]> git.ipfire.org Git - thirdparty/openssl.git/blame - CHANGES
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
comments
[thirdparty/openssl.git] / CHANGES
CommitLineData
81a6c781 1
f1c236f8 2 OpenSSL CHANGES
651d0aff
RE		 3 _______________
4
8537943e 5 Changes between 0.9.7a and 0.9.8 [xx XXX xxxx]
4d94ae00 6
37c660ff 7 *) In crypto/ec/ec_mult.c, implement fast point multiplication with
24893ca9 8 precomputation, based on wNAF splitting: EC_GROUP_precompute_mult()
37c660ff 9 will now compute a table of multiples of the generator that
24893ca9 10 makes subsequent invocations of EC_POINTs_mul() or EC_POINT_mul()
37c660ff
BM		 11 faster (notably in the case of a single point multiplication,
12 scalar * generator).
13 [Nils Larsch, Bodo Moeller]
14
4e5d3a7f
DSH		 15 *) IPv6 support for certificate extensions. The various extensions
16 which use the IP:a.b.c.d can now take IPv6 addresses using the
17 formats of RFC1884 2.2 . IPv6 addresses are now also displayed
18 correctly.
19 [Steve Henson]
20
96f7065f
GT		 21 *) Added an ENGINE that implements RSA by performing private key
22 exponentiations with the GMP library. The conversions to and from
23 GMP's mpz_t format aren't optimised nor are any montgomery forms
24 cached, and on x86 it appears OpenSSL's own performance has caught up.
25 However there are likely to be other architectures where GMP could
26 provide a boost. This ENGINE is not built in by default, but it can be
27 specified at Configure time and should be accompanied by the necessary
28 linker additions, eg;
29 ./config -DOPENSSL_USE_GMP -lgmp
30 [Geoff Thorpe]
31
32 *) "openssl engine" will not display ENGINE/DSO load failure errors when
33 testing availability of engines with "-t" - the old behaviour is
34 produced by increasing the feature's verbosity with "-tt".
35 [Geoff Thorpe]
36
a74333f9
LJ		 37 *) ECDSA routines: under certain error conditions uninitialized BN objects
38 could be freed. Solution: make sure initialization is performed early
39 enough. (Reported and fix supplied by Nils Larsch <nla@trustcenter.de>
40 via PR#459)
41 [Lutz Jaenicke]
42
0e4aa0d2
GT		 43 *) Key-generation can now be implemented in RSA_METHOD, DSA_METHOD
44 and DH_METHOD (eg. by ENGINE implementations) to override the normal
45 software implementations. For DSA and DH, parameter generation can
46 also be overriden by providing the appropriate method callbacks.
47 [Geoff Thorpe]
48
e9224c71
GT		 49 *) Change the "progress" mechanism used in key-generation and
50 primality testing to functions that take a new BN_GENCB pointer in
51 place of callback/argument pairs. The new API functions have "_ex"
52 postfixes and the older functions are reimplemented as wrappers for
53 the new ones. The OPENSSL_NO_DEPRECATED symbol can be used to hide
54 declarations of the old functions to help (graceful) attempts to
55 migrate to the new functions. Also, the new key-generation API
56 functions operate on a caller-supplied key-structure and return
57 success/failure rather than returning a key or NULL - this is to
58 help make "keygen" another member function of RSA_METHOD etc.
9d5390a0
BM		 59
60 Example for using the new callback interface:
61
62 int (*my_callback)(int a, int b, BN_GENCB *cb) = ...;
63 void *my_arg = ...;
64 BN_GENCB my_cb;
65
66 BN_GENCB_set(&my_cb, my_callback, my_arg);
67
68 return BN_is_prime_ex(some_bignum, BN_prime_checks, NULL, &cb);
69 /* For the meaning of a, b in calls to my_callback(), see the
70 * documentation of the function that calls the callback.
71 * cb will point to my_cb; my_arg can be retrieved as cb->arg.
72 * my_callback should return 1 if it wants BN_is_prime_ex()
73 * to continue, or 0 to stop.
