OpenSSL CHANGES
_______________
- Changes between 0.9.7 and 0.9.8 [xx XXX 2002]
+ Changes between 0.9.6e and 0.9.6f [XX xxx XXXX]
- *) Change default behaviour of 'openssl asn1parse' so that more
- information is visible when viewing, e.g., a certificate:
+ *) Use proper error handling instead of 'assertions' in buffer
+ overflow checks added in 0.9.6e. This prevents DoS (the
+ assertions could call abort()).
+ [Arne Ansper <arne@ats.cyber.ee>, Bodo Moeller]
- Modify asn1_parse2 (crypto/asn1/asn1_par.c) so that in non-'dump'
- mode the content of non-printable OCTET STRINGs is output in a
- style similar to INTEGERs, but with '[HEX DUMP]' prepended to
- avoid the appearance of a printable string.
- [Nils Larsch <nla@trustcenter.de>]
-
- *) Add 'asn1_flag' and 'asn1_form' member to EC_GROUP with access
- functions
- EC_GROUP_set_asn1_flag()
- EC_GROUP_get_asn1_flag()
- EC_GROUP_set_point_conversion_form()
- EC_GROUP_get_point_conversion_form()
- These control ASN1 encoding details:
- - Curves (i.e., groups) are encoded explicitly unless asn1_flag
- has been set to OPENSSL_EC_NAMED_CURVE.
- - Points are encoded in uncompressed form by default; options for
- asn1_for are as for point2oct, namely
- POINT_CONVERSION_COMPRESSED
- POINT_CONVERSION_UNCOMPRESSED
- POINT_CONVERSION_HYBRID
-
- Also add 'seed' and 'seed_len' members to EC_GROUP with access
- functions
- EC_GROUP_set_seed()
- EC_GROUP_get0_seed()
- EC_GROUP_get_seed_len()
- This is used only for ASN1 purposes (so far).
- [Nils Larsch <nla@trustcenter.de>]
-
- *) Add 'field_type' member to EC_METHOD, which holds the NID
- of the appropriate field type OID. The new function
- EC_METHOD_get_field_type() returns this value.
- [Nils Larsch <nla@trustcenter.de>]
-
- *) Add functions
- EC_POINT_point2bn()
- EC_POINT_bn2point()
- EC_POINT_point2hex()
- EC_POINT_hex2point()
- providing useful interfaces to EC_POINT_point2oct() and
- EC_POINT_oct2point().
- [Nils Larsch <nla@trustcenter.de>]
-
- *) Change internals of the EC library so that the functions
- EC_GROUP_set_generator()
- EC_GROUP_get_generator()
- EC_GROUP_get_order()
- EC_GROUP_get_cofactor()
- are implemented directly in crypto/ec/ec_lib.c and not dispatched
- to methods, which would lead to unnecessary code duplication when
- adding different types of curves.
- [Nils Larsch <nla@trustcenter.de> with input by Bodo Moeller]
-
- *) Implement compute_wNAF (crypto/ec/ec_mult.c) without BIGNUM
- arithmetic, and such that modified wNAFs are generated
- (which avoid length expansion in many cases).
- [Bodo Moeller]
-
- *) Add a function EC_GROUP_check_discriminant() (defined via
- EC_METHOD) that verifies that the curve discriminant is non-zero.
-
- Add a function EC_GROUP_check() that makes some sanity tests
- on a EC_GROUP, its generator and order. This includes
- EC_GROUP_check_discriminant().
- [Nils Larsch <nla@trustcenter.de>]
-
- *) Add ECDSA in new directory crypto/ecdsa/.
-
- Add applications 'openssl ecparam' and 'openssl ecdsa'
- (these are based on 'openssl dsaparam' and 'openssl dsa').
-
- ECDSA support is also included in various other files across the
- library. Most notably,
- - 'openssl req' now has a '-newkey ecdsa:file' option;
- - EVP_PKCS82PKEY (crypto/evp/evp_pkey.c) now can handle ECDSA;
- - X509_PUBKEY_get (crypto/asn1/x_pubkey.c) and
- d2i_PublicKey (crypto/asn1/d2i_pu.c) have been modified to make
- them suitable for ECDSA where domain parameters must be
- extracted before the specific public key.
- [Nils Larsch <nla@trustcenter.de>]
-
- *) Include some named elliptic curves, and add OIDs from X9.62,
- SECG, and WAP/WTLS. The curves can be obtained from the new
- functions
- EC_GROUP_new_by_nid()
- EC_GROUP_new_by_name()
- Also add a 'curve_name' member to EC_GROUP objects, which can be
- accessed via
- EC_GROUP_set_nid()
- EC_GROUP_get_nid()
- [Nils Larsch <nla@trustcenter.de, Bodo Moeller]
-
- Changes between 0.9.6e and 0.9.7 [XX xxx 2002]
-
- *) Add appropriate support for separate platform-dependent build
- directories. The recommended way to make a platform-dependent
- build directory is the following (tested on Linux), maybe with
- some local tweaks:
-
- # Place yourself outside of the OpenSSL source tree. In
- # this example, the environment variable OPENSSL_SOURCE
- # is assumed to contain the absolute OpenSSL source directory.
- mkdir -p objtree/`uname -s`-`uname -r`-`uname -m`
- cd objtree/`uname -s`-`uname -r`-`uname -m`
- (cd $OPENSSL_SOURCE; find . -type f -o -type l) | while read F; do
- mkdir -p `dirname $F`
- ln -s $OPENSSL_SOURCE/$F $F
- done
-
- To be absolutely sure not to disturb the source tree, a "make clean"
- is a good thing. If it isn't successfull, don't worry about it,
- it probably means the source directory is very clean.
- [Richard Levitte]
-
- *) Make sure any ENGINE control commands make local copies of string
- pointers passed to them whenever necessary. Otherwise it is possible
- the caller may have overwritten (or deallocated) the original string
- data when a later ENGINE operation tries to use the stored values.
- [Götz Babin-Ebell <babinebell@trustcenter.de>]
-
- *) Improve diagnostics in file reading and command-line digests.
- [Ben Laurie aided and abetted by Solar Designer <solar@openwall.com>]
-
- *) Add AES modes CFB and OFB to the object database. Correct an
- error in AES-CFB decryption.
- [Richard Levitte]
-
- *) Remove most calls to EVP_CIPHER_CTX_cleanup() in evp_enc.c, this
- allows existing EVP_CIPHER_CTX structures to be reused after
- calling EVP_*Final(). This behaviour is used by encryption
- BIOs and some applications. This has the side effect that
- applications must explicitly clean up cipher contexts with
- EVP_CIPHER_CTX_cleanup() or they will leak memory.
- [Steve Henson]
-
- *) Check the values of dna and dnb in bn_mul_recursive before calling
- bn_mul_comba (a non zero value means the a or b arrays do not contain
- n2 elements) and fallback to bn_mul_normal if either is not zero.
- [Steve Henson]
-
- *) Fix escaping of non-ASCII characters when using the -subj option
- of the "openssl req" command line tool. (Robert Joop <joop@fokus.gmd.de>)
- [Lutz Jaenicke]
-
- *) Make object definitions compliant to LDAP (RFC2256): SN is the short
- form for "surname", serialNumber has no short form.
- Use "mail" as the short name for "rfc822Mailbox" according to RFC2798;
- therefore remove "mail" short name for "internet 7".
- The OID for unique identifiers in X509 certificates is
- x500UniqueIdentifier, not uniqueIdentifier.
- Some more OID additions. (Michael Bell <michael.bell@rz.hu-berlin.de>)
- [Lutz Jaenicke]
-
- *) Add an "init" command to the ENGINE config module and auto initialize
- ENGINEs. Without any "init" command the ENGINE will be initialized
- after all ctrl commands have been executed on it. If init=1 the
- ENGINE is initailized at that point (ctrls before that point are run
- on the uninitialized ENGINE and after on the initialized one). If
- init=0 then the ENGINE will not be iniatialized at all.
- [Steve Henson]
-
- *) Fix the 'app_verify_callback' interface so that the user-defined
- argument is actually passed to the callback: In the
- SSL_CTX_set_cert_verify_callback() prototype, the callback
- declaration has been changed from
- int (*cb)()
- into
- int (*cb)(X509_STORE_CTX *,void *);
- in ssl_verify_cert_chain (ssl/ssl_cert.c), the call
- i=s->ctx->app_verify_callback(&ctx)
- has been changed into
- i=s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg).
-
- To update applications using SSL_CTX_set_cert_verify_callback(),
- a dummy argument can be added to their callback functions.
- [D. K. Smetters <smetters@parc.xerox.com>]
-
- *) Added the '4758cca' ENGINE to support IBM 4758 cards.
- [Maurice Gittens <maurice@gittens.nl>, touchups by Geoff Thorpe]
-
- *) Add and OPENSSL_LOAD_CONF define which will cause
- OpenSSL_add_all_algorithms() to load the openssl.cnf config file.
- This allows older applications to transparently support certain
- OpenSSL features: such as crypto acceleration and dynamic ENGINE loading.
- Two new functions OPENSSL_add_all_algorithms_noconf() which will never
- load the config file and OPENSSL_add_all_algorithms_conf() which will
- always load it have also been added.
- [Steve Henson]
-
- *) Add the OFB, CFB and CTR (all with 128 bit feedback) to AES.
- Adjust NIDs and EVP layer.
- [Stephen Sprunk <stephen@sprunk.org> and Richard Levitte]
-
- *) Config modules support in openssl utility.
-
- Most commands now load modules from the config file,
- though in a few (such as version) this isn't done
- because it couldn't be used for anything.
-
- In the case of ca and req the config file used is
- the same as the utility itself: that is the -config
- command line option can be used to specify an
- alternative file.
- [Steve Henson]
-
- *) Move default behaviour from OPENSSL_config(). If appname is NULL
- use "openssl_conf" if filename is NULL use default openssl config file.
