[thirdparty/openssl.git] / CHANGES


 OpenSSL CHANGES
 _______________

 Changes between 0.9.8 and 0.9.9  [xx XXX xxxx]

  *) 

 Changes between 0.9.7h and 0.9.8  [xx XXX xxxx]

  *) Correct naming of the 'chil' and '4758cca' ENGINEs. This
     involves renaming the source and generated shared-libs for
     both. The engines will accept the corrected or legacy ids
     ('ncipher' and '4758_cca' respectively) when binding. NB,
     this only applies when building 'shared'.
     [Corinna Vinschen <vinschen@redhat.com> and Geoff Thorpe]

  *) Add attribute functions to EVP_PKEY structure. Modify
     PKCS12_create() to recognize a CSP name attribute and
     use it. Make -CSP option work again in pkcs12 utility.
     [Steve Henson]

  *) Add new functionality to the bn blinding code:
     - automatic re-creation of the BN_BLINDING parameters after
       a fixed number of uses (currently 32)
     - add new function for parameter creation
     - introduce flags to control the update behaviour of the
       BN_BLINDING parameters
     - hide BN_BLINDING structure
     Add a second BN_BLINDING slot to the RSA structure to improve
     performance when a single RSA object is shared among several
     threads.
     [Nils Larsch]

  *) Add support for DTLS.
     [Nagendra Modadugu <nagendra@cs.stanford.edu> and Ben Laurie]

  *) Add support for DER encoded private keys (SSL_FILETYPE_ASN1)
     to SSL_CTX_use_PrivateKey_file() and SSL_use_PrivateKey_file()
     [Walter Goulet]

  *) Remove buggy and incompletet DH cert support from
     ssl/ssl_rsa.c and ssl/s3_both.c
     [Nils Larsch]

  *) Use SHA-1 instead of MD5 as the default digest algorithm for
     the apps/openssl applications.
     [Nils Larsch]

  *) Compile clean with "-Wall -Wmissing-prototypes
     -Wstrict-prototypes -Wmissing-declarations -Werror". Currently
     DEBUG_SAFESTACK must also be set.
     [Ben Laurie]

  *) Change ./Configure so that certain algorithms can be disabled by default.
     The new counterpiece to "no-xxx" is "enable-xxx".

     The patented RC5 and MDC2 algorithms will now be disabled unless
     "enable-rc5" and "enable-mdc2", respectively, are specified.

     (IDEA remains enabled despite being patented.  This is because IDEA
     is frequently required for interoperability, and there is no license
     fee for non-commercial use.  As before, "no-idea" can be used to
     avoid this algorithm.)

     [Bodo Moeller]

  *) Add processing of proxy certificates (see RFC 3820).  This work was
     sponsored by KTH (The Royal Institute of Technology in Stockholm) and
     EGEE (Enabling Grids for E-science in Europe).
     [Richard Levitte]

  *) RC4 performance overhaul on modern architectures/implementations, such
     as Intel P4, IA-64 and AMD64.
     [Andy Polyakov]

  *) New utility extract-section.pl. This can be used specify an alternative
     section number in a pod file instead of having to treat each file as
     a separate case in Makefile. This can be done by adding two lines to the
     pod file:

     =for comment openssl_section:XXX

     The blank line is mandatory.

     [Steve Henson]

  *) New arguments -certform, -keyform and -pass for s_client and s_server
     to allow alternative format key and certificate files and passphrase
     sources.
     [Steve Henson]

  *) New structure X509_VERIFY_PARAM which combines current verify parameters,
     update associated structures and add various utility functions.

     Add new policy related verify parameters, include policy checking in 
     standard verify code. Enhance 'smime' application with extra parameters
     to support policy checking and print out.
     [Steve Henson]

  *) Add a new engine to support VIA PadLock ACE extensions in the VIA C3
     Nehemiah processors. These extensions support AES encryption in hardware
     as well as RNG (though RNG support is currently disabled).
     [Michal Ludvig <michal@logix.cz>, with help from Andy Polyakov]

  *) Deprecate BN_[get|set]_params() functions (they were ignored internally).
     [Geoff Thorpe]

  *) New FIPS 180-2 algorithms, SHA-224/-256/-384/-512 are implemented.
     [Andy Polyakov and a number of other people]

  *) Improved PowerPC platform support. Most notably BIGNUM assembler
     implementation contributed by IBM.
     [Suresh Chari, Peter Waltenberg, Andy Polyakov]

  *) The new 'RSA_generate_key_ex' function now takes a BIGNUM for the public
     exponent rather than 'unsigned long'. There is a corresponding change to
     the new 'rsa_keygen' element of the RSA_METHOD structure.
     [Jelte Jansen, Geoff Thorpe]

  *) Functionality for creating the initial serial number file is now
     moved from CA.pl to the 'ca' utility with a new option -create_serial.

     (Before OpenSSL 0.9.7e, CA.pl used to initialize the serial
     number file to 1, which is bound to cause problems.  To avoid
     the problems while respecting compatibility between different 0.9.7
     patchlevels, 0.9.7e  employed 'openssl x509 -next_serial' in
     CA.pl for serial number initialization.  With the new release 0.9.8,
     we can fix the problem directly in the 'ca' utility.)
     [Steve Henson]

  *) Reduced header interdepencies by declaring more opaque objects in
     ossl_typ.h. As a consequence, including some headers (eg. engine.h) will
     give fewer recursive includes, which could break lazy source code - so
     this change is covered by the OPENSSL_NO_DEPRECATED symbol. As always,
     developers should define this symbol when building and using openssl to
     ensure they track the recommended behaviour, interfaces, [etc], but
     backwards-compatible behaviour prevails when this isn't defined.
     [Geoff Thorpe]

  *) New function X509_POLICY_NODE_print() which prints out policy nodes.
     [Steve Henson]

  *) Add new EVP function EVP_CIPHER_CTX_rand_key and associated functionality.
     This will generate a random key of the appropriate length based on the 
     cipher context. The EVP_CIPHER can provide its own random key generation
     routine to support keys of a specific form. This is used in the des and 
     3des routines to generate a key of the correct parity. Update S/MIME
     code to use new functions and hence generate correct parity DES keys.
     Add EVP_CHECK_DES_KEY #define to return an error if the key is not 
     valid (weak or incorrect parity).
     [Steve Henson]

  *) Add a local set of CRLs that can be used by X509_verify_cert() as well
     as looking them up. This is useful when the verified structure may contain
     CRLs, for example PKCS#7 signedData. Modify PKCS7_verify() to use any CRLs
     present unless the new PKCS7_NO_CRL flag is asserted.
     [Steve Henson]

  *) Extend ASN1 oid configuration module. It now additionally accepts the
     syntax:

     shortName = some long name, 1.2.3.4
     [Steve Henson]

  *) Reimplemented the BN_CTX implementation. There is now no more static
     limitation on the number of variables it can handle nor the depth of the
     "stack" handling for BN_CTX_start()/BN_CTX_end() pairs. The stack
     information can now expand as required, and rather than having a single
     static array of bignums, BN_CTX now uses a linked-list of such arrays
     allowing it to expand on demand whilst maintaining the usefulness of
     BN_CTX's "bundling".
     [Geoff Thorpe]

  *) Add a missing BN_CTX parameter to the 'rsa_mod_exp' callback in RSA_METHOD
     to allow all RSA operations to function using a single BN_CTX.
     [Geoff Thorpe]

  *) Preliminary support for certificate policy evaluation and checking. This
     is initially intended to pass the tests outlined in "Conformance Testing
     of Relying Party Client Certificate Path Processing Logic" v1.07.
     [Steve Henson]

  *) bn_dup_expand() has been deprecated, it was introduced in 0.9.7 and
     remained unused and not that useful. A variety of other little bignum
     tweaks and fixes have also been made continuing on from the audit (see
     below).
     [Geoff Thorpe]

  *) Constify all or almost all d2i, c2i, s2i and r2i functions, along with
     associated ASN1, EVP and SSL functions and old ASN1 macros.
     [Richard Levitte]

  *) BN_zero() only needs to set 'top' and 'neg' to zero for correct results,
     and this should never fail. So the return value from the use of
     BN_set_word() (which can fail due to needless expansion) is now deprecated;
     if OPENSSL_NO_DEPRECATED is defined, BN_zero() is a void macro.
     [Geoff Thorpe]

