]>
Commit | Line | Data |
---|---|---|
81a6c781 | 1 | |
f1c236f8 | 2 | OpenSSL CHANGES |
651d0aff RE |
3 | _______________ |
4 | ||
4d94ae00 BM |
5 | Changes between 0.9.7 and 0.9.8 [xx XXX 2002] |
6 | ||
82652aaf BM |
7 | *) Add a function EC_GROUP_check_discriminant() (defined via |
8 | EC_METHOD) that verifies that the curve discriminant is non-zero. | |
9 | ||
10 | Add a function EC_GROUP_check() that makes some sanity tests | |
11 | on a EC_GROUP, its generator and order. This includes | |
12 | EC_GROUP_check_discriminant(). | |
13 | [Nils Larsch <nla@trustcenter.de>] | |
14 | ||
4d94ae00 BM |
15 | *) Add ECDSA in new directory crypto/ecdsa/. |
16 | ||
17 | Add applications 'openssl ecdsaparam' and 'openssl ecdsa' | |
18 | (these are variants of 'openssl dsaparam' and 'openssl dsa'). | |
19 | ||
20 | ECDSA support is also included in various other files across the | |
21 | library. Most notably, | |
22 | - 'openssl req' now has a '-newkey ecdsa:file' option; | |
23 | - EVP_PKCS82PKEY (crypto/evp/evp_pkey.c) now can handle ECDSA; | |
24 | - X509_PUBKEY_get (crypto/asn1/x_pubkey.c) and | |
25 | d2i_PublicKey (crypto/asn1/d2i_pu.c) have been modified to make | |
26 | them suitable for ECDSA where domain parameters must be | |
27 | extracted before the specific public key. | |
f8e21776 | 28 | [Nils Larsch <nla@trustcenter.de>] |
4d94ae00 | 29 | |
af28dd6c BM |
30 | *) Include some named elliptic curves, and add OIDs from X9.62, |
31 | SECG, and WAP/WTLS. The curves can be obtained from the new | |
32 | functions | |
4d94ae00 BM |
33 | EC_GROUP_new_by_nid() |
34 | EC_GROUP_new_by_name() | |
35 | Also add a 'nid' field to EC_GROUP objects, which can be accessed | |
36 | via | |
37 | EC_GROUP_set_nid() | |
38 | EC_GROUP_get_nid() | |
39 | [Nils Larsch <nla@trustcenter.de, Bodo Moeller] | |
40 | ||
41 | Changes between 0.9.6 and 0.9.7 [xx XXX 2002] | |
42 | ||
43 | OpenSSL 0.9.6a/0.9.6b/0.9.6c/0.9.6d (bugfix releases, 5 Apr 2001, | |
44 | 9 July 2001, 21 Dec 2001 and xx XXX 2002) and OpenSSL 0.9.7 were | |
45 | developed in parallel, based on OpenSSL 0.9.6. | |
e9ad0d2c | 46 | |
a9d2bc49 | 47 | Change log entries are tagged as follows: |
4d94ae00 BM |
48 | -) applies to 0.9.6a ... 0.9.6d only |
49 | *) applies to 0.9.6a ... 0.9.6d and 0.9.7 | |
a9d2bc49 BM |
50 | +) applies to 0.9.7 only |
51 | ||
4825092b LJ |
52 | *) Fix object definitions for Private and Enterprise: they were not |
53 | recognized in their shortname (=lowercase) representation. Extend | |
54 | obj_dat.pl to issue an error when using undefined keywords instead | |
55 | of silently ignoring the problem (Svenning Sorensen | |
56 | <sss@sss.dnsalias.net>). | |
57 | [Lutz Jaenicke] | |
58 | ||
ffbe98b7 LJ |
59 | +) Make object definitions compliant to LDAP (RFC2256): SN is the short |
60 | form for "surname", serialNumber has no short form (Michael Bell | |
61 | <michael.bell@rz.hu-berlin.de>). | |
62 | [Lutu Jaenicke] | |
63 | ||
82652aaf BM |
64 | *) Fix DH_generate_parameters() so that it works for 'non-standard' |
65 | generators, i.e. generators other than 2 and 5. (Previously, the | |
66 | code did not properly initialise the 'add' and 'rem' values to | |
67 | BN_generate_prime().) | |
68 | ||
69 | In the new general case, we do not insist that 'generator' is | |
70 | actually a primitive root: This requirement is rather pointless; | |
71 | a generator of the order-q subgroup is just as good, if not | |
72 | better. | |
73 | [Bodo Moeller] | |
74 | ||
11c26ecf LJ |
75 | *) Map new X509 verification errors to alerts. Discovered and submitted by |
76 | Tom Wu <tom@arcot.com>. | |
77 | [Lutz Jaenicke] | |
78 | ||
304d9042 BM |
79 | *) Fix ssl3_pending() (ssl/s3_lib.c) to prevent SSL_pending() from |
80 | returning non-zero before the data has been completely received | |
81 | when using non-blocking I/O. | |
82 | [Bodo Moeller; problem pointed out by John Hughes] | |
83 | ||
bfaa8a89 LJ |
84 | *) Some of the ciphers missed the strength entry (SSL_LOW etc). |