- [Steve Henson]
-
- *) Add an argument to OPENSSL_config() to allow the use of an alternative
- config section name. Add a new flag to tolerate a missing config file
- and move code to CONF_modules_load_file().
- [Steve Henson]
-
- *) Support for crypto accelerator cards from Accelerated Encryption
- Processing, www.aep.ie. (Use engine 'aep')
- The support was copied from 0.9.6c [engine] and adapted/corrected
- to work with the new engine framework.
- [AEP Inc. and Richard Levitte]
-
- *) Support for SureWare crypto accelerator cards from Baltimore
- Technologies. (Use engine 'sureware')
- The support was copied from 0.9.6c [engine] and adapted
- to work with the new engine framework.
- [Richard Levitte]
-
- *) Have the CHIL engine fork-safe (as defined by nCipher) and actually
- make the newer ENGINE framework commands for the CHIL engine work.
- [Toomas Kiisk <vix@cyber.ee> and Richard Levitte]
-
- *) Make it possible to produce shared libraries on ReliantUNIX.
- [Robert Dahlem <Robert.Dahlem@ffm2.siemens.de> via Richard Levitte]
-
- *) Add the configuration target debug-linux-ppro.
- Make 'openssl rsa' use the general key loading routines
- implemented in apps.c, and make those routines able to
- handle the key format FORMAT_NETSCAPE and the variant
- FORMAT_IISSGC.
- [Toomas Kiisk <vix@cyber.ee> via Richard Levitte]
-
- *) Fix a crashbug and a logic bug in hwcrhk_load_pubkey().
- [Toomas Kiisk <vix@cyber.ee> via Richard Levitte]
-
- *) Add -keyform to rsautl, and document -engine.
- [Richard Levitte, inspired by Toomas Kiisk <vix@cyber.ee>]
-
- *) Change BIO_new_file (crypto/bio/bss_file.c) to use new
- BIO_R_NO_SUCH_FILE error code rather than the generic
- ERR_R_SYS_LIB error code if fopen() fails with ENOENT.
- [Ben Laurie]
-
- *) Add new functions
- ERR_peek_last_error
- ERR_peek_last_error_line
- ERR_peek_last_error_line_data.
- These are similar to
- ERR_peek_error
- ERR_peek_error_line
- ERR_peek_error_line_data,
- but report on the latest error recorded rather than the first one
- still in the error queue.
- [Ben Laurie, Bodo Moeller]
-
- *) default_algorithms option in ENGINE config module. This allows things
- like:
- default_algorithms = ALL
- default_algorithms = RSA, DSA, RAND, CIPHERS, DIGESTS
- [Steve Henson]
-
- *) Prelminary ENGINE config module.
- [Steve Henson]
-
- *) New experimental application configuration code.
- [Steve Henson]
-
- *) Change the AES code to follow the same name structure as all other
- symmetric ciphers, and behave the same way. Move everything to
- the directory crypto/aes, thereby obsoleting crypto/rijndael.
- [Stephen Sprunk <stephen@sprunk.org> and Richard Levitte]
-
- *) SECURITY: remove unsafe setjmp/signal interaction from ui_openssl.c.
- [Ben Laurie and Theo de Raadt]
-
- *) Add option to output public keys in req command.
- [Massimiliano Pala madwolf@openca.org]
-
- *) Use wNAFs in EC_POINTs_mul() for improved efficiency
- (up to about 10% better than before for P-192 and P-224).
- [Bodo Moeller]
-
- *) New functions/macros
-
- SSL_CTX_set_msg_callback(ctx, cb)
- SSL_CTX_set_msg_callback_arg(ctx, arg)
- SSL_set_msg_callback(ssl, cb)
- SSL_set_msg_callback_arg(ssl, arg)
-
- to request calling a callback function
-
- void cb(int write_p, int version, int content_type,
- const void *buf, size_t len, SSL *ssl, void *arg)
-
- whenever a protocol message has been completely received
- (write_p == 0) or sent (write_p == 1). Here 'version' is the
- protocol version according to which the SSL library interprets
- the current protocol message (SSL2_VERSION, SSL3_VERSION, or
- TLS1_VERSION). 'content_type' is 0 in the case of SSL 2.0, or
- the content type as defined in the SSL 3.0/TLS 1.0 protocol
- specification (change_cipher_spec(20), alert(21), handshake(22)).
- 'buf' and 'len' point to the actual message, 'ssl' to the
- SSL object, and 'arg' is the application-defined value set by
- SSL[_CTX]_set_msg_callback_arg().
-
- 'openssl s_client' and 'openssl s_server' have new '-msg' options
- to enable a callback that displays all protocol messages.
- [Bodo Moeller]
-
- *) Change the shared library support so shared libraries are built as
- soon as the corresponding static library is finished, and thereby get
- openssl and the test programs linked against the shared library.
- This still only happens when the keyword "shard" has been given to
- the configuration scripts.
-
- NOTE: shared library support is still an experimental thing, and
- backward binary compatibility is still not guaranteed.
- ["Maciej W. Rozycki" <macro@ds2.pg.gda.pl> and Richard Levitte]
-
- *) Add support for Subject Information Access extension.
- [Peter Sylvester <Peter.Sylvester@EdelWeb.fr>]
-
- *) Make BUF_MEM_grow() behaviour more consistent: Initialise to zero
- additional bytes when new memory had to be allocated, not just
- when reusing an existing buffer.
- [Bodo Moeller]
-
- *) New command line and configuration option 'utf8' for the req command.
- This allows field values to be specified as UTF8 strings.
- [Steve Henson]
-
- *) Add -multi and -mr options to "openssl speed" - giving multiple parallel
- runs for the former and machine-readable output for the latter.
- [Ben Laurie]
-
- *) Add '-noemailDN' option to 'openssl ca'. This prevents inclusion
- of the e-mail address in the DN (i.e., it will go into a certificate
- extension only). The new configuration file option 'email_in_dn = no'
- has the same effect.
- [Massimiliano Pala madwolf@openca.org]
-
- *) Change all functions with names starting with des_ to be starting
- with DES_ instead. Add wrappers that are compatible with libdes,
- but are named _ossl_old_des_*. Finally, add macros that map the
- des_* symbols to the corresponding _ossl_old_des_* if libdes
- compatibility is desired. If OpenSSL 0.9.6c compatibility is
- desired, the des_* symbols will be mapped to DES_*, with one
- exception.
-
- Since we provide two compatibility mappings, the user needs to
- define the macro OPENSSL_DES_LIBDES_COMPATIBILITY if libdes
- compatibility is desired. The default (i.e., when that macro
- isn't defined) is OpenSSL 0.9.6c compatibility.
-
- There are also macros that enable and disable the support of old
- des functions altogether. Those are OPENSSL_ENABLE_OLD_DES_SUPPORT
- and OPENSSL_DISABLE_OLD_DES_SUPPORT. If none or both of those
- are defined, the default will apply: to support the old des routines.
-
- In either case, one must include openssl/des.h to get the correct
- definitions. Do not try to just include openssl/des_old.h, that
- won't work.
-
- NOTE: This is a major break of an old API into a new one. Software
- authors are encouraged to switch to the DES_ style functions. Some
- time in the future, des_old.h and the libdes compatibility functions
- will be disable (i.e. OPENSSL_DISABLE_OLD_DES_SUPPORT will be the
- default), and then completely removed.
- [Richard Levitte]
-
- *) Test for certificates which contain unsupported critical extensions.
- If such a certificate is found during a verify operation it is
- rejected by default: this behaviour can be overridden by either
- handling the new error X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION or
- by setting the verify flag X509_V_FLAG_IGNORE_CRITICAL. A new function
- X509_supported_extension() has also been added which returns 1 if a
- particular extension is supported.
- [Steve Henson]
-
- *) Modify the behaviour of EVP cipher functions in similar way to digests
- to retain compatibility with existing code.
- [Steve Henson]
-
- *) Modify the behaviour of EVP_DigestInit() and EVP_DigestFinal() to retain
- compatibility with existing code. In particular the 'ctx' parameter does
- not have to be to be initialized before the call to EVP_DigestInit() and
- it is tidied up after a call to EVP_DigestFinal(). New function
- EVP_DigestFinal_ex() which does not tidy up the ctx. Similarly function
- EVP_MD_CTX_copy() changed to not require the destination to be
- initialized valid and new function EVP_MD_CTX_copy_ex() added which
- requires the destination to be valid.
-
- Modify all the OpenSSL digest calls to use EVP_DigestInit_ex(),
- EVP_DigestFinal_ex() and EVP_MD_CTX_copy_ex().
- [Steve Henson]
-
- *) Change ssl3_get_message (ssl/s3_both.c) and the functions using it
- so that complete 'Handshake' protocol structures are kept in memory
- instead of overwriting 'msg_type' and 'length' with 'body' data.
- [Bodo Moeller]
-
- *) Add an implementation of SSL_add_dir_cert_subjects_to_stack for Win32.
- [Massimo Santin via Richard Levitte]
-
- *) Major restructuring to the underlying ENGINE code. This includes
- reduction of linker bloat, separation of pure "ENGINE" manipulation
- (initialisation, etc) from functionality dealing with implementations
- of specific crypto iterfaces. This change also introduces integrated
- support for symmetric ciphers and digest implementations - so ENGINEs
- can now accelerate these by providing EVP_CIPHER and EVP_MD
- implementations of their own. This is detailed in crypto/engine/README
- as it couldn't be adequately described here. However, there are a few
- API changes worth noting - some RSA, DSA, DH, and RAND functions that
- were changed in the original introduction of ENGINE code have now
- reverted back - the hooking from this code to ENGINE is now a good
- deal more passive and at run-time, operations deal directly with
- RSA_METHODs, DSA_METHODs (etc) as they did before, rather than
- dereferencing through an ENGINE pointer any more. Also, the ENGINE
- functions dealing with BN_MOD_EXP[_CRT] handlers have been removed -
- they were not being used by the framework as there is no concept of a
- BIGNUM_METHOD and they could not be generalised to the new
- 'ENGINE_TABLE' mechanism that underlies the new code. Similarly,
- ENGINE_cpy() has been removed as it cannot be consistently defined in
- the new code.
