Changes between 0.9.7a and 0.9.8 [xx XXX xxxx]
+ *) Add support for STORE in ENGINE.
+ [Richard Levitte]
+
+ *) Add the STORE type. The intention is to provide a common interface
+ to certificate and key stores, be they simple file-based stores, or
+ HSM-type store, or LDAP stores, or...
+ NOTE: The code is currently UNTESTED and isn't really used anywhere.
+ [Richard Levitte]
+
+ *) Add a generic structure called OPENSSL_ITEM. This can be used to
+ pass a list of arguments to any function as well as provide a way
+ for a function to pass data back to the caller.
+ [Richard Levitte]
+
+ *) Add the functions BUF_strndup() and BUF_memdup(). BUF_strndup()
+ works like BUF_strdup() but can be used to duplicate a portion of
+ a string. The copy gets NUL-terminated. BUF_memdup() duplicates
+ a memory area.
+ [Richard Levitte]
+
+ *) Add the function sk_find_ex() which works like sk_find(), but will
+ return an index to an element even if an exact match couldn't be
+ found. The index is guaranteed to point at the element where the
+ searched-for key would be inserted to preserve sorting order.
+ [Richard Levitte]
+
+ *) Add the function OBJ_bsearch_ex() which works like OBJ_bsearch() but
+ takes an extra flags argument for optional functionality. Currently,
+ the following flags are defined:
+
+ OBJ_BSEARCH_VALUE_ON_NOMATCH
+ This one gets OBJ_bsearch_ex() to return a pointer to the first
+ element where the comparing function returns a negative or zero
+ number.
+
+ OBJ_BSEARCH_FIRST_VALUE_ON_MATCH
+ This one gets OBJ_bsearch_ex() to return a pointer to the first
+ element where the comparing function returns zero. This is useful
+ if there are more than one element where the comparing function
+ returns zero.
+ [Richard Levitte]
+
+ *) Make it possible to create self-signed certificates with 'openssl ca'
+ in such a way that the self-signed certificate becomes part of the
+ CA database and uses the same mechanisms for serial number generation
+ as all other certificate signing. The new flag '-selfsign' enables
+ this functionality. Adapt CA.sh and CA.pl.in.
+ [Richard Levitte]
+
+ *) Add functionality to check the public key of a certificate request
+ against a given private. This is useful to check that a certificate
+ request can be signed by that key (self-signing).
+ [Richard Levitte]
+
+ *) Make it possible to have multiple active certificates with the same
+ subject in the CA index file. This is done only if the keyword
+ 'unique_subject' is set to 'no' in the main CA section (default
+ if 'CA_default') of the configuration file. The value is saved
+ with the database itself in a separate index attribute file,
+ named like the index file with '.attr' appended to the name.
+ [Richard Levitte]
+
+ *) Generate muti valued AVAs using '+' notation in config files for
+ req and dirName.
+ [Steve Henson]
+
+ *) Support for nameConstraints certificate extension.
+ [Steve Henson]
+
+ *) Support for policyConstraints certificate extension.
+ [Steve Henson]
+
+ *) Support for policyMappings certificate extension.
+ [Steve Henson]
+
+ *) Fixed a typo bug that would cause ENGINE_set_default() to set an
+ ENGINE as defaults for all supported algorithms irrespective of
+ the 'flags' parameter. 'flags' is now honoured, so applications
+ should make sure they are passing it correctly.
+ [Geoff Thorpe]
+
+ *) Make sure the default DSA_METHOD implementation only uses its
+ dsa_mod_exp() and/or bn_mod_exp() handlers if they are non-NULL,
+ and change its own handlers to be NULL so as to remove unnecessary
+ indirection. This lets alternative implementations fallback to the
+ default implementation more easily.
+ [Geoff Thorpe]
+
+ *) Support for directoryName in GeneralName related extensions
+ in config files.
+ [Steve Henson]
+
*) Make it possible to link applications using Makefile.shared.
Make that possible even when linking against static libraries!
[Richard Levitte]
cleartext signing (multipart/signed type) is effectively streaming
and the signed data does not need to be all held in memory.
- This is done with a new flag PKCS7_PARTSIGN. When this flag is set
+ This is done with a new flag PKCS7_STREAM. When this flag is set
PKCS7_sign() only initializes the PKCS7 structure and the actual signing
is done after the data is output (and digests calculated) in
SMIME_write_PKCS7().
[Nils Gura and Douglas Stebila (Sun Microsystems Laboratories)]
*) Add ECDH in new directory crypto/ecdh/.
-TODO: more general interface (return x coordinate, not its hash)
-TODO: bug: pad x with leading zeros if necessary
[Douglas Stebila (Sun Microsystems Laboratories)]
*) Let BN_rand_range() abort with an error after 100 iterations
Changes between 0.9.7a and 0.9.7b [xx XXX 2003]
+ *) Countermeasure against the Klima-Pokorny-Rosa extension of
+ Bleichbacher's attack on PKCS #1 v1.5 padding: treat
+ a protocol version number mismatch like a decryption error
+ in ssl3_get_client_key_exchange (ssl/s3_srvr.c).
+ [Bodo Moeller]
+
+ *) Turn on RSA blinding by default in the default implementation
+ to avoid a timing attack. Applications that don't want it can call
+ RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING.
+ They would be ill-advised to do so in most cases.
+ [Ben Laurie, Steve Henson, Geoff Thorpe, Bodo Moeller]
+
+ *) Change RSA blinding code so that it works when the PRNG is not
+ seeded (in this case, the secret RSA exponent is abused as
+ an unpredictable seed -- if it is not unpredictable, there
+ is no point in blinding anyway). Make RSA blinding thread-safe
+ by remembering the creator's thread ID in rsa->blinding and
+ having all other threads use local one-time blinding factors
+ (this requires more computation than sharing rsa->blinding, but
+ avoids excessive locking; and if an RSA object is not shared
+ between threads, blinding will still be very fast).
+ [Bodo Moeller]
+
+yet to be integrated into this CVS branch:
+- Geoff's ENGINE_set_default() fix
+
*) Target "mingw" now allows native Windows code to be generated in
the Cygwin environment as well as with the MinGW compiler.
[Ulf Moeller]
*) Clean old EAY MD5 hack from e_os.h.
[Richard Levitte]
+ Changes between 0.9.6i and 0.9.6j [10 Apr 2003]
+
+ *) Countermeasure against the Klima-Pokorny-Rosa extension of
+ Bleichbacher's attack on PKCS #1 v1.5 padding: treat
+ a protocol version number mismatch like a decryption error
+ in ssl3_get_client_key_exchange (ssl/s3_srvr.c).
+ [Bodo Moeller]
+
+ *) Turn on RSA blinding by default in the default implementation
+ to avoid a timing attack. Applications that don't want it can call
+ RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING.
+ They would be ill-advised to do so in most cases.
+ [Ben Laurie, Steve Henson, Geoff Thorpe, Bodo Moeller]
+
+ *) Change RSA blinding code so that it works when the PRNG is not
+ seeded (in this case, the secret RSA exponent is abused as
+ an unpredictable seed -- if it is not unpredictable, there
+ is no point in blinding anyway). Make RSA blinding thread-safe
+ by remembering the creator's thread ID in rsa->blinding and
+ having all other threads use local one-time blinding factors
+ (this requires more computation than sharing rsa->blinding, but
+ avoids excessive locking; and if an RSA object is not shared
+ between threads, blinding will still be very fast).
+ [Bodo Moeller]
+
Changes between 0.9.6h and 0.9.6i [19 Feb 2003]
*) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked