdef.pl to be more accepting about spacing in C preprocessor |
656 | lines, recognice more "algorithms" that can be deselected, and make | |
657 | it complain about algorithm deselection that isn't recognised. | |
658 | [Richard Levitte] | |
659 | ||
78d3b819 | 660 | *) New ASN1 functions to handle dup, sign, verify, digest, pack and |
73e92de5 DSH |
661 | unpack operations in terms of ASN1_ITEM. Modify existing wrappers |
662 | to use new functions. Add NO_ASN1_OLD which can be set to remove | |
663 | some old style ASN1 functions: this can be used to determine if old | |
664 | code will still work when these eventually go away. | |
09ab755c DSH |
665 | [Steve Henson] |
666 | ||
ec558b65 DSH |
667 | *) New extension functions for OCSP structures, these follow the |
668 | same conventions as certificates and CRLs. | |
669 | [Steve Henson] | |
670 | ||
57d2f217 DSH |
671 | *) New function X509V3_add1_i2d(). This automatically encodes and |
672 | adds an extension. Its behaviour can be customised with various | |
673 | flags to append, replace or delete. Various wrappers added for | |
674 | certifcates and CRLs. | |
675 | [Steve Henson] | |
676 | ||
5755cab4 DSH |
677 | *) Fix to avoid calling the underlying ASN1 print routine when |
678 | an extension cannot be parsed. Correct a typo in the | |
679 | OCSP_SERVICELOC extension. Tidy up print OCSP format. | |
680 | [Steve Henson] | |
681 | ||
3880cd35 BM |
682 | *) Increase s2->wbuf allocation by one byte in ssl2_new (ssl/s2_lib.c). |
683 | Otherwise do_ssl_write (ssl/s2_pkt.c) will write beyond buffer limits | |
684 | when writing a 32767 byte record. | |
685 | [Bodo Moeller; problem reported by Eric Day <eday@concentric.net>] | |
686 | ||
f640ee90 | 687 | *) In RSA_eay_public_{en,ed}crypt and RSA_eay_mod_exp (rsa_eay.c), |
126fe085 | 688 | obtain lock CRYPTO_LOCK_RSA before setting rsa->_method_mod_{n,p,q}. |
f640ee90 BM |
689 | |
690 | (RSA objects have a reference count access to which is protected | |
691 | by CRYPTO_LOCK_RSA [see rsa_lib.c, s3_srvr.c, ssl_cert.c, ssl_rsa.c], | |
692 | so they are meant to be shared between threads.) | |
126fe085 BM |
693 | [Bodo Moeller, Geoff Thorpe; original patch submitted by |
694 | "Reddie, Steven" <Steven.Reddie@ca.com>] | |
f640ee90 | 695 | |
9c67ab2f DSH |
696 | *) Make mkdef.pl parse some of the ASN1 macros and add apropriate |
697 | entries for variables. | |
5755cab4 | 698 | [Steve Henson] |
9c67ab2f | 699 | |
1456d186 BM |
700 | *) Fix a deadlock in CRYPTO_mem_leaks(). |
701 | [Bodo Moeller] | |
702 | ||
3ac82faa BM |
703 | *) Add functionality to apps/openssl.c for detecting locking |
704 | problems: As the program is single-threaded, all we have | |
705 | to do is register a locking callback using an array for | |
706 | storing which locks are currently held by the program. | |
3ac82faa BM |
707 | [Bodo Moeller] |
708 | ||
709 | *) Use a lock around the call to CRYPTO_get_ex_new_index() in | |
710 | SSL_get_ex_data_X509_STORE_idx(), which is used in | |
711 | ssl_verify_cert_chain() and thus can be called at any time | |
712 | during TLS/SSL handshakes so that thread-safety is essential. | |
713 | Unfortunately, the ex_data design is not at all suited | |
714 | for multi-threaded use, so it probably should be abolished. | |
715 | [Bodo Moeller] | |
716 | ||
2a86064f GT |
717 | *) Added Broadcom "ubsec" ENGINE to OpenSSL. |
718 | [Broadcom, tweaked and integrated by Geoff Thorpe] | |
719 | ||
2c15d426 DSH |
720 | *) Move common extension printing code to new function |
721 | X509V3_print_extensions(). Reorganise OCSP print routines and | |
c08523d8 | 722 | implement some needed OCSP ASN1 functions. Add OCSP extensions. |
2c15d426 DSH |
723 | [Steve Henson] |
724 | ||
de487514 DSH |
725 | *) New function X509_signature_print() to remove duplication in some |
726 | print routines. | |
727 | [Steve Henson] | |
728 | ||
06db4253 DSH |
729 | *) Add a special meaning when SET OF and SEQUENCE OF flags are both |
730 | set (this was treated exactly the same as SET OF previously). This | |
731 | is used to reorder the STACK representing the structure to match the | |
732 | encoding. This will be used to get round a problem where a PKCS7 | |
733 | structure which was signed could not be verified because the STACK | |
734 | order did not reflect the encoded order. | |
735 | [Steve Henson] | |
736 | ||
36f554d4 DSH |
737 | *) Reimplement the OCSP ASN1 module using the new code. |
738 | [Steve Henson] | |
739 | ||
2aff7727 DSH |
740 | *) Update the X509V3 code to permit the use of an ASN1_ITEM structure |
741 | for its ASN1 operations. The old style function pointers still exist | |
742 | for now but they will eventually go away. | |
743 | [Steve Henson] | |
744 | ||
9d6b1ce6 | 745 | *) Merge in replacement ASN1 code from the ASN1 branch. This almost |
5755cab4 DSH |
746 | completely replaces the old ASN1 functionality with a table driven |
747 | encoder and decoder which interprets an ASN1_ITEM structure describing | |
748 | the ASN1 module. Compatibility with the existing ASN1 API (i2d,d2i) is | |
749 | largely maintained. Almost all of the old asn1_mac.h macro based ASN1 | |
750 | has also been converted to the new form. | |
9d6b1ce6 DSH |
751 | [Steve Henson] |
752 | ||
8dea52fa BM |
753 | *) Change BN_mod_exp_recp so that negative moduli are tolerated |
754 | (the sign is ignored). Similarly, ignore the sign in BN_MONT_CTX_set | |
755 | so that BN_mod_exp_mont and BN_mod_exp_mont_word work | |
756 | for negative moduli. | |
757 | [Bodo Moeller] | |
758 | ||
759 | *) Fix BN_uadd and BN_usub: Always return non-negative results instead | |
760 | of not touching the result's sign bit. | |
761 | [Bodo Moeller] | |
762 | ||
80d89e6a BM |
763 | *) BN_div bugfix: If the result is 0, the sign (res->neg) must not be |
764 | set. | |
765 | [Bodo Moeller] | |
766 | ||
f1919c3d GT |
767 | *) Changed the LHASH code to use prototypes for callbacks, and created |
768 | macros to declare and implement thin (optionally static) functions | |
769 | that provide type-safety and avoid function pointer casting for the | |
770 | type-specific callbacks. | |
771 | [Geoff Thorpe] | |
772 | ||
1946cd8b UM |
773 | *) Use better test patterns in bntest. |
774 |