- [Geoff Thorpe]
-
- *) Change ASN1_GENERALIZEDTIME_check() to allow fractional seconds.
- [Steve Henson]
-
- *) Change mkdef.pl to sort symbols that get the same entry number,
- and make sure the automatically generated functions ERR_load_*
- become part of libeay.num as well.
- [Richard Levitte]
-
- *) New function SSL_renegotiate_pending(). This returns true once
- renegotiation has been requested (either SSL_renegotiate() call
- or HelloRequest/ClientHello receveived from the peer) and becomes
- false once a handshake has been completed.
- (For servers, SSL_renegotiate() followed by SSL_do_handshake()
- sends a HelloRequest, but does not ensure that a handshake takes
- place. SSL_renegotiate_pending() is useful for checking if the
- client has followed the request.)
- [Bodo Moeller]
-
- *) New SSL option SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION.
- By default, clients may request session resumption even during
- renegotiation (if session ID contexts permit); with this option,
- session resumption is possible only in the first handshake.
-
- SSL_OP_ALL is now 0x00000FFFL instead of 0x000FFFFFL. This makes
- more bits available for options that should not be part of
- SSL_OP_ALL (such as SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION).
- [Bodo Moeller]
-
- *) Add some demos for certificate and certificate request creation.
- [Steve Henson]
-
- *) Make maximum certificate chain size accepted from the peer application
- settable (SSL*_get/set_max_cert_list()), as proposed by
- "Douglas E. Engert" <deengert@anl.gov>.
- [Lutz Jaenicke]
-
- *) Add support for shared libraries for Unixware-7
- (Boyd Lynn Gerber <gerberb@zenez.com>).
- [Lutz Jaenicke]
-
- *) Add a "destroy" handler to ENGINEs that allows structural cleanup to
- be done prior to destruction. Use this to unload error strings from
- ENGINEs that load their own error strings. NB: This adds two new API
- functions to "get" and "set" this destroy handler in an ENGINE.
- [Geoff Thorpe]
-
- *) Alter all existing ENGINE implementations (except "openssl" and
- "openbsd") to dynamically instantiate their own error strings. This
- makes them more flexible to be built both as statically-linked ENGINEs
- and self-contained shared-libraries loadable via the "dynamic" ENGINE.
- Also, add stub code to each that makes building them as self-contained
- shared-libraries easier (see README.ENGINE).
- [Geoff Thorpe]
-
- *) Add a "dynamic" ENGINE that provides a mechanism for binding ENGINE
- implementations into applications that are completely implemented in
- self-contained shared-libraries. The "dynamic" ENGINE exposes control
- commands that can be used to configure what shared-library to load and
- to control aspects of the way it is handled. Also, made an update to
- the README.ENGINE file that brings its information up-to-date and
- provides some information and instructions on the "dynamic" ENGINE
- (ie. how to use it, how to build "dynamic"-loadable ENGINEs, etc).
- [Geoff Thorpe]
-
- *) Make it possible to unload ranges of ERR strings with a new
- "ERR_unload_strings" function.
- [Geoff Thorpe]
-
- *) Add a copy() function to EVP_MD.
- [Ben Laurie]
-
- *) Make EVP_MD routines take a context pointer instead of just the
- md_data void pointer.
- [Ben Laurie]
-
- *) Add flags to EVP_MD and EVP_MD_CTX. EVP_MD_FLAG_ONESHOT indicates
- that the digest can only process a single chunk of data
- (typically because it is provided by a piece of
- hardware). EVP_MD_CTX_FLAG_ONESHOT indicates that the application
- is only going to provide a single chunk of data, and hence the
- framework needn't accumulate the data for oneshot drivers.
- [Ben Laurie]
-
- *) As with "ERR", make it possible to replace the underlying "ex_data"
- functions. This change also alters the storage and management of global
- ex_data state - it's now all inside ex_data.c and all "class" code (eg.
- RSA, BIO, SSL_CTX, etc) no longer stores its own STACKS and per-class
- index counters. The API functions that use this state have been changed
- to take a "class_index" rather than pointers to the class's local STACK
- and counter, and there is now an API function to dynamically create new
- classes. This centralisation allows us to (a) plug a lot of the
- thread-safety problems that existed, and (b) makes it possible to clean
- up all allocated state using "CRYPTO_cleanup_all_ex_data()". W.r.t. (b)
- such data would previously have always leaked in application code and
- workarounds were in place to make the memory debugging turn a blind eye
- to it. Application code that doesn't use this new function will still
- leak as before, but their memory debugging output will announce it now
- rather than letting it slide.
-
- Besides the addition of CRYPTO_cleanup_all_ex_data(), another API change
- induced by the "ex_data" overhaul is that X509_STORE_CTX_init() now
- has a return value to indicate success or failure.
- [Geoff Thorpe]
-
- *) Make it possible to replace the underlying "ERR" functions such that the
- global state (2 LHASH tables and 2 locks) is only used by the "default"
- implementation. This change also adds two functions to "get" and "set"
- the implementation prior to it being automatically set the first time
- any other ERR function takes place. Ie. an application can call "get",
- pass the return value to a module it has just loaded, and that module
- can call its own "set" function using that value. This means the
- module's "ERR" operations will use (and modify) the error state in the
- application and not in its own statically linked copy of OpenSSL code.
- [Geoff Thorpe]
-
- *) Give DH, DSA, and RSA types their own "**_up_ref()" function to increment
- reference counts. This performs normal REF_PRINT/REF_CHECK macros on
- the operation, and provides a more encapsulated way for external code
- (crypto/evp/ and ssl/) to do this. Also changed the evp and ssl code
- to use these functions rather than manually incrementing the counts.
-
- Also rename "DSO_up()" function to more descriptive "DSO_up_ref()".
- [Geoff Thorpe]
-
- *) Add EVP test program.
- [Ben Laurie]
-
- *) Add symmetric cipher support to ENGINE. Expect the API to change!
- [Ben Laurie]
-
- *) New CRL functions: X509_CRL_set_version(), X509_CRL_set_issuer_name()
- X509_CRL_set_lastUpdate(), X509_CRL_set_nextUpdate(), X509_CRL_sort(),
- X509_REVOKED_set_serialNumber(), and X509_REVOKED_set_revocationDate().
- These allow a CRL to be built without having to access X509_CRL fields
- directly. Modify 'ca' application to use new functions.
- [Steve Henson]
-
- *) Move SSL_OP_TLS_ROLLBACK_BUG out of the SSL_OP_ALL list of recommended
- bug workarounds. Rollback attack detection is a security feature.
- The problem will only arise on OpenSSL servers when TLSv1 is not
- available (sslv3_server_method() or SSL_OP_NO_TLSv1).
- Software authors not wanting to support TLSv1 will have special reasons
- for their choice and can explicitly enable this option.
- [Bodo Moeller, Lutz Jaenicke]
-
- *) Rationalise EVP so it can be extended: don't include a union of
- cipher/digest structures, add init/cleanup functions for EVP_MD_CTX
- (similar to those existing for EVP_CIPHER_CTX).
- Usage example:
-
- EVP_MD_CTX md;
-
- EVP_MD_CTX_init(&md); /* new function call */
- EVP_DigestInit(&md, EVP_sha1());
- EVP_DigestUpdate(&md, in, len);
- EVP_DigestFinal(&md, out, NULL);
- EVP_MD_CTX_cleanup(&md); /* new function call */
-
- [Ben Laurie]
-
- *) Make DES key schedule conform to the usual scheme, as well as
- correcting its structure. This means that calls to DES functions
- now have to pass a pointer to a des_key_schedule instead of a
- plain des_key_schedule (which was actually always a pointer
- anyway): E.g.,
-
- des_key_schedule ks;
-
- des_set_key_checked(..., &ks);
- des_ncbc_encrypt(..., &ks, ...);
-
- (Note that a later change renames 'des_...' into 'DES_...'.)
- [Ben Laurie]
-
- *) Initial reduction of linker bloat: the use of some functions, such as
- PEM causes large amounts of unused functions to be linked in due to
- poor organisation. For example pem_all.c contains every PEM function
- which has a knock on effect of linking in large amounts of (unused)
- ASN1 code. Grouping together similar functions and splitting unrelated
- functions prevents this.
- [Steve Henson]
-
- *) Cleanup of EVP macros.
- [Ben Laurie]
-
- *) Change historical references to {NID,SN,LN}_des_ede and ede3 to add the
- correct _ecb suffix.
- [Ben Laurie]
-
- *) Add initial OCSP responder support to ocsp application. The
- revocation information is handled using the text based index
- use by the ca application. The responder can either handle
- requests generated internally, supplied in files (for example
- via a CGI script) or using an internal minimal server.
- [Steve Henson]
-
- *) Add configuration choices to get zlib compression for TLS.
- [Richard Levitte]
-
- *) Changes to Kerberos SSL for RFC 2712 compliance:
- 1. Implemented real KerberosWrapper, instead of just using
- KRB5 AP_REQ message. [Thanks to Simon Wilkinson <sxw@sxw.org.uk>]
- 2. Implemented optional authenticator field of KerberosWrapper.
-
- Added openssl-style ASN.1 macros for Kerberos ticket, ap_req,
- and authenticator structs; see crypto/krb5/.
-
- Generalized Kerberos calls to support multiple Kerberos libraries.
- [Vern Staats <staatsvr@asc.hpc.mil>,
- Jeffrey Altman <jaltman@columbia.edu>
- via Richard Levitte]
-
- *) Cause 'openssl speed' to use fully hard-coded DSA keys as it
- already does with RSA. testdsa.h now has 'priv_key/pub_key'
- values for each of the key sizes rather than having just
- parameters (and 'speed' generating keys each time).
- [Geoff Thorpe]
-
- *) Speed up EVP routines.