74 */
75
e9224c71
GT		 76 [Geoff Thorpe]
77
fdaea9ed
RL		 78 *) Change the ZLIB compression method to be stateful, and make it
79 available to TLS with the number defined in
80 draft-ietf-tls-compression-04.txt.
81 [Richard Levitte]
82
20199ca8
RL		 83 *) Add the ASN.1 structures and functions for CertificatePair, which
84 is defined as follows (according to X.509_4thEditionDraftV6.pdf):
85
86 CertificatePair ::= SEQUENCE {
9d5390a0
BM		 87 forward [0] Certificate OPTIONAL,
88 reverse [1] Certificate OPTIONAL,
89 -- at least one of the pair shall be present -- }
20199ca8
RL		 90
91 Also implement the PEM functions to read and write certificate
92 pairs, and defined the PEM tag as "CERTIFICATE PAIR".
93
94 This needed to be defined, mostly for the sake of the LDAP
95 attribute crossCertificatePair, but may prove useful elsewhere as
96 well.
97 [Richard Levitte]
98
6f17f16f
RL		 99 *) Make it possible to inhibit symlinking of shared libraries in
100 Makefile.shared, for Cygwin's sake.
101 [Richard Levitte]
102
b53e44e5
BM		 103 *) Extend the BIGNUM API by creating new macros that behave like
104 functions
105
106 void BN_set_sign(BIGNUM *a, int neg);
107 int BN_get_sign(const BIGNUM *a);
108
109 and avoid the need to access 'a->neg' directly in applications.
110 [Nils Larsch <nla@trustcenter.de>]
111
5c6bf031
BM		 112 *) Implement fast modular reduction for pseudo-Mersenne primes
113 used in NIST curves (crypto/bn/bn_nist.c, crypto/ec/ecp_nist.c).
114 EC_GROUP_new_curve_GFp() will now automatically use this
115 if applicable.
116 [Nils Larsch <nla@trustcenter.de>]
117
19b8d06a
BM		 118 *) Add new lock type (CRYPTO_LOCK_BN).
119 [Bodo Moeller]
120
6f7c2cb3
RL		 121 *) Change the ENGINE framework to automatically load engines
122 dynamically from specific directories unless they could be
123 found to already be built in or loaded. Move all the
124 current engines except for the cryptodev one to a new
125 directory engines/.
126 The engines in engines/ are built as shared libraries if
127 the "shared" options was given to ./Configure or ./config.
128 Otherwise, they are inserted in libcrypto.a.
129 /usr/local/ssl/engines is the default directory for dynamic
874fee47
RL		 130 engines, but that can be overriden at configure time through
131 the usual use of --prefix and/or --openssldir, and at run
132 time with the environment variable OPENSSL_ENGINES.
6f7c2cb3
RL		 133 [Geoff Thorpe and Richard Levitte]
134
30afcc07
RL		 135 *) Add Makefile.shared, a helper makefile to build shared
136 libraries. Addapt Makefile.org.
137 [Richard Levitte]
138
fc6a6a10
DSH		 139 *) Add version info to Win32 DLLs.
140 [Peter 'Luna' Runestig" <peter@runestig.com>]
141
9a48b07e
DSH		 142 *) Add new 'medium level' PKCS#12 API. Certificates and keys
143 can be added using this API to created arbitrary PKCS#12
144 files while avoiding the low level API.
145
146 New options to PKCS12_create(), key or cert can be NULL and
147 will then be omitted from the output file. The encryption
148 algorithm NIDs can be set to -1 for no encryption, the mac
149 iteration count can be set to 0 to omit the mac.
150
151 Enhance pkcs12 utility by making the -nokeys and -nocerts
152 options work when creating a PKCS#12 file. New option -nomac
153 to omit the mac, NONE can be set for an encryption algorithm.
154 New code is modified to use the enhanced PKCS12_create()
155 instead of the low level API.
