]>
Commit | Line | Data |
---|---|---|
651d0aff | 1 | |
f1c236f8 | 2 | OpenSSL CHANGES |
651d0aff RE |
3 | _______________ |
4 | ||
d91e201e RE |
5 | Changes between 0.9.4 and 0.9.5 [xx XXX 1999] |
6 | ||
c1e744b9 BM |
7 | *) Make crypto/rand/md_rand.c more robust: |
8 | - Detect fork() and assure unique random states. | |
9 | - Make sure that concurrent threads access the global counter and | |
10 | md serializably so that we never lose entropy in them | |
11 | or use exactly the same state in multiple threads. | |
12 | Access to the large state is not always serializable because | |
13 | the additional locking could be a performance killer, and | |
14 | md should be large enough anyway. | |
15 | [Bodo Moeller] | |
16 | ||
a31011e8 BM |
17 | *) New file apps/app_rand.c with commonly needed functionality |
18 | for handling the random seed file. | |
19 | ||
20 | Use the random seed file in some applications that previously did not: | |
21 | ca, | |
22 | dsaparam -genkey (which also ignored its `-rand' option), | |
23 | s_client, | |
24 | s_server, | |
25 | x509 (when signing). | |
26 | Except on systems with /dev/urandom, it is crucial to have a random | |
27 | seed file at least for key creation, DSA signing, and for DH exchanges; | |
99e87569 | 28 | for RSA signatures we could do without one. |
a31011e8 BM |
29 | |
30 | gendh and gendsa (unlike genrsa) used to read only the first byte | |
31 | of each file listed in the `-rand' option. The function as previously | |
32 | found in genrsa is now in app_rand.c and is used by all programs | |
33 | that support `-rand'. | |
34 | [Bodo Moeller] | |
35 | ||
36 | *) In RAND_write_file, use mode 0600 for creating files; | |
37 | don't just chmod when it may be too late. | |
38 | [Bodo Moeller] | |
39 | ||
40 | *) Report an error from X509_STORE_load_locations | |
41 | when X509_LOOKUP_load_file or X509_LOOKUP_add_dir failed. | |
42 | [Bill Perry] | |
43 | ||
462f79ec DSH |
44 | *) New function ASN1_mbstring_copy() this copies a string in either |
45 | ASCII, Unicode, Universal (4 bytes per character) or UTF8 format | |
46 | into an ASN1_STRING type. A mask of permissible types is passed | |
47 | and it chooses the "minimal" type to use or an error if not type | |
48 | is suitable. | |
49 | [Steve Henson] | |
50 | ||
08e9c1af DSH |
51 | *) Add function equivalents to the various macros in asn1.h. The old |
52 | macros are retained with an M_ prefix. Code inside the library can | |
53 | use the M_ macros. External code (including the openssl utility) | |
54 | should *NOT* in order to be "shared library friendly". | |
55 | [Steve Henson] | |
56 | ||
673b102c DSH |
57 | *) Add various functions that can check a certificate's extensions |
58 | to see if it usable for various purposes such as SSL client, | |
59 | server or S/MIME and CAs of these types. This is currently | |
60 | VERY EXPERIMENTAL but will ultimately be used for certificate chain | |
61 | verification. Also added a -purpose flag to x509 utility to | |
62 | print out all the purposes. | |
63 | [Steve Henson] | |
64 | ||
56a3fec1 DSH |
65 | *) Add a CRYPTO_EX_DATA to X509 certificate structure and associated |
66 | functions. | |
67 | [Steve Henson] | |
68 | ||
4654ef98 DSH |
69 | *) New X509V3_{X509,CRL,REVOKED}_get_d2i() functions. These will search |
70 | for, obtain and decode and extension and obtain its critical flag. | |
71 | This allows all the necessary extension code to be handled in a | |
72 | single function call. | |
73 | [Steve Henson] | |
74 | ||
7e102e28 AP |
75 | *) RC4 tune-up featuring 30-40% performance improvement on most RISC |
76 | platforms. See crypto/rc4/rc4_enc.c for further details. | |
77 | [Andy Polyakov] | |
78 | ||
d71c6bc5 DSH |
79 | *) New -noout option to asn1parse. This causes no output to be produced |
80 | its main use is when combined with -strparse and -out to extract data | |
81 | from a file (which may not be in ASN.1 format). | |
82 | [Steve Henson] | |
83 | ||
2d681b77 DSH |