85 | [Ben Laurie, Lutz Jaenicke] | |
86 | ||
0dc09233 DSH |
87 | +) Add an "init" command to the ENGINE config module and auto initialize |
88 | ENGINEs. Without any "init" command the ENGINE will be initialized | |
89 | after all ctrl commands have been executed on it. If init=1 the | |
90 | ENGINE is initailized at that point (ctrls before that point are run | |
91 | on the uninitialized ENGINE and after on the initialized one). If | |
92 | init=0 then the ENGINE will not be iniatialized at all. | |
93 | [Steve Henson] | |
94 | ||
023ec151 BM |
95 | +) Fix the 'app_verify_callback' interface so that the user-defined |
96 | argument is actually passed to the callback: In the | |
97 | SSL_CTX_set_cert_verify_callback() prototype, the callback | |
98 | declaration has been changed from | |
99 | int (*cb)() | |
100 | into | |
101 | int (*cb)(X509_STORE_CTX *,void *); | |
102 | in ssl_verify_cert_chain (ssl/ssl_cert.c), the call | |
103 | i=s->ctx->app_verify_callback(&ctx) | |
104 | has been changed into | |
105 | i=s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg). | |
106 | ||
107 | To update applications using SSL_CTX_set_cert_verify_callback(), | |
108 | a dummy argument can be added to their callback functions. | |
109 | [D. K. Smetters <smetters@parc.xerox.com>] | |
110 | ||
92d1bc09 GT |
111 | +) Added the '4758cca' ENGINE to support IBM 4758 cards. |
112 | [Maurice Gittens <maurice@gittens.nl>, touchups by Geoff Thorpe] | |
113 | ||
334f1842 LJ |
114 | *) Fix bug in SSL_clear(): bad sessions were not removed (found by |
115 | Yoram Zahavi <YoramZ@gilian.com>). | |
116 | [Lutz Jaenicke] | |
117 | ||
e84be9b4 DSH |
118 | +) Add and OPENSSL_LOAD_CONF define which will cause |
119 | OpenSSL_add_all_algorithms() to load the openssl.cnf config file. | |
120 | This allows older applications to transparently support certain | |
121 | OpenSSL features: such as crypto acceleration and dynamic ENGINE loading. | |
122 | Two new functions OPENSSL_add_all_algorithms_noconf() which will never | |
123 | load the config file and OPENSSL_add_all_algorithms_conf() which will | |
124 | always load it have also been added. | |
125 | [Steve Henson] | |
126 | ||
0d22b5da RL |
127 | +) Add the OFB, CFB and CTR (all with 128 bit feedback) to AES. |
128 | Adjust NIDs and EVP layer. | |
129 | [Stephen Sprunk <stephen@sprunk.org> and Richard Levitte] | |
130 | ||
3647bee2 DSH |
131 | +) Config modules support in openssl utility. |
132 | ||
133 | Most commands now load modules from the config file, | |
134 | though in a few (such as version) this isn't done | |
135 | because it couldn't be used for anything. | |
136 | ||
137 | In the case of ca and req the config file used is | |
138 | the same as the utility itself: that is the -config | |
139 | command line option can be used to specify an | |
140 | alternative file. | |
141 | [Steve Henson] | |
142 | ||
143 | +) Move default behaviour from OPENSSL_config(). If appname is NULL | |
92f91ff4 DSH |
144 | use "openssl_conf" if filename is NULL use default openssl config file. |
145 | [Steve Henson] | |
146 | ||
147 | +) Add an argument to OPENSSL_config() to allow the use of an alternative | |
148 | config section name. Add a new flag to tolerate a missing config file | |
149 | and move code to CONF_modules_load_file(). | |
150 | [Steve Henson] | |
151 | ||
49e04548 | 152 | *) Add information about CygWin 1.3 and on, and preserve proper |
1fe198b6 RL |
153 | configuration for the versions before that. |
154 | [Corinna Vinschen <vinschen@redhat.com> and Richard Levitte] | |
155 | ||
acfe628b LJ |
156 | *) Make removal from session cache (SSL_CTX_remove_session()) more robust: |
157 | check whether we deal with a copy of a session and do not delete from | |
158 | the cache in this case. Problem reported by "Izhar Shoshani Levi" | |
159 | <izhar@checkpoint.com>. | |
160 | [Lutz Jaenicke] | |
161 | ||
162 | *) Do not store session data into the internal session cache, if it | |