  *) BN_CTX_get() should return zero-valued bignums, providing the same
     initialised value as BN_new().
Commit	Line	Data
81a6c781	1
f1c236f8	2	OpenSSL CHANGES
651d0aff RE	3	_______________
651d0aff RE	4
28e4fe34 RL	5	Changes between 0.9.8 and 0.9.9 [xx XXX xxxx]
	6
	7	*)
	8
c6c2e313	9	Changes between 0.9.7h and 0.9.8 [xx XXX xxxx]
12bdb643	10
a2c32e2d GT	11	*) Correct naming of the 'chil' and '4758cca' ENGINEs. This
	12	involves renaming the source and generated shared-libs for
	13	both. The engines will accept the corrected or legacy ids
	14	('ncipher' and '4758_cca' respectively) when binding. NB,
	15	this only applies when building 'shared'.
	16	[Corinna Vinschen <vinschen@redhat.com> and Geoff Thorpe]
	17
b6995add DSH	18	*) Add attribute functions to EVP_PKEY structure. Modify
	19	PKCS12_create() to recognize a CSP name attribute and
	20	use it. Make -CSP option work again in pkcs12 utility.
	21	[Steve Henson]
	22
800e400d NL	23	*) Add new functionality to the bn blinding code:
	24	- automatic re-creation of the BN_BLINDING parameters after
	25	a fixed number of uses (currently 32)
	26	- add new function for parameter creation
	27	- introduce flags to control the update behaviour of the
	28	BN_BLINDING parameters
	29	- hide BN_BLINDING structure
	30	Add a second BN_BLINDING slot to the RSA structure to improve
	31	performance when a single RSA object is shared among several
	32	threads.
	33	[Nils Larsch]
	34
36d16f8e BL	35	*) Add support for DTLS.
	36	[Nagendra Modadugu <nagendra@cs.stanford.edu> and Ben Laurie]
	37
dc0ed30c NL	38	*) Add support for DER encoded private keys (SSL_FILETYPE_ASN1)
	39	to SSL_CTX_use_PrivateKey_file() and SSL_use_PrivateKey_file()
	40	[Walter Goulet]
	41
6049399b NL	42	*) Remove buggy and incompletet DH cert support from
	43	ssl/ssl_rsa.c and ssl/s3_both.c
	44	[Nils Larsch]
	45
12bdb643 NL	46	*) Use SHA-1 instead of MD5 as the default digest algorithm for
	47	the apps/openssl applications.
	48	[Nils Larsch]
4d94ae00	49
41a15c4f BL	50	*) Compile clean with "-Wall -Wmissing-prototypes
	51	-Wstrict-prototypes -Wmissing-declarations -Werror". Currently
	52	DEBUG_SAFESTACK must also be set.
	53	[Ben Laurie]
	54
c9a112f5	55	*) Change ./Configure so that certain algorithms can be disabled by default.
ecc5ef87 BM	56	The new counterpiece to "no-xxx" is "enable-xxx".
	57
	58	The patented RC5 and MDC2 algorithms will now be disabled unless
	59	"enable-rc5" and "enable-mdc2", respectively, are specified.
	60
	61	(IDEA remains enabled despite being patented. This is because IDEA
	62	is frequently required for interoperability, and there is no license
	63	fee for non-commercial use. As before, "no-idea" can be used to
	64	avoid this algorithm.)
	65
c9a112f5 BM	66	[Bodo Moeller]
c9a112f5 BM	67
6951c23a RL	68	*) Add processing of proxy certificates (see RFC 3820). This work was
	69	sponsored by KTH (The Royal Institute of Technology in Stockholm) and
	70	EGEE (Enabling Grids for E-science in Europe).
	71	[Richard Levitte]
	72
ea681ba8 AP	73	*) RC4 performance overhaul on modern architectures/implementations, such
	74	as Intel P4, IA-64 and AMD64.
	75	[Andy Polyakov]
	76
401ee37a DSH	77	*) New utility extract-section.pl. This can be used specify an alternative
	78	section number in a pod file instead of having to treat each file as
	79	a separate case in Makefile. This can be done by adding two lines to the
	80	pod file:
	81
	82	=for comment openssl_section:XXX
	83
	84	The blank line is mandatory.
	85
	86	[Steve Henson]
	87
826a42a0 DSH	88	*) New arguments -certform, -keyform and -pass for s_client and s_server
	89	to allow alternative format key and certificate files and passphrase
	90	sources.
	91	[Steve Henson]
	92
5d7c222d DSH	93	*) New structure X509_VERIFY_PARAM which combines current verify parameters,
	94	update associated structures and add various utility functions.
	95
	96	Add new policy related verify parameters, include policy checking in
	97	standard verify code. Enhance 'smime' application with extra parameters
	98	to support policy checking and print out.
	99	[Steve Henson]
	100
30fe028f GT	101	*) Add a new engine to support VIA PadLock ACE extensions in the VIA C3
	102	Nehemiah processors. These extensions support AES encryption in hardware
	103	as well as RNG (though RNG support is currently disabled).
	104	[Michal Ludvig <michal@logix.cz>, with help from Andy Polyakov]
	105
df11e1e9 GT	106	*) Deprecate BN_[get\|set]_params() functions (they were ignored internally).
	107	[Geoff Thorpe]
	108
ad500340 AP	109	*) New FIPS 180-2 algorithms, SHA-224/-256/-384/-512 are implemented.
	110	[Andy Polyakov and a number of other people]
	111
e14f4aab AP	112	*) Improved PowerPC platform support. Most notably BIGNUM assembler
