]> git.ipfire.org Git - thirdparty/openssl.git/blame_incremental - CHANGES
projects / thirdparty / openssl.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
Script to create shareable images (shared libraries in Unixly terms)
[thirdparty/openssl.git] / CHANGES
... / ...
CommitLineData
1
2 OpenSSL CHANGES
3 _______________
4
5 Changes between 0.9.6 and 0.9.7 [xx XXX 2001]
6
7 Both OpenSSL 0.9.6a (bugfix release, 5 Apr 2001) and OpenSSL 0.9.7
8 are based on OpenSSL 0.9.6.
9 Change log entries are tagged as follows:
10 -) applies to 0.9.6a (/0.9.6b) only
11 *) applies to 0.9.6a (/0.9.6b) and 0.9.7
12 +) applies to 0.9.7 only
13
14 +) Changes to the "openssl engine" utility to include;
15 - verbosity levels ('-v', '-vv', and '-vvv') that provide information
16 about an ENGINE's available control commands.
17 - executing control commands from command line arguments using the
18 '-pre' and '-post' switches. '-post' is only used if '-t' is
19 specified and the ENGINE is successfully initialised. The syntax for
20 the individual commands are colon-separated, for example;
21 openssl engine chil -pre FORK_CHECK:0 -pre SO_PATH:/lib/test.so
22 [Geoff]
23
24 +) New dynamic control command support for ENGINEs. ENGINEs can now
25 declare their own commands (numbers), names (strings), descriptions,
26 and input types for run-time discovery by calling applications. A
27 subset of these commands are implicitly classed as "executable"
28 depending on their input type, and only these can be invoked through
29 the new string-based API function ENGINE_ctrl_cmd_string(). (Eg. this
30 can be based on user input, config files, etc). The distinction is
31 that "executable" commands cannot return anything other than a boolean
32 result and can only support numeric or string input, whereas some
33 discoverable commands may only be for direct use through
34 ENGINE_ctrl(), eg. supporting the exchange of binary data, function
35 pointers, or other custom uses. The "executable" commands are to
36 support parameterisations of ENGINE behaviour that can be
37 unambiguously defined by ENGINEs and used consistently across any
38 OpenSSL-based application. Commands have been added to all the
39 existing hardware-supporting ENGINEs, noticeably "SO_PATH" to allow
40 control over shared-library paths without source code alterations.
41 [Geoff]
42
43 +) Changed all ENGINE implementations to dynamically allocate their
44 ENGINEs rather than declaring them statically. Apart from this being
45 necessary with the removal of the ENGINE_FLAGS_MALLOCED distinction,
46 this also allows the implementations to compile without using the
47 internal engine_int.h header.
48 [Geoff]
49
50 +) Minor adjustment to "rand" code. RAND_get_rand_method() now returns a
51 'const' value. Any code that should be able to modify a RAND_METHOD
52 should already have non-const pointers to it (ie. they should only
53 modify their own ones).
54 [Geoff]
55
56 +) Made a variety of little tweaks to the ENGINE code.
57 - "atalla" and "ubsec" string definitions were moved from header files
58 to C code. "nuron" string definitions were placed in variables
59 rather than hard-coded - allowing parameterisation of these values
60 later on via ctrl() commands.
61 - Removed unused "#if 0"'d code.
62 - Fixed engine list iteration code so it uses ENGINE_free() to release
63 structural references.
64 - Constified the RAND_METHOD element of ENGINE structures.
65 - Constified various get/set functions as appropriate and added
66 missing functions (including a catch-all ENGINE_cpy that duplicates
67 all ENGINE values onto a new ENGINE except reference counts/state).
68 - Removed NULL parameter checks in get/set functions. Setting a method
69 or function to NULL is a way of cancelling out a previously set
70 value. Passing a NULL ENGINE parameter is just plain stupid anyway
71 and doesn't justify the extra error symbols and code.
72 - Deprecate the ENGINE_FLAGS_MALLOCED define and move the area for
73 flags from engine_int.h to engine.h.
74 - Changed prototypes for ENGINE handler functions (init(), finish(),
75 ctrl(), key-load functions, etc) to take an (ENGINE*) parameter.
76 [Geoff]
77
78 *) Move 'if (!initialized) RAND_poll()' into regions protected by
79 CRYPTO_LOCK_RAND. This is not strictly necessary, but avoids
80 having multiple threads call RAND_poll() concurrently.
81 [Bodo Moeller]
82
83 *) In crypto/rand/md_rand.c, replace 'add_do_not_lock' flag by a
84 combination of a flag and a thread ID variable.
85 Otherwise while one thread is in ssleay_rand_bytes (which sets the
86 flag), *other* threads can enter ssleay_add_bytes without obeying
87 the CRYPTO_LOCK_RAND lock (and may even illegaly release the lock
88 that they do not hold after the first thread unsets add_do_not_lock).
89 [Bodo Moeller]
90
91 +) Implement binary inversion algorithm for BN_mod_inverse in addition
92 to the algorithm using long divison. The binary algorithm can be
93 used only if the modulus is odd. On 32-bit systems, it is faster
94 only for relatively small moduli (roughly 20-30% for 128-bit moduli,
95 roughly 5-15% for 256-bit moduli), so we use it only for moduli
96 up to 450 bits. In 64-bit environments, the binary algorithm
97 appears to be advantageous for much longer moduli; here we use it
98 for moduli up to 2048 bits.
99 [Bodo Moeller]
100
101 *) Change bctest again: '-x' expressions are not available in all
102 versions of 'test'.