4de920c9 LJ |
163 | is never intended to be looked up (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP |
164 | flag is set). Proposed by Aslam <aslam@funk.com>. | |
165 | [Lutz Jaenicke] | |
166 | ||
3cd039dd RL |
167 | +) Support for crypto accelerator cards from Accelerated Encryption |
168 | Processing, www.aep.ie. (Use engine 'aep') | |
169 | The support was copied from 0.9.6c [engine] and adapted/corrected | |
170 | to work with the new engine framework. | |
171 | [AEP Inc. and Richard Levitte] | |
172 | ||
173 | +) Support for SureWare crypto accelerator cards from Baltimore | |
174 | Technologies. (Use engine 'sureware') | |
175 | The support was copied from 0.9.6c [engine] and adapted | |
176 | to work with the new engine framework. | |
177 | [Richard Levitte] | |
178 | ||
b9a3ef4c RL |
179 | *) Have ASN1_BIT_STRING_set_bit() really clear a bit when the requested |
180 | value is 0. | |
181 | [Richard Levitte] | |
182 | ||
1199e2d8 RL |
183 | +) Have the CHIL engine fork-safe (as defined by nCipher) and actually |
184 | make the newer ENGINE framework commands for the CHIL engine work. | |
185 | [Toomas Kiisk <vix@cyber.ee> and Richard Levitte] | |
186 | ||
a3fffd64 RL |
187 | +) Make it possible to produce shared libraries on ReliantUNIX. |
188 | [Robert Dahlem <Robert.Dahlem@ffm2.siemens.de> via Richard Levitte] | |
189 | ||
f14845d9 RL |
190 | *) Add the configuration target linux-s390x. |
191 | [Neale Ferguson <Neale.Ferguson@SoftwareAG-USA.com> via Richard Levitte] | |
192 | ||
80bb905d RL |
193 | +) Add the configuration target debug-linux-ppro. |
194 | Make 'openssl rsa' use the general key loading routines | |
195 | implemented in apps.c, and make those routines able to | |
196 | handle the key format FORMAT_NETSCAPE and the variant | |
197 | FORMAT_IISSGC. | |
198 | [Toomas Kiisk <vix@cyber.ee> via Richard Levitte] | |
199 | ||
200 | *) Fix a crashbug and a logic bug in hwcrhk_load_pubkey(). | |
201 | [Toomas Kiisk <vix@cyber.ee> via Richard Levitte] | |
202 | ||
8242a6a9 RL |
203 | +) Add -keyform to rsautl, and document -engine. |
204 | [Richard Levitte, inspired by Toomas Kiisk <vix@cyber.ee>] | |
205 | ||
a14e2d9d BM |
206 | +) Change BIO_new_file (crypto/bio/bss_file.c) to use new |
207 | BIO_R_NO_SUCH_FILE error code rather than the generic | |
208 | ERR_R_SYS_LIB error code if fopen() fails with ENOENT. | |
209 | [Ben Laurie] | |
210 | ||
211 | +) Add new functions | |
212 | ERR_peek_last_error | |
213 | ERR_peek_last_error_line | |
214 | ERR_peek_last_error_line_data. | |
215 | These are similar to | |
216 | ERR_peek_error | |
217 | ERR_peek_error_line | |
218 | ERR_peek_error_line_data, | |
219 | but report on the latest error recorded rather than the first one | |
220 | still in the error queue. | |
221 | [Ben Laurie, Bodo Moeller] | |
222 | ||
df5eaa8a DSH |
223 | +) default_algorithms option in ENGINE config module. This allows things |
224 | like: | |
225 | default_algorithms = ALL | |
226 | default_algorithms = RSA, DSA, RAND, CIPHERS, DIGESTS | |
227 | [Steve Henson] | |
228 | ||
c9501c22 DSH |
229 | +) Prelminary ENGINE config module. |
230 | [Steve Henson] | |
231 | ||
8c74b5e5 BM |
232 | *) The earlier bugfix for the SSL3_ST_SW_HELLO_REQ_C case of |
233 | ssl3_accept (ssl/s3_srvr.c) incorrectly used a local flag | |
234 | variable as an indication that a ClientHello message has been | |
235 | received. As the flag value will be lost between multiple | |
236 | invocations of ssl3_accept when using non-blocking I/O, the | |
237 | function may not be aware that a handshake has actually taken | |
238 | place, thus preventing a new session from being added to the | |
239 | session cache. | |
240 | ||
241 | To avoid this problem, we now set s->new_session to 2 instead of | |
242 | using a local variable. | |
243 | [Lutz Jaenicke, Bodo Moeller] | |
244 | ||
c59ba5b5 BM |
245 | *) Bugfix: Return -1 from ssl3_get_server_done (ssl3/s3_clnt.c) |
