[thirdparty/openssl.git] / CHANGES


 OpenSSL CHANGES
 _______________


 Changes between 0.9.1c and 0.9.2

  *) Add OAEP encryption for the OpenSSL crypto library. OAEP is the improved
     padding method for RSA, which is recommended for new applications in PKCS
     #1 v2.0 (RFC 2437, October 1998).
     OAEP (Optimal Asymmetric Encryption Padding) has better theoretical
     foundations than the ad-hoc padding used in PKCS #1 v1.5. It is secure
     against Bleichbacher's attack on RSA.
     [Ulf Moeller <ulf@fitug.de>, reformatted, corrected and integrated by
      Ben Laurie]

  *) Updates to the new SSL compression code
     [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]

  *) Fix so that the version number in the master secret, when passed
     via RSA, checks that if TLS was proposed, but we roll back to SSLv3
     (because the server will not accept higher), that the version number
     is 0x03,0x01, not 0x03,0x00
     [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]

  *) Run extensive memory leak checks on SSL apps. Fixed *lots* of memory
     leaks in ssl/ relating to new X509_get_pubkey() behaviour. Also fixes
     in apps/ and an unrellated leak in crypto/dsa/dsa_vrf.c
     [Steve Henson]

  *) Support for RAW extensions where an arbitrary extension can be
     created by including its DER encoding. See apps/openssl.cnf for
     an example.
     [Steve Henson]

  *) Make sure latest Perl versions don't interpret some generated C array
     code as Perl array code in the crypto/err/err_genc.pl script.
     [Lars Weber <3weber@informatik.uni-hamburg.de>]

  *) Modify ms/do_ms.bat to not generate assembly language makefiles since
     not many people have the assembler. Various Win32 compilation fixes and
     update to the INSTALL.W32 file with (hopefully) more accurate Win32
     build instructions.
     [Steve Henson]

  *) Modify configure script 'Configure' to automatically create crypto/date.h
     file under Win32 and also build pem.h from pem.org. New script
     util/mkfiles.pl to create the MINFO file on environments that can't do a
     'make files': perl util/mkfiles.pl >MINFO should work.
     [Steve Henson]

  *) Major rework of DES function declarations, in the pursuit of correctness
     and purity. As a result, many evil casts evaporated, and some weirdness,
     too. You may find this causes warnings in your code. Zapping your evil
     casts will probably fix them. Mostly.
     [Ben Laurie]

  *) Fix for a typo in asn1.h. Bug fix to object creation script
     obj_dat.pl. It considered a zero in an object definition to mean
     "end of object": none of the objects in objects.h have any zeros
     so it wasn't spotted.
     [Steve Henson, reported by Erwann ABALEA <eabalea@certplus.com>]

  *) Add support for Triple DES Cipher Block Chaining with Output Feedback
     Masking (CBCM). In the absence of test vectors, the best I have been able
     to do is check that the decrypt undoes the encrypt, so far. Send me test
     vectors if you have them.
     [Ben Laurie]

  *) Correct caclulation of key length for export ciphers (too much space was
     allocated for null ciphers). This has not been tested!
     [Ben Laurie]

  *) Modifications to the mkdef.pl for Win32 DEF file creation. The usage
     message is now correct (it understands "crypto" and "ssl" on its
     command line). There is also now an "update" option. This will update
     the util/ssleay.num and util/libeay.num files with any new functions.
     If you do a: 
     perl util/mkdef.pl crypto ssl update
     it will update them.
     [Steve Henson]

  *) Overhauled the Perl interface (perl/*):
     - ported BN stuff to OpenSSL's different BN library
     - made the perl/ source tree CVS-aware
     - renamed the package from SSLeay to OpenSSL (the files still contain
       their history because I've copied them in the repository)
     - removed obsolete files (the test scripts will be replaced
       by better Test::Harness variants in the future)
     [Ralf S. Engelschall]