156 [Steve Henson]
157
230fd6b7
DSH		 158 *) Extend ASN1 encoder to support indefinite length constructed
159 encoding. This can output sequences tags and octet strings in
160 this form. Modify pk7_asn1.c to support indefinite length
161 encoding. This is experimental and needs additional code to
162 be useful, such as an ASN1 bio and some enhanced streaming
163 PKCS#7 code.
164
165 Extend template encode functionality so that tagging is passed
166 down to the template encoder.
167 [Steve Henson]
168
9226e218
BM		 169 *) Let 'openssl req' fail if an argument to '-newkey' is not
170 recognized instead of using RSA as a default.
171 [Bodo Moeller]
172
ea262260
BM		 173 *) Add support for ECC-based ciphersuites from draft-ietf-tls-ecc-01.txt.
174 As these are not official, they are not included in "ALL";
175 the "ECCdraft" ciphersuite group alias can be used to select them.
176 [Vipul Gupta and Sumit Gupta (Sun Microsystems Laboratories)]
177
e172d60d
BM		 178 *) Add ECDH engine support.
179 [Nils Gura and Douglas Stebila (Sun Microsystems Laboratories)]
180
181 *) Add ECDH in new directory crypto/ecdh/.
49a0f778
BM		 182TODO: more general interface (return x coordinate, not its hash)
183TODO: bug: pad x with leading zeros if necessary
e172d60d
BM		 184 [Douglas Stebila (Sun Microsystems Laboratories)]
185
95ecacf8
BM		 186 *) Let BN_rand_range() abort with an error after 100 iterations
187 without success (which indicates a broken PRNG).
188 [Bodo Moeller]
189
6fb60a84
BM		 190 *) Change BN_mod_sqrt() so that it verifies that the input value
191 is really the square of the return value. (Previously,
192 BN_mod_sqrt would show GIGO behaviour.)
193 [Bodo Moeller]
194
7793f30e
BM		 195 *) Add named elliptic curves over binary fields from X9.62, SECG,
196 and WAP/WTLS; add OIDs that were still missing.
197
198 [Sheueling Chang Shantz and Douglas Stebila
199 (Sun Microsystems Laboratories)]
200
201 *) Extend the EC library for elliptic curves over binary fields
202 (new files ec2_smpl.c, ec2_smpt.c, ec2_mult.c in crypto/ec/).
203 New EC_METHOD:
204
205 EC_GF2m_simple_method
206
207 New API functions:
208
209 EC_GROUP_new_curve_GF2m
210 EC_GROUP_set_curve_GF2m
211 EC_GROUP_get_curve_GF2m
7793f30e
BM		 212 EC_POINT_set_affine_coordinates_GF2m
213 EC_POINT_get_affine_coordinates_GF2m
214 EC_POINT_set_compressed_coordinates_GF2m
215
216 Point compression for binary fields is disabled by default for
217 patent reasons (compile with OPENSSL_EC_BIN_PT_COMP defined to
218 enable it).
219
220 As binary polynomials are represented as BIGNUMs, various members
221 of the EC_GROUP and EC_POINT data structures can be shared
222 between the implementations for prime fields and binary fields;
223 the above ..._GF2m functions (except for EX_GROUP_new_curve_GF2m)
224 are essentially identical to their ..._GFp counterparts.
9e4f9b36
BM		 225 (For simplicity, the '..._GFp' prefix has been dropped from
226 various internal method names.)
7793f30e
BM		 227
228 An internal 'field_div' method (similar to 'field_mul' and
229 'field_sqr') has been added; this is used only for binary fields.
230
231 [Sheueling Chang Shantz and Douglas Stebila
232 (Sun Microsystems Laboratories)]
233
9e4f9b36 234 *) Optionally dispatch EC_POINT_mul(), EC_POINT_precompute_mult()
7793f30e
BM		 235 through methods ('mul', 'precompute_mult').
236
237 The generic implementations (now internally called 'ec_wNAF_mul'
238 and 'ec_wNAF_precomputed_mult') remain the default if these
239 methods are undefined.
240
241 [Sheueling Chang Shantz and Douglas Stebila
242 (Sun Microsystems Laboratories)]
243
244 *) New function EC_GROUP_get_degree, which is defined through
245 EC_METHOD. For curves over prime fields, this returns the bit
246 length of the modulus.