246 | if the SSL_R_LENGTH_MISMATCH error is detected. | |
247 | [Geoff Thorpe, Bodo Moeller] | |
248 | ||
bc37d996 DSH |
249 | +) New experimental application configuration code. |
250 | [Steve Henson] | |
251 | ||
d59fb0dd BM |
252 | *) New 'shared_ldflag' column in Configure platform table. |
253 | [Richard Levitte] | |
254 | ||
e5d6528a BM |
255 | *) Fix EVP_CIPHER_mode macro. |
256 | ["Dan S. Camper" <dan@bti.net>] | |
257 | ||
6f9079fd RL |
258 | +) Change the AES code to follow the same name structure as all other |
259 | symmetric ciphers, and behave the same way. Move everything to | |
260 | the directory crypto/aes, thereby obsoleting crypto/rijndael. | |
261 | [Stephen Sprunk <stephen@sprunk.org> and Richard Levitte] | |
262 | ||
dcbbf83d UM |
263 | *) Fix ssl3_read_bytes (ssl/s3_pkt.c): To ignore messages of unknown |
264 | type, we must throw them away by setting rr->length to 0. | |
265 | [D P Chang <dpc@qualys.com>] | |
266 | ||
3c89d78d BM |
267 | -) OpenSSL 0.9.6c released [21 dec 2001] |
268 | ||
7c517a04 BL |
269 | +) SECURITY: remove unsafe setjmp/signal interaction from ui_openssl.c. |
270 | [Ben Laurie and Theo de Raadt] | |
271 | ||
66df02fd BM |
272 | *) Fix BN_rand_range bug pointed out by Dominikus Scherkl |
273 | <Dominikus.Scherkl@biodata.com>. (The previous implementation | |
274 | worked incorrectly for those cases where range = 10..._2 and | |
275 | 3*range is two bits longer than range.) | |
276 | [Bodo Moeller] | |
277 | ||
b5348a09 BM |
278 | *) Only add signing time to PKCS7 structures if it is not already |
279 | present. | |
f3e24bad DSH |
280 | [Steve Henson] |
281 | ||
35e25255 BM |
282 | *) Fix crypto/objects/objects.h: "ld-ce" should be "id-ce", |
283 | OBJ_ld_ce should be OBJ_id_ce. | |
284 | Also some ip-pda OIDs in crypto/objects/objects.txt were | |
285 | incorrect (cf. RFC 3039). | |
286 | [Matt Cooper, Frederic Giudicelli, Bodo Moeller] | |
287 | ||
21a85f19 DSH |
288 | +) Add option to output public keys in req command. |
289 | [Massimiliano Pala madwolf@openca.org] | |
290 | ||
883b0c22 BM |
291 | *) Release CRYPTO_LOCK_DYNLOCK when CRYPTO_destroy_dynlockid() |
292 | returns early because it has nothing to do. | |
293 | [Andy Schneider <andy.schneider@bjss.co.uk>] | |
294 | ||
295 | *) [In 0.9.6c-engine and 0.9.7 release:] | |
296 | Fix mutex callback return values in crypto/engine/hw_ncipher.c. | |
297 | [Andy Schneider <andy.schneider@bjss.co.uk>] | |
298 | ||
898f856c BM |
299 | -) [In 0.9.6c-engine release:] |
300 | Add support for Cryptographic Appliance's keyserver technology. | |
301 | (Use engine 'keyclient') | |
302 | [Cryptographic Appliances and Geoff Thorpe] | |
303 | ||
1d4581c2 BM |
304 | *) Add a configuration entry for OS/390 Unix. The C compiler 'c89' |
305 | is called via tools/c89.sh because arguments have to be | |
306 | rearranged (all '-L' options must appear before the first object | |
307 | modules). | |
308 | [Richard Shapiro <rshapiro@abinitio.com>] | |
309 | ||
76c4336c BM |
310 | +) Use wNAFs in EC_POINTs_mul() for improved efficiency |
311 | (up to about 10% better than before for P-192 and P-224). | |
3ba1f111 BM |
312 | [Bodo Moeller] |
313 | ||
83978bd3 BM |
314 | -) [In 0.9.6c-engine release:] |
315 | Add support for Broadcom crypto accelerator cards, backported | |
316 | from 0.9.7. | |
317 | [Broadcom, Nalin Dahyabhai <nalin@redhat.com>, Mark Cox] | |
318 | ||
319 | -) [In 0.9.6c-engine release:] | |
320 | Add support for SureWare crypto accelerator cards from | |
321 | Baltimore Technologies. (Use engine 'sureware') | |
322 | [Baltimore Technologies and Mark Cox] | |
323 | ||
324 | -) [In 0.9.6c-engine release:] | |
325 | Add support for crypto accelerator cards from Accelerated | |
326 | Encryption Processing, www.aep.ie. (Use engine 'aep') | |
327 | [AEP Inc. and Mark Cox] | |
328 | ||
c5571db0 BM |
329 | *) Add a configuration entry for gcc on UnixWare. |
330 | [Gary Benson <gbenson@redhat.com>] | |
331 | ||
