]>
Commit | Line | Data |
---|---|---|
651d0aff | 1 | |
f1c236f8 | 2 | OpenSSL CHANGES |
651d0aff RE |
3 | _______________ |
4 | ||
5 | ||
9cb0969f | 6 | Changes between 0.9.1c and 0.9.2 |
0172f988 | 7 | |
06ab81f9 BL |
8 | *) Add support for new TLS ciphersuites, TLS_RSA_EXPORT56_WITH_RC4_56_MD5, |
9 | TLS_RSA_EXPORT56_WITH_RC2_CBC_56_MD5 and | |
10 | TLS_RSA_EXPORT56_WITH_DES_CBC_SHA, as specified in "56-bit Export Cipher | |
11 | Suites For TLS", draft-ietf-tls-56-bit-ciphersuites-00.txt. | |
12 | [Ben Laurie] | |
13 | ||
deff75b6 DSH |
14 | *) Add preliminary config info for new extension code. |
15 | [Steve Henson] | |
16 | ||
0c8a1281 DSH |
17 | *) Make RSA_NO_PADDING really use no padding. |
18 | [Ulf Moeller <ulf@fitug.de>] | |
19 | ||
4004dbb7 BL |
20 | *) Generate errors when private/public key check is done. |
21 | [Ben Laurie] | |
22 | ||
0ca5f8b1 DSH |
23 | *) Overhaul for 'crl' utility. New function X509_CRL_print. Partial support |
24 | for some CRL extensions and new objects added. | |
25 | [Steve Henson] | |
26 | ||
3d8accc3 DSH |
27 | *) Really fix the ASN1 IMPLICIT bug this time... Partial support for private |
28 | key usage extension and fuller support for authority key id. | |
29 | [Steve Henson] | |
30 | ||
a4949896 BL |
31 | *) Add OAEP encryption for the OpenSSL crypto library. OAEP is the improved |
32 | padding method for RSA, which is recommended for new applications in PKCS | |
33 | #1 v2.0 (RFC 2437, October 1998). | |
34 | OAEP (Optimal Asymmetric Encryption Padding) has better theoretical | |
35 | foundations than the ad-hoc padding used in PKCS #1 v1.5. It is secure | |
36 | against Bleichbacher's attack on RSA. | |
37 | [Ulf Moeller <ulf@fitug.de>, reformatted, corrected and integrated by | |
38 | Ben Laurie] | |
39 | ||
413c4f45 MC |
40 | *) Updates to the new SSL compression code |
41 | [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)] | |
42 | ||
43 | *) Fix so that the version number in the master secret, when passed | |
44 | via RSA, checks that if TLS was proposed, but we roll back to SSLv3 | |
45 | (because the server will not accept higher), that the version number | |
46 | is 0x03,0x01, not 0x03,0x00 | |
47 | [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)] | |
48 | ||
a8236c8c DSH |
49 | *) Run extensive memory leak checks on SSL apps. Fixed *lots* of memory |
50 | leaks in ssl/ relating to new X509_get_pubkey() behaviour. Also fixes | |
3d8accc3 | 51 | in apps/ and an unrelated leak in crypto/dsa/dsa_vrf.c |
a8236c8c DSH |
52 | [Steve Henson] |
53 | ||
388ff0b0 DSH |
54 | *) Support for RAW extensions where an arbitrary extension can be |
55 | created by including its DER encoding. See apps/openssl.cnf for | |
56 | an example. | |
a8236c8c | 57 | [Steve Henson] |
388ff0b0 | 58 | |
6013fa83 RE |
59 | *) Make sure latest Perl versions don't interpret some generated C array |
60 | code as Perl array code in the crypto/err/err_genc.pl script. | |
61 | [Lars Weber <3weber@informatik.uni-hamburg.de>] | |
62 | ||
5c00879e DSH |
63 | *) Modify ms/do_ms.bat to not generate assembly language makefiles since |
64 | not many people have the assembler. Various Win32 compilation fixes and | |
65 | update to the INSTALL.W32 file with (hopefully) more accurate Win32 | |
66 | build instructions. | |
67 | [Steve Henson] | |
68 | ||
9becf666 DSH |
69 | *) Modify configure script 'Configure' to automatically create crypto/date.h |
70 | file under Win32 and also build pem.h from pem.org. New script | |
71 | util/mkfiles.pl to create the MINFO file on environments that can't do a | |
72 | 'make files': perl util/mkfiles.pl >MINFO should work. | |
73 | [Steve Henson] | |
74 | ||
4e31df2c BL |
75 | *) Major rework of DES function declarations, in the pursuit of correctness |
76 | and purity. As a result, many evil casts evaporated, and some weirdness, | |
77 | too. You may find this causes warnings in your code. Zapping your evil | |
78 | casts will probably fix them. Mostly. | |
