]>
Commit | Line | Data |
---|---|---|
81a6c781 | 1 | |
f1c236f8 | 2 | OpenSSL CHANGES |
651d0aff RE |
3 | _______________ |
4 | ||
a9d2bc49 | 5 | Changes between 0.9.6 and 0.9.7 [xx XXX 2001] |
a43cf9fa | 6 | |
e9ad0d2c BM |
7 | OpenSSL 0.9.6a/0.9.6b (bugfix releases, 5 Apr 2001 and 9 July 2001) |
8 | and OpenSSL 0.9.7 were developped in parallel, based on OpenSSL 0.9.6. | |
9 | ||
a9d2bc49 | 10 | Change log entries are tagged as follows: |
daba492c BM |
11 | -) applies to 0.9.6a/0.9.6b/0.9.6c only |
12 | *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7 | |
a9d2bc49 BM |
13 | +) applies to 0.9.7 only |
14 | ||
a75b1915 LJ |
15 | *) Initialize static variable in crypto/dsa/dsa_lib.c explicitely to |
16 | NULL, as at least on Solaris 8 this seems not to be done automatically | |
17 | (in contradiction to the requirements of the C standard). | |
18 | This made problems when used from OpenSSH. | |
19 | [Lutz Jaenicke] | |
20 | ||
6aecef81 BM |
21 | *) In crypto/dh/dh_key.c, change generate_key() (the default |
22 | implementation of DH_generate_key()) so that a new key is | |
23 | generated each time DH_generate_key() is used on a DH object. | |
24 | ||
25 | Previously, DH_generate_key() did not change existing keys | |
26 | -- but ssl/s3_srvr.c always expected it to do so (in effect, | |
27 | SSL_OP_SINGLE_DH_USE was ignored in servers reusing the same SSL | |
28 | object for multiple connections; however, each new SSL object | |
29 | created from an SSL_CTX got its own key). | |
30 | [Bodo Moeller] | |
31 | ||
32 | *) In OpenSSL 0.9.6a and 0.9.6b, crypto/dh/dh_key.c ignored | |
33 | dh->length and always used | |
34 | ||
35 | BN_rand_range(priv_key, dh->p). | |
36 | ||
37 | BN_rand_range() is not necessary for Diffie-Hellman, and this | |
38 | specific range makes Diffie-Hellman unnecessarily inefficient if | |
39 | dh->length (recommended exponent length) is much smaller than the | |
40 | length of dh->p. We could use BN_rand_range() if the order of | |
41 | the subgroup was stored in the DH structure, but we only have | |
42 | dh->length. | |
43 | ||
44 | So switch back to | |
45 | ||
46 | BN_rand(priv_key, l, ...) | |
47 | ||
48 | where 'l' is dh->length if this is defined, or BN_num_bits(dh->p)-1 | |
49 | otherwise. | |
50 | [Bodo Moeller] | |
51 | ||
24cff6ce BM |
52 | *) In |
53 | ||
54 | RSA_eay_public_encrypt | |
55 | RSA_eay_private_decrypt | |
56 | RSA_eay_private_encrypt (signing) | |
57 | RSA_eay_public_decrypt (signature verification) | |
58 | ||
59 | (default implementations for RSA_public_encrypt, | |
60 | RSA_private_decrypt, RSA_private_encrypt, RSA_public_decrypt), | |
61 | always reject numbers >= n. | |
62 | [Bodo Moeller] | |
63 | ||
daba492c BM |
64 | *) In crypto/rand/md_rand.c, use a new short-time lock CRYPTO_LOCK_RAND2 |
65 | to synchronize access to 'locking_thread'. This is necessary on | |
66 | systems where access to 'locking_thread' (an 'unsigned long' | |
67 | variable) is not atomic. | |
68 | [Bodo Moeller] | |
69 | ||
badb910f BM |
70 | *) In crypto/rand/md_rand.c, set 'locking_thread' to current thread's ID |
71 | *before* setting the 'crypto_lock_rand' flag. The previous code had | |
72 | a race condition if 0 is a valid thread ID. | |
73 | [Travis Vitek <vitek@roguewave.com>] | |
74 | ||
c518ade1 BL |
75 | +) Cleanup of EVP macros. |
76 | [Ben Laurie] | |
77 | ||
78 | +) Change historical references to {NID,SN,LN}_des_ede and ede3 to add the | |
79 | correct _ecb suffix. | |