- Before:
-encrypt
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-des-cbc 4408.85k 5560.51k 5778.46k 5862.20k 5825.16k
-des-cbc 4389.55k 5571.17k 5792.23k 5846.91k 5832.11k
-des-cbc 4394.32k 5575.92k 5807.44k 5848.37k 5841.30k
-decrypt
-des-cbc 3482.66k 5069.49k 5496.39k 5614.16k 5639.28k
-des-cbc 3480.74k 5068.76k 5510.34k 5609.87k 5635.52k
-des-cbc 3483.72k 5067.62k 5504.60k 5708.01k 5724.80k
- After:
-encrypt
-des-cbc 4660.16k 5650.19k 5807.19k 5827.13k 5783.32k
-decrypt
-des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
- [Ben Laurie]
-
- *) Added the OS2-EMX target.
- ["Brian Havard" <brianh@kheldar.apana.org.au> and Richard Levitte]
-
- *) Rewrite apps to use NCONF routines instead of the old CONF. New functions
- to support NCONF routines in extension code. New function CONF_set_nconf()
- to allow functions which take an NCONF to also handle the old LHASH
- structure: this means that the old CONF compatible routines can be
- retained (in particular wrt extensions) without having to duplicate the
- code. New function X509V3_add_ext_nconf_sk to add extensions to a stack.
- [Steve Henson]
-
- *) Enhance the general user interface with mechanisms for inner control
- and with possibilities to have yes/no kind of prompts.
- [Richard Levitte]
-
- *) Change all calls to low level digest routines in the library and
- applications to use EVP. Add missing calls to HMAC_cleanup() and
- don't assume HMAC_CTX can be copied using memcpy().
- [Verdon Walker <VWalker@novell.com>, Steve Henson]
-
- *) Add the possibility to control engines through control names but with
- arbitrary arguments instead of just a string.
- Change the key loaders to take a UI_METHOD instead of a callback
- function pointer. NOTE: this breaks binary compatibility with earlier
- versions of OpenSSL [engine].
- Adapt the nCipher code for these new conditions and add a card insertion
- callback.
- [Richard Levitte]
-
- *) Enhance the general user interface with mechanisms to better support
- dialog box interfaces, application-defined prompts, the possibility
- to use defaults (for example default passwords from somewhere else)
- and interrupts/cancellations.
- [Richard Levitte]
-
- *) Tidy up PKCS#12 attribute handling. Add support for the CSP name
- attribute in PKCS#12 files, add new -CSP option to pkcs12 utility.
- [Steve Henson]
-
- *) Fix a memory leak in 'sk_dup()' in the case reallocation fails. (Also
- tidy up some unnecessarily weird code in 'sk_new()').
- [Geoff, reported by Diego Tartara <dtartara@novamens.com>]
-
- *) Change the key loading routines for ENGINEs to use the same kind
- callback (pem_password_cb) as all other routines that need this
- kind of callback.
- [Richard Levitte]
-
- *) Increase ENTROPY_NEEDED to 32 bytes, as Rijndael can operate with
- 256 bit (=32 byte) keys. Of course seeding with more entropy bytes
- than this minimum value is recommended.
- [Lutz Jaenicke]
-
- *) New random seeder for OpenVMS, using the system process statistics
- that are easily reachable.
- [Richard Levitte]
-
- *) Windows apparently can't transparently handle global
- variables defined in DLLs. Initialisations such as:
-
- const ASN1_ITEM *it = &ASN1_INTEGER_it;
-
- wont compile. This is used by the any applications that need to
- declare their own ASN1 modules. This was fixed by adding the option
- EXPORT_VAR_AS_FN to all Win32 platforms, although this isn't strictly
- needed for static libraries under Win32.
- [Steve Henson]
-
- *) New functions X509_PURPOSE_set() and X509_TRUST_set() to handle
- setting of purpose and trust fields. New X509_STORE trust and
- purpose functions and tidy up setting in other SSL functions.
- [Steve Henson]
-
- *) Add copies of X509_STORE_CTX fields and callbacks to X509_STORE
- structure. These are inherited by X509_STORE_CTX when it is
- initialised. This allows various defaults to be set in the
- X509_STORE structure (such as flags for CRL checking and custom
- purpose or trust settings) for functions which only use X509_STORE_CTX
- internally such as S/MIME.
-
- Modify X509_STORE_CTX_purpose_inherit() so it only sets purposes and
- trust settings if they are not set in X509_STORE. This allows X509_STORE
- purposes and trust (in S/MIME for example) to override any set by default.
-
- Add command line options for CRL checking to smime, s_client and s_server
- applications.
- [Steve Henson]
-
- *) Initial CRL based revocation checking. If the CRL checking flag(s)
- are set then the CRL is looked up in the X509_STORE structure and
- its validity and signature checked, then if the certificate is found
- in the CRL the verify fails with a revoked error.
-
- Various new CRL related callbacks added to X509_STORE_CTX structure.
-
- Command line options added to 'verify' application to support this.
-
- This needs some additional work, such as being able to handle multiple
- CRLs with different times, extension based lookup (rather than just
- by subject name) and ultimately more complete V2 CRL extension
- handling.
- [Steve Henson]
-
- *) Add a general user interface API (crypto/ui/). This is designed
- to replace things like des_read_password and friends (backward
- compatibility functions using this new API are provided).
- The purpose is to remove prompting functions from the DES code
- section as well as provide for prompting through dialog boxes in
- a window system and the like.
- [Richard Levitte]
-
- *) Add "ex_data" support to ENGINE so implementations can add state at a
- per-structure level rather than having to store it globally.
- [Geoff]
-
- *) Make it possible for ENGINE structures to be copied when retrieved by
- ENGINE_by_id() if the ENGINE specifies a new flag: ENGINE_FLAGS_BY_ID_COPY.
- This causes the "original" ENGINE structure to act like a template,
- analogous to the RSA vs. RSA_METHOD type of separation. Because of this
- operational state can be localised to each ENGINE structure, despite the
- fact they all share the same "methods". New ENGINE structures returned in
- this case have no functional references and the return value is the single
- structural reference. This matches the single structural reference returned
- by ENGINE_by_id() normally, when it is incremented on the pre-existing
- ENGINE structure.
- [Geoff]
-
- *) Fix ASN1 decoder when decoding type ANY and V_ASN1_OTHER: since this
- needs to match any other type at all we need to manually clear the
- tag cache.
- [Steve Henson]
-
- *) Changes to the "openssl engine" utility to include;
- - verbosity levels ('-v', '-vv', and '-vvv') that provide information
- about an ENGINE's available control commands.
- - executing control commands from command line arguments using the
- '-pre' and '-post' switches. '-post' is only used if '-t' is
- specified and the ENGINE is successfully initialised. The syntax for
- the individual commands are colon-separated, for example;
- openssl engine chil -pre FORK_CHECK:0 -pre SO_PATH:/lib/test.so
- [Geoff]
-
- *) New dynamic control command support for ENGINEs. ENGINEs can now
- declare their own commands (numbers), names (strings), descriptions,
- and input types for run-time discovery by calling applications. A
- subset of these commands are implicitly classed as "executable"
- depending on their input type, and only these can be invoked through
- the new string-based API function ENGINE_ctrl_cmd_string(). (Eg. this
- can be based on user input, config files, etc). The distinction is
- that "executable" commands cannot return anything other than a boolean
- result and can only support numeric or string input, whereas some
- discoverable commands may only be for direct use through
- ENGINE_ctrl(), eg. supporting the exchange of binary data, function
- pointers, or other custom uses. The "executable" commands are to
- support parameterisations of ENGINE behaviour that can be
- unambiguously defined by ENGINEs and used consistently across any
- OpenSSL-based application. Commands have been added to all the
- existing hardware-supporting ENGINEs, noticeably "SO_PATH" to allow
- control over shared-library paths without source code alterations.
- [Geoff]
-
- *) Changed all ENGINE implementations to dynamically allocate their
- ENGINEs rather than declaring them statically. Apart from this being
- necessary with the removal of the ENGINE_FLAGS_MALLOCED distinction,
- this also allows the implementations to compile without using the
- internal engine_int.h header.
- [Geoff]
-
- *) Minor adjustment to "rand" code. RAND_get_rand_method() now returns a
- 'const' value. Any code that should be able to modify a RAND_METHOD
- should already have non-const pointers to it (ie. they should only
- modify their own ones).
- [Geoff]
-
- *) Made a variety of little tweaks to the ENGINE code.
- - "atalla" and "ubsec" string definitions were moved from header files
- to C code. "nuron" string definitions were placed in variables
- rather than hard-coded - allowing parameterisation of these values
- later on via ctrl() commands.
- - Removed unused "#if 0"'d code.
- - Fixed engine list iteration code so it uses ENGINE_free() to release
- structural references.
- - Constified the RAND_METHOD element of ENGINE structures.
- - Constified various get/set functions as appropriate and added
- missing functions (including a catch-all ENGINE_cpy that duplicates
- all ENGINE values onto a new ENGINE except reference counts/state).
- - Removed NULL parameter checks in get/set functions. Setting a method
- or function to NULL is a way of cancelling out a previously set
- value. Passing a NULL ENGINE parameter is just plain stupid anyway
- and doesn't justify the extra error symbols and code.
- - Deprecate the ENGINE_FLAGS_MALLOCED define and move the area for
- flags from engine_int.h to engine.h.
- - Changed prototypes for ENGINE handler functions (init(), finish(),
- ctrl(), key-load functions, etc) to take an (ENGINE*) parameter.
- [Geoff]
-
- *) Implement binary inversion algorithm for BN_mod_inverse in addition
- to the algorithm using long division. The binary algorithm can be
- used only if the modulus is odd. On 32-bit systems, it is faster
- only for relatively small moduli (roughly 20-30% for 128-bit moduli,
- roughly 5-15% for 256-bit moduli), so we use it only for moduli
- up to 450 bits. In 64-bit environments, the binary algorithm
- appears to be advantageous for much longer moduli; here we use it
- for moduli up to 2048 bits.
