X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=67aa57833b3c2e90e3f0f72dcc0a2fb01c14675c;hp=4ff8e00b4475ef9b576c61f4c8d99ca823c676ff;hb=85b7b80434d4468ed95f5c0360ebb445a96b4943;hpb=979689aa5cfa100ccbc1f25064e9398be4b7b05c diff --git a/CHANGES b/CHANGES index 4ff8e00b44..67aa57833b 100644 --- a/CHANGES +++ b/CHANGES @@ -2,30 +2,321 @@ OpenSSL CHANGES _______________ - Changes between 0.9.6 and 0.9.7 [xx XXX 2001] + Changes between 0.9.7 and 0.9.8 [xx XXX 2002] + + *) Add a function EC_GROUP_check_discriminant() (defined via + EC_METHOD) that verifies that the curve discriminant is non-zero. + + Add a function EC_GROUP_check() that makes some sanity tests + on a EC_GROUP, its generator and order. This includes + EC_GROUP_check_discriminant(). + [Nils Larsch ] + + *) Add ECDSA in new directory crypto/ecdsa/. + + Add applications 'openssl ecdsaparam' and 'openssl ecdsa' + (these are variants of 'openssl dsaparam' and 'openssl dsa'). + + ECDSA support is also included in various other files across the + library. Most notably, + - 'openssl req' now has a '-newkey ecdsa:file' option; + - EVP_PKCS82PKEY (crypto/evp/evp_pkey.c) now can handle ECDSA; + - X509_PUBKEY_get (crypto/asn1/x_pubkey.c) and + d2i_PublicKey (crypto/asn1/d2i_pu.c) have been modified to make + them suitable for ECDSA where domain parameters must be + extracted before the specific public key. + [Nils Larsch ] + + *) Include some named elliptic curves, and add OIDs from X9.62, + SECG, and WAP/WTLS. The curves can be obtained from the new + functions + EC_GROUP_new_by_nid() + EC_GROUP_new_by_name() + Also add a 'nid' field to EC_GROUP objects, which can be accessed + via + EC_GROUP_set_nid() + EC_GROUP_get_nid() + [Nils Larsch method to s->ctx->method when called from within - one of the SSL handshake functions. - [Bodo Moeller; problem pointed out by Niko Baric] + *) Fix DH_generate_parameters() so that it works for 'non-standard' + generators, i.e. generators other than 2 and 5. (Previously, the + code did not properly initialise the 'add' and 'rem' values to + BN_generate_prime().) - +) Test for certificates which contain unsupported critical extensions. - If such a certificate is found during a verify operation it is - rejected by default: this behaviour can be overridden by either - handling the new error X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION or - by setting the verify flag X509_V_FLAG_IGNORE_CRITICAL. A new function - X509_supported_extension() has also been added which returns 1 if a - particular extension is supported. + In the new general case, we do not insist that 'generator' is + actually a primitive root: This requirement is rather pointless; + a generator of the order-q subgroup is just as good, if not + better. + [Bodo Moeller] + + *) Map new X509 verification errors to alerts. Discovered and submitted by + Tom Wu . + [Lutz Jaenicke] + + *) Fix ssl3_pending() (ssl/s3_lib.c) to prevent SSL_pending() from + returning non-zero before the data has been completely received + when using non-blocking I/O. + [Bodo Moeller; problem pointed out by John Hughes] + + *) Some of the ciphers missed the strength entry (SSL_LOW etc). + [Ben Laurie, Lutz Jaenicke] + + +) Add an "init" command to the ENGINE config module and auto initialize + ENGINEs. Without any "init" command the ENGINE will be initialized + after all ctrl commands have been executed on it. If init=1 the + ENGINE is initailized at that point (ctrls before that point are run + on the uninitialized ENGINE and after on the initialized one). If + init=0 then the ENGINE will not be iniatialized at all. + [Steve Henson] + + +) Fix the 'app_verify_callback' interface so that the user-defined + argument is actually passed to the callback: In the + SSL_CTX_set_cert_verify_callback() prototype, the callback + declaration has been changed from + int (*cb)() + into + int (*cb)(X509_STORE_CTX *,void *); + in ssl_verify_cert_chain (ssl/ssl_cert.c), the call + i=s->ctx->app_verify_callback(&ctx) + has been changed into + i=s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg). + + To update applications using SSL_CTX_set_cert_verify_callback(), + a dummy argument can be added to their callback functions. + [D. K. Smetters ] + + +) Added the '4758cca' ENGINE to support IBM 4758 cards. + [Maurice Gittens , touchups by Geoff Thorpe] + + *) Fix bug in SSL_clear(): bad sessions were not removed (found by + Yoram Zahavi ). + [Lutz Jaenicke] + + +) Add and OPENSSL_LOAD_CONF define which will cause + OpenSSL_add_all_algorithms() to load the openssl.cnf config file. + This allows older applications to transparently support certain + OpenSSL features: such as crypto acceleration and dynamic ENGINE loading. + Two new functions OPENSSL_add_all_algorithms_noconf() which will never + load the config file and OPENSSL_add_all_algorithms_conf() which will + always load it have also been added. + [Steve Henson] + + +) Add the OFB, CFB and CTR (all with 128 bit feedback) to AES. + Adjust NIDs and EVP layer. + [Stephen Sprunk and Richard Levitte] + + +) Config modules support in openssl utility. + + Most commands now load modules from the config file, + though in a few (such as version) this isn't done + because it couldn't be used for anything. + + In the case of ca and req the config file used is + the same as the utility itself: that is the -config + command line option can be used to specify an + alternative file. [Steve Henson] + +) Move default behaviour from OPENSSL_config(). If appname is NULL + use "openssl_conf" if filename is NULL use default openssl config file. + [Steve Henson] + + +) Add an argument to OPENSSL_config() to allow the use of an alternative + config section name. Add a new flag to tolerate a missing config file + and move code to CONF_modules_load_file(). + [Steve Henson] + + *) Add information about CygWin 1.3 and on, and preserve proper + configuration for the versions before that. + [Corinna Vinschen and Richard Levitte] + + *) Make removal from session cache (SSL_CTX_remove_session()) more robust: + check whether we deal with a copy of a session and do not delete from + the cache in this case. Problem reported by "Izhar Shoshani Levi" + . + [Lutz Jaenicke] + + *) Do not store session data into the internal session cache, if it + is never intended to be looked up (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP + flag is set). Proposed by Aslam . + [Lutz Jaenicke] + + +) Support for crypto accelerator cards from Accelerated Encryption + Processing, www.aep.ie. (Use engine 'aep') + The support was copied from 0.9.6c [engine] and adapted/corrected + to work with the new engine framework. + [AEP Inc. and Richard Levitte] + + +) Support for SureWare crypto accelerator cards from Baltimore + Technologies. (Use engine 'sureware') + The support was copied from 0.9.6c [engine] and adapted + to work with the new engine framework. + [Richard Levitte] + + *) Have ASN1_BIT_STRING_set_bit() really clear a bit when the requested + value is 0. + [Richard Levitte] + + +) Have the CHIL engine fork-safe (as defined by nCipher) and actually + make the newer ENGINE framework commands for the CHIL engine work. + [Toomas Kiisk and Richard Levitte] + + +) Make it possible to produce shared libraries on ReliantUNIX. + [Robert Dahlem via Richard Levitte] + + *) Add the configuration target linux-s390x. + [Neale Ferguson via Richard Levitte] + + +) Add the configuration target debug-linux-ppro. + Make 'openssl rsa' use the general key loading routines + implemented in apps.c, and make those routines able to + handle the key format FORMAT_NETSCAPE and the variant + FORMAT_IISSGC. + [Toomas Kiisk via Richard Levitte] + + *) Fix a crashbug and a logic bug in hwcrhk_load_pubkey(). + [Toomas Kiisk via Richard Levitte] + + +) Add -keyform to rsautl, and document -engine. + [Richard