247
248 [Sheueling Chang Shantz and Douglas Stebila
249 (Sun Microsystems Laboratories)]
250
251 *) New functions EC_GROUP_dup, EC_POINT_dup.
252 (These simply call ..._new and ..._copy).
253
254 [Sheueling Chang Shantz and Douglas Stebila
255 (Sun Microsystems Laboratories)]
256
1dc920c8
BM		 257 *) Add binary polynomial arithmetic software in crypto/bn/bn_gf2m.c.
258 Polynomials are represented as BIGNUMs (where the sign bit is not
259 used) in the following functions [macros]:
260
261 BN_GF2m_add
262 BN_GF2m_sub [= BN_GF2m_add]
263 BN_GF2m_mod [wrapper for BN_GF2m_mod_arr]
264 BN_GF2m_mod_mul [wrapper for BN_GF2m_mod_mul_arr]
265 BN_GF2m_mod_sqr [wrapper for BN_GF2m_mod_sqr_arr]
266 BN_GF2m_mod_inv
267 BN_GF2m_mod_exp [wrapper for BN_GF2m_mod_exp_arr]
268 BN_GF2m_mod_sqrt [wrapper for BN_GF2m_mod_sqrt_arr]
269 BN_GF2m_mod_solve_quad [wrapper for BN_GF2m_mod_solve_quad_arr]
270 BN_GF2m_cmp [= BN_ucmp]
271
272 (Note that only the 'mod' functions are actually for fields GF(2^m).
273 BN_GF2m_add() is misnomer, but this is for the sake of consistency.)
274
275 For some functions, an the irreducible polynomial defining a
276 field can be given as an 'unsigned int[]' with strictly
277 decreasing elements giving the indices of those bits that are set;
278 i.e., p[] represents the polynomial
279 f(t) = t^p[0] + t^p[1] + ... + t^p[k]
280 where
281 p[0] > p[1] > ... > p[k] = 0.
282 This applies to the following functions:
283
284 BN_GF2m_mod_arr
285 BN_GF2m_mod_mul_arr
286 BN_GF2m_mod_sqr_arr
287 BN_GF2m_mod_inv_arr [wrapper for BN_GF2m_mod_inv]
288 BN_GF2m_mod_div_arr [wrapper for BN_GF2m_mod_div]
289 BN_GF2m_mod_exp_arr
290 BN_GF2m_mod_sqrt_arr
291 BN_GF2m_mod_solve_quad_arr
292 BN_GF2m_poly2arr
293 BN_GF2m_arr2poly
294
295 Conversion can be performed by the following functions:
296
297 BN_GF2m_poly2arr
298 BN_GF2m_arr2poly
299
300 bntest.c has additional tests for binary polynomial arithmetic.
301
909abce8
BM		 302 Two implementations for BN_GF2m_mod_div() are available.
303 The default algorithm simply uses BN_GF2m_mod_inv() and
304 BN_GF2m_mod_mul(). The alternative algorithm is compiled in only
305 if OPENSSL_SUN_GF2M_DIV is defined (patent pending; read the
306 copyright notice in crypto/bn/bn_gf2m.c before enabling it).
1dc920c8
BM		 307
308 [Sheueling Chang Shantz and Douglas Stebila
309 (Sun Microsystems Laboratories)]
310
16dc1cfb
BM		 311 *) Add new error code 'ERR_R_DISABLED' that can be used when some
312 functionality is disabled at compile-time.
313 [Douglas Stebila <douglas.stebila@sun.com>]
314
ea4f109c
BM		 315 *) Change default behaviour of 'openssl asn1parse' so that more
316 information is visible when viewing, e.g., a certificate:
317
318 Modify asn1_parse2 (crypto/asn1/asn1_par.c) so that in non-'dump'
319 mode the content of non-printable OCTET STRINGs is output in a
320 style similar to INTEGERs, but with '[HEX DUMP]' prepended to
321 avoid the appearance of a printable string.
