X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=966a90021c9b6e62d777e523aaddad604c40a027;hp=40c163b37034b00019eb5a8773d7915663dad95b;hb=8c9bd893380664a5c7fbd6a62ae6d0c51461fca7;hpb=f7ccba3edf9f1f02d7bd3b019d7bc96f25a95718;ds=sidebyside diff --git a/CHANGES b/CHANGES index 40c163b370..966a90021c 100644 --- a/CHANGES +++ b/CHANGES @@ -2,70 +2,94 @@ OpenSSL CHANGES _______________ - Changes between 0.9.8g and 0.9.9 [xx XXX xxxx] + Changes between 0.9.8i and 0.9.9 [xx XXX xxxx] - *) To support arbitrarily-typed thread IDs, deprecate the existing - type-specific APIs for a general purpose CRYPTO_THREADID - interface. Applications can choose the thread ID - callback type it wishes to register, as before; + *) Add support for distinct certificate and CRL paths. The CRL issuer + certificate is validated separately in this case. Only enabled if + an extended CRL support flag is set: this flag will enable additional + CRL functionality in future. - void CRYPTO_set_id_callback(unsigned long (*func)(void)); - void CRYPTO_set_idptr_callback(void *(*func)(void)); + This work was sponsored by Google. + [Steve Henson] - but retrieval, copies, and comparisons of thread IDs are via - type-independent interfaces; + *) Add support for policy mappings extension. - void CRYPTO_THREADID_set(CRYPTO_THREADID *id); - void CRYPTO_THREADID_cmp(const CRYPTO_THREADID *id1, - const CRYPTO_THREADID *id2); - void CRYPTO_THREADID_cpy(CRYPTO_THREADID *dst, - const CRYPTO_THREADID *src); + This work was sponsored by Google. + [Steve Henson] - Also, for code that needs a thread ID "value" for use in - hash-tables or logging, a "hash" is available by; + *) Fixes to pathlength constraint, self issued certificate handling, + policy processing to align with RFC3280 and PKITS tests. - unsigned long CRYPTO_THREADID_hash(const CRYPTO_THREADID *id); + This work was sponsored by Google. + [Steve Henson] - This hash value is likely to be the thread ID anyway, but - otherwise it will be unique if possible or as collision-free as - possible if uniqueness can't be guaranteed on the target - architecture. + *) Support for name constraints certificate extension. DN, email, DNS + and URI types are currently supported. - The following functions are deprecated; - unsigned long (*CRYPTO_get_id_callback(void))(void); - unsigned long CRYPTO_thread_id(void); + This work was sponsored by Google. + [Steve Henson] - As a consequence of the above, there are similar deprecations of - BN_BLINDING functions in favour of CRYPTO_THREADID-based - alternatives; + *) To cater for systems that provide a pointer-based thread ID rather + than numeric, deprecate the current numeric thread ID mechanism and + replace it with a structure and associated callback type. This + mechanism allows a numeric "hash" to be extracted from a thread ID in + either case, and on platforms where pointers are larger than 'long', + mixing is done to help ensure the numeric 'hash' is usable even if it + can't be guaranteed unique. The default mechanism is to use "&errno" + as a pointer-based thread ID to distinguish between threads. + + Applications that want to provide their own thread IDs should now use + CRYPTO_THREADID_set_callback() to register a callback that will call + either CRYPTO_THREADID_set_numeric() or CRYPTO_THREADID_set_pointer(). + + Note that ERR_remove_state() is now deprecated, because it is tied + to the assumption that thread IDs are numeric. ERR_remove_state(0) + to free the current thread's error state should be replaced by + ERR_remove_thread_state(NULL). + + (This new approach replaces the functions CRYPTO_set_idptr_callback(), + CRYPTO_get_idptr_callback(), and CRYPTO_thread_idptr() that existed in + OpenSSL 0.9.9-dev between June 2006 and August 2008. Also, if an + application was previously providing a numeric thread callback that + was inappropriate for distinguishing threads, then uniqueness might + have been obtained with &errno that happened immediately in the + intermediate development versions of OpenSSL; this