Skip to content
CHANGES 129 KiB
Newer Older
 OpenSSL CHANGES
 Changes between 0.9.5a and 0.9.6  [xx XXX 2000]

  *) Remove lots of duplicated code from the EVP library. For example *every*
     cipher init() function handles the 'iv' in the same way according to the
     cipher mode. They also all do nothing if the 'key' parameter is NULL and
     for CFB and OFB modes they zero ctx->num.

     Most of the routines have the same form and so can be declared in terms
     of macros.

     By shifting this to the top level EVP_CipherInit() it can be removed from
     all individual ciphers. If the cipher wants to handle IVs or keys
     differently it can set the EVP_CIPH_CUSTOM_IV or EVP_CIPH_ALWAYS_CALL_INIT
     flags.
     [Steve Henson]

  *) In ssl/s2_clnt.c and ssl/s3_clnt.c, call ERR_clear_error() when
     the handshake is continued after ssl_verify_cert_chain();
     otherwise, if SSL_VERIFY_NONE is set, remaining error codes
     can lead to 'unexplainable' connection aborts later.
     [Bodo Moeller; problem tracked down by Lutz Jaenicke]

  *) EVP cipher enhancement. Add hooks for extra EVP features. This will allow
Dr. Stephen Henson's avatar
 
Dr. Stephen Henson committed
     various cipher parameters to be set in the EVP interface. Initially
     support added for variable key length ciphers via the
     EVP_CIPHER_CTX_set_key_length() function. Other cipher specific
     parameters will be added later via the new catchall 'ctrl' function.
Dr. Stephen Henson's avatar
 
Dr. Stephen Henson committed
     New functionality allows removal of S/MIME code RC2 hack.

     Still needs support in other library functions, and allow parameter
     setting for algorithms like RC2, RC5.

     Change lots of functions like EVP_EncryptUpdate() to now return a
     value: although software versions of the algorithms cannot fail
     any installed hardware versions can.
Dr. Stephen Henson's avatar
 
Dr. Stephen Henson committed
     [Steve Henson]

  *) Implement SSL_OP_TLS_ROLLBACK_BUG: In ssl3_get_client_key_exchange, if
     this option is set, tolerate broken clients that send the negotiated
     protocol version number instead of the requested protocol version
     number.
     [Bodo Moeller]

  *) Call dh_tmp_cb (set by ..._TMP_DH_CB) with correct 'is_export' flag;
     i.e. non-zero for export ciphersuites, zero otherwise.
     Previous versions had this flag inverted, inconsistent with
     rsa_tmp_cb (..._TMP_RSA_CB).
     [Bodo Moeller; problem reported by Amit Chopra]

  *) Add missing DSA library text string. Work around for some IIS
     key files with invalid SEQUENCE encoding.
     [Steve Henson]

  *) Add a document (doc/standards.txt) that list all kinds of standards
     and so on that are implemented in OpenSSL.
     [Richard Levitte]

  *) Enhance c_rehash script. Old version would mishandle certificates
     with the same subject name hash and wouldn't handle CRLs at all.
     Added -fingerprint option to crl utility, to support new c_rehash
     features.
     [Steve Henson]

  *) Eliminate non-ANSI declarations in crypto.h and stack.h.
  *) Fix for SSL server purpose checking. Server checking was
     rejecting certificates which had extended key usage present
     but no ssl client purpose.
     [Steve Henson, reported by Rene Grosser <grosser@hisolutions.com>]

  *) Make PKCS#12 code work with no password. The PKCS#12 spec
     is a little unclear about how a blank password is handled.
     Since the password in encoded as a BMPString with terminating
     double NULL a zero length password would end up as just the
     double NULL. However no password at all is different and is
     handled differently in the PKCS#12 key generation code. NS
     treats a blank password as zero length. MSIE treats it as no
     password on export: but it will try both on import. We now do
     the same: PKCS12_parse() tries zero length and no password if
     the password is set to "" or NULL (NULL is now a valid password:
     it wasn't before) as does the pkcs12 application.
     [Steve Henson]

Bodo Möller's avatar
Bodo Möller committed
  *) Bugfixes in apps/x509.c: Avoid a memory leak; and don't use
     perror when PEM_read_bio_X509_REQ fails, the error message must
     be obtained from the error queue.
     [Bodo Moeller]

  *) Avoid 'thread_hash' memory leak in crypto/err/err.c by freeing
     it in ERR_remove_state if appropriate, and change ERR_get_state
     accordingly to avoid race conditions (this is necessary because
     thread_hash is no longer constant once set).
     [Bodo Moeller]

Ulf Möller's avatar
 
Ulf Möller committed
  *) Bugfix for linux-elf makefile.one.
     [Ulf Möller]