84 | *) Fix for pkcs12 program. It was hashing an invalid certificate pointer |
85 | when producing the local key id. | |
86 | [Richard Levitte <levitte@stacken.kth.se>] | |
87 | ||
3908cdf4 DSH |
88 | *) New option -dhparam in s_server. This allows a DH parameter file to be |
89 | stated explicitly. If it is not stated then it tries the first server | |
90 | certificate file. The previous behaviour hard coded the filename | |
91 | "server.pem". | |
92 | [Steve Henson] | |
93 | ||
3ea23631 DSH |
94 | *) Add -pubin and -pubout options to the rsa and dsa commands. These allow |
95 | a public key to be input or output. For example: | |
96 | openssl rsa -in key.pem -pubout -out pubkey.pem | |
97 | Also added necessary DSA public key functions to handle this. | |
98 | [Steve Henson] | |
99 | ||
393f2c65 DSH |
100 | *) Fix so PKCS7_dataVerify() doesn't crash if no certificates are contained |
101 | in the message. This was handled by allowing | |
102 | X509_find_by_issuer_and_serial() to tolerate a NULL passed to it. | |
103 | [Steve Henson, reported by Sampo Kellomaki <sampo@mail.neuronio.pt>] | |
104 | ||
105 | *) Fix for bug in d2i_ASN1_bytes(): other ASN1 functions add an extra null | |
106 | to the end of the strings whereas this didn't. This would cause problems | |
107 | if strings read with d2i_ASN1_bytes() were later modified. | |
108 | [Steve Henson, reported by Arne Ansper <arne@ats.cyber.ee>] | |
109 | ||
4579dd5d DSH |
110 | *) Fix for base64 decode bug. When a base64 bio reads only one line of |
111 | data and it contains EOF it will end up returning an error. This is | |
112 | caused by input 46 bytes long. The cause is due to the way base64 | |
113 | BIOs find the start of base64 encoded data. They do this by trying a | |
114 | trial decode on each line until they find one that works. When they | |
115 | do a flag is set and it starts again knowing it can pass all the | |
116 | data directly through the decoder. Unfortunately it doesn't reset | |
117 | the context it uses. This means that if EOF is reached an attempt | |
118 | is made to pass two EOFs through the context and this causes the | |
119 | resulting error. This can also cause other problems as well. As is | |
120 | usual with these problems it takes *ages* to find and the fix is | |
121 | trivial: move one line. | |
122 | [Steve Henson, reported by ian@uns.ns.ac.yu (Ivan Nejgebauer) ] | |
123 | ||
06f4536a DSH |
124 | *) Ugly workaround to get s_client and s_server working under Windows. The |
125 | old code wouldn't work because it needed to select() on sockets and the | |
126 | tty (for keypresses and to see if data could be written). Win32 only | |
127 | supports select() on sockets so we select() with a 1s timeout on the | |
128 | sockets and then see if any characters are waiting to be read, if none | |
129 | are present then we retry, we also assume we can always write data to | |
130 | the tty. This isn't nice because the code then blocks until we've | |
131 | received a complete line of data and it is effectively polling the | |
132 | keyboard at 1s intervals: however it's quite a bit better than not | |
133 | working at all :-) A dedicated Windows application might handle this | |
134 | with an event loop for example. | |
135 | [Steve Henson] | |
136 | ||
1c80019a DSH |
137 | *) Enhance RSA_METHOD structure. Now there are two extra methods, rsa_sign |
138 | and rsa_verify. When the RSA_FLAGS_SIGN_VER option is set these functions | |
139 | will be called when RSA_sign() and RSA_verify() are used. This is useful | |
140 | if rsa_pub_dec() and rsa_priv_enc() equivalents are not available. | |
141 | For this to work properly RSA_public_decrypt() and RSA_private_encrypt() | |
142 | should *not* be used: RSA_sign() and RSA_verify() must be used instead. | |
143 | This necessitated the support of an extra signature type NID_md5_sha1 | |
144 | for SSL signatures and modifications to the SSL library to use it instead | |