is no longer the + case, the numeric thread callback will now override the automatic use + of &errno.) + [Geoff Thorpe, with help from Bodo Moeller] + + *) Initial support for different CRL issuing certificates. This covers a + simple case where the self issued certificates in the chain exist and + the real CRL issuer is higher in the existing chain. - #ifndef OPENSSL_NO_DEPRECATED - unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *); - void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long); - #endif - void BN_BLINDING_set_thread(BN_BLINDING *); - int BN_BLINDING_cmp_thread(const BN_BLINDING *, const - CRYPTO_THREADID *); + This work was sponsored by Google. + [Steve Henson] - Also, the ERR_remove_state(int pid) API has been deprecated; + *) Removed effectively defunct crypto/store from the build. + [Ben Laurie] - #ifndef OPENSSL_NO_DEPRECATED - void ERR_remove_state(unsigned long pid) - #endif - void ERR_remove_thread_state(CRYPTO_THREADID *tid); + *) Revamp of STACK to provide stronger type-checking. Still to come: + TXT_DB, bsearch(?), OBJ_bsearch, qsort, CRYPTO_EX_DATA, ASN1_VALUE, + ASN1_STRING, CONF_VALUE. + [Ben Laurie] - [Geoff Thorpe] + *) Add a new SSL_MODE_RELEASE_BUFFERS mode flag to release unused buffer + RAM on SSL connections. This option can save about 34k per idle SSL. + [Nick Mathewson] + + *) Revamp of LHASH to provide stronger type-checking. Still to come: + STACK, TXT_DB, bsearch, qsort. + [Ben Laurie] *) Initial support for Cryptographic Message Syntax (aka CMS) based on RFC3850, RFC3851 and RFC3852. New cms directory and cms utility, support for data, signedData, compressedData, digestedData and - encryptedData types currently included, more to come. Scripts to - check against RFC4134 examples draft. + encryptedData, envelopedData types included. Scripts to check against + RFC4134 examples draft and interop and consistency checks of many + content types and variants. [Steve Henson] - *) Zlib compression BIO. This is a filter BIO which compressed and - uncompresses any data passed through it. Add options to enc utility - to support it. + *) Add options to enc utility to support use of zlib compression BIO. [Steve Henson] *) Extend mk1mf to support importing of options and assembly language @@ -339,38 +363,6 @@ list-message-digest-algorithms and list-cipher-algorithms. [Steve Henson] - *) In addition to the numerical (unsigned long) thread ID, provide - for a pointer (void *) thread ID. This helps accomodate systems - that do not provide an unsigned long thread ID. OpenSSL assumes - it is in the same thread iff both the numerical and the pointer - thread ID agree; so applications are just required to define one - of them appropriately (e.g., by using a pointer to a per-thread - memory object malloc()ed by the application for the pointer-type - thread ID). Exactly analoguous to the existing functions - - void CRYPTO_set_id_callback(unsigned long (*func)(void)); - unsigned long (*CRYPTO_get_id_callback(void))(void); - unsigned long CRYPTO_thread_id(void); - - we now have additional functions - - void CRYPTO_set_idptr_callback(void *(*func)(void)); - void *(*CRYPTO_get_idptr_callback(void))(void); - void *CRYPTO_thread_idptr(void); - - also in . The default value for - CRYPTO_thread_idptr() if the application has not provided its own - callback is &errno. - [Bodo Moeller] - - -- NOTE -- this change has been reverted and replaced with a - type-independent wrapper (ie. applications do not have to check - two type-specific thread ID representations as implied in this - change note). However, the "idptr" callback form described here - can still be registered. Please see the more recent CHANGES note - regarding CRYPTO_THREADID. [Geoff Thorpe] - -- NOTE -- - *) Change the array representation of binary polynomials: the list of degrees of non-zero coefficients is now terminated with -1. Previously it was terminated with 0, which was also part of the @@ -680,7 +672,98 @@ *) Change 'Configure' script to enable Camellia by