79 | [Ben Laurie] | |
80 | ||
e4119b93 DSH |
81 | *) Fix for a typo in asn1.h. Bug fix to object creation script |
82 | obj_dat.pl. It considered a zero in an object definition to mean | |
83 | "end of object": none of the objects in objects.h have any zeros | |
84 | so it wasn't spotted. | |
85 | [Steve Henson, reported by Erwann ABALEA <eabalea@certplus.com>] | |
86 | ||
4a71b90d BL |
87 | *) Add support for Triple DES Cipher Block Chaining with Output Feedback |
88 | Masking (CBCM). In the absence of test vectors, the best I have been able | |
89 | to do is check that the decrypt undoes the encrypt, so far. Send me test | |
90 | vectors if you have them. | |
91 | [Ben Laurie] | |
92 | ||
436d318c BL |
93 | *) Correct caclulation of key length for export ciphers (too much space was |
94 | allocated for null ciphers). This has not been tested! | |
95 | [Ben Laurie] | |
96 | ||
55a9cc6e DSH |
97 | *) Modifications to the mkdef.pl for Win32 DEF file creation. The usage |
98 | message is now correct (it understands "crypto" and "ssl" on its | |
99 | command line). There is also now an "update" option. This will update | |
100 | the util/ssleay.num and util/libeay.num files with any new functions. | |
101 | If you do a: | |
102 | perl util/mkdef.pl crypto ssl update | |
103 | it will update them. | |
e4119b93 | 104 | [Steve Henson] |
55a9cc6e | 105 | |
8073036d RE |
106 | *) Overhauled the Perl interface (perl/*): |
107 | - ported BN stuff to OpenSSL's different BN library | |
108 | - made the perl/ source tree CVS-aware | |
109 | - renamed the package from SSLeay to OpenSSL (the files still contain | |
110 | their history because I've copied them in the repository) | |
111 | - removed obsolete files (the test scripts will be replaced | |
112 | by better Test::Harness variants in the future) | |
113 | [Ralf S. Engelschall] | |
114 | ||
483fdf18 RE |
115 | *) First cut for a very conservative source tree cleanup: |
116 | 1. merge various obsolete readme texts into doc/ssleay.txt | |
117 | where we collect the old documents and readme texts. | |
118 | 2. remove the first part of files where I'm already sure that we no | |
119 | longer need them because of three reasons: either they are just temporary | |
120 | files which were left by Eric or they are preserved original files where | |
121 | I've verified that the diff is also available in the CVS via "cvs diff | |
122 | -rSSLeay_0_8_1b" or they were renamed (as it was definitely the case for | |
123 | the crypto/md/ stuff). | |
124 | [Ralf S. Engelschall] | |
125 | ||
175b0942 DSH |
126 | *) More extension code. Incomplete support for subject and issuer alt |
127 | name, issuer and authority key id. Change the i2v function parameters | |
128 | and add an extra 'crl' parameter in the X509V3_CTX structure: guess | |
129 | what that's for :-) Fix to ASN1 macro which messed up | |
130 | IMPLICIT tag and add f_enum.c which adds a2i, i2a for ENUMERATED. | |
131 | [Steve Henson] | |
132 | ||
bceacf93 DSH |
133 | *) Preliminary support for ENUMERATED type. This is largely copied from the |
134 | INTEGER code. | |
135 | [Steve Henson] | |
136 | ||
351d8998 MC |
137 | *) Add new function, EVP_MD_CTX_copy() to replace frequent use of memcpy. |
138 | [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)] | |
139 | ||
b621d772 RE |
140 | *) Make sure `make rehash' target really finds the `openssl' program. |
141 | [Ralf S. Engelschall, Matthias Loepfe <Matthias.Loepfe@adnovum.ch>] | |
142 | ||
a96e7810 BL |
143 | *) Squeeze another 7% of speed out of MD5 assembler, at least on a P2. I'd |
144 | like to hear about it if this slows down other processors. | |
145 | [Ben Laurie] | |
146 | ||
e04a6c2b RE |
147 | *) Add CygWin32 platform information to Configure script. |
148 | [Alan Batie <batie@aahz.jf.intel.com>] | |
149 | ||
0172f988 RE |
150 | *) Fixed ms/32all.bat script: `no_asm' -> `no-asm' |
151 | [Rainer W. Gerling <gerling@mpg-gv.mpg.de>] | |
79dfa975 DSH |
152 | |
153 | *) New program nseq to manipulate netscape certificate sequences | |
154 | [Steve Henson] | |
320a14cb | 155 | |
9fe84296 DSH |
156 | *) Modify crl2pkcs7 so it supports multiple -certfile arguments. Fix a |
157 | few typos. | |
158 | [Steve Henson] | |
159 | ||
a0a54079 MC |
160 | *) Fixes to BN code. Previously the default was to define BN_RECURSION |
161 | but the BN code had some problems that would cause failures when | |
162 | doing certificate verification and some other functions. | |
163 | [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)] | |
164 | ||
92c046ca DSH |
165 | *) Add ASN1 and PEM code to support netscape certificate sequences. |
166 | [Steve Henson] | |
167 | ||
79dfa975 DSH |
168 | *) Add ASN1 and PEM code to support netscape certificate sequences. |
169 | [Steve Henson] | |
170 | ||
a27598bf DSH |
171 | *) Add several PKIX and private extended key usage OIDs. |
172 | [Steve Henson] | |
173 | ||
b2347661 DSH |
174 | *) Modify the 'ca' program to handle the new extension code. Modify |
175 | openssl.cnf for new extension format, add comments. | |
176 | [Steve Henson] | |
177 | ||
f317aa4c DSH |
178 | *) More X509 V3 changes. Fix typo in v3_bitstr.c. Add support to 'req' |
179 | and add a sample to openssl.cnf so req -x509 now adds appropriate | |
180 | CA extensions. | |
181 | [Steve Henson] | |
182 | ||
834eeef9 DSH |
183 | *) Continued X509 V3 changes. Add to other makefiles, integrate with the |
184 | error code, add initial support to X509_print() and x509 application. | |
f317aa4c | 185 | [Steve Henson] |
834eeef9 | 186 | |
9aeaf1b4 DSH |
187 | *) Takes a deep breath and start addding X509 V3 extension support code. Add |
188 | files in crypto/x509v3. Move original stuff to crypto/x509v3/old. All this | |
189 | stuff is currently isolated and isn't even compiled yet. | |
190 | [Steve Henson] | |
191 | ||
9b5cc156 DSH |
192 | *) Continuing patches for GeneralizedTime. Fix up certificate and CRL |
193 | ASN1 to use ASN1_TIME and modify print routines to use ASN1_TIME_print. | |
194 | Removed the versions check from X509 routines when loading extensions: | |
195 | this allows certain broken certificates that don't set the version | |
196 | properly to be processed. | |
197 | [Steve Henson] | |
198 | ||
8039257d BL |
199 | *) Deal with irritating shit to do with dependencies, in YAAHW (Yet Another |
200 | Ad Hoc Way) - Makefile.ssls now all contain local dependencies, which | |
201 | can still be regenerated with "make depend". | |
202 | [Ben Laurie] | |
203 | ||
b13a1554 BL |
204 | *) Spelling mistake in C version of CAST-128. |
205 | [Ben Laurie, reported by Jeremy Hylton <jeremy@cnri.reston.va.us>] | |
206 | ||
6c8abdd7 DSH |
207 | *) Changes to the error generation code. The perl script err-code.pl |
208 | now reads in the old error codes and retains the old numbers, only | |
209 | adding new ones if necessary. It also only changes the .err files if new | |
210 | codes are added. The makefiles have been modified to only insert errors | |
211 | when needed (to avoid needlessly modifying header files). This is done | |
212 | by only inserting errors if the .err file is newer than the auto generated | |
213 | C file. To rebuild all the error codes from scratch (the old behaviour) | |
214 | either modify crypto/Makefile.ssl to pass the -regen flag to err_code.pl | |
215 | or delete all the .err files. | |
9b5cc156 | 216 | [Steve Henson] |
6c8abdd7 | 217 | |
649cdb7b BL |
218 | *) CAST-128 was incorrectly implemented for short keys. The C version has |
219 | been fixed, but is untested. The assembler versions are also fixed, but | |
220 | new assembler HAS NOT BEEN GENERATED FOR WIN32 - the Makefile needs fixing | |
221 | to regenerate it if needed. | |
222 | [Ben Laurie, reported (with fix for C version) by Jun-ichiro itojun | |
223 | Hagino <itojun@kame.net>] | |
224 | ||
225 | *) File was opened incorrectly in randfile.c. | |
226 |