322 [Nils Larsch <nla@trustcenter.de>]
323
254ef80d
BM		 324 *) Add 'asn1_flag' and 'asn1_form' member to EC_GROUP with access
325 functions
326 EC_GROUP_set_asn1_flag()
327 EC_GROUP_get_asn1_flag()
328 EC_GROUP_set_point_conversion_form()
329 EC_GROUP_get_point_conversion_form()
330 These control ASN1 encoding details:
b8e0e123
BM		 331 - Curves (i.e., groups) are encoded explicitly unless asn1_flag
332 has been set to OPENSSL_EC_NAMED_CURVE.
5f3d6f70 333 - Points are encoded in uncompressed form by default; options for
254ef80d
BM		 334 asn1_for are as for point2oct, namely
335 POINT_CONVERSION_COMPRESSED
336 POINT_CONVERSION_UNCOMPRESSED
337 POINT_CONVERSION_HYBRID
5f3d6f70
BM		 338
339 Also add 'seed' and 'seed_len' members to EC_GROUP with access
340 functions
341 EC_GROUP_set_seed()
342 EC_GROUP_get0_seed()
343 EC_GROUP_get_seed_len()
344 This is used only for ASN1 purposes (so far).
458c2917
BM		 345 [Nils Larsch <nla@trustcenter.de>]
346
347 *) Add 'field_type' member to EC_METHOD, which holds the NID
348 of the appropriate field type OID. The new function
349 EC_METHOD_get_field_type() returns this value.
350 [Nils Larsch <nla@trustcenter.de>]
351
6cbe6382
BM		 352 *) Add functions
353 EC_POINT_point2bn()
354 EC_POINT_bn2point()
355 EC_POINT_point2hex()
356 EC_POINT_hex2point()
357 providing useful interfaces to EC_POINT_point2oct() and
358 EC_POINT_oct2point().
359 [Nils Larsch <nla@trustcenter.de>]
360
b6db386f
BM		 361 *) Change internals of the EC library so that the functions
362 EC_GROUP_set_generator()
363 EC_GROUP_get_generator()
364 EC_GROUP_get_order()
365 EC_GROUP_get_cofactor()
366 are implemented directly in crypto/ec/ec_lib.c and not dispatched
367 to methods, which would lead to unnecessary code duplication when
368 adding different types of curves.
6cbe6382 369 [Nils Larsch <nla@trustcenter.de> with input by Bodo Moeller]
b6db386f 370
47234cd3
BM		 371 *) Implement compute_wNAF (crypto/ec/ec_mult.c) without BIGNUM
372 arithmetic, and such that modified wNAFs are generated
373 (which avoid length expansion in many cases).
374 [Bodo Moeller]
375
82652aaf
BM		 376 *) Add a function EC_GROUP_check_discriminant() (defined via
377 EC_METHOD) that verifies that the curve discriminant is non-zero.
378
379 Add a function EC_GROUP_check() that makes some sanity tests
380 on a EC_GROUP, its generator and order. This includes
381 EC_GROUP_check_discriminant().
382 [Nils Larsch <nla@trustcenter.de>]
383
4d94ae00
BM		 384 *) Add ECDSA in new directory crypto/ecdsa/.
385
5dbd3efc
BM		 386 Add applications 'openssl ecparam' and 'openssl ecdsa'
387 (these are based on 'openssl dsaparam' and 'openssl dsa').
4d94ae00
BM		 388
389 ECDSA support is also included in various other files across the
390 library. Most notably,
391 - 'openssl req' now has a '-newkey ecdsa:file' option;
392 - EVP_PKCS82PKEY (crypto/evp/evp_pkey.c) now can handle ECDSA;
393 - X509_PUBKEY_get (crypto/asn1/x_pubkey.c) and
394 d2i_PublicKey (crypto/asn1/d2i_pu.c) have been modified to make
395 them suitable for ECDSA where domain parameters must be
e172d60d
BM		 396 extracted before the specific public key;
397 - ECDSA engine support has been added.