- [Bodo Moeller]
-
- *) Rewrite CHOICE field setting in ASN1_item_ex_d2i(). The old code
- could not support the combine flag in choice fields.
- [Steve Henson]
-
- *) Add a 'copy_extensions' option to the 'ca' utility. This copies
- extensions from a certificate request to the certificate.
- [Steve Henson]
-
- *) Allow multiple 'certopt' and 'nameopt' options to be separated
- by commas. Add 'namopt' and 'certopt' options to the 'ca' config
- file: this allows the display of the certificate about to be
- signed to be customised, to allow certain fields to be included
- or excluded and extension details. The old system didn't display
- multicharacter strings properly, omitted fields not in the policy
- and couldn't display additional details such as extensions.
- [Steve Henson]
-
- *) Function EC_POINTs_mul for multiple scalar multiplication
- of an arbitrary number of elliptic curve points
- \sum scalars[i]*points[i],
- optionally including the generator defined for the EC_GROUP:
- scalar*generator + \sum scalars[i]*points[i].
-
- EC_POINT_mul is a simple wrapper function for the typical case
- that the point list has just one item (besides the optional
- generator).
- [Bodo Moeller]
-
- *) First EC_METHODs for curves over GF(p):
-
- EC_GFp_simple_method() uses the basic BN_mod_mul and BN_mod_sqr
- operations and provides various method functions that can also
- operate with faster implementations of modular arithmetic.
-
- EC_GFp_mont_method() reuses most functions that are part of
- EC_GFp_simple_method, but uses Montgomery arithmetic.
-
- [Bodo Moeller; point addition and point doubling
- implementation directly derived from source code provided by
- Lenka Fibikova <fibikova@exp-math.uni-essen.de>]
-
- *) Framework for elliptic curves (crypto/ec/ec.h, crypto/ec/ec_lcl.h,
- crypto/ec/ec_lib.c):
-
- Curves are EC_GROUP objects (with an optional group generator)
- based on EC_METHODs that are built into the library.
-
- Points are EC_POINT objects based on EC_GROUP objects.
-
- Most of the framework would be able to handle curves over arbitrary
- finite fields, but as there are no obvious types for fields other
- than GF(p), some functions are limited to that for now.
- [Bodo Moeller]
-
- *) Add the -HTTP option to s_server. It is similar to -WWW, but requires
- that the file contains a complete HTTP response.
- [Richard Levitte]
-
- *) Add the ec directory to mkdef.pl and mkfiles.pl. In mkdef.pl
- change the def and num file printf format specifier from "%-40sXXX"
- to "%-39s XXX". The latter will always guarantee a space after the
- field while the former will cause them to run together if the field
- is 40 of more characters long.
- [Steve Henson]
-
- *) Constify the cipher and digest 'method' functions and structures
- and modify related functions to take constant EVP_MD and EVP_CIPHER
- pointers.
- [Steve Henson]
-
- *) Hide BN_CTX structure details in bn_lcl.h instead of publishing them
- in <openssl/bn.h>. Also further increase BN_CTX_NUM to 32.
- [Bodo Moeller]
-
- *) Modify EVP_Digest*() routines so they now return values. Although the
- internal software routines can never fail additional hardware versions
- might.
- [Steve Henson]
-
- *) Clean up crypto/err/err.h and change some error codes to avoid conflicts:
-
- Previously ERR_R_FATAL was too small and coincided with ERR_LIB_PKCS7
- (= ERR_R_PKCS7_LIB); it is now 64 instead of 32.
-
- ASN1 error codes
- ERR_R_NESTED_ASN1_ERROR
- ...
- ERR_R_MISSING_ASN1_EOS
- were 4 .. 9, conflicting with
- ERR_LIB_RSA (= ERR_R_RSA_LIB)
- ...
- ERR_LIB_PEM (= ERR_R_PEM_LIB).
- They are now 58 .. 63 (i.e., just below ERR_R_FATAL).
-
- Add new error code 'ERR_R_INTERNAL_ERROR'.
- [Bodo Moeller]
-
- *) Don't overuse locks in crypto/err/err.c: For data retrieval, CRYPTO_r_lock
- suffices.
- [Bodo Moeller]
-
- *) New option '-subj arg' for 'openssl req' and 'openssl ca'. This
- sets the subject name for a new request or supersedes the
- subject name in a given request. Formats that can be parsed are
- 'CN=Some Name, OU=myOU, C=IT'
- and
- 'CN=Some Name/OU=myOU/C=IT'.
-
- Add options '-batch' and '-verbose' to 'openssl req'.
- [Massimiliano Pala <madwolf@hackmasters.net>]
-
- *) Introduce the possibility to access global variables through
- functions on platform were that's the best way to handle exporting
- global variables in shared libraries. To enable this functionality,
- one must configure with "EXPORT_VAR_AS_FN" or defined the C macro
- "OPENSSL_EXPORT_VAR_AS_FUNCTION" in crypto/opensslconf.h (the latter
- is normally done by Configure or something similar).
-
- To implement a global variable, use the macro OPENSSL_IMPLEMENT_GLOBAL
- in the source file (foo.c) like this:
-
- OPENSSL_IMPLEMENT_GLOBAL(int,foo)=1;
- OPENSSL_IMPLEMENT_GLOBAL(double,bar);
-
- To declare a global variable, use the macros OPENSSL_DECLARE_GLOBAL
- and OPENSSL_GLOBAL_REF in the header file (foo.h) like this:
-
- OPENSSL_DECLARE_GLOBAL(int,foo);
- #define foo OPENSSL_GLOBAL_REF(foo)
- OPENSSL_DECLARE_GLOBAL(double,bar);
- #define bar OPENSSL_GLOBAL_REF(bar)
-
- The #defines are very important, and therefore so is including the
- header file everywhere where the defined globals are used.
-
- The macro OPENSSL_EXPORT_VAR_AS_FUNCTION also affects the definition
- of ASN.1 items, but that structure is a bit different.
-
- The largest change is in util/mkdef.pl which has been enhanced with
- better and easier to understand logic to choose which symbols should
- go into the Windows .def files as well as a number of fixes and code
- cleanup (among others, algorithm keywords are now sorted
- lexicographically to avoid constant rewrites).
- [Richard Levitte]
-
- *) In BN_div() keep a copy of the sign of 'num' before writing the
- result to 'rm' because if rm==num the value will be overwritten
- and produce the wrong result if 'num' is negative: this caused
- problems with BN_mod() and BN_nnmod().
- [Steve Henson]
-
- *) Function OCSP_request_verify(). This checks the signature on an
- OCSP request and verifies the signer certificate. The signer
- certificate is just checked for a generic purpose and OCSP request
- trust settings.
- [Steve Henson]
-
- *) Add OCSP_check_validity() function to check the validity of OCSP
- responses. OCSP responses are prepared in real time and may only
- be a few seconds old. Simply checking that the current time lies
- between thisUpdate and nextUpdate max reject otherwise valid responses
- caused by either OCSP responder or client clock inaccuracy. Instead
- we allow thisUpdate and nextUpdate to fall within a certain period of
- the current time. The age of the response can also optionally be
- checked. Two new options -validity_period and -status_age added to
- ocsp utility.
- [Steve Henson]
-
- *) If signature or public key algorithm is unrecognized print out its
- OID rather that just UNKNOWN.
- [Steve Henson]
-
- *) Change OCSP_cert_to_id() to tolerate a NULL subject certificate and
- OCSP_cert_id_new() a NULL serialNumber. This allows a partial certificate
- ID to be generated from the issuer certificate alone which can then be
- passed to OCSP_id_issuer_cmp().
- [Steve Henson]
-
- *) New compilation option ASN1_ITEM_FUNCTIONS. This causes the new
- ASN1 modules to export functions returning ASN1_ITEM pointers
- instead of the ASN1_ITEM structures themselves. This adds several
- new macros which allow the underlying ASN1 function/structure to
- be accessed transparently. As a result code should not use ASN1_ITEM
- references directly (such as &X509_it) but instead use the relevant
- macros (such as ASN1_ITEM_rptr(X509)). This option is to allow
- use of the new ASN1 code on platforms where exporting structures
- is problematical (for example in shared libraries) but exporting
- functions returning pointers to structures is not.
- [Steve Henson]
-
- *) Add support for overriding the generation of SSL/TLS session IDs.
- These callbacks can be registered either in an SSL_CTX or per SSL.
- The purpose of this is to allow applications to control, if they wish,
- the arbitrary values chosen for use as session IDs, particularly as it
- can be useful for session caching in multiple-server environments. A
- command-line switch for testing this (and any client code that wishes
- to use such a feature) has been added to "s_server".
- [Geoff Thorpe, Lutz Jaenicke]
-
- *) Modify mkdef.pl to recognise and parse preprocessor conditionals
- of the form '#if defined(...) || defined(...) || ...' and
- '#if !defined(...) && !defined(...) && ...'. This also avoids
- the growing number of special cases it was previously handling.
- [Richard Levitte]
-
- *) Make all configuration macros available for application by making
- sure they are available in opensslconf.h, by giving them names starting
- with "OPENSSL_" to avoid conflicts with other packages and by making
- sure e_os2.h will cover all platform-specific cases together with
- opensslconf.h.
- Additionally, it is now possible to define configuration/platform-
- specific names (called "system identities"). In the C code, these
- are prefixed with "OPENSSL_SYSNAME_". e_os2.h will create another
- macro with the name beginning with "OPENSSL_SYS_", which is determined
- from "OPENSSL_SYSNAME_*" or compiler-specific macros depending on
- what is available.
- [Richard Levitte]
-
- *) New option -set_serial to 'req' and 'x509' this allows the serial
- number to use to be specified on the command line. Previously self
- signed certificates were hard coded with serial number 0 and the
- CA options of 'x509' had to use a serial number in a file which was
- auto incremented.
- [Steve Henson]
-
- *) New options to 'ca' utility to support V2 CRL entry extensions.
- Currently CRL reason, invalidity date and hold instruction are
- supported. Add new CRL extensions to V3 code and some new objects.