103 [Bodo Moeller]
104
105 -) OpenSSL 0.9.6a released [5 Apr 2001]
106
107 *) Fix a couple of memory leaks in PKCS7_dataDecode()
108 [Steve Henson, reported by Heyun Zheng <hzheng@atdsprint.com>]
109
110 *) Change Configure and Makefiles to provide EXE_EXT, which will contain
111 the default extension for executables, if any. Also, make the perl
112 scripts that use symlink() to test if it really exists and use "cp"
113 if it doesn't. All this made OpenSSL compilable and installable in
114 CygWin.
115 [Richard Levitte]
116
117 +) Rewrite CHOICE field setting in ASN1_item_ex_d2i(). The old code
118 could not support the combine flag in choice fields.
119 [Steve Henson]
120
121 -) Fix for asn1_GetSequence() for indefinite length constructed data.
122 If SEQUENCE is length is indefinite just set c->slen to the total
123 amount of data available.
124 [Steve Henson, reported by shige@FreeBSD.org]
125 [This change does not apply to 0.9.7.]
126
127 *) Change bctest to avoid here-documents inside command substitution
128 (workaround for FreeBSD /bin/sh bug).
129 For compatibility with Ultrix, avoid shell functions (introduced
130 in the bctest version that searches along $PATH).
131 [Bodo Moeller]
132
133 *) Rename 'des_encrypt' to 'des_encrypt1'. This avoids the clashes
134 with des_encrypt() defined on some operating systems, like Solaris
135 and UnixWare.
136 [Richard Levitte]
137
138 *) Check the result of RSA-CRT (see D. Boneh, R. DeMillo, R. Lipton:
139 On the Importance of Eliminating Errors in Cryptographic
140 Computations, J. Cryptology 14 (2001) 2, 101-119,
141 http://theory.stanford.edu/~dabo/papers/faults.ps.gz).
142 [Ulf Moeller]
143
144 *) MIPS assembler BIGNUM division bug fix.
145 [Andy Polyakov]
146
147 *) Disabled incorrect Alpha assembler code.
148 [Richard Levitte]
149
150 -) Fix PKCS#7 decode routines so they correctly update the length
151 after reading an EOC for the EXPLICIT tag.
152 [Steve Henson]
153 [This change does not apply to 0.9.7.]
154
155 *) Fix bug in PKCS#12 key generation routines. This was triggered
156 if a 3DES key was generated with a 0 initial byte. Include
157 PKCS12_BROKEN_KEYGEN compilation option to retain the old
158 (but broken) behaviour.
159 [Steve Henson]
160
161 *) Enhance bctest to search for a working bc along $PATH and print
162 it when found.
163 [Tim Rice <tim@multitalents.net> via Richard Levitte]
164
165 +) Add a 'copy_extensions' option to the 'ca' utility. This copies
166 extensions from a certificate request to the certificate.
167 [Steve Henson]
168
169 +) Allow multiple 'certopt' and 'nameopt' options to be separated
170 by commas. Add 'namopt' and 'certopt' options to the 'ca' config
171 file: this allows the display of the certificate about to be
172 signed to be customised, to allow certain fields to be included
173 or excluded and extension details. The old system didn't display
174 multicharacter strings properly, omitted fields not in the policy
175 and couldn't display additional details such as extensions.
176 [Steve Henson]
177
178 *) Fix memory leaks in err.c: free err_data string if necessary;
179 don't write to the wrong index in ERR_set_error_data.
180 [Bodo Moeller]
181
182 +) Function EC_POINTs_mul for simultaneous scalar multiplication
183 of an arbitrary number of elliptic curve points, optionally
184 including the generator defined for the EC_GROUP.
185 EC_POINT_mul is a simple wrapper function for the typical case
186 that the point list has just one item (besides the optional
187 generator).
188 [Bodo Moeller]
189
190 +) First EC_METHODs for curves over GF(p):
191
192 EC_GFp_simple_method() uses the basic BN_mod_mul and BN_mod_sqr
193 operations and provides various method functions that can also
194 operate with faster implementations of modular arithmetic.
195
196 EC_GFp_mont_method() reuses most functions that are part of
197 EC_GFp_simple_method, but uses Montgomery arithmetic.
198
199 [Bodo Moeller; point addition and point doubling
200 implementation directly derived from source code provided by
201 Lenka Fibikova <fibikova@exp-math.uni-essen.de>]
202
203 +) Framework for elliptic curves (crypto/ec/ec.h, crypto/ec/ec_lcl.h,
204 crypto/ec/ec_lib.c):
205
206 Curves are EC_GROUP objects (with an optional group generator)
207 based on EC_METHODs that are built into the library.
208
209 Points are EC_POINT objects based on EC_GROUP objects.
210
211 Most of the framework would be able to handle curves over arbitrary
212 finite fields, but as there are no obvious types for fields other
213 than GF(p), some functions are limited to that for now.
214 [Bodo Moeller]
215
216 +) Add the -HTTP option to s_server. It is similar to -WWW, but requires
217 that the file contains a complete HTTP response.
218 [Richard Levitte]
219
220 +) Add the ec directory to mkdef.pl and mkfiles.pl. In mkdef.pl
221 change the def and num file printf format specifier from "%-40sXXX"
222 to "%-39s XXX". The latter will always guarantee a space after the
223 field while the former will cause them to run together if the field
224 is 40 of more characters long.
225 [Steve Henson]
226
227 +) Constify the cipher and digest 'method' functions and structures
228 and modify related functions to take constant EVP_MD and EVP_CIPHER
229 pointers.
230 [Steve Henson]
231
232 *) Implement ssl23_peek (analogous to ssl23_read), which previously
233 did not exist.