f8e21776 398 [Nils Larsch <nla@trustcenter.de>]
4d94ae00 399
af28dd6c 400 *) Include some named elliptic curves, and add OIDs from X9.62,
ed5e37c3 401 SECG, and WAP/WTLS. Each curve can be obtained from the new
7eb18f12 402 function
ed5e37c3
BM		 403 EC_GROUP_new_by_nid(),
404 and the list of available named curves can be obtained with
405 EC_get_builtin_curves().
254ef80d
BM		 406 Also add a 'curve_name' member to EC_GROUP objects, which can be
407 accessed via
4d94ae00
BM		 408 EC_GROUP_set_nid()
409 EC_GROUP_get_nid()
410 [Nils Larsch <nla@trustcenter.de, Bodo Moeller]
411
c1862f91
BM		 412 *) Remove a few calls to bn_wexpand() in BN_sqr() (the one in there
413 was actually never needed) and in BN_mul(). The removal in BN_mul()
414 required a small change in bn_mul_part_recursive() and the addition
415 of the functions bn_cmp_part_words(), bn_sub_part_words() and
416 bn_add_part_words(), which do the same thing as bn_cmp_words(),
417 bn_sub_words() and bn_add_words() except they take arrays with
418 differing sizes.
419 [Richard Levitte]
420
7a1c6aa2 421 Changes between 0.9.7 and 0.9.7a [XX xxx 2003]
948dcdb8 422
0b13e9f0
RL		 423 *) Add the possibility to build without the ENGINE framework.
424 [Steven Reddie <smr@essemer.com.au> via Richard Levitte]
425
d3b5cb53
DSH		 426 *) Under Win32 gmtime() can return NULL: check return value in
427 OPENSSL_gmtime(). Add error code for case where gmtime() fails.
428 [Steve Henson]
429
a74333f9
LJ		 430 *) DSA routines: under certain error conditions uninitialized BN objects
431 could be freed. Solution: make sure initialization is performed early
432 enough. (Reported and fix supplied by Ivan D Nestlerode <nestler@MIT.EDU>,
433 Nils Larsch <nla@trustcenter.de> via PR#459)
434 [Lutz Jaenicke]
435
8ec16ce7
LJ		 436 *) Another fix for SSLv2 session ID handling: the session ID was incorrectly
437 checked on reconnect on the client side, therefore session resumption
438 could still fail with a "ssl session id is different" error. This
439 behaviour is masked when SSL_OP_ALL is used due to
440 SSL_OP_MICROSOFT_SESS_ID_BUG being set.
441 Behaviour observed by Crispin Flowerday <crispin@flowerday.cx> as
442 followup to PR #377.
443 [Lutz Jaenicke]
444
04aff67d
RL		 445 *) IA-32 assembler support enhancements: unified ELF targets, support
446 for SCO/Caldera platforms, fix for Cygwin shared build.
447 [Andy Polyakov]
448
afd41c9f
RL		 449 *) Add support for FreeBSD on sparc64. As a consequence, support for
450 FreeBSD on non-x86 processors is separate from x86 processors on
451 the config script, much like the NetBSD support.
452 [Richard Levitte & Kris Kennaway <kris@obsecurity.org>]
948dcdb8 453
08101d72 454 Changes between 0.9.6h and 0.9.7 [31 Dec 2002]
3e06fb75 455
21cde7a4
LJ		 456 *) Fix session ID handling in SSLv2 client code: the SERVER FINISHED
457 code (06) was taken as the first octet of the session ID and the last
458 octet was ignored consequently. As a result SSLv2 client side session
459 caching could not have worked due to the session ID mismatch between
460 client and server.
461 Behaviour observed by Crispin Flowerday <crispin@flowerday.cx> as
462 PR #377.
463 [Lutz Jaenicke]
464
9cd16b1d
RL		 465 *) Change the declaration of needed Kerberos libraries to use EX_LIBS
466 instead of the special (and badly supported) LIBKRB5. LIBKRB5 is
467 removed entirely.
468 [Richard Levitte]
469
14676ffc 470 *) The hw_ncipher.c engine requires dynamic locks. Unfortunately, it
a1457874
RL		 471 seems that in spite of existing for more than a year, many application
472 author have done nothing to provide the necessary callbacks, which
14676ffc
RL		 473 means that this particular engine will not work properly anywhere.
