CHANGES (59191) | CHANGES (68651) |
---|---|
1 2 OpenSSL CHANGES 3 _______________ 4 | 1 2 OpenSSL CHANGES 3 _______________ 4 |
5 Changes between 0.9.5a and 0.9.6 [24 Sep 2000] 6 7 *) In ssl23_get_client_hello, generate an error message when faced 8 with an initial SSL 3.0/TLS record that is too small to contain the 9 first two bytes of the ClientHello message, i.e. client_version. 10 (Note that this is a pathologic case that probably has never happened 11 in real life.) The previous approach was to use the version number 12 from the record header as a substitute; but our protocol choice 13 should not depend on that one because it is not authenticated 14 by the Finished messages. 15 [Bodo Moeller] 16 17 *) More robust randomness gathering functions for Windows. 18 [Jeffrey Altman <jaltman@columbia.edu>] 19 20 *) For compatibility reasons if the flag X509_V_FLAG_ISSUER_CHECK is 21 not set then we don't setup the error code for issuer check errors 22 to avoid possibly overwriting other errors which the callback does 23 handle. If an application does set the flag then we assume it knows 24 what it is doing and can handle the new informational codes 25 appropriately. 26 [Steve Henson] 27 28 *) Fix for a nasty bug in ASN1_TYPE handling. ASN1_TYPE is used for 29 a general "ANY" type, as such it should be able to decode anything 30 including tagged types. However it didn't check the class so it would 31 wrongly interpret tagged types in the same way as their universal 32 counterpart and unknown types were just rejected. Changed so that the 33 tagged and unknown types are handled in the same way as a SEQUENCE: 34 that is the encoding is stored intact. There is also a new type 35 "V_ASN1_OTHER" which is used when the class is not universal, in this 36 case we have no idea what the actual type is so we just lump them all 37 together. 38 [Steve Henson] 39 40 *) On VMS, stdout may very well lead to a file that is written to 41 in a record-oriented fashion. That means that every write() will 42 write a separate record, which will be read separately by the 43 programs trying to read from it. This can be very confusing. 44 45 The solution is to put a BIO filter in the way that will buffer 46 text until a linefeed is reached, and then write everything a 47 line at a time, so every record written will be an actual line, 48 not chunks of lines and not (usually doesn't happen, but I've 49 seen it once) several lines in one record. BIO_f_linebuffer() is 50 the answer. 51 52 Currently, it's a VMS-only method, because that's where it has 53 been tested well enough. 54 [Richard Levitte] 55 56 *) Remove 'optimized' squaring variant in BN_mod_mul_montgomery, 57 it can return incorrect results. 58 (Note: The buggy variant was not enabled in OpenSSL 0.9.5a, 59 but it was in 0.9.6-beta[12].) 60 [Bodo Moeller] 61 62 *) Disable the check for content being present when verifying detached 63 signatures in pk7_smime.c. Some versions of Netscape (wrongly) 64 include zero length content when signing messages. 65 [Steve Henson] 66 67 *) New BIO_shutdown_wr macro, which invokes the BIO_C_SHUTDOWN_WR 68 BIO_ctrl (for BIO pairs). 69 [Bodo M�ller] 70 71 *) Add DSO method for VMS. 72 [Richard Levitte] 73 74 *) Bug fix: Montgomery multiplication could produce results with the 75 wrong sign. 76 [Ulf M�ller] 77 78 *) Add RPM specification openssl.spec and modify it to build three 79 packages. The default package contains applications, application 80 documentation and run-time libraries. The devel package contains 81 include files, static libraries and function documentation. The 82 doc package contains the contents of the doc directory. The original 83 openssl.spec was provided by Damien Miller <djm@mindrot.org>. 84 [Richard Levitte] 85 86 *) Add a large number of documentation files for many SSL routines. 87 [Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>] 88 89 *) Add a configuration entry for Sony News 4. 90 [NAKAJI Hiroyuki <nakaji@tutrp.tut.ac.jp>] 91 92 *) Don't set the two most significant bits to one when generating a 93 random number < q in the DSA library. 