234 [Bodo Moeller]
235
236 *) Replace rdtsc with _emit statements for VC++ version 5.
237 [Jeremy Cooper <jeremy@baymoo.org>]
238
239 +) Hide BN_CTX structure details in bn_lcl.h instead of publishing them
240 in <openssl/bn.h>. Also further increase BN_CTX_NUM to 32.
241 [Bodo Moeller]
242
243 +) Modify EVP_Digest*() routines so they now return values. Although the
244 internal software routines can never fail additional hardware versions
245 might.
246 [Steve Henson]
247
248 +) Clean up crypto/err/err.h and change some error codes to avoid conflicts:
249
250 Previously ERR_R_FATAL was too small and coincided with ERR_LIB_PKCS7
251 (= ERR_R_PKCS7_LIB); it is now 64 instead of 32.
252
253 ASN1 error codes
254 ERR_R_NESTED_ASN1_ERROR
255 ...
256 ERR_R_MISSING_ASN1_EOS
257 were 4 .. 9, conflicting with
258 ERR_LIB_RSA (= ERR_R_RSA_LIB)
259 ...
260 ERR_LIB_PEM (= ERR_R_PEM_LIB).
261 They are now 58 .. 63 (i.e., just below ERR_R_FATAL).
262
263 Add new error code 'ERR_R_INTERNAL_ERROR'.
264 [Bodo Moeller]
265
266 +) Don't overuse locks in crypto/err/err.c: For data retrieval, CRYPTO_r_lock
267 suffices.
268 [Bodo Moeller]
269
270 +) New option '-subj arg' for 'openssl req' and 'openssl ca'. This
271 sets the subject name for a new request or supersedes the
272 subject name in a given request. Formats that can be parsed are
273 'CN=Some Name, OU=myOU, C=IT'
274 and
275 'CN=Some Name/OU=myOU/C=IT'.
276
277 Add options '-batch' and '-verbose' to 'openssl req'.
278 [Massimiliano Pala <madwolf@hackmasters.net>]
279
280 *) Make it possible to reuse SSLv2 sessions.
281 [Richard Levitte]
282
283 +) Introduce the possibility to access global variables through
284 functions on platform were that's the best way to handle exporting
285 global variables in shared libraries. To enable this functionality,
286 one must configure with "EXPORT_VAR_AS_FN" or defined the C macro
287 "OPENSSL_EXPORT_VAR_AS_FUNCTION" in crypto/opensslconf.h (the latter
288 is normally done by Configure or something similar).
289
290 To implement a global variable, use the macro OPENSSL_IMPLEMENT_GLOBAL
291 in the source file (foo.c) like this:
292
293 OPENSSL_IMPLEMENT_GLOBAL(int,foo)=1;
294 OPENSSL_IMPLEMENT_GLOBAL(double,bar);
295
296 To declare a global variable, use the macros OPENSSL_DECLARE_GLOBAL
297 and OPENSSL_GLOBAL_REF in the header file (foo.h) like this:
298
299 OPENSSL_DECLARE_GLOBAL(int,foo);
300 #define foo OPENSSL_GLOBAL_REF(foo)
301 OPENSSL_DECLARE_GLOBAL(double,bar);
302 #define bar OPENSSL_GLOBAL_REF(bar)
303
304 The #defines are very important, and therefore so is including the
305 header file everywere where the defined globals are used.
306
307 The macro OPENSSL_EXPORT_VAR_AS_FUNCTION also affects the definition
308 of ASN.1 items, but that structure is a bt different.
309
310 The largest change is in util/mkdef.pl which has been enhanced with
311 better and easier to understand logic to choose which symbols should
312 go into the Windows .def files as well as a number of fixes and code
313 cleanup (among others, algorithm keywords are now sorted
314 lexicographically to avoid constant rewrites).
315 [Richard Levitte]
316
317 *) In copy_email() check for >= 0 as a return value for
318 X509_NAME_get_index_by_NID() since 0 is a valid index.
319 [Steve Henson reported by Massimiliano Pala <madwolf@opensca.org>]
320
321 +) In BN_div() keep a copy of the sign of 'num' before writing the
322 result to 'rm' because if rm==num the value will be overwritten
323 and produce the wrong result if 'num' is negative: this caused
324 problems with BN_mod() and BN_nnmod().
325 [Steve Henson]
326
327 +) Function OCSP_request_verify(). This checks the signature on an
328 OCSP request and verifies the signer certificate. The signer
329 certificate is just checked for a generic purpose and OCSP request
330 trust settings.
331 [Steve Henson]
332
333 +) Add OCSP_check_validity() function to check the validity of OCSP
334 responses. OCSP responses are prepared in real time and may only
335 be a few seconds old. Simply checking that the current time lies
336 between thisUpdate and nextUpdate max reject otherwise valid responses
337 caused by either OCSP responder or client clock innacuracy. Instead
338 we allow thisUpdate and nextUpdate to fall within a certain period of
339 the current time. The age of the response can also optionally be
340 checked. Two new options -validity_period and -status_age added to
341 ocsp utility.
342 [Steve Henson]
343
344 +) If signature or public key algorithm is unrecognized print out its
345 OID rather that just UNKOWN.
346 [Steve Henson]
347
348 *) Avoid coredump with unsupported or invalid public keys by checking if
349 X509_get_pubkey() fails in PKCS7_verify(). Fix memory leak when
350 PKCS7_verify() fails with non detached data.
351 [Steve Henson]
352
353 +) Change OCSP_cert_to_id() to tolerate a NULL subject certificate and
354 OCSP_cert_id_new() a NULL serialNumber. This allows a partial certificate
355 ID to be generated from the issuer certificate alone which can then be
356 passed to OCSP_id_issuer_cmp().