default. [NTT] - Changes between 0.9.8g and 0.9.8h [xx XXX xxxx] + Changes between 0.9.8h and 0.9.8i [xx XXX xxxx] + + *) Add support for Local Machine Keyset attribute in PKCS#12 files. + [Steve Henson] + + *) Fix BN_GF2m_mod_arr() top-bit cleanup code. + [Huang Ying] + + *) Expand ENGINE to support engine supplied SSL client certificate functions. + + This work was sponsored by Logica. + [Steve Henson] + + *) Add CryptoAPI ENGINE to support use of RSA and DSA keys held in Windows + keystores. Support for SSL/TLS client authentication too. + Not compiled unless enable-capieng specified to Configure. + + This work was sponsored by Logica. + [Steve Henson] + + Changes between 0.9.8g and 0.9.8h [28 May 2008] + + *) Fix flaw if 'Server Key exchange message' is omitted from a TLS + handshake which could lead to a cilent crash as found using the + Codenomicon TLS test suite (CVE-2008-1672) + [Steve Henson, Mark Cox] + + *) Fix double free in TLS server name extensions which could lead to + a remote crash found by Codenomicon TLS test suite (CVE-2008-0891) + [Joe Orton] + + *) Clear error queue in SSL_CTX_use_certificate_chain_file() + + Clear the error queue to ensure that error entries left from + older function calls do not interfere with the correct operation. + [Lutz Jaenicke, Erik de Castro Lopo] + + *) Remove root CA certificates of commercial CAs: + + The OpenSSL project does not recommend any specific CA and does not + have any policy with respect to including or excluding any CA. + Therefore it does not make any sense to ship an arbitrary selection + of root CA certificates with the OpenSSL software. + [Lutz Jaenicke] + + *) RSA OAEP patches to fix two separate invalid memory reads. + The first one involves inputs when 'lzero' is greater than + 'SHA_DIGEST_LENGTH' (it would read about SHA_DIGEST_LENGTH bytes + before the beginning of from). The second one involves inputs where + the 'db' section contains nothing but zeroes (there is a one-byte + invalid read after the end of 'db'). + [Ivan Nestlerode ] + + *) Add TLS session ticket callback. This allows an application to set + TLS ticket cipher and HMAC keys rather than relying on hardcoded fixed + values. This is useful for key rollover for example where several key + sets may exist with different names. + [Steve Henson] + + *) Reverse ENGINE-internal logic for caching default ENGINE handles. + This was broken until now in 0.9.8 releases, such that the only way + a registered ENGINE could be used (assuming it initialises + successfully on the host) was to explicitly set it as the default + for the relevant algorithms. This is in contradiction with 0.9.7 + behaviour and the documentation. With this fix, when an ENGINE is + registered into a given algorithm's table of implementations, the + 'uptodate' flag is reset so that auto-discovery will be used next + time a new context for that algorithm attempts to select an + implementation. + [Ian Lister (tweaked by Geoff Thorpe)] + + *) Update the GMP engine glue to do direct copies between BIGNUM and + mpz_t when openssl and GMP use the same limb size. Otherwise the + existing "conversion via a text string export" trick is still used. + [Paul Sheer , Geoff Thorpe] + + *) Zlib compression BIO. This is a filter BIO which compressed and + uncompresses any data passed through it. + [Steve Henson] + + *) Add AES_wrap_key() and AES_unwrap_key() functions to implement + RFC3394 compatible AES key wrapping. + [Steve Henson] + + *) Add utility functions to handle ASN1 structures. ASN1_STRING_set0(): + sets string data without copying. X509_ALGOR_set0() and + X509_ALGOR_get0(): set and retrieve X509_ALGOR (AlgorithmIdentifier) + data. Attribute function X509at_get0_data_by_OBJ(): retrieves data + from an X509_ATTRIBUTE structure optionally checking it occurs only + once. ASN1_TYPE_set1(): set and ASN1_TYPE structure copying supplied + data. + [Steve Henson] *) Fix BN flag handling in RSA_eay_mod_exp() and BN_MONT_CTX_set() to get the expected BN_FLG_CONSTTIME behavior.