145 | of calling RSA_public_decrypt() and RSA_private_encrypt(). | |
146 | [Steve Henson] | |
147 | ||
090d848e DSH |
148 | *) Add new -verify -CAfile and -CApath options to the crl program, these |
149 | will lookup a CRL issuers certificate and verify the signature in a | |
150 | similar way to the verify program. Tidy up the crl program so it | |
151 | no longer acesses structures directly. Make the ASN1 CRL parsing a bit | |
152 | less strict. It will now permit CRL extensions even if it is not | |
153 | a V2 CRL: this will allow it to tolerate some broken CRLs. | |
154 | [Steve Henson] | |
155 | ||
396f6314 BM |
156 | *) Initialize all non-automatic variables each time one of the openssl |
157 | sub-programs is started (this is necessary as they may be started | |
158 | multiple times from the "OpenSSL>" prompt). | |
159 | [Lennart Bang, Bodo Moeller] | |
160 | ||
4a61a64f DSH |
161 | *) Preliminary compilation option RSA_NULL which disables RSA crypto without |
162 | removing all other RSA functionality (this is what NO_RSA does). This | |
163 | is so (for example) those in the US can disable those operations covered | |
164 | by the RSA patent while allowing storage and parsing of RSA keys and RSA | |
165 | key generation. | |
166 | [Steve Henson] | |
167 | ||
c1082a90 | 168 | *) Non-copying interface to BIO pairs. |
6f7af152 | 169 | (still largely untested) |
c1082a90 BM |
170 | [Bodo Moeller] |
171 | ||
a785abc3 DSH |
172 | *) New function ANS1_tag2str() to convert an ASN1 tag to a descriptive |
173 | ASCII string. This was handled independently in various places before. | |
174 | [Steve Henson] | |
175 | ||
aef838fc DSH |
176 | *) New functions UTF8_getc() and UTF8_putc() that parse and generate |
177 | UTF8 strings a character at a time. | |
178 | [Steve Henson] | |
179 | ||
074309b7 BM |
180 | *) Use client_version from client hello to select the protocol |
181 | (s23_srvr.c) and for RSA client key exchange verification | |
182 | (s3_srvr.c), as required by the SSL 3.0/TLS 1.0 specifications. | |
183 | [Bodo Moeller] | |
184 | ||
8ce97163 DSH |
185 | *) Add various utility functions to handle SPKACs, these were previously |
186 | handled by poking round in the structure internals. Added new function | |
187 | NETSCAPE_SPKI_print() to print out SPKAC and a new utility 'spkac' to | |
188 | print, verify and generate SPKACs. Based on an original idea from | |
189 | Massimiliano Pala <madwolf@comune.modena.it> but extensively modified. | |
190 | [Steve Henson] | |
191 | ||
2d4287da AP |
192 | *) RIPEMD160 is operational on all platforms and is back in 'make test'. |
193 | [Andy Polyakov] | |
194 | ||
87a25f90 DSH |
195 | *) Allow the config file extension section to be overwritten on the |
196 | command line. Based on an original idea from Massimiliano Pala | |
197 | <madwolf@comune.modena.it>. The new option is called -extensions | |
198 | and can be applied to ca, req and x509. Also -reqexts to override | |
199 | the request extensions in req and -crlexts to override the crl extensions | |
200 | in ca. | |
201 | [Steve Henson] | |
202 | ||
f9150e54 DSH |
203 | *) Add new feature to the SPKAC handling in ca. Now you can include |
204 | the same field multiple times by preceding it by "XXXX." for example: | |
205 | 1.OU="Unit name 1" | |
206 | 2.OU="Unit name 2" | |
207 | this is the same syntax as used in the req config file. | |
208 | [Steve Henson] | |
209 | ||
c79b16e1 DSH |
210 | *) Allow certificate extensions to be added to certificate requests. These |
211 | are specified in a 'req_extensions' option of the req section of the | |
212 | config file. They can be printed out with the -text option to req but | |
213 | are otherwise ignored at present. | |
214 | [Steve Henson] | |
215 | ||
96c2201b | 216 | *) Fix a horrible bug in enc_read() in crypto/evp/bio_enc.c: if the first |
0f7e6fe1 | 217 | data read consists of only the final block it would not decrypted because |
7b65c329 DSH |
218 | EVP_CipherUpdate() would correctly report zero bytes had been decrypted. |