357 [Steve Henson]
358
359 +) New compilation option ASN1_ITEM_FUNCTIONS. This causes the new
360 ASN1 modules to export functions returning ASN1_ITEM pointers
361 instead of the ASN1_ITEM structures themselves. This adds several
362 new macros which allow the underlying ASN1 function/structure to
363 be accessed transparently. As a result code should not use ASN1_ITEM
364 references directly (such as &X509_it) but instead use the relevant
365 macros (such as ASN1_ITEM_rptr(X509)). This option is to allow
366 use of the new ASN1 code on platforms where exporting structures
367 is problematical (for example in shared libraries) but exporting
368 functions returning pointers to structures is not.
369 [Steve Henson]
370
371 +) Add support for overriding the generation of SSL/TLS session IDs.
372 These callbacks can be registered either in an SSL_CTX or per SSL.
373 The purpose of this is to allow applications to control, if they wish,
374 the arbitrary values chosen for use as session IDs, particularly as it
375 can be useful for session caching in multiple-server environments. A
376 command-line switch for testing this (and any client code that wishes
377 to use such a feature) has been added to "s_server".
378 [Geoff Thorpe, Lutz Jaenicke]
379
380 +) Modify mkdef.pl to recognise and parse prprocessor conditionals
381 of the form '#if defined(...) || defined(...) || ...' and
382 '#if !defined(...) && !defined(...) && ...'. This also avoids
383 the growing number of special cases it was previously handling.
384 [Richard Levitte]
385
386 *) Don't use getenv in library functions when run as setuid/setgid.
387 New function OPENSSL_issetugid().
388 [Ulf Moeller]
389
390 +) Make all configuration macros available for application by making
391 sure they are available in opensslconf.h, by giving them names starting
392 with "OPENSSL_" to avoid conflicts with other packages and by making
393 sure e_os2.h will cover all platform-specific cases together with
394 opensslconf.h.
395 Additionally, it is now possible to define configuration/platform-
396 specific names (called "system identities"). In the C code, these
397 are prefixed with "OPENSSL_SYSNAME_". e_os2.h will create another
398 macro with the name beginning with "OPENSSL_SYS_", which is determined
399 from "OPENSSL_SYSNAME_*" or compiler-specific macros depending on
400 what is available.
401 [Richard Levitte]
402
403 +) New option -set_serial to 'req' and 'x509' this allows the serial
404 number to use to be specified on the command line. Previously self
405 signed certificates were hard coded with serial number 0 and the
406 CA options of 'x509' had to use a serial number in a file which was
407 auto incremented.
408 [Steve Henson]
409
410 *) Avoid false positives in memory leak detection code (crypto/mem_dbg.c)
411 due to incorrect handling of multi-threading:
412
413 1. Fix timing glitch in the MemCheck_off() portion of CRYPTO_mem_ctrl().
414
415 2. Fix logical glitch in is_MemCheck_on() aka CRYPTO_is_mem_check_on().
416
417 3. Count how many times MemCheck_off() has been called so that
418 nested use can be treated correctly. This also avoids
419 inband-signalling in the previous code (which relied on the
420 assumption that thread ID 0 is impossible).
421 [Bodo Moeller]
422
423 +) New options to 'ca' utility to support V2 CRL entry extensions.
424 Currently CRL reason, invalidity date and hold instruction are
425 supported. Add new CRL extensions to V3 code and some new objects.
426 [Steve Henson]
427
428 *) Add "-rand" option also to s_client and s_server.
429 [Lutz Jaenicke]
430
431 +) New function EVP_CIPHER_CTX_set_padding() this is used to
432 disable standard block padding (aka PKCS#5 padding) in the EVP
433 API, which was previously mandatory. This means that the data is
434 not padded in any way and so the total length much be a multiple
435 of the block size, otherwise an error occurs.
436 [Steve Henson]
437
438 +) Initial (incomplete) OCSP SSL support.
439 [Steve Henson]
440
441 *) Fix CPU detection on Irix 6.x.
442 [Kurt Hockenbury <khockenb@stevens-tech.edu> and
443 "Bruce W. Forsberg" <bruce.forsberg@baesystems.com>]
444
445 +) New function OCSP_parse_url(). This splits up a URL into its host,
446 port and path components: primarily to parse OCSP URLs. New -url
447 option to ocsp utility.
448 [Steve Henson]
449
450 +) New nonce behavior. The return value of OCSP_check_nonce() now
451 reflects the various checks performed. Applications can decide
452 whether to tolerate certain situations such as an absent nonce
453 in a response when one was present in a request: the ocsp application
454 just prints out a warning. New function OCSP_add1_basic_nonce()
455 this is to allow responders to include a nonce in a response even if
456 the request is nonce-less.
457 [Steve Henson]
458
459 *) Fix X509_NAME bug which produced incorrect encoding if X509_NAME
460 was empty.
461 [This change does not apply to 0.9.7.]
462
463 *) Use the cached encoding of an X509_NAME structure rather than
464 copying it. This is apparently the reason for the libsafe "errors"
465 but the code is actually correct.
466 [Steve Henson]
467
468 +) Disable stdin buffering in load_cert (apps/apps.c) so that no certs are
469 skipped when using openssl x509 multiple times on a single input file,
470 e.g. "(openssl x509 -out cert1; openssl x509 -out cert2) <certs".