94 [Ulf M�ller] 95 96 *) New SSL API mode 'SSL_MODE_AUTO_RETRY'. This disables the default 97 behaviour that SSL_read may result in SSL_ERROR_WANT_READ (even if 98 the underlying transport is blocking) if a handshake took place. 99 (The default behaviour is needed by applications such as s_client 100 and s_server that use select() to determine when to use SSL_read; 101 but for applications that know in advance when to expect data, it 102 just makes things more complicated.) 103 [Bodo Moeller] 104 105 *) Add RAND_egd_bytes(), which gives control over the number of bytes read 106 from EGD. 107 [Ben Laurie] 108 109 *) Add a few more EBCDIC conditionals that make `req' and `x509' 110 work better on such systems. 111 [Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>] 112 113 *) Add two demo programs for PKCS12_parse() and PKCS12_create(). 114 Update PKCS12_parse() so it copies the friendlyName and the 115 keyid to the certificates aux info. 116 [Steve Henson] 117 118 *) Fix bug in PKCS7_verify() which caused an infinite loop 119 if there was more than one signature. 120 [Sven Uszpelkat <su@celocom.de>] 121 122 *) Major change in util/mkdef.pl to include extra information 123 about each symbol, as well as presentig variables as well 124 as functions. This change means that there's n more need 125 to rebuild the .num files when some algorithms are excluded. 126 [Richard Levitte] 127 128 *) Allow the verify time to be set by an application, 129 rather than always using the current time. 130 [Steve Henson] 131 132 *) Phase 2 verify code reorganisation. The certificate 133 verify code now looks up an issuer certificate by a 134 number of criteria: subject name, authority key id 135 and key usage. It also verifies self signed certificates 136 by the same criteria. The main comparison function is 137 X509_check_issued() which performs these checks. 138 139 Lot of changes were necessary in order to support this 140 without completely rewriting the lookup code. 141 142 Authority and subject key identifier are now cached. 143 144 The LHASH 'certs' is X509_STORE has now been replaced 145 by a STACK_OF(X509_OBJECT). This is mainly because an 146 LHASH can't store or retrieve multiple objects with 147 the same hash value. 148 149 As a result various functions (which were all internal 150 use only) have changed to handle the new X509_STORE 151 structure. This will break anything that messed round 152 with X509_STORE internally. 153 154 The functions X509_STORE_add_cert() now checks for an 155 exact match, rather than just subject name. 156 157 The X509_STORE API doesn't directly support the retrieval 158 of multiple certificates matching a given criteria, however 159 this can be worked round by performing a lookup first 160 (which will fill the cache with candidate certificates) 161 and then examining the cache for matches. This is probably 162 the best we can do without throwing out X509_LOOKUP 163 entirely (maybe later...). 164 165 The X509_VERIFY_CTX structure has been enhanced considerably. 166 167 All certificate lookup operations now go via a get_issuer() 168 callback. Although this currently uses an X509_STORE it 169 can be replaced by custom lookups. This is a simple way 170 to bypass the X509_STORE hackery necessary to make this 171 work and makes it possible to use more efficient techniques 172 in future. A very simple version which uses a simple 173 STACK for its trusted certificate store is also provided 174 using X509_STORE_CTX_trusted_stack(). 175 176 The verify_cb() and verify() callbacks now have equivalents 177 in the X509_STORE_CTX structure. 178 179 X509_STORE_CTX also has a 'flags' field which can be used 180 to customise the verify behaviour. 181 [Steve Henson] 182 183 *) Add new PKCS#7 signing option PKCS7_NOSMIMECAP which 184 excludes S/MIME capabilities. 