474 This is a very unfortunate situation which forces us, in the name
475 of usability, to give the hw_ncipher.c a static lock, which is part
476 of libcrypto.
477 NOTE: This is for the 0.9.7 series ONLY. This hack will never
478 appear in 0.9.8 or later. We EXPECT application authors to have
479 dealt properly with this when 0.9.8 is released (unless we actually
480 make such changes in the libcrypto locking code that changes will
481 have to be made anyway).
482 [Richard Levitte]
483
2053c43d
DSH		 484 *) In asn1_d2i_read_bio() repeatedly call BIO_read() until all content
485 octets have been read, EOF or an error occurs. Without this change
486 some truncated ASN1 structures will not produce an error.
487 [Steve Henson]
488
17582ccf
RL		 489 *) Disable Heimdal support, since it hasn't been fully implemented.
490 Still give the possibility to force the use of Heimdal, but with
491 warnings and a request that patches get sent to openssl-dev.
492 [Richard Levitte]
493
0bf23d9b
RL		 494 *) Add the VC-CE target, introduce the WINCE sysname, and add
495 INSTALL.WCE and appropriate conditionals to make it build.
496 [Steven Reddie <smr@essemer.com.au> via Richard Levitte]
497
6f17f16f
RL		 498 *) Change the DLL names for Cygwin to cygcrypto-x.y.z.dll and
499 cygssl-x.y.z.dll, where x, y and z are the major, minor and
500 edit numbers of the version.
501 [Corinna Vinschen <vinschen@redhat.com> and Richard Levitte]
502
54a656ef
BL		 503 *) Introduce safe string copy and catenation functions
504 (BUF_strlcpy() and BUF_strlcat()).
505 [Ben Laurie (CHATS) and Richard Levitte]
506
507 *) Avoid using fixed-size buffers for one-line DNs.
508 [Ben Laurie (CHATS)]
509
510 *) Add BUF_MEM_grow_clean() to avoid information leakage when
511 resizing buffers containing secrets, and use where appropriate.
512 [Ben Laurie (CHATS)]
513
514 *) Avoid using fixed size buffers for configuration file location.
515 [Ben Laurie (CHATS)]
516
517 *) Avoid filename truncation for various CA files.
518 [Ben Laurie (CHATS)]
519
520 *) Use sizeof in preference to magic numbers.
521 [Ben Laurie (CHATS)]
522
523 *) Avoid filename truncation in cert requests.
524 [Ben Laurie (CHATS)]
525
54a656ef
BL		 526 *) Add assertions to check for (supposedly impossible) buffer
527 overflows.
528 [Ben Laurie (CHATS)]
529
530 *) Don't cache truncated DNS entries in the local cache (this could
531 potentially lead to a spoofing attack).
532 [Ben Laurie (CHATS)]
533
534 *) Fix various buffers to be large enough for hex/decimal
535 representations in a platform independent manner.
536 [Ben Laurie (CHATS)]
537
538 *) Add CRYPTO_realloc_clean() to avoid information leakage when
539 resizing buffers containing secrets, and use where appropriate.
540 [Ben Laurie (CHATS)]
541
542 *) Add BIO_indent() to avoid much slightly worrying code to do
543 indents.
544 [Ben Laurie (CHATS)]
545
546 *) Convert sprintf()/BIO_puts() to BIO_printf().
547 [Ben Laurie (CHATS)]
548
549 *) buffer_gets() could terminate with the buffer only half
550 full. Fixed.
551 [Ben Laurie (CHATS)]
552
553 *) Add assertions to prevent user-supplied crypto functions from
554 overflowing internal buffers by having large block sizes, etc.
555 [Ben Laurie (CHATS)]
556
2b2ab523
BM		 557 *) New OPENSSL_assert() macro (similar to assert(), but enabled
558 unconditionally).
559 [Ben Laurie (CHATS)]
560
54a656ef
BL		 561 *) Eliminate unused copy of key in RC4.