7aa983c6 BM |
332 | +) New functions/macros |
333 | ||
334 | SSL_CTX_set_msg_callback(ctx, cb) | |
335 | SSL_CTX_set_msg_callback_arg(ctx, arg) | |
336 | SSL_set_msg_callback(ssl, cb) | |
337 | SSL_set_msg_callback_arg(ssl, arg) | |
338 | ||
339 | to request calling a callback function | |
340 | ||
341 | void cb(int write_p, int version, int content_type, | |
342 | const void *buf, size_t len, SSL *ssl, void *arg) | |
343 | ||
344 | whenever a protocol message has been completely received | |
345 | (write_p == 0) or sent (write_p == 1). Here 'version' is the | |
346 | protocol version according to which the SSL library interprets | |
347 | the current protocol message (SSL2_VERSION, SSL3_VERSION, or | |
348 | TLS1_VERSION). 'content_type' is 0 in the case of SSL 2.0, or | |
349 | the content type as defined in the SSL 3.0/TLS 1.0 protocol | |
350 | specification (change_cipher_spec(20), alert(21), handshake(22)). | |
351 | 'buf' and 'len' point to the actual message, 'ssl' to the | |
352 | SSL object, and 'arg' is the application-defined value set by | |
353 | SSL[_CTX]_set_msg_callback_arg(). | |
354 | ||
355 | 'openssl s_client' and 'openssl s_server' have new '-msg' options | |
356 | to enable a callback that displays all protocol messages. | |
357 | [Bodo Moeller] | |
358 | ||
359 | *) Change ssl/s2_clnt.c and ssl/s2_srvr.c so that received handshake | |
360 | messages are stored in a single piece (fixed-length part and | |
361 | variable-length part combined) and fix various bugs found on the way. | |
362 | [Bodo Moeller] | |
363 | ||
a7b42009 RL |
364 | +) Change the shared library support so shared libraries are built as |
365 | soon as the corresponding static library is finished, and thereby get | |
366 | openssl and the test programs linked against the shared library. | |
367 | This still only happens when the keyword "shard" has been given to | |
368 | the configuration scripts. | |
369 | ||
370 | NOTE: shared library support is still an experimental thing, and | |
371 | backward binary compatibility is still not guaranteed. | |
372 | ["Maciej W. Rozycki" <macro@ds2.pg.gda.pl> and Richard Levitte] | |
373 | ||
7d5b04db DSH |
374 | +) Add support for Subject Information Access extension. |
375 | [Peter Sylvester <Peter.Sylvester@EdelWeb.fr>] | |
376 | ||
48b0cf8b BM |
377 | +) Make BUF_MEM_grow() behaviour more consistent: Initialise to zero |
378 | additional bytes when new memory had to be allocated, not just | |
379 | when reusing an existing buffer. | |
380 | [Bodo Moeller] | |
381 | ||
c602e7f4 BM |
382 | *) Disable caching in BIO_gethostbyname(), directly use gethostbyname() |
383 | instead. BIO_gethostbyname() does not know what timeouts are | |
48b0cf8b | 384 | appropriate, so entries would stay in cache even when they have |
c602e7f4 BM |
385 | become invalid. |
386 | [Bodo Moeller; problem pointed out by Rich Salz <rsalz@zolera.com> | |
387 | ||
1fc6d41b DSH |
388 | +) New command line and configuration option 'utf8' for the req command. |
389 | This allows field values to be specified as UTF8 strings. | |
390 | [Steve Henson] | |
391 | ||
0e211563 BL |
392 | +) Add -multi and -mr options to "openssl speed" - giving multiple parallel |
393 | runs for the former and machine-readable output for the latter. | |
394 | [Ben Laurie] | |
395 | ||
89da653f BM |
396 | +) Add '-noemailDN' option to 'openssl ca'. This prevents inclusion |
397 | of the e-mail address in the DN (i.e., it will go into a certificate | |
398 | extension only). The new configuration file option 'email_in_dn = no' | |
399 | has the same effect. | |
400 | [Massimiliano Pala madwolf@openca.org] | |
401 | ||
ba1c6022 BM |
402 | *) Change ssl23_get_client_hello (ssl/s23_srvr.c) behaviour when |
403 | faced with a pathologically small ClientHello fragment that does | |
404 | not contain client_version: Instead of aborting with an error, | |
405 | simply choose the highest available protocol version (i.e., | |