185 [Steve Henson] 186 187 *) When a certificate request is read in keep a copy of the 188 original encoding of the signed data and use it when outputing 189 again. Signatures then use the original encoding rather than 190 a decoded, encoded version which may cause problems if the 191 request is improperly encoded. 192 [Steve Henson] 193 194 *) For consistency with other BIO_puts implementations, call 195 buffer_write(b, ...) directly in buffer_puts instead of calling 196 BIO_write(b, ...). 197 198 In BIO_puts, increment b->num_write as in BIO_write. 199 [Peter.Sylvester@EdelWeb.fr] 200 201 *) Fix BN_mul_word for the case where the word is 0. (We have to use 202 BN_zero, we may not return a BIGNUM with an array consisting of 203 words set to zero.) 204 [Bodo Moeller] 205 206 *) Avoid calling abort() from within the library when problems are 207 detected, except if preprocessor symbols have been defined 208 (such as REF_CHECK, BN_DEBUG etc.). 209 [Bodo Moeller] 210 211 *) New openssl application 'rsautl'. This utility can be 212 used for low level RSA operations. DER public key 213 BIO/fp routines also added. 214 [Steve Henson] 215 216 *) New Configure entry and patches for compiling on QNX 4. 217 [Andreas Schneider <andreas@ds3.etech.fh-hamburg.de>] 218 219 *) A demo state-machine implementation was sponsored by 220 Nuron (http://www.nuron.com/) and is now available in 221 demos/state_machine. 222 [Ben Laurie] 223 224 *) New options added to the 'dgst' utility for signature 225 generation and verification. 226 [Steve Henson] 227 228 *) Unrecognized PKCS#7 content types are now handled via a 229 catch all ASN1_TYPE structure. This allows unsupported 230 types to be stored as a "blob" and an application can 231 encode and decode it manually. 232 [Steve Henson] 233 234 *) Fix various signed/unsigned issues to make a_strex.c 235 compile under VC++. 236 [Oscar Jacobsson <oscar.jacobsson@celocom.com>] 237 238 *) ASN1 fixes. i2d_ASN1_OBJECT was not returning the correct 239 length if passed a buffer. ASN1_INTEGER_to_BN failed 240 if passed a NULL BN and its argument was negative. 241 [Steve Henson, pointed out by Sven Heiberg <sven@tartu.cyber.ee>] 242 243 *) Modification to PKCS#7 encoding routines to output definite 244 length encoding. Since currently the whole structures are in 245 memory there's not real point in using indefinite length 246 constructed encoding. However if OpenSSL is compiled with 247 the flag PKCS7_INDEFINITE_ENCODING the old form is used. 248 [Steve Henson] 249 250 *) Added BIO_vprintf() and BIO_vsnprintf(). 251 [Richard Levitte] 252 253 *) Added more prefixes to parse for in the the strings written 254 through a logging bio, to cover all the levels that are available 255 through syslog. The prefixes are now: 256 257 PANIC, EMERG, EMR => LOG_EMERG 258 ALERT, ALR => LOG_ALERT 259 CRIT, CRI => LOG_CRIT 260 ERROR, ERR => LOG_ERR 261 WARNING, WARN, WAR => LOG_WARNING 262 NOTICE, NOTE, NOT => LOG_NOTICE 263 INFO, INF => LOG_INFO 264 DEBUG, DBG => LOG_DEBUG 265 266 and as before, if none of those prefixes are present at the 267 beginning of the string, LOG_ERR is chosen. 268 269 On Win32, the LOG_* levels are mapped according to this: 270 271 LOG_EMERG, LOG_ALERT, LOG_CRIT, LOG_ERR => EVENTLOG_ERROR_TYPE 272 LOG_WARNING => EVENTLOG_WARNING_TYPE 273 LOG_NOTICE, LOG_INFO, LOG_DEBUG => EVENTLOG_INFORMATION_TYPE 274 275 [Richard Levitte] 276 277 *) Made it possible to reconfigure with just the configuration 278 argument "reconf" or "reconfigure". The command line arguments 279 are stored in Makefile.ssl in the variable CONFIGURE_ARGS, 280 and are retrieved from there when reconfiguring. 281 [Richard Levitte] 282 283 *) MD4 implemented. 284 [Assar Westerlund <assar@sics.se>, Richard Levitte] 285 286 *) Add the arguments -CAfile and -CApath to the pkcs12 utility. 287 [Richard Levitte] 288 289 *) The obj_dat.pl script was messing up the sorting of object 290 names. The reason was that it compared the quoted version 291 of strings as a result "OCSP" > "OCSP Signing" because 292 " > SPACE. Changed script to store unquoted versions of 293 names and add quotes on output. It was also omitting some 294 names from the lookup table if they were given a default 295 value (that is if SN is missing it is given the same 296 value as LN and vice versa), these are now added on the 297 grounds that if an object has a name we should be able to 298 look it up. Finally added warning output when duplicate 299 short or long names are found. 