- [Steve Henson]
-
- *) New function EVP_CIPHER_CTX_set_padding() this is used to
- disable standard block padding (aka PKCS#5 padding) in the EVP
- API, which was previously mandatory. This means that the data is
- not padded in any way and so the total length much be a multiple
- of the block size, otherwise an error occurs.
- [Steve Henson]
-
- *) Initial (incomplete) OCSP SSL support.
- [Steve Henson]
-
- *) New function OCSP_parse_url(). This splits up a URL into its host,
- port and path components: primarily to parse OCSP URLs. New -url
- option to ocsp utility.
- [Steve Henson]
-
- *) New nonce behavior. The return value of OCSP_check_nonce() now
- reflects the various checks performed. Applications can decide
- whether to tolerate certain situations such as an absent nonce
- in a response when one was present in a request: the ocsp application
- just prints out a warning. New function OCSP_add1_basic_nonce()
- this is to allow responders to include a nonce in a response even if
- the request is nonce-less.
- [Steve Henson]
-
- *) Disable stdin buffering in load_cert (apps/apps.c) so that no certs are
- skipped when using openssl x509 multiple times on a single input file,
- e.g. "(openssl x509 -out cert1; openssl x509 -out cert2) <certs".
- [Bodo Moeller]
-
- *) Make ASN1_UTCTIME_set_string() and ASN1_GENERALIZEDTIME_set_string()
- set string type: to handle setting ASN1_TIME structures. Fix ca
- utility to correctly initialize revocation date of CRLs.
- [Steve Henson]
-
- *) New option SSL_OP_CIPHER_SERVER_PREFERENCE allows the server to override
- the clients preferred ciphersuites and rather use its own preferences.
- Should help to work around M$ SGC (Server Gated Cryptography) bug in
- Internet Explorer by ensuring unchanged hash method during stepup.
- (Also replaces the broken/deactivated SSL_OP_NON_EXPORT_FIRST option.)
- [Lutz Jaenicke]
-
- *) Make mkdef.pl recognise all DECLARE_ASN1 macros, change rijndael
- to aes and add a new 'exist' option to print out symbols that don't
- appear to exist.
- [Steve Henson]
-
- *) Additional options to ocsp utility to allow flags to be set and
- additional certificates supplied.
- [Steve Henson]
-
- *) Add the option -VAfile to 'openssl ocsp', so the user can give the
- OCSP client a number of certificate to only verify the response
- signature against.
- [Richard Levitte]
-
- *) Update Rijndael code to version 3.0 and change EVP AES ciphers to
- handle the new API. Currently only ECB, CBC modes supported. Add new
- AES OIDs.
-
- Add TLS AES ciphersuites as described in RFC3268, "Advanced
- Encryption Standard (AES) Ciphersuites for Transport Layer
- Security (TLS)". (In beta versions of OpenSSL 0.9.7, these were
- not enabled by default and were not part of the "ALL" ciphersuite
- alias because they were not yet official; they could be
- explicitly requested by specifying the "AESdraft" ciphersuite
- group alias. In the final release of OpenSSL 0.9.7, the group
- alias is called "AES" and is part of "ALL".)
- [Ben Laurie, Steve Henson, Bodo Moeller]
-
- *) New function OCSP_copy_nonce() to copy nonce value (if present) from
- request to response.
- [Steve Henson]
-
- *) Functions for OCSP responders. OCSP_request_onereq_count(),
- OCSP_request_onereq_get0(), OCSP_onereq_get0_id() and OCSP_id_get0_info()
- extract information from a certificate request. OCSP_response_create()
- creates a response and optionally adds a basic response structure.
- OCSP_basic_add1_status() adds a complete single response to a basic
- response and returns the OCSP_SINGLERESP structure just added (to allow
- extensions to be included for example). OCSP_basic_add1_cert() adds a
- certificate to a basic response and OCSP_basic_sign() signs a basic
- response with various flags. New helper functions ASN1_TIME_check()
- (checks validity of ASN1_TIME structure) and ASN1_TIME_to_generalizedtime()
- (converts ASN1_TIME to GeneralizedTime).
- [Steve Henson]
-
- *) Various new functions. EVP_Digest() combines EVP_Digest{Init,Update,Final}()
- in a single operation. X509_get0_pubkey_bitstr() extracts the public_key
- structure from a certificate. X509_pubkey_digest() digests the public_key
- contents: this is used in various key identifiers.
- [Steve Henson]
-
- *) Make sk_sort() tolerate a NULL argument.
- [Steve Henson reported by Massimiliano Pala <madwolf@comune.modena.it>]
-
- *) New OCSP verify flag OCSP_TRUSTOTHER. When set the "other" certificates
- passed by the function are trusted implicitly. If any of them signed the
- response then it is assumed to be valid and is not verified.
- [Steve Henson]
-
- *) In PKCS7_set_type() initialise content_type in PKCS7_ENC_CONTENT
- to data. This was previously part of the PKCS7 ASN1 code. This
- was causing problems with OpenSSL created PKCS#12 and PKCS#7 structures.
- [Steve Henson, reported by Kenneth R. Robinette
- <support@securenetterm.com>]
-
- *) Add CRYPTO_push_info() and CRYPTO_pop_info() calls to new ASN1
- routines: without these tracing memory leaks is very painful.
- Fix leaks in PKCS12 and PKCS7 routines.
- [Steve Henson]
-
- *) Make X509_time_adj() cope with the new behaviour of ASN1_TIME_new().
- Previously it initialised the 'type' argument to V_ASN1_UTCTIME which
- effectively meant GeneralizedTime would never be used. Now it
- is initialised to -1 but X509_time_adj() now has to check the value
- and use ASN1_TIME_set() if the value is not V_ASN1_UTCTIME or
- V_ASN1_GENERALIZEDTIME, without this it always uses GeneralizedTime.
- [Steve Henson, reported by Kenneth R. Robinette
- <support@securenetterm.com>]
-
- *) Fixes to BN_to_ASN1_INTEGER when bn is zero. This would previously
- result in a zero length in the ASN1_INTEGER structure which was
- not consistent with the structure when d2i_ASN1_INTEGER() was used
- and would cause ASN1_INTEGER_cmp() to fail. Enhance s2i_ASN1_INTEGER()
- to cope with hex and negative integers. Fix bug in i2a_ASN1_INTEGER()
- where it did not print out a minus for negative ASN1_INTEGER.
- [Steve Henson]
-
- *) Add summary printout to ocsp utility. The various functions which
- convert status values to strings have been renamed to:
- OCSP_response_status_str(), OCSP_cert_status_str() and
- OCSP_crl_reason_str() and are no longer static. New options
- to verify nonce values and to disable verification. OCSP response
- printout format cleaned up.
- [Steve Henson]
-
- *) Add additional OCSP certificate checks. These are those specified
- in RFC2560. This consists of two separate checks: the CA of the
- certificate being checked must either be the OCSP signer certificate
- or the issuer of the OCSP signer certificate. In the latter case the
- OCSP signer certificate must contain the OCSP signing extended key
- usage. This check is performed by attempting to match the OCSP
- signer or the OCSP signer CA to the issuerNameHash and issuerKeyHash
- in the OCSP_CERTID structures of the response.
- [Steve Henson]
-
- *) Initial OCSP certificate verification added to OCSP_basic_verify()
- and related routines. This uses the standard OpenSSL certificate
- verify routines to perform initial checks (just CA validity) and
- to obtain the certificate chain. Then additional checks will be
- performed on the chain. Currently the root CA is checked to see
- if it is explicitly trusted for OCSP signing. This is used to set
- a root CA as a global signing root: that is any certificate that
- chains to that CA is an acceptable OCSP signing certificate.
- [Steve Henson]
-
- *) New '-extfile ...' option to 'openssl ca' for reading X.509v3
- extensions from a separate configuration file.
- As when reading extensions from the main configuration file,
- the '-extensions ...' option may be used for specifying the
- section to use.
- [Massimiliano Pala <madwolf@comune.modena.it>]
-
- *) New OCSP utility. Allows OCSP requests to be generated or
- read. The request can be sent to a responder and the output
- parsed, outputed or printed in text form. Not complete yet:
- still needs to check the OCSP response validity.
- [Steve Henson]
-
- *) New subcommands for 'openssl ca':
- 'openssl ca -status <serial>' prints the status of the cert with
- the given serial number (according to the index file).
- 'openssl ca -updatedb' updates the expiry status of certificates
- in the index file.
- [Massimiliano Pala <madwolf@comune.modena.it>]
-
- *) New '-newreq-nodes' command option to CA.pl. This is like
- '-newreq', but calls 'openssl req' with the '-nodes' option
- so that the resulting key is not encrypted.
- [Damien Miller <djm@mindrot.org>]
-
- *) New configuration for the GNU Hurd.
- [Jonathan Bartlett <johnnyb@wolfram.com> via Richard Levitte]
-
- *) Initial code to implement OCSP basic response verify. This
- is currently incomplete. Currently just finds the signer's
- certificate and verifies the signature on the response.
- [Steve Henson]
-
- *) New SSLeay_version code SSLEAY_DIR to determine the compiled-in
- value of OPENSSLDIR. This is available via the new '-d' option
- to 'openssl version', and is also included in 'openssl version -a'.
- [Bodo Moeller]
-
- *) Allowing defining memory allocation callbacks that will be given
- file name and line number information in additional arguments
- (a const char* and an int). The basic functionality remains, as
- well as the original possibility to just replace malloc(),
- realloc() and free() by functions that do not know about these
- additional arguments. To register and find out the current
- settings for extended allocation functions, the following
- functions are provided:
-
- CRYPTO_set_mem_ex_functions
- CRYPTO_set_locked_mem_ex_functions
- CRYPTO_get_mem_ex_functions
- CRYPTO_get_locked_mem_ex_functions
-
- These work the same way as CRYPTO_set_mem_functions and friends.
- CRYPTO_get_[locked_]mem_functions now writes 0 where such an
- extended allocation function is enabled.
