OpenSSL CHANGES
_______________
- Changes between 0.9.8g and 0.9.9 [xx XXX xxxx]
+ Changes between 0.9.8i and 0.9.9 [xx XXX xxxx]
- *) To support arbitrarily-typed thread IDs, deprecate the existing
- type-specific APIs for a general purpose CRYPTO_THREADID
- interface. Applications can choose the thread ID
- callback type it wishes to register, as before;
+ *) Delta CRL support. New use deltas option which will attempt to locate
+ and search any appropriate delta CRLs available.
- void CRYPTO_set_id_callback(unsigned long (*func)(void));
- void CRYPTO_set_idptr_callback(void *(*func)(void));
+ This work was sponsored by Google.
+ [Steve Henson]
- but retrieval, copies, and comparisons of thread IDs are via
- type-independent interfaces;
+ *) Support for CRLs partitioned by reason code. Reorganise CRL processing
+ code and add additional score elements. Validate alternate CRL paths
+ as part of the CRL checking and indicate a new error "CRL path validation
+ error" in this case. Applications wanting additional details can use
+ the verify callback and check the new "parent" field. If this is not
+ NULL CRL path validation is taking place. Existing applications wont
+ see this because it requires extended CRL support which is off by
+ default.
- void CRYPTO_THREADID_set(CRYPTO_THREADID *id);
- void CRYPTO_THREADID_cmp(const CRYPTO_THREADID *id1,
- const CRYPTO_THREADID *id2);
- void CRYPTO_THREADID_cpy(CRYPTO_THREADID *dst,
- const CRYPTO_THREADID *src);
+ This work was sponsored by Google.
+ [Steve Henson]
- Also, for code that needs a thread ID "value" for use in
- hash-tables or logging, a "hash" is available by;
+ *) Support for freshest CRL extension.
- unsigned long CRYPTO_THREADID_hash(const CRYPTO_THREADID *id);
+ This work was sponsored by Google.
+ [Steve Henson]
- This hash value is likely to be the thread ID anyway, but
- otherwise it will be unique if possible or as collision-free as
- possible if uniqueness can't be guaranteed on the target
- architecture.
+ *) Initial indirect CRL support. Currently only supported in the CRLs
+ passed directly and not via lookup. Process certificate issuer
+ CRL entry extension and lookup CRL entries by bother issuer name
+ and serial number. Check and process CRL issuer entry in IDP extension.
- The following functions are deprecated;
- unsigned long (*CRYPTO_get_id_callback(void))(void);
- unsigned long CRYPTO_thread_id(void);
+ This work was sponsored by Google.
+ [Steve Henson]
- As a consequence of the above, there are similar deprecations of
- BN_BLINDING functions in favour of CRYPTO_THREADID-based
- alternatives;
+ *) Add support for distinct certificate and CRL paths. The CRL issuer
+ certificate is validated separately in this case. Only enabled if
+ an extended CRL support flag is set: this flag will enable additional
+ CRL functionality in future.
- #ifndef OPENSSL_NO_DEPRECATED
- unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *);
- void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long);
- #endif
- void BN_BLINDING_set_thread(BN_BLINDING *);
- int BN_BLINDING_cmp_thread(const BN_BLINDING *, const
- CRYPTO_THREADID *);
+ This work was sponsored by Google.
+ [Steve Henson]
- Also, the ERR_remove_state(int pid) API has been deprecated;
+ *) Add support for policy mappings extension.
- #ifndef OPENSSL_NO_DEPRECATED
- void ERR_remove_state(unsigned long pid)
- #endif
- void ERR_remove_thread_state(CRYPTO_THREADID *tid);
+ This work was sponsored by Google.
+ [Steve Henson]
- [Geoff Thorpe]
+ *) Fixes to pathlength constraint, self issued certificate handling,
+ policy processing to align with RFC3280 and PKITS tests.
+
+ This work was sponsored by Google.
+ [Steve Henson]
+
+ *) Support for name constraints certificate extension. DN, email, DNS
+ and URI types are currently supported.
+
+ This work was sponsored by Google.
+ [Steve Henson]
+
+ *) To cater for systems that provide a pointer-based thread ID rather
+ than numeric, deprecate the current numeric thread ID mechanism and
+ replace it with a structure and associated callback type. This
+ mechanism allows a numeric "hash" to be extracted from a thread ID in
+ either case, and on platforms where pointers are larger than 'long',
+ mixing is done to help ensure the numeric 'hash' is usable even if it
+ can't be guaranteed unique. The default mechanism is to use "&errno"
+ as a pointer-based thread ID to distinguish between threads.