300 [Steve Henson] 301 302 *) Changes needed for Tandem NSK. 303 [Scott Uroff <scott@xypro.com>] 304 305 *) Fix SSL 2.0 rollback checking: Due to an off-by-one error in 306 RSA_padding_check_SSLv23(), special padding was never detected 307 and thus the SSL 3.0/TLS 1.0 countermeasure against protocol 308 version rollback attacks was not effective. 309 310 In s23_clnt.c, don't use special rollback-attack detection padding 311 (RSA_SSLV23_PADDING) if SSL 2.0 is the only protocol enabled in the 312 client; similarly, in s23_srvr.c, don't do the rollback check if 313 SSL 2.0 is the only protocol enabled in the server. 314 [Bodo Moeller] 315 316 *) Make it possible to get hexdumps of unprintable data with 'openssl 317 asn1parse'. By implication, the functions ASN1_parse_dump() and 318 BIO_dump_indent() are added. 319 [Richard Levitte] 320 321 *) New functions ASN1_STRING_print_ex() and X509_NAME_print_ex() 322 these print out strings and name structures based on various 323 flags including RFC2253 support and proper handling of 324 multibyte characters. Added options to the 'x509' utility 325 to allow the various flags to be set. 326 [Steve Henson] 327 328 *) Various fixes to use ASN1_TIME instead of ASN1_UTCTIME. 329 Also change the functions X509_cmp_current_time() and 330 X509_gmtime_adj() work with an ASN1_TIME structure, 331 this will enable certificates using GeneralizedTime in validity 332 dates to be checked. 333 [Steve Henson] 334 335 *) Make the NEG_PUBKEY_BUG code (which tolerates invalid 336 negative public key encodings) on by default, 337 NO_NEG_PUBKEY_BUG can be set to disable it. 338 [Steve Henson] 339 340 *) New function c2i_ASN1_OBJECT() which acts on ASN1_OBJECT 341 content octets. An i2c_ASN1_OBJECT is unnecessary because 342 the encoding can be trivially obtained from the structure. 343 [Steve Henson] 344 345 *) crypto/err.c locking bugfix: Use write locks (CRYPTO_w_[un]lock), 346 not read locks (CRYPTO_r_[un]lock). 347 [Bodo Moeller] 348 349 *) A first attempt at creating official support for shared 350 libraries through configuration. I've kept it so the 351 default is static libraries only, and the OpenSSL programs 352 are always statically linked for now, but there are 353 preparations for dynamic linking in place. 354 This has been tested on Linux and True64. 355 [Richard Levitte] 356 357 *) Randomness polling function for Win9x, as described in: 358 Peter Gutmann, Software Generation of Practically Strong 359 Random Numbers. 360 [Ulf M�ller] 361 362 *) Fix so PRNG is seeded in req if using an already existing 363 DSA key. 364 [Steve Henson] 365 366 *) New options to smime application. -inform and -outform 367 allow alternative formats for the S/MIME message including 368 PEM and DER. The -content option allows the content to be 369 specified separately. This should allow things like Netscape 370 form signing output easier to verify. 371 [Steve Henson] 372 373 *) Fix the ASN1 encoding of tags using the 'long form'. 374 [Steve Henson] 375 376 *) New ASN1 functions, i2c_* and c2i_* for INTEGER and BIT 377 STRING types. These convert content octets to and from the 378 underlying type. The actual tag and length octets are 379 already assumed to have been read in and checked. These 380 are needed because all other string types have virtually 381 identical handling apart from the tag. By having versions 382 of the ASN1 functions that just operate on content octets 383 IMPLICIT tagging can be handled properly. It also allows 384 the ASN1_ENUMERATED code to be cut down because ASN1_ENUMERATED 385 and ASN1_INTEGER are identical apart from the tag. 386 [Steve Henson] 387 388 *) Change the handling of OID objects as follows: 389 390 - New object identifiers are inserted in objects.txt, following 391 the syntax given in objects.README. 