- Similarly, CRYPTO_get_[locked_]mem_ex_functions writes 0 where
- a conventional allocation function is enabled.
- [Richard Levitte, Bodo Moeller]
-
- *) Finish off removing the remaining LHASH function pointer casts.
- There should no longer be any prototype-casting required when using
- the LHASH abstraction, and any casts that remain are "bugs". See
- the callback types and macros at the head of lhash.h for details
- (and "OBJ_cleanup" in crypto/objects/obj_dat.c as an example).
- [Geoff Thorpe]
-
- *) Add automatic query of EGD sockets in RAND_poll() for the unix variant.
- If /dev/[u]random devices are not available or do not return enough
- entropy, EGD style sockets (served by EGD or PRNGD) will automatically
- be queried.
- The locations /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool, and
- /etc/entropy will be queried once each in this sequence, quering stops
- when enough entropy was collected without querying more sockets.
- [Lutz Jaenicke]
-
- *) Change the Unix RAND_poll() variant to be able to poll several
- random devices, as specified by DEVRANDOM, until a sufficient amount
- of data has been collected. We spend at most 10 ms on each file
- (select timeout) and read in non-blocking mode. DEVRANDOM now
- defaults to the list "/dev/urandom", "/dev/random", "/dev/srandom"
- (previously it was just the string "/dev/urandom"), so on typical
- platforms the 10 ms delay will never occur.
- Also separate out the Unix variant to its own file, rand_unix.c.
- For VMS, there's a currently-empty rand_vms.c.
- [Richard Levitte]
-
- *) Move OCSP client related routines to ocsp_cl.c. These
- provide utility functions which an application needing
- to issue a request to an OCSP responder and analyse the
- response will typically need: as opposed to those which an
- OCSP responder itself would need which will be added later.
-
- OCSP_request_sign() signs an OCSP request with an API similar
- to PKCS7_sign(). OCSP_response_status() returns status of OCSP
- response. OCSP_response_get1_basic() extracts basic response
- from response. OCSP_resp_find_status(): finds and extracts status
- information from an OCSP_CERTID structure (which will be created
- when the request structure is built). These are built from lower
- level functions which work on OCSP_SINGLERESP structures but
- wont normally be used unless the application wishes to examine
- extensions in the OCSP response for example.
-
- Replace nonce routines with a pair of functions.
- OCSP_request_add1_nonce() adds a nonce value and optionally
- generates a random value. OCSP_check_nonce() checks the
- validity of the nonce in an OCSP response.
- [Steve Henson]
-
- *) Change function OCSP_request_add() to OCSP_request_add0_id().
- This doesn't copy the supplied OCSP_CERTID and avoids the
- need to free up the newly created id. Change return type
- to OCSP_ONEREQ to return the internal OCSP_ONEREQ structure.
- This can then be used to add extensions to the request.
- Deleted OCSP_request_new(), since most of its functionality
- is now in OCSP_REQUEST_new() (and the case insensitive name
- clash) apart from the ability to set the request name which
- will be added elsewhere.
- [Steve Henson]
-
- *) Update OCSP API. Remove obsolete extensions argument from
- various functions. Extensions are now handled using the new
- OCSP extension code. New simple OCSP HTTP function which
- can be used to send requests and parse the response.
- [Steve Henson]
-
- *) Fix the PKCS#7 (S/MIME) code to work with new ASN1. Two new
- ASN1_ITEM structures help with sign and verify. PKCS7_ATTR_SIGN
- uses the special reorder version of SET OF to sort the attributes
- and reorder them to match the encoded order. This resolves a long
- standing problem: a verify on a PKCS7 structure just after signing
- it used to fail because the attribute order did not match the
- encoded order. PKCS7_ATTR_VERIFY does not reorder the attributes:
- it uses the received order. This is necessary to tolerate some broken
- software that does not order SET OF. This is handled by encoding
- as a SEQUENCE OF but using implicit tagging (with UNIVERSAL class)
- to produce the required SET OF.
- [Steve Henson]
-
- *) Have mk1mf.pl generate the macros OPENSSL_BUILD_SHLIBCRYPTO and
- OPENSSL_BUILD_SHLIBSSL and use them appropriately in the header
- files to get correct declarations of the ASN.1 item variables.
- [Richard Levitte]
-
- *) Rewrite of PKCS#12 code to use new ASN1 functionality. Replace many
- PKCS#12 macros with real functions. Fix two unrelated ASN1 bugs:
- asn1_check_tlen() would sometimes attempt to use 'ctx' when it was
- NULL and ASN1_TYPE was not dereferenced properly in asn1_ex_c2i().
- New ASN1 macro: DECLARE_ASN1_ITEM() which just declares the relevant
- ASN1_ITEM and no wrapper functions.
- [Steve Henson]
-
- *) New functions or ASN1_item_d2i_fp() and ASN1_item_d2i_bio(). These
- replace the old function pointer based I/O routines. Change most of
- the *_d2i_bio() and *_d2i_fp() functions to use these.
- [Steve Henson]
-
- *) Enhance mkdef.pl to be more accepting about spacing in C preprocessor
- lines, recognice more "algorithms" that can be deselected, and make
- it complain about algorithm deselection that isn't recognised.
- [Richard Levitte]
-
- *) New ASN1 functions to handle dup, sign, verify, digest, pack and
- unpack operations in terms of ASN1_ITEM. Modify existing wrappers
- to use new functions. Add NO_ASN1_OLD which can be set to remove
- some old style ASN1 functions: this can be used to determine if old
- code will still work when these eventually go away.
- [Steve Henson]
-
- *) New extension functions for OCSP structures, these follow the
- same conventions as certificates and CRLs.
- [Steve Henson]
-
- *) New function X509V3_add1_i2d(). This automatically encodes and
- adds an extension. Its behaviour can be customised with various
- flags to append, replace or delete. Various wrappers added for
- certifcates and CRLs.
- [Steve Henson]
-
- *) Fix to avoid calling the underlying ASN1 print routine when
- an extension cannot be parsed. Correct a typo in the
- OCSP_SERVICELOC extension. Tidy up print OCSP format.
- [Steve Henson]
-
- *) Make mkdef.pl parse some of the ASN1 macros and add apropriate
- entries for variables.
- [Steve Henson]
-
- *) Add functionality to apps/openssl.c for detecting locking
- problems: As the program is single-threaded, all we have
- to do is register a locking callback using an array for
- storing which locks are currently held by the program.
- [Bodo Moeller]
-
- *) Use a lock around the call to CRYPTO_get_ex_new_index() in
- SSL_get_ex_data_X509_STORE_idx(), which is used in
- ssl_verify_cert_chain() and thus can be called at any time
- during TLS/SSL handshakes so that thread-safety is essential.
- Unfortunately, the ex_data design is not at all suited
- for multi-threaded use, so it probably should be abolished.
- [Bodo Moeller]
-
- *) Added Broadcom "ubsec" ENGINE to OpenSSL.
- [Broadcom, tweaked and integrated by Geoff Thorpe]
-
- *) Move common extension printing code to new function
- X509V3_print_extensions(). Reorganise OCSP print routines and
- implement some needed OCSP ASN1 functions. Add OCSP extensions.
- [Steve Henson]
-
- *) New function X509_signature_print() to remove duplication in some
- print routines.
- [Steve Henson]
-
- *) Add a special meaning when SET OF and SEQUENCE OF flags are both
- set (this was treated exactly the same as SET OF previously). This
- is used to reorder the STACK representing the structure to match the
- encoding. This will be used to get round a problem where a PKCS7
- structure which was signed could not be verified because the STACK
- order did not reflect the encoded order.
- [Steve Henson]
-
- *) Reimplement the OCSP ASN1 module using the new code.
- [Steve Henson]
-
- *) Update the X509V3 code to permit the use of an ASN1_ITEM structure
- for its ASN1 operations. The old style function pointers still exist
- for now but they will eventually go away.
- [Steve Henson]
-
- *) Merge in replacement ASN1 code from the ASN1 branch. This almost
- completely replaces the old ASN1 functionality with a table driven
- encoder and decoder which interprets an ASN1_ITEM structure describing
- the ASN1 module. Compatibility with the existing ASN1 API (i2d,d2i) is
- largely maintained. Almost all of the old asn1_mac.h macro based ASN1
- has also been converted to the new form.
- [Steve Henson]
-
- *) Change BN_mod_exp_recp so that negative moduli are tolerated
- (the sign is ignored). Similarly, ignore the sign in BN_MONT_CTX_set
- so that BN_mod_exp_mont and BN_mod_exp_mont_word work
- for negative moduli.
- [Bodo Moeller]
-
- *) Fix BN_uadd and BN_usub: Always return non-negative results instead
- of not touching the result's sign bit.
- [Bodo Moeller]
-
- *) BN_div bugfix: If the result is 0, the sign (res->neg) must not be
- set.
- [Bodo Moeller]
-
- *) Changed the LHASH code to use prototypes for callbacks, and created
- macros to declare and implement thin (optionally static) functions
- that provide type-safety and avoid function pointer casting for the
- type-specific callbacks.
- [Geoff Thorpe]
-
- *) Added Kerberos Cipher Suites to be used with TLS, as written in
- RFC 2712.
- [Veers Staats <staatsvr@asc.hpc.mil>,
- Jeffrey Altman <jaltman@columbia.edu>, via Richard Levitte]
-
- *) Reformat the FAQ so the different questions and answers can be divided
- in sections depending on the subject.
- [Richard Levitte]
-
- *) Have the zlib compression code load ZLIB.DLL dynamically under
- Windows.
- [Richard Levitte]
-
- *) New function BN_mod_sqrt for computing square roots modulo a prime
- (using the probabilistic Tonelli-Shanks algorithm unless
- p == 3 (mod 4) or p == 5 (mod 8), which are cases that can
- be handled deterministically).
- [Lenka Fibikova <fibikova@exp-math.uni-essen.de>, Bodo Moeller]
-
- *) Make BN_mod_inverse faster by explicitly handling small quotients
- in the Euclid loop. (Speed gain about 20% for small moduli [256 or
- 512 bits], about 30% for larger ones [1024 or 2048 bits].)