80 | [Ben Laurie] | |
81 | ||
ee306a13 DSH |
82 | +) Add initial OCSP responder support to ocsp application. The |
83 | revocation information is handled using the text based index | |
84 | use by the ca application. The responder can either handle | |
85 | requests generated internally, supplied in files (for example | |
86 | via a CGI script) or using an internal minimal server. | |
87 | [Steve Henson] | |
88 | ||
e452de9d RL |
89 | +) Add configuration choices to get zlib compression for TLS. |
90 | [Richard Levitte] | |
91 | ||
0665dd68 RL |
92 | +) Changes to Kerberos SSL for RFC 2712 compliance: |
93 | 1. Implemented real KerberosWrapper, instead of just using | |
94 | KRB5 AP_REQ message. [Thanks to Simon Wilkinson <sxw@sxw.org.uk>] | |
95 | 2. Implemented optional authenticator field of KerberosWrapper. | |
96 | ||
97 | Added openssl-style ASN.1 macros for Kerberos ticket, ap_req, | |
98 | and authenticator structs; see crypto/krb5/. | |
99 | ||
100 | Generalized Kerberos calls to support multiple Kerberos libraries. | |
101 | [Vern Staats <staatsvr@asc.hpc.mil>, | |
102 | Jeffrey Altman <jaltman@columbia.edu> | |
103 | via Richard Levitte] | |
104 | ||
af436bc1 GT |
105 | +) Cause 'openssl speed' to use fully hard-coded DSA keys as it |
106 | already does with RSA. testdsa.h now has 'priv_key/pub_key' | |
107 | values for each of the key sizes rather than having just | |
108 | parameters (and 'speed' generating keys each time). | |
109 | [Geoff Thorpe] | |
110 | ||
e9ad0d2c BM |
111 | -) OpenSSL 0.9.6b released [9 July 2001] |
112 | ||
113 | *) Change ssleay_rand_bytes (crypto/rand/md_rand.c) | |
114 | to avoid a SSLeay/OpenSSL PRNG weakness pointed out by | |
115 | Markku-Juhani O. Saarinen <markku-juhani.saarinen@nokia.com>: | |
116 | PRNG state recovery was possible based on the output of | |
117 | one PRNG request appropriately sized to gain knowledge on | |
118 | 'md' followed by enough consecutive 1-byte PRNG requests | |
119 | to traverse all of 'state'. | |
120 | ||
121 | 1. When updating 'md_local' (the current thread's copy of 'md') | |
122 | during PRNG output generation, hash all of the previous | |
123 | 'md_local' value, not just the half used for PRNG output. | |
124 | ||
125 | 2. Make the number of bytes from 'state' included into the hash | |
126 | independent from the number of PRNG bytes requested. | |
127 | ||
128 | The first measure alone would be sufficient to avoid | |
129 | Markku-Juhani's attack. (Actually it had never occurred | |
130 | to me that the half of 'md_local' used for chaining was the | |
131 | half from which PRNG output bytes were taken -- I had always | |
132 | assumed that the secret half would be used.) The second | |
133 | measure makes sure that additional data from 'state' is never | |
134 | mixed into 'md_local' in small portions; this heuristically | |
135 | further strengthens the PRNG. | |
136 | [Bodo Moeller] | |
137 | ||
f31b1250 BL |
138 | +) Speed up EVP routines. |
139 | Before: | |
140 | encrypt | |
141 | type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes | |
142 | des-cbc 4408.85k 5560.51k 5778.46k 5862.20k 5825.16k | |
143 | des-cbc 4389.55k 5571.17k 5792.23k 5846.91k 5832.11k | |
144 | des-cbc 4394.32k 5575.92k 5807.44k 5848.37k 5841.30k | |
145 | decrypt | |
146 | des-cbc 3482.66k 5069.49k 5496.39k 5614.16k 5639.28k | |
147 | des-cbc 3480.74k 5068.76k 5510.34k 5609.87k 5635.52k | |
148 | des-cbc 3483.72k 5067.62k 5504.60k 5708.01k 5724.80k | |