406 | TLS 1.0 unless it is disabled). In practice, ClientHello | |
407 | messages are never sent like this, but this change gives us | |
408 | strictly correct behaviour at least for TLS. | |
409 | [Bodo Moeller] | |
410 | ||
c2e4f17c | 411 | +) Change all functions with names starting with des_ to be starting |
12852213 | 412 | with DES_ instead. Add wrappers that are compatible with libdes, |
2d57b73a | 413 | but are named _ossl_old_des_*. Finally, add macros that map the |
0d81c69b RL |
414 | des_* symbols to the corresponding _ossl_old_des_* if libdes |
415 | compatibility is desired. If OpenSSL 0.9.6c compatibility is | |
416 | desired, the des_* symbols will be mapped to DES_*, with one | |
417 | exception. | |
12852213 | 418 | |
0d81c69b RL |
419 | Since we provide two compatibility mappings, the user needs to |
420 | define the macro OPENSSL_DES_LIBDES_COMPATIBILITY if libdes | |
421 | compatibility is desired. The default (i.e., when that macro | |
422 | isn't defined) is OpenSSL 0.9.6c compatibility. | |
423 | ||
424 | There are also macros that enable and disable the support of old | |
425 | des functions altogether. Those are OPENSSL_ENABLE_OLD_DES_SUPPORT | |
426 | and OPENSSL_DISABLE_OLD_DES_SUPPORT. If none or both of those | |
427 | are defined, the default will apply: to support the old des routines. | |
428 | ||
429 | In either case, one must include openssl/des.h to get the correct | |
430 | definitions. Do not try to just include openssl/des_old.h, that | |
431 | won't work. | |
c2e4f17c RL |
432 | |
433 | NOTE: This is a major break of an old API into a new one. Software | |
434 | authors are encouraged to switch to the DES_ style functions. Some | |
435 | time in the future, des_old.h and the libdes compatibility functions | |
0d81c69b RL |
436 | will be disable (i.e. OPENSSL_DISABLE_OLD_DES_SUPPORT will be the |
437 | default), and then completely removed. | |
c2e4f17c RL |
438 | [Richard Levitte] |
439 | ||
979689aa BM |
440 | *) Fix SSL handshake functions and SSL_clear() such that SSL_clear() |
441 | never resets s->method to s->ctx->method when called from within | |
442 | one of the SSL handshake functions. | |
443 | [Bodo Moeller; problem pointed out by Niko Baric] | |
444 | ||
f1558bb4 DSH |
445 | +) Test for certificates which contain unsupported critical extensions. |
446 | If such a certificate is found during a verify operation it is | |
447 | rejected by default: this behaviour can be overridden by either | |
448 | handling the new error X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION or | |
449 | by setting the verify flag X509_V_FLAG_IGNORE_CRITICAL. A new function | |
450 | X509_supported_extension() has also been added which returns 1 if a | |
451 | particular extension is supported. | |
452 | [Steve Henson] | |
453 | ||
a661b653 BM |
454 | *) In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert |
455 | (sent using the client's version number) if client_version is | |
456 | smaller than the protocol version in use. Also change | |
457 | ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0 if | |
458 | the client demanded SSL 3.0 but only TLS 1.0 is enabled; then | |
459 | the client will at least see that alert. | |
460 | [Bodo Moeller] | |
461 | ||
581f1c84 DSH |
462 | +) Modify the behaviour of EVP cipher functions in similar way to digests |
463 | to retain compatibility with existing code. | |
464 | [Steve Henson] | |
465 | ||
20d2186c | 466 | +) Modify the behaviour of EVP_DigestInit() and EVP_DigestFinal() to retain |
50d194af DSH |
467 | compatibility with existing code. In particular the 'ctx' parameter does |
468 | not have to be to be initialized before the call to EVP_DigestInit() and | |
469 | it is tidied up after a call to EVP_DigestFinal(). New function | |
470 | EVP_DigestFinal_ex() which does not tidy up the ctx. Similarly function | |
471 | EVP_MD_CTX_copy() changed to not require the destination to be | |