392 - objects.pl is used to process obj_mac.num and create a new 393 obj_mac.h. 394 - obj_dat.pl is used to create a new obj_dat.h, using the data in 395 obj_mac.h. 396 397 This is currently kind of a hack, and the perl code in objects.pl 398 isn't very elegant, but it works as I intended. The simplest way 399 to check that it worked correctly is to look in obj_dat.h and 400 check the array nid_objs and make sure the objects haven't moved 401 around (this is important!). Additions are OK, as well as 402 consistent name changes. 403 [Richard Levitte] 404 405 *) Add BSD-style MD5-based passwords to 'openssl passwd' (option '-1'). 406 [Bodo Moeller] 407 408 *) Addition of the command line parameter '-rand file' to 'openssl req'. 409 The given file adds to whatever has already been seeded into the 410 random pool through the RANDFILE configuration file option or 411 environment variable, or the default random state file. 412 [Richard Levitte] 413 414 *) mkstack.pl now sorts each macro group into lexical order. 415 Previously the output order depended on the order the files 416 appeared in the directory, resulting in needless rewriting 417 of safestack.h . 418 [Steve Henson] 419 420 *) Patches to make OpenSSL compile under Win32 again. Mostly 421 work arounds for the VC++ problem that it treats func() as 422 func(void). Also stripped out the parts of mkdef.pl that 423 added extra typesafe functions: these no longer exist. 424 [Steve Henson] 425 426 *) Reorganisation of the stack code. The macros are now all 427 collected in safestack.h . Each macro is defined in terms of 428 a "stack macro" of the form SKM_<name>(type, a, b). The 429 DEBUG_SAFESTACK is now handled in terms of function casts, 430 this has the advantage of retaining type safety without the 431 use of additional functions. If DEBUG_SAFESTACK is not defined 432 then the non typesafe macros are used instead. Also modified the 433 mkstack.pl script to handle the new form. Needs testing to see 434 if which (if any) compilers it chokes and maybe make DEBUG_SAFESTACK 435 the default if no major problems. Similar behaviour for ASN1_SET_OF 436 and PKCS12_STACK_OF. 437 [Steve Henson] 438 439 *) When some versions of IIS use the 'NET' form of private key the 440 key derivation algorithm is different. Normally MD5(password) is 441 used as a 128 bit RC4 key. In the modified case 442 MD5(MD5(password) + "SGCKEYSALT") is used insted. Added some 443 new functions i2d_RSA_NET(), d2i_RSA_NET() etc which are the same 444 as the old Netscape_RSA functions except they have an additional 445 'sgckey' parameter which uses the modified algorithm. Also added 446 an -sgckey command line option to the rsa utility. Thanks to 447 Adrian Peck <bertie@ncipher.com> for posting details of the modified 448 algorithm to openssl-dev. 449 [Steve Henson] 450 451 *) The evp_local.h macros were using 'c.##kname' which resulted in 452 invalid expansion on some systems (SCO 5.0.5 for example). 453 Corrected to 'c.kname'. 454 [Phillip Porch <root@theporch.com>] 455 456 *) New X509_get1_email() and X509_REQ_get1_email() functions that return 457 a STACK of email addresses from a certificate or request, these look 458 in the subject name and the subject alternative name extensions and 459 omit any duplicate addresses. 460 [Steve Henson] 461 462 *) Re-implement BN_mod_exp2_mont using independent (and larger) windows. 463 This makes DSA verification about 2 % faster. 464 [Bodo Moeller] 465 466 *) Increase maximum window size in BN_mod_exp_... to 6 bits instead of 5 467 (meaning that now 2^5 values will be precomputed, which is only 4 KB 468 plus overhead for 1024 bit moduli). 469 This makes exponentiations about 0.5 % faster for 1024 bit 470 exponents (as measured by "openssl speed rsa2048"). 