  *) RSA_get_default_method() will now cause a default
     RSA_METHOD to be chosen if one doesn't exist already.
     Previously this was only set during a call to RSA_new()
     or RSA_new_method(NULL) meaning it was possible for
     RSA_get_default_method() to return NULL.
     [Geoff Thorpe]

  *) Added native name translation to the existing DSO code
     that will convert (if the flag to do so is set) filenames
     that are sufficiently small and have no path information
     into a canonical native form. Eg. "blah" converted to
     "libblah.so" or "blah.dll" etc.
     [Geoff Thorpe]

  *) New function ERR_error_string_n(e, buf, len) which is like
     ERR_error_string(e, buf), but writes at most 'len' bytes
     including the 0 terminator.  For ERR_error_string_n, 'buf'
     may not be NULL.
     [Damien Miller <djm@mindrot.org>, Bodo Moeller]

  *) CONF library reworked to become more general.  A new CONF
     configuration file reader "class" is implemented as well as a
     new functions (NCONF_*, for "New CONF") to handle it.  The now
     old CONF_* functions are still there, but are reimplemented to
     work in terms of the new functions.  Also, a set of functions
     to handle the internal storage of the configuration data is
     provided to make it easier to write new configuration file
     reader "classes" (I can definitely see something reading a
     configuration file in XML format, for example), called _CONF_*,
     or "the configuration storage API"...

     The new configuration file reading functions are:

        NCONF_new, NCONF_free, NCONF_load, NCONF_load_fp, NCONF_load_bio,
        NCONF_get_section, NCONF_get_string, NCONF_get_numbre
        NCONF_default, NCONF_WIN32
        NCONF_dump_fp, NCONF_dump_bio

     NCONF_default and NCONF_WIN32 are method (or "class") choosers,
     NCONF_new creates a new CONF object.  This works in the same way
     as other interfaces in OpenSSL, like the BIO interface.
     NCONF_dump_* dump the internal storage of the configuration file,
     which is useful for debugging.  All other functions take the same
     arguments as the old CONF_* functions wth the exception of the
     first that must be a `CONF *' instead of a `LHASH *'.

     To make it easer to use the new classes with the old CONF_* functions,
     the function CONF_set_default_method is provided.
     [Richard Levitte]

  *) Add '-tls1' option to 'openssl ciphers', which was already
     mentioned in the documentation but had not been implemented.
     (This option is not yet really useful because even the additional
     experimental TLS 1.0 ciphers are currently treated as SSL 3.0 ciphers.)
     [Bodo Moeller]

  *) Initial DSO code added into libcrypto for letting OpenSSL (and
     OpenSSL-based applications) load shared libraries and bind to
     them in a portable way.
     [Geoff Thorpe, with contributions from Richard Levitte]
 Changes between 0.9.5 and 0.9.5a  [1 Apr 2000]

  *) Make sure _lrotl and _lrotr are only used with MSVC.
  *) Use lock CRYPTO_LOCK_RAND correctly in ssleay_rand_status
     (the default implementation of RAND_status).

  *) Rename openssl x509 option '-crlext', which was added in 0.9.5,
     to '-clrext' (= clear extensions), as intended and documented.
     [Bodo Moeller; inconsistency pointed out by Michael Attili
     <attili@amaxo.com>]

Dr. Stephen Henson's avatar
Dr. Stephen Henson committed
  *) Fix for HMAC. It wasn't zeroing the rest of the block if the key length
     was larger than the MD block size.      
     [Steve Henson, pointed out by Yost William <YostW@tce.com>]

  *) Modernise PKCS12_parse() so it uses STACK_OF(X509) for its ca argument
     fix a leak when the ca argument was passed as NULL. Stop X509_PUBKEY_set()
     using the passed key: if the passed key was a private key the result
     of X509_print(), for example, would be to print out all the private key
     components.
     [Steve Henson]

  *) des_quad_cksum() byte order bug fix.
     [Ulf Möller, using the problem description in krb4-0.9.7, where
      the solution is attributed to Derrick J Brashear <shadow@DEMENTIA.ORG>]

  *) Fix so V_ASN1_APP_CHOOSE works again: however its use is strongly
     discouraged.
     [Steve Henson, pointed out by Brian Korver <briank@cs.stanford.edu>]

  *) For easily testing in shell scripts whether some command
     'openssl XXX' exists, the new pseudo-command 'openssl no-XXX'
Bodo Möller's avatar
Bodo Möller committed
     returns with exit code 0 iff no command of the given name is available.
     'no-XXX' is printed in this case, 'XXX' otherwise.  In both cases,
Loading full blame...