- [Bodo Moeller]
-
- *) New function BN_kronecker.
- [Bodo Moeller]
-
- *) Fix BN_gcd so that it works on negative inputs; the result is
- positive unless both parameters are zero.
- Previously something reasonably close to an infinite loop was
- possible because numbers could be growing instead of shrinking
- in the implementation of Euclid's algorithm.
- [Bodo Moeller]
-
- *) Fix BN_is_word() and BN_is_one() macros to take into account the
- sign of the number in question.
-
- Fix BN_is_word(a,w) to work correctly for w == 0.
-
- The old BN_is_word(a,w) macro is now called BN_abs_is_word(a,w)
- because its test if the absolute value of 'a' equals 'w'.
- Note that BN_abs_is_word does *not* handle w == 0 reliably;
- it exists mostly for use in the implementations of BN_is_zero(),
- BN_is_one(), and BN_is_word().
- [Bodo Moeller]
-
- *) New function BN_swap.
- [Bodo Moeller]
-
- *) Use BN_nnmod instead of BN_mod in crypto/bn/bn_exp.c so that
- the exponentiation functions are more likely to produce reasonable
- results on negative inputs.
- [Bodo Moeller]
-
- *) Change BN_mod_mul so that the result is always non-negative.
- Previously, it could be negative if one of the factors was negative;
- I don't think anyone really wanted that behaviour.
- [Bodo Moeller]
-
- *) Move BN_mod_... functions into new file crypto/bn/bn_mod.c
- (except for exponentiation, which stays in crypto/bn/bn_exp.c,
- and BN_mod_mul_reciprocal, which stays in crypto/bn/bn_recp.c)
- and add new functions:
-
- BN_nnmod
- BN_mod_sqr
- BN_mod_add
- BN_mod_add_quick
- BN_mod_sub
- BN_mod_sub_quick
- BN_mod_lshift1
- BN_mod_lshift1_quick
- BN_mod_lshift
- BN_mod_lshift_quick
-
- These functions always generate non-negative results.
-
- BN_nnmod otherwise is like BN_mod (if BN_mod computes a remainder r
- such that |m| < r < 0, BN_nnmod will output rem + |m| instead).
-
- BN_mod_XXX_quick(r, a, [b,] m) generates the same result as
- BN_mod_XXX(r, a, [b,] m, ctx), but requires that a [and b]
- be reduced modulo m.
- [Lenka Fibikova <fibikova@exp-math.uni-essen.de>, Bodo Moeller]
-
- *) Remove a few calls to bn_wexpand() in BN_sqr() (the one in there
- was actually never needed) and in BN_mul(). The removal in BN_mul()
- required a small change in bn_mul_part_recursive() and the addition
- of the functions bn_cmp_part_words(), bn_sub_part_words() and
- bn_add_part_words(), which do the same thing as bn_cmp_words(),
- bn_sub_words() and bn_add_words() except they take arrays with
- differing sizes.
- [Richard Levitte]
-
- *) In 'openssl passwd', verify passwords read from the terminal
- unless the '-salt' option is used (which usually means that
- verification would just waste user's time since the resulting
- hash is going to be compared with some given password hash)
- or the new '-noverify' option is used.
-
- This is an incompatible change, but it does not affect
- non-interactive use of 'openssl passwd' (passwords on the command
- line, '-stdin' option, '-in ...' option) and thus should not
- cause any problems.
- [Bodo Moeller]
-
- *) Remove all references to RSAref, since there's no more need for it.
- [Richard Levitte]
-
- *) Make DSO load along a path given through an environment variable
- (SHLIB_PATH) with shl_load().
- [Richard Levitte]
-
- *) Constify the ENGINE code as a result of BIGNUM constification.
- Also constify the RSA code and most things related to it. In a
- few places, most notable in the depth of the ASN.1 code, ugly
- casts back to non-const were required (to be solved at a later
- time)
- [Richard Levitte]
-
- *) Make it so the openssl application has all engines loaded by default.
- [Richard Levitte]
-
- *) Constify the BIGNUM routines a little more.
- [Richard Levitte]
-
- *) Add the following functions:
-
- ENGINE_load_cswift()
- ENGINE_load_chil()
- ENGINE_load_atalla()
- ENGINE_load_nuron()
- ENGINE_load_builtin_engines()
-
- That way, an application can itself choose if external engines that
- are built-in in OpenSSL shall ever be used or not. The benefit is
- that applications won't have to be linked with libdl or other dso
- libraries unless it's really needed.
-
- Changed 'openssl engine' to load all engines on demand.
- Changed the engine header files to avoid the duplication of some
- declarations (they differed!).
- [Richard Levitte]
-
- *) 'openssl engine' can now list capabilities.
- [Richard Levitte]
-
- *) Better error reporting in 'openssl engine'.
- [Richard Levitte]
-
- *) Never call load_dh_param(NULL) in s_server.
- [Bodo Moeller]
-
- *) Add engine application. It can currently list engines by name and
- identity, and test if they are actually available.
- [Richard Levitte]
-
- *) Improve RPM specification file by forcing symbolic linking and making
- sure the installed documentation is also owned by root.root.
- [Damien Miller <djm@mindrot.org>]
-
- *) Give the OpenSSL applications more possibilities to make use of
- keys (public as well as private) handled by engines.
- [Richard Levitte]
-
- *) Add OCSP code that comes from CertCo.
- [Richard Levitte]
-
- *) Add VMS support for the Rijndael code.
- [Richard Levitte]
-
- *) Added untested support for Nuron crypto accelerator.
- [Ben Laurie]
-
- *) Add support for external cryptographic devices. This code was
- previously distributed separately as the "engine" branch.
- [Geoff Thorpe, Richard Levitte]
-
- *) Rework the filename-translation in the DSO code. It is now possible to
- have far greater control over how a "name" is turned into a filename
- depending on the operating environment and any oddities about the
- different shared library filenames on each system.
- [Geoff Thorpe]
-
- *) Support threads on FreeBSD-elf in Configure.
- [Richard Levitte]
-
- *) Fix for SHA1 assembly problem with MASM: it produces
- warnings about corrupt line number information when assembling
- with debugging information. This is caused by the overlapping
- of two sections.
- [Bernd Matthes <mainbug@celocom.de>, Steve Henson]
-
- *) NCONF changes.
- NCONF_get_number() has no error checking at all. As a replacement,
- NCONF_get_number_e() is defined (_e for "error checking") and is
- promoted strongly. The old NCONF_get_number is kept around for
- binary backward compatibility.
- Make it possible for methods to load from something other than a BIO,
- by providing a function pointer that is given a name instead of a BIO.
- For example, this could be used to load configuration data from an
- LDAP server.
- [Richard Levitte]
-
- *) Fix for non blocking accept BIOs. Added new I/O special reason
- BIO_RR_ACCEPT to cover this case. Previously use of accept BIOs
- with non blocking I/O was not possible because no retry code was
- implemented. Also added new SSL code SSL_WANT_ACCEPT to cover
- this case.
- [Steve Henson]
-
- *) Added the beginnings of Rijndael support.
- [Ben Laurie]
-
- *) Fix for bug in DirectoryString mask setting. Add support for
- X509_NAME_print_ex() in 'req' and X509_print_ex() function
- to allow certificate printing to more controllable, additional
- 'certopt' option to 'x509' to allow new printing options to be
- set.
- [Steve Henson]
-
- *) Clean old EAY MD5 hack from e_os.h.
- [Richard Levitte]
-
- Changes between 0.9.6d and 0.9.6e [XX xxx XXXX]
+ Changes between 0.9.6d and 0.9.6e [30 Jul 2002]
*) Fix cipher selection routines: ciphers without encryption had no flags
for the cipher strength set and where therefore not handled correctly
applications.
[Bodo Moeller]
+ *) Changes in security patch:
+
+ Changes marked "(CHATS)" were sponsored by the Defense Advanced
+ Research Projects Agency (DARPA) and Air Force Research Laboratory,
+ Air Force Materiel Command, USAF, under agreement number
+ F30602-01-2-0537.
+
+ *) Add various sanity checks to asn1_get_length() to reject
+ the ASN1 length bytes if they exceed sizeof(long), will appear
+ negative or the content length exceeds the length of the
+ supplied buffer.
+ [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
+
+ *) Assertions for various potential buffer overflows, not known to
+ happen in practice.
+ [Ben Laurie (CHATS)]
+
+ *) Various temporary buffers to hold ASCII versions of integers were
+ too small for 64 bit platforms. (CAN-2002-0655)
+ [Matthew Byng-Maddick <mbm@aldigital.co.uk> and Ben Laurie (CHATS)>
+
+ *) Remote buffer overflow in SSL3 protocol - an attacker could
+ supply an oversized session ID to a client. (CAN-2002-0656)
+ [Ben Laurie (CHATS)]
+
+ *) Remote buffer overflow in SSL2 protocol - an attacker could
+ supply an oversized client master key. (CAN-2002-0656)
+ [Ben Laurie (CHATS)]
+
Changes between 0.9.6c and 0.9.6d [9 May 2002]
*) Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not
value is 0.
[Richard Levitte]
+ *) [In 0.9.6c-engine release:]
+ Fix a crashbug and a logic bug in hwcrhk_load_pubkey()
+ [Toomas Kiisk <vix@cyber.ee> via Richard Levitte]
+
*) Add the configuration target linux-s390x.
[Neale Ferguson <Neale.Ferguson@SoftwareAG-USA.com> via Richard Levitte]
- *) [In 0.9.6d-engine release:]
- Fix a crashbug and a logic bug in hwcrhk_load_pubkey().
- [Toomas Kiisk <vix@cyber.ee> via Richard Levitte]
-
*) The earlier bugfix for the SSL3_ST_SW_HELLO_REQ_C case of
ssl3_accept (ssl/s3_srvr.c) incorrectly used a local flag
variable as an indication that a ClientHello message has been