471 [Bodo Moeller] 472 473 *) Rename memory handling macros to avoid conflicts with other 474 software: 475 Malloc => OPENSSL_malloc 476 Malloc_locked => OPENSSL_malloc_locked 477 Realloc => OPENSSL_realloc 478 Free => OPENSSL_free 479 [Richard Levitte] 480 481 *) New function BN_mod_exp_mont_word for small bases (roughly 15% 482 faster than BN_mod_exp_mont, i.e. 7% for a full DH exchange). 483 [Bodo Moeller] 484 485 *) CygWin32 support. 486 [John Jarvie <jjarvie@newsguy.com>] 487 488 *) The type-safe stack code has been rejigged. It is now only compiled 489 in when OpenSSL is configured with the DEBUG_SAFESTACK option and 490 by default all type-specific stack functions are "#define"d back to 491 standard stack functions. This results in more streamlined output 492 but retains the type-safety checking possibilities of the original 493 approach. 494 [Geoff Thorpe] 495 496 *) The STACK code has been cleaned up, and certain type declarations 497 that didn't make a lot of sense have been brought in line. This has 498 also involved a cleanup of sorts in safestack.h to more correctly 499 map type-safe stack functions onto their plain stack counterparts. 500 This work has also resulted in a variety of "const"ifications of 501 lots of the code, especially "_cmp" operations which should normally 502 be prototyped with "const" parameters anyway. 503 [Geoff Thorpe] 504 505 *) When generating bytes for the first time in md_rand.c, 'stir the pool' 506 by seeding with STATE_SIZE dummy bytes (with zero entropy count). 507 (The PRNG state consists of two parts, the large pool 'state' and 'md', 508 where all of 'md' is used each time the PRNG is used, but 'state' 509 is used only indexed by a cyclic counter. As entropy may not be 510 well distributed from the beginning, 'md' is important as a 511 chaining variable. However, the output function chains only half 512 of 'md', i.e. 80 bits. ssleay_rand_add, on the other hand, chains 513 all of 'md', and seeding with STATE_SIZE dummy bytes will result 514 in all of 'state' being rewritten, with the new values depending 515 on virtually all of 'md'. This overcomes the 80 bit limitation.) 516 [Bodo Moeller] 517 518 *) In ssl/s2_clnt.c and ssl/s3_clnt.c, call ERR_clear_error() when 519 the handshake is continued after ssl_verify_cert_chain(); 520 otherwise, if SSL_VERIFY_NONE is set, remaining error codes 521 can lead to 'unexplainable' connection aborts later. 522 [Bodo Moeller; problem tracked down by Lutz Jaenicke] 523 524 *) Major EVP API cipher revision. 525 Add hooks for extra EVP features. This allows various cipher 526 parameters to be set in the EVP interface. Support added for variable 527 key length ciphers via the EVP_CIPHER_CTX_set_key_length() function and 528 setting of RC2 and RC5 parameters. 529 530 Modify EVP_OpenInit() and EVP_SealInit() to cope with variable key length 531 ciphers. 532 533 Remove lots of duplicated code from the EVP library. For example *every* 534 cipher init() function handles the 'iv' in the same way according to the 535 cipher mode. They also all do nothing if the 'key' parameter is NULL and 536 for CFB and OFB modes they zero ctx->num. 537 538 New functionality allows removal of S/MIME code RC2 hack. 539 540 Most of the routines have the same form and so can be declared in terms 541 of macros. 542 543 By shifting this to the top level EVP_CipherInit() it can be removed from 544 all individual ciphers. If the cipher wants to handle IVs or keys 545 differently it can set the EVP_CIPH_CUSTOM_IV or EVP_CIPH_ALWAYS_CALL_INIT 546 flags. 547 548 Change lots of functions like EVP_EncryptUpdate() to now return a 549 value: although software versions of the algorithms cannot fail 550 any installed hardware versions can. 551 [Steve Henson] 552 553 *) Implement SSL_OP_TLS_ROLLBACK_BUG: In ssl3_get_client_key_exchange, if 554 this option is set, tolerate broken clients that send the negotiated 555 protocol version number instead of the requested protocol version 556 number. 557 [Bodo Moeller] 558 559 *) Call dh_tmp_cb (set by ..._TMP_DH_CB) with correct 'is_export' flag; 560 i.e. non-zero for export ciphersuites, zero otherwise. 561 Previous versions had this flag inverted, inconsistent with 562 rsa_tmp_cb (..._TMP_RSA_CB). 