	113	implementation contributed by IBM.
	114	[Suresh Chari, Peter Waltenberg, Andy Polyakov]
	115
bcfea9fb GT	116	*) The new 'RSA_generate_key_ex' function now takes a BIGNUM for the public
	117	exponent rather than 'unsigned long'. There is a corresponding change to
	118	the new 'rsa_keygen' element of the RSA_METHOD structure.
	119	[Jelte Jansen, Geoff Thorpe]
	120
d5f686d8 BM	121	*) Functionality for creating the initial serial number file is now
	122	moved from CA.pl to the 'ca' utility with a new option -create_serial.
	123
	124	(Before OpenSSL 0.9.7e, CA.pl used to initialize the serial
	125	number file to 1, which is bound to cause problems. To avoid
	126	the problems while respecting compatibility between different 0.9.7
	127	patchlevels, 0.9.7e employed 'openssl x509 -next_serial' in
	128	CA.pl for serial number initialization. With the new release 0.9.8,
	129	we can fix the problem directly in the 'ca' utility.)
64674bcc DSH	130	[Steve Henson]
64674bcc DSH	131
3a87a9b9 GT	132	*) Reduced header interdepencies by declaring more opaque objects in
	133	ossl_typ.h. As a consequence, including some headers (eg. engine.h) will
	134	give fewer recursive includes, which could break lazy source code - so
	135	this change is covered by the OPENSSL_NO_DEPRECATED symbol. As always,
	136	developers should define this symbol when building and using openssl to
	137	ensure they track the recommended behaviour, interfaces, [etc], but
	138	backwards-compatible behaviour prevails when this isn't defined.
	139	[Geoff Thorpe]
	140
bf5773fa DSH	141	*) New function X509_POLICY_NODE_print() which prints out policy nodes.
	142	[Steve Henson]
	143
216659eb DSH	144	*) Add new EVP function EVP_CIPHER_CTX_rand_key and associated functionality.
	145	This will generate a random key of the appropriate length based on the
	146	cipher context. The EVP_CIPHER can provide its own random key generation
	147	routine to support keys of a specific form. This is used in the des and
	148	3des routines to generate a key of the correct parity. Update S/MIME
	149	code to use new functions and hence generate correct parity DES keys.
	150	Add EVP_CHECK_DES_KEY #define to return an error if the key is not
	151	valid (weak or incorrect parity).
	152	[Steve Henson]
	153
e1a27eb3 DSH	154	*) Add a local set of CRLs that can be used by X509_verify_cert() as well
	155	as looking them up. This is useful when the verified structure may contain
	156	CRLs, for example PKCS#7 signedData. Modify PKCS7_verify() to use any CRLs
	157	present unless the new PKCS7_NO_CRL flag is asserted.
	158	[Steve Henson]
	159
6446e0c3 DSH	160	*) Extend ASN1 oid configuration module. It now additionally accepts the
	161	syntax:
	162
	163	shortName = some long name, 1.2.3.4
	164	[Steve Henson]
	165
5c98b2ca GT	166	*) Reimplemented the BN_CTX implementation. There is now no more static
	167	limitation on the number of variables it can handle nor the depth of the
	168	"stack" handling for BN_CTX_start()/BN_CTX_end() pairs. The stack
	169	information can now expand as required, and rather than having a single
	170	static array of bignums, BN_CTX now uses a linked-list of such arrays
	171	allowing it to expand on demand whilst maintaining the usefulness of
	172	BN_CTX's "bundling".
	173	[Geoff Thorpe]
	174
46ef873f GT	175	*) Add a missing BN_CTX parameter to the 'rsa_mod_exp' callback in RSA_METHOD
	176	to allow all RSA operations to function using a single BN_CTX.
	177	[Geoff Thorpe]
	178
4acc3e90 DSH	179	*) Preliminary support for certificate policy evaluation and checking. This
	180	is initially intended to pass the tests outlined in "Conformance Testing
	181	of Relying Party Client Certificate Path Processing Logic" v1.07.
	182	[Steve Henson]
	183
7f663ce4 GT	184	*) bn_dup_expand() has been deprecated, it was introduced in 0.9.7 and
	185	remained unused and not that useful. A variety of other little bignum
	186	tweaks and fixes have also been made continuing on from the audit (see
	187	below).
	188	[Geoff Thorpe]
	189
875a644a RL	190	*) Constify all or almost all d2i, c2i, s2i and r2i functions, along with
875a644a RL	191	associated ASN1, EVP and SSL functions and old ASN1 macros.
7f663ce4	192	[Richard Levitte]
875a644a	193
b6358c89 GT	194	*) BN_zero() only needs to set 'top' and 'neg' to zero for correct results,
	195	and this should never fail. So the return value from the use of
	196	BN_set_word() (which can fail due to needless expansion) is now deprecated;
	197	if OPENSSL_NO_DEPRECATED is defined, BN_zero() is a void macro.
	198	[Geoff Thorpe]
	199
9e051bac GT	200	*) BN_CTX_get() should return zero-valued bignums, providing the same
	201	initialised value as BN_new().
	202