+
+ Applications that want to provide their own thread IDs should now use
+ CRYPTO_THREADID_set_callback() to register a callback that will call
+ either CRYPTO_THREADID_set_numeric() or CRYPTO_THREADID_set_pointer().
+
+ Note that ERR_remove_state() is now deprecated, because it is tied
+ to the assumption that thread IDs are numeric. ERR_remove_state(0)
+ to free the current thread's error state should be replaced by
+ ERR_remove_thread_state(NULL).
+
+ (This new approach replaces the functions CRYPTO_set_idptr_callback(),
+ CRYPTO_get_idptr_callback(), and CRYPTO_thread_idptr() that existed in
+ OpenSSL 0.9.9-dev between June 2006 and August 2008. Also, if an
+ application was previously providing a numeric thread callback that
+ was inappropriate for distinguishing threads, then uniqueness might
+ have been obtained with &errno that happened immediately in the
+ intermediate development versions of OpenSSL; this is no longer the
+ case, the numeric thread callback will now override the automatic use
+ of &errno.)
+ [Geoff Thorpe, with help from Bodo Moeller]
+
+ *) Initial support for different CRL issuing certificates. This covers a
+ simple case where the self issued certificates in the chain exist and
+ the real CRL issuer is higher in the existing chain.
+
+ This work was sponsored by Google.
+ [Steve Henson]
+
+ *) Removed effectively defunct crypto/store from the build.
+ [Ben Laurie]
+
+ *) Revamp of STACK to provide stronger type-checking. Still to come:
+ TXT_DB, bsearch(?), OBJ_bsearch, qsort, CRYPTO_EX_DATA, ASN1_VALUE,
+ ASN1_STRING, CONF_VALUE.
+ [Ben Laurie]
+
+ *) Add a new SSL_MODE_RELEASE_BUFFERS mode flag to release unused buffer
+ RAM on SSL connections. This option can save about 34k per idle SSL.
+ [Nick Mathewson]
+
+ *) Revamp of LHASH to provide stronger type-checking. Still to come:
+ STACK, TXT_DB, bsearch, qsort.
+ [Ben Laurie]
*) Initial support for Cryptographic Message Syntax (aka CMS) based
on RFC3850, RFC3851 and RFC3852. New cms directory and cms utility,
content types and variants.
[Steve Henson]
- *) Zlib compression BIO. This is a filter BIO which compressed and
- uncompresses any data passed through it. Add options to enc utility
- to support it.
+ *) Add options to enc utility to support use of zlib compression BIO.
[Steve Henson]
*) Extend mk1mf to support importing of options and assembly language
list-message-digest-algorithms and list-cipher-algorithms.
[Steve Henson]
- *) In addition to the numerical (unsigned long) thread ID, provide
- for a pointer (void *) thread ID. This helps accomodate systems
- that do not provide an unsigned long thread ID. OpenSSL assumes
- it is in the same thread iff both the numerical and the pointer
- thread ID agree; so applications are just required to define one
- of them appropriately (e.g., by using a pointer to a per-thread
- memory object malloc()ed by the application for the pointer-type
- thread ID). Exactly analoguous to the existing functions
-
- void CRYPTO_set_id_callback(unsigned long (*func)(void));
- unsigned long (*CRYPTO_get_id_callback(void))(void);
- unsigned long CRYPTO_thread_id(void);
-
- we now have additional functions
-
- void CRYPTO_set_idptr_callback(void *(*func)(void));
- void *(*CRYPTO_get_idptr_callback(void))(void);
- void *CRYPTO_thread_idptr(void);
-
- also in <openssl/crypto.h>. The default value for
- CRYPTO_thread_idptr() if the application has not provided its own
- callback is &errno.
- [Bodo Moeller]
-
- -- NOTE -- this change has been reverted and replaced with a
- type-independent wrapper (ie. applications do not have to check
- two type-specific thread ID representations as implied in this
- change note). However, the "idptr" callback form described here
- can still be registered. Please see the more recent CHANGES note
- regarding CRYPTO_THREADID. [Geoff Thorpe]
- -- NOTE --
-
*) Change the array representation of binary polynomials: the list
of degrees of non-zero coefficients is now terminated with -1.
Previously it was terminated with 0, which was also part of the
*) Change 'Configure' script to enable Camellia by default.