472 | initialized valid and new function EVP_MD_CTX_copy_ex() added which | |
473 | requires the destination to be valid. | |
474 | ||
475 | Modify all the OpenSSL digest calls to use EVP_DigestInit_ex(), | |
476 | EVP_DigestFinal_ex() and EVP_MD_CTX_copy_ex(). | |
20d2186c DSH |
477 | [Steve Henson] |
478 | ||
48948d53 BM |
479 | +) Change ssl3_get_message (ssl/s3_both.c) and the functions using it |
480 | so that complete 'Handshake' protocol structures are kept in memory | |
481 | instead of overwriting 'msg_type' and 'length' with 'body' data. | |
482 | [Bodo Moeller] | |
483 | ||
484 | *) Fix ssl3_get_message (ssl/s3_both.c) to handle message fragmentation | |
485 | correctly. | |
486 | [Bodo Moeller] | |
487 | ||
285046ec RL |
488 | +) Add an implementation of SSL_add_dir_cert_subjects_to_stack for Win32. |
489 | [Massimo Santin via Richard Levitte] | |
490 | ||
07cee702 GT |
491 | +) Major restructuring to the underlying ENGINE code. This includes |
492 | reduction of linker bloat, separation of pure "ENGINE" manipulation | |
493 | (initialisation, etc) from functionality dealing with implementations | |
494 | of specific crypto iterfaces. This change also introduces integrated | |
495 | support for symmetric ciphers and digest implementations - so ENGINEs | |
496 | can now accelerate these by providing EVP_CIPHER and EVP_MD | |
497 | implementations of their own. This is detailed in crypto/engine/README | |
498 | as it couldn't be adequately described here. However, there are a few | |
499 | API changes worth noting - some RSA, DSA, DH, and RAND functions that | |
500 | were changed in the original introduction of ENGINE code have now | |
501 | reverted back - the hooking from this code to ENGINE is now a good | |
502 | deal more passive and at run-time, operations deal directly with | |
503 | RSA_METHODs, DSA_METHODs (etc) as they did before, rather than | |
504 | dereferencing through an ENGINE pointer any more. Also, the ENGINE | |
505 | functions dealing with BN_MOD_EXP[_CRT] handlers have been removed - | |
506 | they were not being used by the framework as there is no concept of a | |
507 | BIGNUM_METHOD and they could not be generalised to the new | |
508 | 'ENGINE_TABLE' mechanism that underlies the new code. Similarly, | |
509 | ENGINE_cpy() has been removed as it cannot be consistently defined in | |
510 | the new code. | |
511 | [Geoff Thorpe] | |
512 | ||
d46c1a81 DSH |
513 | +) Change ASN1_GENERALIZEDTIME_check() to allow fractional seconds. |
514 | [Steve Henson] | |
515 | ||
89eeccac RL |
516 | +) Change mkdef.pl to sort symbols that get the same entry number, |
517 | and make sure the automatically generated functions ERR_load_* | |
518 | become part of libeay.num as well. | |
519 | [Richard Levitte] | |
520 | ||
3b0b5aba BM |
521 | *) Avoid infinite loop in ssl3_get_message (ssl/s3_both.c) if a |
522 | client receives HelloRequest while in a handshake. | |
523 | [Bodo Moeller; bug noticed by Andy Schneider <andy.schneider@bjss.co.uk>] | |
524 | ||
6b0e9fac BM |
525 | +) New function SSL_renegotiate_pending(). This returns true once |
526 | renegotiation has been requested (either SSL_renegotiate() call | |
527 | or HelloRequest/ClientHello receveived from the peer) and becomes | |
528 | false once a handshake has been completed. | |
529 | (For servers, SSL_renegotiate() followed by SSL_do_handshake() | |
530 | sends a HelloRequest, but does not ensure that a handshake takes | |
531 | place. SSL_renegotiate_pending() is useful for checking if the | |
532 | client has followed the request.) | |
533 | [Bodo Moeller] | |
534 | ||
535 | +) New SSL option SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION. | |
536 | By default, clients may request session resumption even during | |
537 | renegotiation (if session ID contexts permit); with this option, | |
538 | session resumption is possible only in the first handshake. | |
539 | [Bodo Moeller] | |
540 | ||
2260ad21 BM |