471 [Bodo Moeller]
472
473 +) Make ASN1_UTCTIME_set_string() and ASN1_GENERALIZEDTIME_set_string()
474 set string type: to handle setting ASN1_TIME structures. Fix ca
475 utility to correctly initialize revocation date of CRLs.
476 [Steve Henson]
477
478 +) New option SSL_OP_CIPHER_SERVER_PREFERENCE allows the server to override
479 the clients preferred ciphersuites and rather use its own preferences.
480 Should help to work around M$ SGC (Server Gated Cryptography) bug in
481 Internet Explorer by ensuring unchanged hash method during stepup.
482 [Lutz Jaenicke]
483
484 +) Make mkdef.pl recognise all DECLARE_ASN1 macros, change rijndael
485 to aes and add a new 'exist' option to print out symbols that don't
486 appear to exist.
487 [Steve Henson]
488
489 +) Additional options to ocsp utility to allow flags to be set and
490 additional certificates supplied.
491 [Steve Henson]
492
493 +) Add the option -VAfile to 'openssl ocsp', so the user can give the
494 OCSP client a number of certificate to only verify the response
495 signature against.
496 [Richard Levitte]
497
498 *) Add new function BN_rand_range(), and fix DSA_sign_setup() to prevent
499 Bleichenbacher's DSA attack.
500 Extend BN_[pseudo_]rand: As before, top=1 forces the highest two bits
501 to be set and top=0 forces the highest bit to be set; top=-1 is new
502 and leaves the highest bit random.
503 [Ulf Moeller, Bodo Moeller]
504
505 +) Update Rijndael code to version 3.0 and change EVP AES ciphers to
506 handle the new API. Currently only ECB, CBC modes supported. Add new
507 AES OIDs. Add TLS AES ciphersuites as described in the "AES Ciphersuites
508 for TLS" draft-ietf-tls-ciphersuite-03.txt.
509 [Ben Laurie, Steve Henson]
510
511 *) In the NCONF_...-based implementations for CONF_... queries
512 (crypto/conf/conf_lib.c), if the input LHASH is NULL, avoid using
513 a temporary CONF structure with the data component set to NULL
514 (which gives segmentation faults in lh_retrieve).
515 Instead, use NULL for the CONF pointer in CONF_get_string and
516 CONF_get_number (which may use environment variables) and directly
517 return NULL from CONF_get_section.
518 [Bodo Moeller]
519
520 *) Fix potential buffer overrun for EBCDIC.
521 [Ulf Moeller]
522
523 +) New function OCSP_copy_nonce() to copy nonce value (if present) from
524 request to response.
525 [Steve Henson]
526
527 +) Functions for OCSP responders. OCSP_request_onereq_count(),
528 OCSP_request_onereq_get0(), OCSP_onereq_get0_id() and OCSP_id_get0_info()
529 extract information from a certificate request. OCSP_response_create()
530 creates a response and optionally adds a basic response structure.
531 OCSP_basic_add1_status() adds a complete single response to a basic
532 reponse and returns the OCSP_SINGLERESP structure just added (to allow
533 extensions to be included for example). OCSP_basic_add1_cert() adds a
534 certificate to a basic response and OCSP_basic_sign() signs a basic
535 response with various flags. New helper functions ASN1_TIME_check()
536 (checks validity of ASN1_TIME structure) and ASN1_TIME_to_generalizedtime()
537 (converts ASN1_TIME to GeneralizedTime).
538 [Steve Henson]
539
540 +) Various new functions. EVP_Digest() combines EVP_Digest{Init,Update,Final}()
541 in a single operation. X509_get0_pubkey_bitstr() extracts the public_key
542 structure from a certificate. X509_pubkey_digest() digests tha public_key
543 contents: this is used in various key identifiers.
544 [Steve Henson]
545
546 *) Tolerate nonRepudiation as being valid for S/MIME signing and certSign
547 keyUsage if basicConstraints absent for a CA.
548 [Steve Henson]
549
550 *) Make SMIME_write_PKCS7() write mail header values with a format that
551 is more generally accepted (no spaces before the semicolon), since
552 some programs can't parse those values properly otherwise. Also make
553 sure BIO's that break lines after each write do not create invalid
554 headers.
555 [Richard Levitte]
556
557 +) Make sk_sort() tolerate a NULL argument.
558 [Steve Henson reported by Massimiliano Pala <madwolf@comune.modena.it>]
559
560 +) New OCSP verify flag OCSP_TRUSTOTHER. When set the "other" certificates
561 passed by the function are trusted implicitly. If any of them signed the
562 reponse then it is assumed to be valid and is not verified.
563 [Steve Henson]
564
565 -) Make the CRL encoding routines work with empty SEQUENCE OF. The
566 macros previously used would not encode an empty SEQUENCE OF
567 and break the signature.
568 [Steve Henson]
569 [This change does not apply to 0.9.7.]
570
571 *) Zero the premaster secret after deriving the master secret in
572 DH ciphersuites.
573 [Steve Henson]
574
575 +) In PKCS7_set_type() initialise content_type in PKCS7_ENC_CONTENT
576 to data. This was previously part of the PKCS7 ASN1 code. This
577 was causing problems with OpenSSL created PKCS#12 and PKCS#7 structures.
578 [Steve Henson, reported by Kenneth R. Robinette
579 <support@securenetterm.com>]
580
581 +) Add CRYPTO_push_info() and CRYPTO_pop_info() calls to new ASN1
582 routines: without these tracing memory leaks is very painful.
583 Fix leaks in PKCS12 and PKCS7 routines.
584 [Steve Henson]
585
586 *) Add some EVP_add_digest_alias registrations (as found in
587 OpenSSL_add_all_digests()) to SSL_library_init()
588 aka OpenSSL_add_ssl_algorithms(). This provides improved
589 compatibility with peers using X.509 certificates
590 with unconventional AlgorithmIdentifier OIDs.
591 [Bodo Moeller]
592
593 *) Fix for Irix with NO_ASM.
594 ["Bruce W. Forsberg" <bruce.forsberg@baesystems.com>]
595
596 *) ./config script fixes.
597 [Ulf Moeller, Richard Levitte]
598
599 +) Make X509_time_adj() cope with the new behaviour of ASN1_TIME_new().
600 Previously it initialised the 'type' argument to V_ASN1_UTCTIME which
601 effectively meant GeneralizedTime would never be used. Now it
602 is initialised to -1 but X509_time_adj() now has to check the value
603 and use ASN1_TIME_set() if the value is not V_ASN1_UTCTIME or
604 V_ASN1_GENERALIZEDTIME, without this it always uses GeneralizedTime.
605 [Steve Henson, reported by Kenneth R. Robinette
606 <support@securenetterm.com>]
607
608 +) Fixes to BN_to_ASN1_INTEGER when bn is zero. This would previously
609 result in a zero length in the ASN1_INTEGER structure which was
610 not consistent with the structure when d2i_ASN1_INTEGER() was used
611 and would cause ASN1_INTEGER_cmp() to fail. Enhance s2i_ASN1_INTEGER()
612 to cope with hex and negative integers. Fix bug in i2a_ASN1_INTEGER()
613 where it did not print out a minus for negative ASN1_INTEGER.
614 [Steve Henson]
615
616 *) Fix 'openssl passwd -1'.
617 [Bodo Moeller]
618
619 +) Add summary printout to ocsp utility. The various functions which
620 convert status values to strings have been renamed to:
621 OCSP_response_status_str(), OCSP_cert_status_str() and
622 OCSP_crl_reason_str() and are no longer static. New options
623 to verify nonce values and to disable verification. OCSP response
624 printout format cleaned up.
625 [Steve Henson]
626
627 +) Add additional OCSP certificate checks. These are those specified
628 in RFC2560. This consists of two separate checks: the CA of the
629 certificate being checked must either be the OCSP signer certificate
630 or the issuer of the OCSP signer certificate. In the latter case the
631 OCSP signer certificate must contain the OCSP signing extended key
632 usage. This check is performed by attempting to match the OCSP
633 signer or the OCSP signer CA to the issuerNameHash and issuerKeyHash
634 in the OCSP_CERTID structures of the response.
635 [Steve Henson]
636
637 +) Initial OCSP certificate verification added to OCSP_basic_verify()
638 and related routines. This uses the standard OpenSSL certificate
639 verify routines to perform initial checks (just CA validity) and
640 to obtain the certificate chain. Then additional checks will be
641 performed on the chain. Currently the root CA is checked to see
642 if it is explicitly trusted for OCSP signing. This is used to set
643 a root CA as a global signing root: that is any certificate that
644 chains to that CA is an acceptable OCSP signing certificate.
645 [Steve Henson]
646
647 +) New '-extfile ...' option to 'openssl ca' for reading X.509v3
648 extensions from a separate configuration file.
649 As when reading extensions from the main configuration file,
650 the '-extensions ...' option may be used for specifying the
651 section to use.
652 [Massimiliano Pala <madwolf@comune.modena.it>]
653
654 *) Change PKCS12_key_gen_asc() so it can cope with non null
655 terminated strings whose length is passed in the passlen
656 parameter, for example from PEM callbacks. This was done
657 by adding an extra length parameter to asc2uni().
658 [Steve Henson, reported by <oddissey@samsung.co.kr>]
659
660 +) New OCSP utility. Allows OCSP requests to be generated or
661 read. The request can be sent to a responder and the output
662 parsed, outputed or printed in text form. Not complete yet:
663 still needs to check the OCSP response validity.
664 [Steve Henson]
665
666 +) New subcommands for 'openssl ca':
667 'openssl ca -status <serial>' prints the status of the cert with
668 the given serial number (according to the index file).
669 'openssl ca -updatedb' updates the expiry status of certificates
670 in the index file.
671 [Massimiliano Pala <madwolf@comune.modena.it>]
672
673 +) New '-newreq-nodes' command option to CA.pl. This is like
674 '-newreq', but calls 'openssl req' with the '-nodes' option
675 so that the resulting key is not encrypted.
676 [Damien Miller <djm@mindrot.org>]
677
678 +) New configuration for the GNU Hurd.
679 [Jonathan Bartlett <johnnyb@wolfram.com> via Richard Levitte]
680
681 +) Initial code to implement OCSP basic response verify. This
682 is currently incomplete. Currently just finds the signer's
683 certificate and verifies the signature on the response.
684 [Steve Henson]
685
686 +) New SSLeay_version code SSLEAY_DIR to determine the compiled-in
687 value of OPENSSLDIR. This is available via the new '-d' option
688 to 'openssl version', and is also included in 'openssl version -a'.
689 [Bodo Moeller]
690
691 *) Fix C code generated by 'openssl dsaparam -C': If a BN_bin2bn
692 call failed, free the DSA structure.
693 [Bodo Moeller]
694
695 +) Allowing defining memory allocation callbacks that will be given
696 file name and line number information in additional arguments
697 (a const char* and an int). The basic functionality remains, as
698 well as the original possibility to just replace malloc(),
699 realloc() and free() by functions that do not know about these
700 additional arguments. To register and find out the current
701 settings for extended allocation functions, the following
702 functions are provided:
703
704 CRYPTO_set_mem_ex_functions
705 CRYPTO_set_locked_mem_ex_functions
706 CRYPTO_get_mem_ex_functions
707 CRYPTO_get_locked_mem_ex_functions
708
709 These work the same way as CRYPTO_set_mem_functions and friends.
710 CRYPTO_get_[locked_]mem_functions now writes 0 where such an
711 extended allocation function is enabled.