Levitte, inspired by Toomas Kiisk ] + + +) Change BIO_new_file (crypto/bio/bss_file.c) to use new + BIO_R_NO_SUCH_FILE error code rather than the generic + ERR_R_SYS_LIB error code if fopen() fails with ENOENT. + [Ben Laurie] + + +) Add new functions + ERR_peek_last_error + ERR_peek_last_error_line + ERR_peek_last_error_line_data. + These are similar to + ERR_peek_error + ERR_peek_error_line + ERR_peek_error_line_data, + but report on the latest error recorded rather than the first one + still in the error queue. + [Ben Laurie, Bodo Moeller] + + +) default_algorithms option in ENGINE config module. This allows things + like: + default_algorithms = ALL + default_algorithms = RSA, DSA, RAND, CIPHERS, DIGESTS + [Steve Henson] + + +) Prelminary ENGINE config module. + [Steve Henson] + + *) The earlier bugfix for the SSL3_ST_SW_HELLO_REQ_C case of + ssl3_accept (ssl/s3_srvr.c) incorrectly used a local flag + variable as an indication that a ClientHello message has been + received. As the flag value will be lost between multiple + invocations of ssl3_accept when using non-blocking I/O, the + function may not be aware that a handshake has actually taken + place, thus preventing a new session from being added to the + session cache. + + To avoid this problem, we now set s->new_session to 2 instead of + using a local variable. + [Lutz Jaenicke, Bodo Moeller] + + *) Bugfix: Return -1 from ssl3_get_server_done (ssl3/s3_clnt.c) + if the SSL_R_LENGTH_MISMATCH error is detected. + [Geoff Thorpe, Bodo Moeller] + + +) New experimental application configuration code. + [Steve Henson] + + *) New 'shared_ldflag' column in Configure platform table. + [Richard Levitte] + + *) Fix EVP_CIPHER_mode macro. + ["Dan S. Camper" ] + + +) Change the AES code to follow the same name structure as all other + symmetric ciphers, and behave the same way. Move everything to + the directory crypto/aes, thereby obsoleting crypto/rijndael. + [Stephen Sprunk and Richard Levitte] + + *) Fix ssl3_read_bytes (ssl/s3_pkt.c): To ignore messages of unknown + type, we must throw them away by setting rr->length to 0. + [D P Chang ] + + -) OpenSSL 0.9.6c released [21 dec 2001] + + +) SECURITY: remove unsafe setjmp/signal interaction from ui_openssl.c. + [Ben Laurie and Theo de Raadt] + + *) Fix BN_rand_range bug pointed out by Dominikus Scherkl + . (The previous implementation + worked incorrectly for those cases where range = 10..._2 and + 3*range is two bits longer than range.) + [Bodo Moeller] + + *) Only add signing time to PKCS7 structures if it is not already + present. + [Steve Henson] + + *) Fix crypto/objects/objects.h: "ld-ce" should be "id-ce", + OBJ_ld_ce should be OBJ_id_ce. + Also some ip-pda OIDs in crypto/objects/objects.txt were + incorrect (cf. RFC 3039). + [Matt Cooper, Frederic Giudicelli, Bodo Moeller] + + +) Add option to output public keys in req command. + [Massimiliano Pala madwolf@openca.org] + + *) Release CRYPTO_LOCK_DYNLOCK when CRYPTO_destroy_dynlockid() + returns early because it has nothing to do. + [Andy Schneider ] + + *) [In 0.9.6c-engine and 0.9.7 release:] + Fix mutex callback return values in crypto/engine/hw_ncipher.c. + [Andy Schneider ] + + -) [In 0.9.6c-engine release:] + Add support for Cryptographic Appliance's keyserver technology. + (Use engine 'keyclient') + [Cryptographic Appliances and Geoff Thorpe] + + *) Add a configuration entry for OS/390 Unix. The C compiler 'c89' + is called via tools/c89.sh because arguments have to be + rearranged (all '-L' options must appear before the first object + modules). + [Richard Shapiro ] + + +) Use wNAFs in EC_POINTs_mul() for improved efficiency + (up to about 10% better than before for P-192 and P-224). + [Bodo Moeller] + + -) [In 0.9.6c-engine release:] + Add support for Broadcom crypto accelerator cards, backported + from 0.9.7. + [Broadcom, Nalin Dahyabhai , Mark Cox] + + -) [In 0.9.6c-engine release:] + Add support for