541 | *) Bugfix in ssl3_accept (ssl/s3_srvr.c): Case SSL3_ST_SW_HELLO_REQ_C |
542 | should end in 'break', not 'goto end' which circuments various | |
b49124f6 BM |
543 | cleanups done in state SSL_ST_OK. But session related stuff |
544 | must be disabled for SSL_ST_OK in the case that we just sent a | |
545 | HelloRequest. | |
2260ad21 BM |
546 | |
547 | Also avoid some overhead by not calling ssl_init_wbio_buffer() | |
548 | before just sending a HelloRequest. | |
b49124f6 | 549 | [Bodo Moeller, Eric Rescorla <ekr@rtfm.com>] |
8e2f6b79 | 550 | |
ee60d9fb BM |
551 | *) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't |
552 | reveal whether illegal block cipher padding was found or a MAC | |
553 | verification error occured. (Neither SSLerr() codes nor alerts | |
554 | are directly visible to potential attackers, but the information | |
555 | may leak via logfiles.) | |
556 | ||
557 | Similar changes are not required for the SSL 2.0 implementation | |
558 | because the number of padding bytes is sent in clear for SSL 2.0, | |
559 | and the extra bytes are just ignored. However ssl/s2_pkt.c | |
560 | failed to verify that the purported number of padding bytes is in | |
561 | the legal range. | |
562 | [Bodo Moeller] | |
563 | ||
96bd6f73 DSH |
564 | +) Add some demos for certificate and certificate request creation. |
565 | [Steve Henson] | |
566 | ||
c0f5dd07 LJ |
567 | +) Make maximum certificate chain size accepted from the peer application |
568 | settable (SSL*_get/set_max_cert_list()), as proposed by | |
569 | "Douglas E. Engert" <deengert@anl.gov>. | |
570 | [Lutz Jaenicke] | |
571 | ||
b26ca340 BM |
572 | +) Add support for shared libraries for Unixware-7 |
573 | (Boyd Lynn Gerber <gerberb@zenez.com>). | |
6c36f7a9 LJ |
574 | [Lutz Jaenicke] |
575 | ||
b26ca340 BM |
576 | *) Add OpenUNIX-8 support including shared libraries |
577 | (Boyd Lynn Gerber <gerberb@zenez.com>). | |
c5571db0 BM |
578 | [Lutz Jaenicke] |
579 | ||
a9ed4da8 BM |
580 | *) Improve RSA_padding_check_PKCS1_OAEP() check again to avoid |
581 | 'wristwatch attack' using huge encoding parameters (cf. | |
582 | James H. Manger's CRYPTO 2001 paper). Note that the | |
583 | RSA_PKCS1_OAEP_PADDING case of RSA_private_decrypt() does not use | |
e3fefbfd | 584 | encoding parameters and hence was not vulnerable. |
a9ed4da8 BM |
585 | [Bodo Moeller] |
586 | ||
4450107a | 587 | +) Add a "destroy" handler to ENGINEs that allows structural cleanup to |
908efd3b GT |
588 | be done prior to destruction. Use this to unload error strings from |
589 | ENGINEs that load their own error strings. NB: This adds two new API | |
590 | functions to "get" and "set" this destroy handler in an ENGINE. | |
a9ed4da8 | 591 | [Geoff Thorpe] |
908efd3b | 592 | |
4450107a | 593 | +) Alter all existing ENGINE implementations (except "openssl" and |
541814c4 GT |
594 | "openbsd") to dynamically instantiate their own error strings. This |
595 | makes them more flexible to be built both as statically-linked ENGINEs | |
596 | and self-contained shared-libraries loadable via the "dynamic" ENGINE. | |
597 | Also, add stub code to each that makes building them as self-contained | |
598 | shared-libraries easier (see README.ENGINE). | |
599 | [Geoff Thorpe] | |
600 | ||
4450107a | 601 | +) Add a "dynamic" ENGINE that provides a mechanism for binding ENGINE |
541814c4 GT |
602 | implementations into applications that are completely implemented in |
603 | self-contained shared-libraries. The "dynamic" ENGINE exposes control | |
604 | commands that can be used to configure what shared-library to load and | |
605 | to control aspects of the way it is handled. Also, made an update to | |
606 | the README.ENGINE file that brings its information up-to-date and | |
607 | provides some information and instructions on the "dynamic" ENGINE | |
608 | (ie. how to use it, how to build "dynamic"-loadable ENGINEs, etc). | |
609 | [Geoff Thorpe] | |
610 | ||
d98a4b73 UM |
611 | *) BN_sqr() bug fix. |
612 |