219 | A misplaced 'break' also meant the decrypted final block might not be | |
220 | copied until the next read. | |
221 | [Steve Henson] | |
222 | ||
13066cee DSH |
223 | *) Initial support for DH_METHOD. Again based on RSA_METHOD. Also added |
224 | a few extra parameters to the DH structure: these will be useful if | |
225 | for example we want the value of 'q' or implement X9.42 DH. | |
226 | [Steve Henson] | |
227 | ||
c0711f7f DSH |
228 | *) Initial support for DSA_METHOD. This is based on the RSA_METHOD and |
229 | provides hooks that allow the default DSA functions or functions on a | |
230 | "per key" basis to be replaced. This allows hardware acceleration and | |
231 | hardware key storage to be handled without major modification to the | |
232 | library. Also added low level modexp hooks and CRYPTO_EX structure and | |
233 | associated functions. | |
234 | [Steve Henson] | |
235 | ||
8484721a DSH |
236 | *) Add a new flag to memory BIOs, BIO_FLAG_MEM_RDONLY. This marks the BIO |
237 | as "read only": it can't be written to and the buffer it points to will | |
238 | not be freed. Reading from a read only BIO is much more efficient than | |
239 | a normal memory BIO. This was added because there are several times when | |
240 | an area of memory needs to be read from a BIO. The previous method was | |
241 | to create a memory BIO and write the data to it, this results in two | |
242 | copies of the data and an O(n^2) reading algorithm. There is a new | |
243 | function BIO_new_mem_buf() which creates a read only memory BIO from | |
244 | an area of memory. Also modified the PKCS#7 routines to use read only | |
245 | memory BIOSs. | |
246 | [Steve Henson] | |
247 | ||
de1915e4 BM |
248 | *) Bugfix: ssl23_get_client_hello did not work properly when called in |
249 | state SSL23_ST_SR_CLNT_HELLO_B, i.e. when the first 7 bytes of | |
250 | a SSLv2-compatible client hello for SSLv3 or TLSv1 could be read, | |
251 | but a retry condition occured while trying to read the rest. | |
252 | [Bodo Moeller] | |
253 | ||
c6c34506 DSH |
254 | *) The PKCS7_ENC_CONTENT_new() function was setting the content type as |
255 | NID_pkcs7_encrypted by default: this was wrong since this should almost | |
256 | always be NID_pkcs7_data. Also modified the PKCS7_set_type() to handle | |
257 | the encrypted data type: this is a more sensible place to put it and it | |
258 | allows the PKCS#12 code to be tidied up that duplicated this | |
259 | functionality. | |
260 | [Steve Henson] | |
261 | ||
fd520577 DSH |
262 | *) Changed obj_dat.pl script so it takes its input and output files on |
263 | the command line. This should avoid shell escape redirection problems | |
264 | under Win32. | |
265 | [Steve Henson] | |
266 | ||
87c49f62 | 267 | *) Initial support for certificate extension requests, these are included |
fd520577 DSH |
268 | in things like Xenroll certificate requests. Included functions to allow |
269 | extensions to be obtained and added. | |
87c49f62 DSH |
270 | [Steve Henson] |
271 | ||
1b1a6e78 BM |
272 | *) -crlf option to s_client and s_server for sending newlines as |
273 | CRLF (as required by many protocols). | |
274 | [Bodo Moeller] | |
275 | ||
9a577e29 | 276 | Changes between 0.9.3a and 0.9.4 [09 Aug 1999] |
dfbaf956 | 277 | |
9a577e29 | 278 | *) Install libRSAglue.a when OpenSSL is built with RSAref. |
dfbaf956 | 279 | [Ralf S. Engelschall] |
74678cc2 | 280 | |
96395158 RE |
281 | *) A few more ``#ifndef NO_FP_API / #endif'' pairs for consistency. |
282 | [Andrija Antonijevic <TheAntony2@bigfoot.com>] | |
283 | ||
ed7f60fb DSH |
284 | *) Fix -startdate and -enddate (which was missing) arguments to 'ca' |
285 | program. | |
286 | [Steve Henson] | |
287 | ||
48c843c3 BM |
288 | *) New function DSA_dup_DH, which duplicates DSA parameters/keys as |
289 | DH parameters/keys (q is lost during that conversion, but the resulting | |
290 | DH parameters contain its length). | |
291 | ||
292 | For 1024-bit p, DSA_generate_parameters followed by DSA_dup_DH is | |
293 | much faster than DH_generate_parameters (which creates parameters | |
294 | where p = 2*q + 1), and also the smaller q makes DH computations | |
295 | much more efficient (160-bit exponentiation instead of 1024-bit | |
296 | exponentiation); so this provides a convenient way to support DHE | |
297 | ciphersuites in SSL/TLS servers (see ssl/ssltest.c). It is of | |
298 | utter importance to use | |
299 | SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE); | |
300 | or | |
301 | SSL_set_options(s_ctx, SSL_OP_SINGLE_DH_USE); | |
302 | when such DH parameters are used, because otherwise small subgroup | |
303 | attacks may become possible! | |
304 | [Bodo Moeller] | |
305 | ||
306 | *) Avoid memory leak in i2d_DHparams. | |
307 | [Bodo Moeller] | |
308 | ||
922180d7 DSH |
309 | *) Allow the -k option to be used more than once in the enc program: |
310 | this allows the same encrypted message to be read by multiple recipients. | |
311 | [Steve Henson] | |
312 | ||
3e3d2ea2 DSH |
313 | *) New function OBJ_obj2txt(buf, buf_len, a, no_name), this converts |
314 | an ASN1_OBJECT to a text string. If the "no_name" parameter is set then | |
315 | it will always use the numerical form of the OID, even if it has a short | |
316 | or long name. | |
317 | [Steve Henson] | |
318 | ||
770d19b8 DSH |
319 | *) Added an extra RSA flag: RSA_FLAG_EXT_PKEY. Previously the rsa_mod_exp |
320 | method only got called if p,q,dmp1,dmq1,iqmp components were present, | |
321 | otherwise bn_mod_exp was called. In the case of hardware keys for example | |
322 | no private key components need be present and it might store extra data | |
96c2201b BM |
323 | in the RSA structure, which cannot be accessed from bn_mod_exp. |
324 | By setting RSA_FLAG_EXT_PKEY rsa_mod_exp will always be called for | |
325 | private key operations. | |
770d19b8 DSH |
326 | [Steve Henson] |
327 | ||
a0618e3e AP |
328 | *) Added support for SPARC Linux. |
329 | [Andy Polyakov] | |
330 | ||
74678cc2 BM |
331 | *) pem_password_cb function type incompatibly changed from |
332 | typedef int pem_password_cb(char *buf, int size, int rwflag); | |
333 | to | |
334 | ....(char *buf, int size, int rwflag, void *userdata); | |
335 | so that applications can pass data to their callbacks: | |
336 | The PEM[_ASN1]_{read,write}... functions and macros now take an | |
337 | additional void * argument, which is just handed through whenever | |
338 | the password callback is called. | |
96c2201b | 339 | [Damien Miller <dmiller@ilogic.com.au>; tiny changes by Bodo Moeller] |
74678cc2 BM |
340 | |
341 | New function SSL_CTX_set_default_passwd_cb_userdata. | |
342 | ||
343 | Compatibility note: As many C implementations push function arguments | |
344 | onto the stack in reverse order, the new library version is likely to | |
345 | interoperate with programs that have been compiled with the old | |
346 | pem_password_cb definition (PEM_whatever takes some data that | |
347 | happens to be on the stack as its last argument, and the callback | |
348 | just ignores this garbage); but there is no guarantee whatsoever that | |
349 | this will work. | |
0cceb1c7 | 350 | |
664b9985 BM |
351 | *) The -DPLATFORM="\"$(PLATFORM)\"" definition and the similar -DCFLAGS=... |
352 | (both in crypto/Makefile.ssl for use by crypto/cversion.c) caused | |
353 | problems not only on Windows, but also on some Unix platforms. | |
2e0fc875 | 354 | To avoid problematic command lines, these definitions are now in an |
57119943 BM |
355 | auto-generated file crypto/buildinf.h (created by crypto/Makefile.ssl |
356 | for standard "make" builds, by util/mk1mf.pl for "mk1mf" builds). | |
664b9985 BM |
357 | [Bodo Moeller] |
358 | ||
7363455f AP |
359 | *) MIPS III/IV assembler module is reimplemented. |
360 | [Andy Polyakov] | |
361 | ||
6434450c UM |
362 | *) More DES library cleanups: remove references to srand/rand and |
363 | delete an unused file. | |
364 |