SureWare crypto accelerator cards from + Baltimore Technologies. (Use engine 'sureware') + [Baltimore Technologies and Mark Cox] + + -) [In 0.9.6c-engine release:] + Add support for crypto accelerator cards from Accelerated + Encryption Processing, www.aep.ie. (Use engine 'aep') + [AEP Inc. and Mark Cox] + + *) Add a configuration entry for gcc on UnixWare. + [Gary Benson ] + +) New functions/macros SSL_CTX_set_msg_callback(ctx, cb) @@ -51,10 +342,92 @@ 'openssl s_client' and 'openssl s_server' have new '-msg' options to enable a callback that displays all protocol messages. + [Bodo Moeller] + + *) Change ssl/s2_clnt.c and ssl/s2_srvr.c so that received handshake + messages are stored in a single piece (fixed-length part and + variable-length part combined) and fix various bugs found on the way. + [Bodo Moeller] - TODO: SSL 2.0, doc/ssl/, doc/apps/ + +) Change the shared library support so shared libraries are built as + soon as the corresponding static library is finished, and thereby get + openssl and the test programs linked against the shared library. + This still only happens when the keyword "shard" has been given to + the configuration scripts. + + NOTE: shared library support is still an experimental thing, and + backward binary compatibility is still not guaranteed. + ["Maciej W. Rozycki" and Richard Levitte] + + +) Add support for Subject Information Access extension. + [Peter Sylvester ] + + +) Make BUF_MEM_grow() behaviour more consistent: Initialise to zero + additional bytes when new memory had to be allocated, not just + when reusing an existing buffer. [Bodo Moeller] + *) Disable caching in BIO_gethostbyname(), directly use gethostbyname() + instead. BIO_gethostbyname() does not know what timeouts are + appropriate, so entries would stay in cache even when they have + become invalid. + [Bodo Moeller; problem pointed out by Rich Salz + + +) New command line and configuration option 'utf8' for the req command. + This allows field values to be specified as UTF8 strings. + [Steve Henson] + + +) Add -multi and -mr options to "openssl speed" - giving multiple parallel + runs for the former and machine-readable output for the latter. + [Ben Laurie] + + +) Add '-noemailDN' option to 'openssl ca'. This prevents inclusion + of the e-mail address in the DN (i.e., it will go into a certificate + extension only). The new configuration file option 'email_in_dn = no' + has the same effect. + [Massimiliano Pala madwolf@openca.org] + + *) Change ssl23_get_client_hello (ssl/s23_srvr.c) behaviour when + faced with a pathologically small ClientHello fragment that does + not contain client_version: Instead of aborting with an error, + simply choose the highest available protocol version (i.e., + TLS 1.0 unless it is disabled). In practice, ClientHello + messages are never sent like this, but this change gives us + strictly correct behaviour at least for TLS. + [Bodo Moeller] + + +) Change all functions with names starting with des_ to be starting + with DES_ instead. Add wrappers that are compatible with libdes, + but are named _ossl_old_des_*. Finally, add macros that map the + des_* symbols to the corresponding _ossl_old_des_*. + + All this is done because there are increasing clashes with libdes + and other DES libraries that are currently used by other projects. + The old libdes interface (including crypt()) is provided if + is included. For now, this automatically + happens in unless OPENSSL_DISABLE_OLD_DES_SUPPORT is + defined. Note that crypt() is no longer declared in . + + NOTE: This is a major break of an old API into a new one. Software + authors are encouraged to switch to the DES_ style functions. Some + time in the future, des_old.h and the libdes compatibility functions + will be completely removed. + [Richard Levitte] + + *) Fix SSL handshake functions and SSL_clear() such that SSL_clear() + never resets s->method to s->ctx->method when called from