  *) First cut for a very conservative source tree cleanup:
     1. merge various obsolete readme texts into doc/ssleay.txt
     where we collect the old documents and readme texts.
     2. remove the first part of files where I'm already sure that we no
     longer need them because of three reasons: either they are just temporary
     files which were left by Eric or they are preserved original files where
     I've verified that the diff is also available in the CVS via "cvs diff
     -rSSLeay_0_8_1b" or they were renamed (as it was definitely the case for
     the crypto/md/ stuff).
     [Ralf S. Engelschall]

  *) More extension code. Incomplete support for subject and issuer alt
     name, issuer and authority key id. Change the i2v function parameters
     and add an extra 'crl' parameter in the X509V3_CTX structure: guess
     what that's for :-) Fix to ASN1 macro which messed up
     IMPLICIT tag and add f_enum.c which adds a2i, i2a for ENUMERATED.
     [Steve Henson]

  *) Preliminary support for ENUMERATED type. This is largely copied from the
     INTEGER code.
     [Steve Henson]

  *) Add new function, EVP_MD_CTX_copy() to replace frequent use of memcpy.
     [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]

  *) Make sure `make rehash' target really finds the `openssl' program.
     [Ralf S. Engelschall, Matthias Loepfe <Matthias.Loepfe@adnovum.ch>]

  *) Squeeze another 7% of speed out of MD5 assembler, at least on a P2. I'd
     like to hear about it if this slows down other processors.
     [Ben Laurie]

  *) Add CygWin32 platform information to Configure script.
     [Alan Batie <batie@aahz.jf.intel.com>]

  *) Fixed ms/32all.bat script: `no_asm' -> `no-asm'
     [Rainer W. Gerling <gerling@mpg-gv.mpg.de>]
  
  *) New program nseq to manipulate netscape certificate sequences
     [Steve Henson]

  *) Modify crl2pkcs7 so it supports multiple -certfile arguments. Fix a
     few typos.
     [Steve Henson]

  *) Fixes to BN code.  Previously the default was to define BN_RECURSION
     but the BN code had some problems that would cause failures when
     doing certificate verification and some other functions.
     [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]

  *) Add ASN1 and PEM code to support netscape certificate sequences.
     [Steve Henson]

  *) Add ASN1 and PEM code to support netscape certificate sequences.
     [Steve Henson]

  *) Add several PKIX and private extended key usage OIDs.
     [Steve Henson]

  *) Modify the 'ca' program to handle the new extension code. Modify
     openssl.cnf for new extension format, add comments.
     [Steve Henson]

  *) More X509 V3 changes. Fix typo in v3_bitstr.c. Add support to 'req'
     and add a sample to openssl.cnf so req -x509 now adds appropriate
     CA extensions.
     [Steve Henson]

  *) Continued X509 V3 changes. Add to other makefiles, integrate with the
     error code, add initial support to X509_print() and x509 application.
     [Steve Henson]

  *) Takes a deep breath and start addding X509 V3 extension support code. Add
     files in crypto/x509v3. Move original stuff to crypto/x509v3/old. All this
     stuff is currently isolated and isn't even compiled yet.
     [Steve Henson]

  *) Continuing patches for GeneralizedTime. Fix up certificate and CRL
     ASN1 to use ASN1_TIME and modify print routines to use ASN1_TIME_print.
     Removed the versions check from X509 routines when loading extensions:
     this allows certain broken certificates that don't set the version
     properly to be processed.
     [Steve Henson]

  *) Deal with irritating shit to do with dependencies, in YAAHW (Yet Another
     Ad Hoc Way) - Makefile.ssls now all contain local dependencies, which
     can still be regenerated with "make depend".
     [Ben Laurie]

  *) Spelling mistake in C version of CAST-128.
     [Ben Laurie, reported by Jeremy Hylton <jeremy@cnri.reston.va.us>]