712 Similarly, CRYPTO_get_[locked_]mem_ex_functions writes 0 where
713 a conventional allocation function is enabled.
714 [Richard Levitte, Bodo Moeller]
715
716 *) Fix to uni2asc() to cope with zero length Unicode strings.
717 These are present in some PKCS#12 files.
718 [Steve Henson]
719
720 +) Finish off removing the remaining LHASH function pointer casts.
721 There should no longer be any prototype-casting required when using
722 the LHASH abstraction, and any casts that remain are "bugs". See
723 the callback types and macros at the head of lhash.h for details
724 (and "OBJ_cleanup" in crypto/objects/obj_dat.c as an example).
725 [Geoff Thorpe]
726
727 +) Add automatic query of EGD sockets in RAND_poll() for the unix variant.
728 If an EGD or PRNGD is running and enough entropy is returned, automatic
729 seeding like with /dev/[u]random will be performed.
730 Positions tried are: /etc/entropy, /var/run/egd-pool.
731 [Lutz Jaenicke]
732
733 +) Change the Unix RAND_poll() variant to be able to poll several
734 random devices, as specified by DEVRANDOM, until a sufficient amount
735 of data has been collected. We spend at most 10 ms on each file
736 (select timeout) and read in non-blocking mode. DEVRANDOM now
737 defaults to the list "/dev/urandom", "/dev/random", "/dev/srandom"
738 (previously it was just the string "/dev/urandom"), so on typical
739 platforms the 10 ms delay will never occur.
740 Also separate out the Unix variant to its own file, rand_unix.c.
741 For VMS, there's a currently-empty rand_vms.c.
742 [Richard Levitte]
743
744 +) Move OCSP client related routines to ocsp_cl.c. These
745 provide utility functions which an application needing
746 to issue a request to an OCSP responder and analyse the
747 response will typically need: as opposed to those which an
748 OCSP responder itself would need which will be added later.
749
750 OCSP_request_sign() signs an OCSP request with an API similar
751 to PKCS7_sign(). OCSP_response_status() returns status of OCSP
752 response. OCSP_response_get1_basic() extracts basic response
753 from response. OCSP_resp_find_status(): finds and extracts status
754 information from an OCSP_CERTID structure (which will be created
755 when the request structure is built). These are built from lower
756 level functions which work on OCSP_SINGLERESP structures but
757 wont normally be used unless the application wishes to examine
758 extensions in the OCSP response for example.
759
760 Replace nonce routines with a pair of functions.
761 OCSP_request_add1_nonce() adds a nonce value and optionally
762 generates a random value. OCSP_check_nonce() checks the
763 validity of the nonce in an OCSP response.
764 [Steve Henson]
765
766 +) Change function OCSP_request_add() to OCSP_request_add0_id().
767 This doesn't copy the supplied OCSP_CERTID and avoids the
768 need to free up the newly created id. Change return type
769 to OCSP_ONEREQ to return the internal OCSP_ONEREQ structure.
770 This can then be used to add extensions to the request.
771 Deleted OCSP_request_new(), since most of its functionality
772 is now in OCSP_REQUEST_new() (and the case insensitive name
773 clash) apart from the ability to set the request name which
774 will be added elsewhere.
775 [Steve Henson]
776
777 +) Update OCSP API. Remove obsolete extensions argument from
778 various functions. Extensions are now handled using the new
779 OCSP extension code. New simple OCSP HTTP function which
780 can be used to send requests and parse the response.
781 [Steve Henson]
782
783 +) Fix the PKCS#7 (S/MIME) code to work with new ASN1. Two new
784 ASN1_ITEM structures help with sign and verify. PKCS7_ATTR_SIGN
785 uses the special reorder version of SET OF to sort the attributes
786 and reorder them to match the encoded order. This resolves a long
787 standing problem: a verify on a PKCS7 structure just after signing
788 it used to fail because the attribute order did not match the
789 encoded order. PKCS7_ATTR_VERIFY does not reorder the attributes:
790 it uses the received order. This is necessary to tolerate some broken
791 software that does not order SET OF. This is handled by encoding
792 as a SEQUENCE OF but using implicit tagging (with UNIVERSAL class)
793 to produce the required SET OF.
794 [Steve Henson]
795
796 +) Have mk1mf.pl generate the macros OPENSSL_BUILD_SHLIBCRYPTO and
797 OPENSSL_BUILD_SHLIBSSL and use them appropriately in the header
798 files to get correct declarations of the ASN.1 item variables.
799 [Richard Levitte]
800
801 +) Rewrite of PKCS#12 code to use new ASN1 functionality. Replace many
802 PKCS#12 macros with real functions. Fix two unrelated ASN1 bugs:
803 asn1_check_tlen() would sometimes attempt to use 'ctx' when it was
804 NULL and ASN1_TYPE was not dereferenced properly in asn1_ex_c2i().
805 New ASN1 macro: DECLARE_ASN1_ITEM() which just declares the relevant
806 ASN1_ITEM and no wrapper functions.
807 [Steve Henson]
808
809 +) New functions or ASN1_item_d2i_fp() and ASN1_item_d2i_bio(). These
810 replace the old function pointer based I/O routines. Change most of
811 the *_d2i_bio() and *_d2i_fp() functions to use these.
812 [Steve Henson]
813
814 +) Enhance mkdef.pl to be more accepting about spacing in C preprocessor
815 lines, recognice more "algorithms" that can be deselected, and make
816 it complain about algorithm deselection that isn't recognised.
817 [Richard Levitte]
818
819 +) New ASN1 functions to handle dup, sign, verify, digest, pack and
820 unpack operations in terms of ASN1_ITEM. Modify existing wrappers
821 to use new functions. Add NO_ASN1_OLD which can be set to remove
822 some old style ASN1 functions: this can be used to determine if old
823 code will still work when these eventually go away.
824 [Steve Henson]
825
826 +) New extension functions for OCSP structures, these follow the
827 same conventions as certificates and CRLs.
828 [Steve Henson]
829
830 +) New function X509V3_add1_i2d(). This automatically encodes and
831 adds an extension. Its behaviour can be customised with various
832 flags to append, replace or delete. Various wrappers added for
833 certifcates and CRLs.
834 [Steve Henson]
835
836 +) Fix to avoid calling the underlying ASN1 print routine when
837 an extension cannot be parsed. Correct a typo in the
838 OCSP_SERVICELOC extension. Tidy up print OCSP format.
839 [Steve Henson]
840
841 *) Increase s2->wbuf allocation by one byte in ssl2_new (ssl/s2_lib.c).
842 Otherwise do_ssl_write (ssl/s2_pkt.c) will write beyond buffer limits
843 when writing a 32767 byte record.
844 [Bodo Moeller; problem reported by Eric Day <eday@concentric.net>]
845
846 *) In RSA_eay_public_{en,ed}crypt and RSA_eay_mod_exp (rsa_eay.c),
847 obtain lock CRYPTO_LOCK_RSA before setting rsa->_method_mod_{n,p,q}.
848
849 (RSA objects have a reference count access to which is protected
850 by CRYPTO_LOCK_RSA [see rsa_lib.c, s3_srvr.c, ssl_cert.c, ssl_rsa.c],
851 so they are meant to be shared between threads.)
852 [Bodo Moeller, Geoff Thorpe; original patch submitted by
853 "Reddie, Steven" <Steven.Reddie@ca.com>]
854
855 +) Make mkdef.pl parse some of the ASN1 macros and add apropriate
856 entries for variables.
857 [Steve Henson]
858
859 *) Fix a deadlock in CRYPTO_mem_leaks().
860 [Bodo Moeller]
861
862 +) Add functionality to apps/openssl.c for detecting locking
863 problems: As the program is single-threaded, all we have
864 to do is register a locking callback using an array for
865 storing which locks are currently held by the program.
866 [Bodo Moeller]
867
868 +) Use a lock around the call to CRYPTO_get_ex_new_index() in
869 SSL_get_ex_data_X509_STORE_idx(), which is used in
870 ssl_verify_cert_chain() and thus can be called at any time
871 during TLS/SSL handshakes so that thread-safety is essential.
872 Unfortunately, the ex_data design is not at all suited
873 for multi-threaded use, so it probably should be abolished.
874 [Bodo Moeller]
875
876 +) Added Broadcom "ubsec" ENGINE to OpenSSL.
877 [Broadcom, tweaked and integrated by Geoff Thorpe]
878
879 +) Move common extension printing code to new function
880 X509V3_print_extensions(). Reorganise OCSP print routines and
881 implement some needed OCSP ASN1 functions. Add OCSP extensions.
882 [Steve Henson]
883
884 +) New function X509_signature_print() to remove duplication in some
885 print routines.
886 [Steve Henson]
887
888 +) Add a special meaning when SET OF and SEQUENCE OF flags are both
889 set (this was treated exactly the same as SET OF previously). This
890 is used to reorder the STACK representing the structure to match the
891 encoding. This will be used to get round a problem where a PKCS7
892 structure which was signed could not be verified because the STACK
893 order did not reflect the encoded order.
894 [Steve Henson]
895
896 +) Reimplement the OCSP ASN1 module using the new code.
897 [Steve Henson]
898
899 +) Update the X509V3 code to permit the use of an ASN1_ITEM structure
900 for its ASN1 operations. The old style function pointers still exist
901 for now but they will eventually go away.
902 [Steve Henson]
903
904 +) Merge in replacement ASN1 code from the ASN1 branch. This almost
905 completely replaces the old ASN1 functionality with a table driven
906 encoder and decoder which interprets an ASN1_ITEM structure describing
907 the ASN1 module. Compatibility with the existing ASN1 API (i2d,d2i) is
908 largely maintained. Almost all of the old asn1_mac.h macro based ASN1
909 has also been converted to the new form.
910 [Steve Henson]
911
912 +) Change BN_mod_exp_recp so that negative moduli are tolerated
913 (the sign is ignored). Similarly, ignore the sign in BN_MONT_CTX_set
914 so that BN_mod_exp_mont and BN_mod_exp_mont_word work
915 for negative moduli.
916 [Bodo Moeller]
917
918 +) Fix BN_uadd and BN_usub: Always return non-negative results instead
919 of not touching the result's sign bit.
920 [Bodo Moeller]
921
922 +) BN_div bugfix: If the result is 0, the sign (res->neg) must not be
923 set.
924 [Bodo Moeller]
925
926 +) Changed the LHASH code to use prototypes for callbacks, and created
927 macros to declare and implement thin (optionally static) functions
928 that provide type-safety and avoid function pointer casting for the
929 type-specific callbacks.
930 [Geoff Thorpe]
931
932 *) Use better test patterns in bntest.
933