149 | After: | |
150 | encrypt | |
c148d709 | 151 | des-cbc 4660.16k 5650.19k 5807.19k 5827.13k 5783.32k |
f31b1250 | 152 | decrypt |
c148d709 | 153 | des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k |
f31b1250 BL |
154 | [Ben Laurie] |
155 | ||
93dbd835 BM |
156 | *) Fix crypto/bn/asm/mips3.s. |
157 | [Andy Polyakov] | |
158 | ||
43f9391b LJ |
159 | *) When only the key is given to "enc", the IV is undefined. Print out |
160 | an error message in this case. | |
161 | [Lutz Jaenicke] | |
162 | ||
c80410c5 RL |
163 | +) Added the OS2-EMX target. |
164 | ["Brian Havard" <brianh@kheldar.apana.org.au> and Richard Levitte] | |
165 | ||
b7a26e6d DSH |
166 | +) Rewrite apps to use NCONF routines instead of the old CONF. New functions |
167 | to support NCONF routines in extension code. New function CONF_set_nconf() | |
168 | to allow functions which take an NCONF to also handle the old LHASH | |
169 | structure: this means that the old CONF compatible routines can be | |
170 | retained (in particular wrt extensions) without having to duplicate the | |
171 | code. New function X509V3_add_ext_nconf_sk to add extensions to a stack. | |
172 | [Steve Henson] | |
173 | ||
1e325f61 DSH |
174 | *) Handle special case when X509_NAME is empty in X509 printing routines. |
175 | [Steve Henson] | |
176 | ||
c458a331 BM |
177 | *) In dsa_do_verify (crypto/dsa/dsa_ossl.c), verify that r and s are |
178 | positive and less than q. | |
179 | [Bodo Moeller] | |
180 | ||
fd3e027f | 181 | +) Enhance the general user interface with mechanisms for inner control |
235dd0a2 RL |
182 | and with pssibilities to have yes/no kind of prompts. |
183 | [Richard Levitte] | |
184 | ||
d63c6bd3 | 185 | +) Change all calls to low level digest routines in the library and |
323f289c DSH |
186 | applications to use EVP. Add missing calls to HMAC_cleanup() and |
187 | don't assume HMAC_CTX can be copied using memcpy(). | |
188 | [Verdon Walker <VWalker@novell.com>, Steve Henson] | |
189 | ||
839590f5 RL |
190 | +) Add the possibility to control engines through control names but with |
191 | arbitrary arguments instead of just a string. | |
192 | Change the key loaders to take a UI_METHOD instead of a callback | |
193 | function pointer. NOTE: this breaks binary compatibility with earlier | |
194 | versions of OpenSSL [engine]. | |
195 | Addapt the nCipher code for these new conditions and add a card insertion | |
196 | callback. | |
197 | [Richard Levitte] | |
198 | ||
9ad0f681 RL |
199 | +) Enhance the general user interface with mechanisms to better support |
200 | dialog box interfaces, application-defined prompts, the possibility | |
201 | to use defaults (for example default passwords from somewhere else) | |
202 | and interrupts/cancelations. | |
203 | [Richard Levitte] | |
204 | ||
3cc1f498 DSH |
205 | *) Don't change *pointer in CRYPTO_add_lock() is add_lock_callback is |
206 | used: it isn't thread safe and the add_lock_callback should handle | |
207 | that itself. | |
208 | [Paul Rose <Paul.Rose@bridge.com>] | |
209 | ||
285b4275 BM |
210 | *) Verify that incoming data obeys the block size in |
211 | ssl3_enc (ssl/s3_enc.c) and tls1_enc (ssl/t1_enc.c). | |
212 | [Bodo Moeller] | |
213 | ||
f2a253e0 DSH |
214 | +) Tidy up PKCS#12 attribute handling. Add support for the CSP name |
215 | attribute in PKCS#12 files, add new -CSP option to pkcs12 utility. | |
216 | [Steve Henson] | |
217 | ||
ecf18606 BM |
218 | *) Fix OAEP check. |
219 |