  *) Changes to the error generation code. The perl script err-code.pl 
     now reads in the old error codes and retains the old numbers, only
     adding new ones if necessary. It also only changes the .err files if new
     codes are added. The makefiles have been modified to only insert errors
     when needed (to avoid needlessly modifying header files). This is done
     by only inserting errors if the .err file is newer than the auto generated
     C file. To rebuild all the error codes from scratch (the old behaviour)
     either modify crypto/Makefile.ssl to pass the -regen flag to err_code.pl
     or delete all the .err files.
     [Steve Henson]

  *) CAST-128 was incorrectly implemented for short keys. The C version has
     been fixed, but is untested. The assembler versions are also fixed, but
     new assembler HAS NOT BEEN GENERATED FOR WIN32 - the Makefile needs fixing
     to regenerate it if needed.
     [Ben Laurie, reported (with fix for C version) by Jun-ichiro itojun
      Hagino <itojun@kame.net>]

  *) File was opened incorrectly in randfile.c.
Commit	Line	Data
651d0aff	1
f1c236f8	2	OpenSSL CHANGES
651d0aff RE	3	_______________
	4
	5
9cb0969f	6	Changes between 0.9.1c and 0.9.2
0172f988	7
a4949896 BL	8	*) Add OAEP encryption for the OpenSSL crypto library. OAEP is the improved
	9	padding method for RSA, which is recommended for new applications in PKCS
	10	#1 v2.0 (RFC 2437, October 1998).
	11	OAEP (Optimal Asymmetric Encryption Padding) has better theoretical
	12	foundations than the ad-hoc padding used in PKCS #1 v1.5. It is secure
	13	against Bleichbacher's attack on RSA.
	14	[Ulf Moeller <ulf@fitug.de>, reformatted, corrected and integrated by
	15	Ben Laurie]
	16
413c4f45 MC	17	*) Updates to the new SSL compression code
	18	[Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
	19
	20	*) Fix so that the version number in the master secret, when passed
	21	via RSA, checks that if TLS was proposed, but we roll back to SSLv3
	22	(because the server will not accept higher), that the version number
	23	is 0x03,0x01, not 0x03,0x00
	24	[Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
	25
a8236c8c DSH	26	) Run extensive memory leak checks on SSL apps. Fixed lots* of memory
	27	leaks in ssl/ relating to new X509_get_pubkey() behaviour. Also fixes
	28	in apps/ and an unrellated leak in crypto/dsa/dsa_vrf.c
	29	[Steve Henson]
	30
388ff0b0 DSH	31	*) Support for RAW extensions where an arbitrary extension can be
	32	created by including its DER encoding. See apps/openssl.cnf for
	33	an example.
a8236c8c	34	[Steve Henson]
388ff0b0	35
6013fa83 RE	36	*) Make sure latest Perl versions don't interpret some generated C array
	37	code as Perl array code in the crypto/err/err_genc.pl script.
	38	[Lars Weber <3weber@informatik.uni-hamburg.de>]
	39
5c00879e DSH	40	*) Modify ms/do_ms.bat to not generate assembly language makefiles since
	41	not many people have the assembler. Various Win32 compilation fixes and
	42	update to the INSTALL.W32 file with (hopefully) more accurate Win32
	43	build instructions.
	44	[Steve Henson]
	45
9becf666 DSH	46	*) Modify configure script 'Configure' to automatically create crypto/date.h
	47	file under Win32 and also build pem.h from pem.org. New script
	48	util/mkfiles.pl to create the MINFO file on environments that can't do a
	49	'make files': perl util/mkfiles.pl >MINFO should work.
	50	[Steve Henson]
	51
4e31df2c BL	52	*) Major rework of DES function declarations, in the pursuit of correctness
	53	and purity. As a result, many evil casts evaporated, and some weirdness,
	54	too. You may find this causes warnings in your code. Zapping your evil