within + one of the SSL handshake functions. + [Bodo Moeller; problem pointed out by Niko Baric] + + +) Test for certificates which contain unsupported critical extensions. + If such a certificate is found during a verify operation it is + rejected by default: this behaviour can be overridden by either + handling the new error X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION or + by setting the verify flag X509_V_FLAG_IGNORE_CRITICAL. A new function + X509_supported_extension() has also been added which returns 1 if a + particular extension is supported. + [Steve Henson] + *) In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert (sent using the client's version number) if client_version is smaller than the protocol version in use. Also change @@ -173,8 +546,12 @@ "Douglas E. Engert" . [Lutz Jaenicke] - +) Add support for shared libraries for Unixware-7 and support including - shared libraries for OpenUNIX-8 (Boyd Lynn Gerber ). + +) Add support for shared libraries for Unixware-7 + (Boyd Lynn Gerber ). + [Lutz Jaenicke] + + *) Add OpenUNIX-8 support including shared libraries + (Boyd Lynn Gerber ). [Lutz Jaenicke] *) Improve RSA_padding_check_PKCS1_OAEP() check again to avoid @@ -211,7 +588,7 @@ *) BN_sqr() bug fix. [Ulf Möller, reported by Jim Ellis ] - *) Make it possible to unload ranges of ERR strings with a new + +) Make it possible to unload ranges of ERR strings with a new "ERR_unload_strings" function. [Geoff Thorpe] @@ -341,7 +718,7 @@ anyway). [Ben Laurie] - +) Enhanced support for IA-64 Unix platforms (well, Linux and HP-UX). + *) Enhanced support for IA-64 Unix platforms (well, Linux and HP-UX). [Andy Polyakov] *) Modified SSL library such that the verify_callback that has been set @@ -445,6 +822,16 @@ parameters (and 'speed' generating keys each time). [Geoff Thorpe] + *) Add support for shared libraries under Irix. + [Albert Chin-A-Young ] + + *) Add configuration option to build on Linux on both big-endian and + little-endian MIPS. + [Ralf Baechle ] + + *) Add the possibility to create shared libraries on HP-UX. + [Richard Levitte] + -) OpenSSL 0.9.6b released [9 July 2001] *) Change ssleay_rand_bytes (crypto/rand/md_rand.c) @@ -858,9 +1245,12 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k don't write to the wrong index in ERR_set_error_data. [Bodo Moeller] - +) Function EC_POINTs_mul for simultaneous scalar multiplication - of an arbitrary number of elliptic curve points, optionally - including the generator defined for the EC_GROUP. + +) Function EC_POINTs_mul for multiple scalar multiplication + of an arbitrary number of elliptic curve points + \sum scalars[i]*points[i], + optionally including the generator defined for the EC_GROUP: + scalar*generator + \sum scalars[i]*points[i]. + EC_POINT_mul is a simple wrapper function for the typical case that the point list has just one item (besides the optional generator). @@ -1821,17 +2211,10 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k identity, and test if they are actually available. [Richard Levitte] - +) Add support for shared libraries under Irix. - [Albert Chin-A-Young ] - +) Improve RPM specification file by forcing symbolic linking and making sure the installed documentation is also owned by root.root. [Damien Miller ] - +) Add configuration option to build on Linux on both big-endian and - little-endian MIPS. - [Ralf Baechle ] - +) Give the OpenSSL applications more possibilities to make use of keys (public as well as private) handled by engines. [Richard Levitte] @@ -1858,9 +2241,6 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k +) Support threads on FreeBSD-elf in Configure. [Richard Levitte] - +) Add the possibility to create shared libraries on HP-UX - [Richard Levitte] - +) Fix for SHA1 assembly problem with MASM: it produces warnings about corrupt line number information when assembling with debugging information. This is caused by the overlapping