562 [Ben Laurie (CHATS)]
563
564 *) Eliminate unused and incorrectly sized buffers for IV in pem.h.
565 [Ben Laurie (CHATS)]
566
567 *) Fix off-by-one error in EGD path.
568 [Ben Laurie (CHATS)]
569
570 *) If RANDFILE path is too long, ignore instead of truncating.
571 [Ben Laurie (CHATS)]
572
573 *) Eliminate unused and incorrectly sized X.509 structure
574 CBCParameter.
575 [Ben Laurie (CHATS)]
576
577 *) Eliminate unused and dangerous function knumber().
578 [Ben Laurie (CHATS)]
579
580 *) Eliminate unused and dangerous structure, KSSL_ERR.
581 [Ben Laurie (CHATS)]
582
583 *) Protect against overlong session ID context length in an encoded
584 session object. Since these are local, this does not appear to be
585 exploitable.
586 [Ben Laurie (CHATS)]
587
3e06fb75
BM		 588 *) Change from security patch (see 0.9.6e below) that did not affect
589 the 0.9.6 release series:
590
591 Remote buffer overflow in SSL3 protocol - an attacker could
592 supply an oversized master key in Kerberos-enabled versions.
593 (CAN-2002-0657)
594 [Ben Laurie (CHATS)]
dc014d43 595
7ba3a4c3
RL		 596 *) Change the SSL kerb5 codes to match RFC 2712.
597 [Richard Levitte]
598
ba111217
BM		 599 *) Make -nameopt work fully for req and add -reqopt switch.
600 [Michael Bell <michael.bell@rz.hu-berlin.de>, Steve Henson]
601
3f6db7f5
DSH		 602 *) The "block size" for block ciphers in CFB and OFB mode should be 1.
603 [Steve Henson, reported by Yngve Nysaeter Pettersen <yngve@opera.com>]
604
f013c7f2
RL		 605 *) Make sure tests can be performed even if the corresponding algorithms
606 have been removed entirely. This was also the last step to make
607 OpenSSL compilable with DJGPP under all reasonable conditions.
608 [Richard Levitte, Doug Kaufman <dkaufman@rahul.net>]
609
648765ba 610 *) Add cipher selection rules COMPLEMENTOFALL and COMPLEMENTOFDEFAULT
c6ccf055
LJ		 611 to allow version independent disabling of normally unselected ciphers,
612 which may be activated as a side-effect of selecting a single cipher.
648765ba
BM		 613
614 (E.g., cipher list string "RSA" enables ciphersuites that are left
615 out of "ALL" because they do not provide symmetric encryption.
616 "RSA:!COMPLEMEMENTOFALL" avoids these unsafe ciphersuites.)
c6ccf055
LJ		 617 [Lutz Jaenicke, Bodo Moeller]
618
041843e4
RL		 619 *) Add appropriate support for separate platform-dependent build
620 directories. The recommended way to make a platform-dependent
621 build directory is the following (tested on Linux), maybe with
622 some local tweaks:
623
624 # Place yourself outside of the OpenSSL source tree. In
625 # this example, the environment variable OPENSSL_SOURCE
626 # is assumed to contain the absolute OpenSSL source directory.
3e06fb75
BM		 627 mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`"
628 cd objtree/"`uname -s`-`uname -r`-`uname -m`"
4a9476dd 629 (cd $OPENSSL_SOURCE; find . -type f) | while read F; do
041843e4
RL		 630 mkdir -p `dirname $F`
631 ln -s $OPENSSL_SOURCE/$F $F
632 done
633
634 To be absolutely sure not to disturb the source tree, a "make clean"
635 is a good thing. If it isn't successfull, don't worry about it,
636 it probably means the source directory is very clean.
637 [Richard Levitte]
638
a6c6874a
GT		 639 *) Make sure any ENGINE control commands make local copies of string
640 pointers passed to them whenever necessary. Otherwise it is possible
641 the caller may have overwritten (or deallocated) the original string
642 data when a later ENGINE operation tries to use the stored values.
643