	55	casts will probably fix them. Mostly.
	56	[Ben Laurie]
	57
e4119b93 DSH	58	*) Fix for a typo in asn1.h. Bug fix to object creation script
	59	obj_dat.pl. It considered a zero in an object definition to mean
	60	"end of object": none of the objects in objects.h have any zeros
	61	so it wasn't spotted.
	62	[Steve Henson, reported by Erwann ABALEA <eabalea@certplus.com>]
	63
4a71b90d BL	64	*) Add support for Triple DES Cipher Block Chaining with Output Feedback
	65	Masking (CBCM). In the absence of test vectors, the best I have been able
	66	to do is check that the decrypt undoes the encrypt, so far. Send me test
	67	vectors if you have them.
	68	[Ben Laurie]
	69
436d318c BL	70	*) Correct caclulation of key length for export ciphers (too much space was
	71	allocated for null ciphers). This has not been tested!
	72	[Ben Laurie]
	73
55a9cc6e DSH	74	*) Modifications to the mkdef.pl for Win32 DEF file creation. The usage
	75	message is now correct (it understands "crypto" and "ssl" on its
	76	command line). There is also now an "update" option. This will update
	77	the util/ssleay.num and util/libeay.num files with any new functions.
	78	If you do a:
	79	perl util/mkdef.pl crypto ssl update
	80	it will update them.
e4119b93	81	[Steve Henson]
55a9cc6e	82
8073036d RE	83	) Overhauled the Perl interface (perl/):
	84	- ported BN stuff to OpenSSL's different BN library
	85	- made the perl/ source tree CVS-aware
	86	- renamed the package from SSLeay to OpenSSL (the files still contain
	87	their history because I've copied them in the repository)
	88	- removed obsolete files (the test scripts will be replaced
	89	by better Test::Harness variants in the future)
	90	[Ralf S. Engelschall]
	91
483fdf18 RE	92	*) First cut for a very conservative source tree cleanup:
	93	1. merge various obsolete readme texts into doc/ssleay.txt
	94	where we collect the old documents and readme texts.
	95	2. remove the first part of files where I'm already sure that we no
	96	longer need them because of three reasons: either they are just temporary
	97	files which were left by Eric or they are preserved original files where
	98	I've verified that the diff is also available in the CVS via "cvs diff
	99	-rSSLeay_0_8_1b" or they were renamed (as it was definitely the case for
	100	the crypto/md/ stuff).
	101	[Ralf S. Engelschall]
	102
175b0942 DSH	103	*) More extension code. Incomplete support for subject and issuer alt
	104	name, issuer and authority key id. Change the i2v function parameters
	105	and add an extra 'crl' parameter in the X509V3_CTX structure: guess
	106	what that's for :-) Fix to ASN1 macro which messed up
	107	IMPLICIT tag and add f_enum.c which adds a2i, i2a for ENUMERATED.
	108	[Steve Henson]
	109
bceacf93 DSH	110	*) Preliminary support for ENUMERATED type. This is largely copied from the
	111	INTEGER code.
	112	[Steve Henson]
	113
351d8998 MC	114	*) Add new function, EVP_MD_CTX_copy() to replace frequent use of memcpy.
	115	[Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
	116
b621d772 RE	117	*) Make sure `make rehash' target really finds the `openssl' program.
	118	[Ralf S. Engelschall, Matthias Loepfe <Matthias.Loepfe@adnovum.ch>]
	119
a96e7810 BL	120	*) Squeeze another 7% of speed out of MD5 assembler, at least on a P2. I'd
	121	like to hear about it if this slows down other processors.
	122	[Ben Laurie]
	123
e04a6c2b RE	124	*) Add CygWin32 platform information to Configure script.
	125	[Alan Batie <batie@aahz.jf.intel.com>]
	126
0172f988 RE	127	*) Fixed ms/32all.bat script: `no_asm' -> `no-asm'
0172f988 RE	128	[Rainer W. Gerling <gerling@mpg-gv.mpg.de>]
79dfa975 DSH	129
	130	*) New program nseq to manipulate netscape certificate sequences
	131	[Steve Henson]
320a14cb	132
9fe84296 DSH	133	*) Modify crl2pkcs7 so it supports multiple -certfile arguments. Fix a
	134	few typos.
	135	[Steve Henson]
	136
a0a54079 MC	137	*) Fixes to BN code. Previously the default was to define BN_RECURSION
	138	but the BN code had some problems that would cause failures when
	139	doing certificate verification and some other functions.
	140	[Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
	141
92c046ca DSH	142	*) Add ASN1 and PEM code to support netscape certificate sequences.
	143	[Steve Henson]
	144
79dfa975 DSH	145	*) Add ASN1 and PEM code to support netscape certificate sequences.
	146	[Steve Henson]
	147
a27598bf DSH	148	*) Add several PKIX and private extended key usage OIDs.
	149	[Steve Henson]
	150
b2347661 DSH	151	*) Modify the 'ca' program to handle the new extension code. Modify
	152	openssl.cnf for new extension format, add comments.
	153	[Steve Henson]
	154
f317aa4c DSH	155	*) More X509 V3 changes. Fix typo in v3_bitstr.c. Add support to 'req'
	156	and add a sample to openssl.cnf so req -x509 now adds appropriate
	157	CA extensions.
	158	[Steve Henson]
	159
834eeef9 DSH	160	*) Continued X509 V3 changes. Add to other makefiles, integrate with the
834eeef9 DSH	161	error code, add initial support to X509_print() and x509 application.
f317aa4c	162	[Steve Henson]
834eeef9	163
9aeaf1b4 DSH	164	*) Takes a deep breath and start addding X509 V3 extension support code. Add
	165	files in crypto/x509v3. Move original stuff to crypto/x509v3/old. All this
	166	stuff is currently isolated and isn't even compiled yet.
	167	[Steve Henson]
	168
9b5cc156 DSH	169	*) Continuing patches for GeneralizedTime. Fix up certificate and CRL
	170	ASN1 to use ASN1_TIME and modify print routines to use ASN1_TIME_print.
	171	Removed the versions check from X509 routines when loading extensions:
	172	this allows certain broken certificates that don't set the version
	173	properly to be processed.
	174	[Steve Henson]
	175
8039257d BL	176	*) Deal with irritating shit to do with dependencies, in YAAHW (Yet Another
	177	Ad Hoc Way) - Makefile.ssls now all contain local dependencies, which
	178	can still be regenerated with "make depend".
	179	[Ben Laurie]
	180
b13a1554 BL	181	*) Spelling mistake in C version of CAST-128.
	182	[Ben Laurie, reported by Jeremy Hylton <jeremy@cnri.reston.va.us>]
	183
6c8abdd7 DSH	184	*) Changes to the error generation code. The perl script err-code.pl
	185	now reads in the old error codes and retains the old numbers, only
	186	adding new ones if necessary. It also only changes the .err files if new
	187	codes are added. The makefiles have been modified to only insert errors
	188	when needed (to avoid needlessly modifying header files). This is done
	189	by only inserting errors if the .err file is newer than the auto generated
	190	C file. To rebuild all the error codes from scratch (the old behaviour)
	191	either modify crypto/Makefile.ssl to pass the -regen flag to err_code.pl
	192	or delete all the .err files.
9b5cc156	193	[Steve Henson]
6c8abdd7	194
649cdb7b BL	195	*) CAST-128 was incorrectly implemented for short keys. The C version has
	196	been fixed, but is untested. The assembler versions are also fixed, but
	197	new assembler HAS NOT BEEN GENERATED FOR WIN32 - the Makefile needs fixing
	198	to regenerate it if needed.
	199	[Ben Laurie, reported (with fix for C version) by Jun-ichiro itojun
	200	Hagino <itojun@kame.net>]
	201
	202	*) File was opened incorrectly in randfile.c.
	203