563 [Bodo Moeller; problem reported by Amit Chopra] 564 565 *) Add missing DSA library text string. Work around for some IIS 566 key files with invalid SEQUENCE encoding. 567 [Steve Henson] 568 569 *) Add a document (doc/standards.txt) that list all kinds of standards 570 and so on that are implemented in OpenSSL. 571 [Richard Levitte] 572 573 *) Enhance c_rehash script. Old version would mishandle certificates 574 with the same subject name hash and wouldn't handle CRLs at all. 575 Added -fingerprint option to crl utility, to support new c_rehash 576 features. 577 [Steve Henson] 578 579 *) Eliminate non-ANSI declarations in crypto.h and stack.h. 580 [Ulf M�ller] 581 582 *) Fix for SSL server purpose checking. Server checking was 583 rejecting certificates which had extended key usage present 584 but no ssl client purpose. 585 [Steve Henson, reported by Rene Grosser <grosser@hisolutions.com>] 586 587 *) Make PKCS#12 code work with no password. The PKCS#12 spec 588 is a little unclear about how a blank password is handled. 589 Since the password in encoded as a BMPString with terminating 590 double NULL a zero length password would end up as just the 591 double NULL. However no password at all is different and is 592 handled differently in the PKCS#12 key generation code. NS 593 treats a blank password as zero length. MSIE treats it as no 594 password on export: but it will try both on import. We now do 595 the same: PKCS12_parse() tries zero length and no password if 596 the password is set to "" or NULL (NULL is now a valid password: 597 it wasn't before) as does the pkcs12 application. 598 [Steve Henson] 599 600 *) Bugfixes in apps/x509.c: Avoid a memory leak; and don't use 601 perror when PEM_read_bio_X509_REQ fails, the error message must 602 be obtained from the error queue. 603 [Bodo Moeller] 604 605 *) Avoid 'thread_hash' memory leak in crypto/err/err.c by freeing 606 it in ERR_remove_state if appropriate, and change ERR_get_state 607 accordingly to avoid race conditions (this is necessary because 608 thread_hash is no longer constant once set). 609 [Bodo Moeller] 610 611 *) Bugfix for linux-elf makefile.one. 612 [Ulf M�ller] 613 614 *) RSA_get_default_method() will now cause a default 615 RSA_METHOD to be chosen if one doesn't exist already. 616 Previously this was only set during a call to RSA_new() 617 or RSA_new_method(NULL) meaning it was possible for 618 RSA_get_default_method() to return NULL. 619 [Geoff Thorpe] 620 621 *) Added native name translation to the existing DSO code 622 that will convert (if the flag to do so is set) filenames 623 that are sufficiently small and have no path information 624 into a canonical native form. Eg. "blah" converted to 625 "libblah.so" or "blah.dll" etc. 626 [Geoff Thorpe] 627 628 *) New function ERR_error_string_n(e, buf, len) which is like 629 ERR_error_string(e, buf), but writes at most 'len' bytes 630 including the 0 terminator. For ERR_error_string_n, 'buf' 631 may not be NULL. 632 [Damien Miller <djm@mindrot.org>, Bodo Moeller] 633 634 *) CONF library reworked to become more general. A new CONF 635 configuration file reader "class" is implemented as well as a 636 new functions (NCONF_*, for "New CONF") to handle it. The now 637 old CONF_* functions are still there, but are reimplemented to 638 work in terms of the new functions. Also, a set of functions 639 to handle the internal storage of the configuration data is 640 provided to make it easier to write new configuration file 641 reader "classes" (I can definitely see something reading a 642 configuration file in XML format, for example), called _CONF_*, 643 or "the configuration storage API"... 644 645 The new configuration file reading functions are: 646 647 NCONF_new, NCONF_free, NCONF_load, NCONF_load_fp, NCONF_load_bio, 648 NCONF_get_section, NCONF_get_string, NCONF_get_numbre 649 650 NCONF_default, NCONF_WIN32 651 652 NCONF_dump_fp, NCONF_dump_bio 653 654 NCONF_default and NCONF_WIN32 are method (or "class") choosers, 655 NCONF_new creates a new CONF object. This works in the same way 656 as other interfaces in OpenSSL, like the BIO interface. 