[NTT]
- Changes between 0.9.8g and 0.9.8h [xx XXX xxxx]
+ Changes between 0.9.8h and 0.9.8i [xx XXX xxxx]
+
+ *) Add support for Local Machine Keyset attribute in PKCS#12 files.
+ [Steve Henson]
+
+ *) Fix BN_GF2m_mod_arr() top-bit cleanup code.
+ [Huang Ying]
+
+ *) Expand ENGINE to support engine supplied SSL client certificate functions.
+
+ This work was sponsored by Logica.
+ [Steve Henson]
+
+ *) Add CryptoAPI ENGINE to support use of RSA and DSA keys held in Windows
+ keystores. Support for SSL/TLS client authentication too.
+ Not compiled unless enable-capieng specified to Configure.
+
+ This work was sponsored by Logica.
+ [Steve Henson]
+
+ Changes between 0.9.8g and 0.9.8h [28 May 2008]
+
+ *) Fix flaw if 'Server Key exchange message' is omitted from a TLS
+ handshake which could lead to a cilent crash as found using the
+ Codenomicon TLS test suite (CVE-2008-1672)
+ [Steve Henson, Mark Cox]
+
+ *) Fix double free in TLS server name extensions which could lead to
+ a remote crash found by Codenomicon TLS test suite (CVE-2008-0891)
+ [Joe Orton]
+
+ *) Clear error queue in SSL_CTX_use_certificate_chain_file()
+
+ Clear the error queue to ensure that error entries left from
+ older function calls do not interfere with the correct operation.
+ [Lutz Jaenicke, Erik de Castro Lopo]
+
+ *) Remove root CA certificates of commercial CAs:
+
+ The OpenSSL project does not recommend any specific CA and does not
+ have any policy with respect to including or excluding any CA.
+ Therefore it does not make any sense to ship an arbitrary selection
+ of root CA certificates with the OpenSSL software.
+ [Lutz Jaenicke]
+
+ *) RSA OAEP patches to fix two separate invalid memory reads.
+ The first one involves inputs when 'lzero' is greater than
+ 'SHA_DIGEST_LENGTH' (it would read about SHA_DIGEST_LENGTH bytes
+ before the beginning of from). The second one involves inputs where
+ the 'db' section contains nothing but zeroes (there is a one-byte
+ invalid read after the end of 'db').
+ [Ivan Nestlerode <inestlerode@us.ibm.com>]
+
+ *) Add TLS session ticket callback. This allows an application to set
+ TLS ticket cipher and HMAC keys rather than relying on hardcoded fixed
+ values. This is useful for key rollover for example where several key
+ sets may exist with different names.
+ [Steve Henson]
+
+ *) Reverse ENGINE-internal logic for caching default ENGINE handles.
+ This was broken until now in 0.9.8 releases, such that the only way
+ a registered ENGINE could be used (assuming it initialises
+ successfully on the host) was to explicitly set it as the default
+ for the relevant algorithms. This is in contradiction with 0.9.7
+ behaviour and the documentation. With this fix, when an ENGINE is
+ registered into a given algorithm's table of implementations, the
+ 'uptodate' flag is reset so that auto-discovery will be used next
+ time a new context for that algorithm attempts to select an
+ implementation.
+ [Ian Lister (tweaked by Geoff Thorpe)]
+
+ *) Update the GMP engine glue to do direct copies between BIGNUM and
+ mpz_t when openssl and GMP use the same limb size. Otherwise the
+ existing "conversion via a text string export" trick is still used.
+ [Paul Sheer <paulsheer@gmail.com>, Geoff Thorpe]
+
+ *) Zlib compression BIO. This is a filter BIO which compressed and
+ uncompresses any data passed through it.
+ [Steve Henson]
+
+ *) Add AES_wrap_key() and AES_unwrap_key() functions to implement
+ RFC3394 compatible AES key wrapping.
+ [Steve Henson]
+
+ *) Add utility functions to handle ASN1 structures. ASN1_STRING_set0():
+ sets string data without copying. X509_ALGOR_set0() and
+ X509_ALGOR_get0(): set and retrieve X509_ALGOR (AlgorithmIdentifier)
+ data. Attribute function X509at_get0_data_by_OBJ(): retrieves data
+ from an X509_ATTRIBUTE structure optionally checking it occurs only
+ once. ASN1_TYPE_set1(): set and ASN1_TYPE structure copying supplied
+ data.
+ [Steve Henson]
*) Fix BN flag handling in RSA_eay_mod_exp() and BN_MONT_CTX_set()
to get the expected BN_FLG_CONSTTIME behavior.