657 NCONF_dump_* dump the internal storage of the configuration file, 658 which is useful for debugging. All other functions take the same 659 arguments as the old CONF_* functions wth the exception of the 660 first that must be a `CONF *' instead of a `LHASH *'. 661 662 To make it easer to use the new classes with the old CONF_* functions, 663 the function CONF_set_default_method is provided. 664 [Richard Levitte] 665 666 *) Add '-tls1' option to 'openssl ciphers', which was already 667 mentioned in the documentation but had not been implemented. 668 (This option is not yet really useful because even the additional 669 experimental TLS 1.0 ciphers are currently treated as SSL 3.0 ciphers.) 670 [Bodo Moeller] 671 672 *) Initial DSO code added into libcrypto for letting OpenSSL (and 673 OpenSSL-based applications) load shared libraries and bind to 674 them in a portable way. 675 [Geoff Thorpe, with contributions from Richard Levitte] 676 |
|
5 Changes between 0.9.5 and 0.9.5a [1 Apr 2000] 6 7 *) Make sure _lrotl and _lrotr are only used with MSVC. 8 9 *) Use lock CRYPTO_LOCK_RAND correctly in ssleay_rand_status 10 (the default implementation of RAND_status). 11 12 *) Rename openssl x509 option '-crlext', which was added in 0.9.5, --- 625 unchanged lines hidden (view full) --- 638 since Malloc(), Realloc() and Free() were defined as macros having 639 the values malloc, realloc and free, respectively (except for Win32 640 compilations). The same is provided for memory debugging code. 641 OpenSSL already comes with functionality to find memory leaks, but 642 this gives people a chance to debug other memory problems. 643 644 With these changes, a new set of functions and macros have appeared: 645 | 677 Changes between 0.9.5 and 0.9.5a [1 Apr 2000] 678 679 *) Make sure _lrotl and _lrotr are only used with MSVC. 680 681 *) Use lock CRYPTO_LOCK_RAND correctly in ssleay_rand_status 682 (the default implementation of RAND_status). 683 684 *) Rename openssl x509 option '-crlext', which was added in 0.9.5, --- 625 unchanged lines hidden (view full) --- 1310 since Malloc(), Realloc() and Free() were defined as macros having 1311 the values malloc, realloc and free, respectively (except for Win32 1312 compilations). The same is provided for memory debugging code. 1313 OpenSSL already comes with functionality to find memory leaks, but 1314 this gives people a chance to debug other memory problems. 1315 1316 With these changes, a new set of functions and macros have appeared: 1317 |
646 CRYPTO_set_mem_debug_functions() [F] 647 CRYPTO_get_mem_debug_functions() [F] 648 CRYPTO_dbg_set_options() [F] 649 CRYPTO_dbg_get_options() [F] 650 CRYPTO_malloc_debug_init() [M] | 1318 CRYPTO_set_mem_debug_functions() [F] 1319 CRYPTO_get_mem_debug_functions() [F] 1320 CRYPTO_dbg_set_options() [F] 1321 CRYPTO_dbg_get_options() [F] 1322 CRYPTO_malloc_debug_init() [M] |
651 652 The memory debug functions are NULL by default, unless the library 653 is compiled with CRYPTO_MDEBUG or friends is defined. If someone 654 wants to debug memory anyway, CRYPTO_malloc_debug_init() (which 655 gives the standard debugging functions that come with OpenSSL) or 656 CRYPTO_set_mem_debug_functions() (tells OpenSSL to use functions 657 provided by the library user) must be used. When the standard 658 debugging functions are used, CRYPTO_dbg_set_options can be used to --- 2197 unchanged lines hidden --- | 1323 1324 The memory debug functions are NULL by default, unless the library 1325 is compiled with CRYPTO_MDEBUG or friends is defined. If someone 1326 wants to debug memory anyway, CRYPTO_malloc_debug_init() (which 1327 gives the standard debugging functions that come with OpenSSL) or 1328 CRYPTO_set_mem_debug_functions() (tells OpenSSL to use functions 1329 provided by the library user) must be used. When the standard 1330 debugging functions are used, CRYPTO_dbg_set_options can be used to --- 2197 unchanged lines hidden --- |