Skip to content
CHANGES 200 KiB
Newer Older
 OpenSSL CHANGES
 Changes between 0.9.6 and 0.9.7  [xx XXX 2001]
     Both OpenSSL 0.9.6a (bugfix release, 5 Apr 2001) and OpenSSL 0.9.7
     are based on OpenSSL 0.9.6.  
     Change log entries are tagged as follows:
         -) applies to 0.9.6a (/0.9.6b) only
         *) applies to 0.9.6a (/0.9.6b) and 0.9.7
Bodo Möller's avatar
Bodo Möller committed
  *) Move 'if (!initialized) RAND_poll()' into regions protected by
     CRYPTO_LOCK_RAND.  This is not strictly necessary, but avoids
Bodo Möller's avatar
Bodo Möller committed
     having multiple threads call RAND_poll() concurrently.
Bodo Möller's avatar
Bodo Möller committed
     [Bodo Moeller]

  *) In crypto/rand/md_rand.c, replace 'add_do_not_lock' flag by a
     combination of a flag and a thread ID variable.
     Otherwise while one thread is in ssleay_rand_bytes (which sets the
     flag), *other* threads can enter ssleay_add_bytes without obeying
     the CRYPTO_LOCK_RAND lock (and may even illegaly release the lock
     that they do not hold after the first thread unsets add_do_not_lock).
     [Bodo Moeller]

  +) Implement binary inversion algorithm for BN_mod_inverse in addition
     to the algorithm using long divison.  The binary algorithm can be
     used only if the modulus is odd.  On 32-bit systems, it is faster
     only for relatively small moduli (roughly 20-30% for 128-bit moduli,
     roughly 5-15% for 256-bit moduli), so we use it only for moduli
     up to 450 bits.  In 64-bit environments, the binary algorithm
     appears to be advantageous for much longer moduli; here we use it
     for moduli up to 2048 bits.
     [Bodo Moeller]

  *) Change bctest again: '-x' expressions are not available in all
     versions of 'test'.
     [Bodo Moeller]

  -) OpenSSL 0.9.6a released [5 Apr 2001]

  *) Fix a couple of memory leaks in PKCS7_dataDecode()
     [Steve Henson, reported by Heyun Zheng <hzheng@atdsprint.com>]

  *) Change Configure and Makefiles to provide EXE_EXT, which will contain
     the default extension for executables, if any.  Also, make the perl
     scripts that use symlink() to test if it really exists and use "cp"
     if it doesn't.  All this made OpenSSL compilable and installable in
     CygWin.
     [Richard Levitte]

  +) Rewrite CHOICE field setting in ASN1_item_ex_d2i(). The old code
     could not support the combine flag in choice fields.
     [Steve Henson]

  -) Fix for asn1_GetSequence() for indefinite length constructed data.
     If SEQUENCE is length is indefinite just set c->slen to the total
     amount of data available.
     [Steve Henson, reported by shige@FreeBSD.org]
     [This change does not apply to 0.9.7.]

  *) Change bctest to avoid here-documents inside command substitution
     (workaround for FreeBSD /bin/sh bug).
Bodo Möller's avatar
Bodo Möller committed
     For compatibility with Ultrix, avoid shell functions (introduced
     in the bctest version that searches along $PATH).
  *) Rename 'des_encrypt' to 'des_encrypt1'.  This avoids the clashes
     with des_encrypt() defined on some operating systems, like Solaris
     and UnixWare.
     [Richard Levitte]

Ulf Möller's avatar
Ulf Möller committed
  *) Check the result of RSA-CRT (see D. Boneh, R. DeMillo, R. Lipton:
     On the Importance of Eliminating Errors in Cryptographic
     Computations, J. Cryptology 14 (2001) 2, 101-119,
     http://theory.stanford.edu/~dabo/papers/faults.ps.gz).
     [Ulf Moeller]
Ulf Möller's avatar
Ulf Möller committed
  
  *) MIPS assembler BIGNUM division bug fix. 
Ulf Möller's avatar
Ulf Möller committed
     [Andy Polyakov]

Ulf Möller's avatar
Ulf Möller committed
  *) Disabled incorrect Alpha assembler code.
     [Richard Levitte]

  -) Fix PKCS#7 decode routines so they correctly update the length
     after reading an EOC for the EXPLICIT tag.
     [Steve Henson]
     [This change does not apply to 0.9.7.]

  *) Fix bug in PKCS#12 key generation routines. This was triggered
     if a 3DES key was generated with a 0 initial byte. Include
     PKCS12_BROKEN_KEYGEN compilation option to retain the old
     (but broken) behaviour.
     [Steve Henson]

  *) Enhance bctest to search for a working bc along $PATH and print
     it when found.
     [Tim Rice <tim@multitalents.net> via Richard Levitte]

  +) Add a 'copy_extensions' option to the 'ca' utility. This copies
     extensions from a certificate request to the certificate.
     [Steve Henson]

  +) Allow multiple 'certopt' and 'nameopt' options to be separated
Dr. Stephen Henson's avatar
 
Dr. Stephen Henson committed
     by commas. Add 'namopt' and 'certopt' options to the 'ca' config
     file: this allows the display of the certificate about to be
     signed to be customised, to allow certain fields to be included
     or excluded and extension details. The old system didn't display
     multicharacter strings properly, omitted fields not in the policy
     and couldn't display additional details such as extensions.
     [Steve Henson]

  *) Fix memory leaks in err.c: free err_data string if necessary;
     don't write to the wrong index in ERR_set_error_data.
Bodo Möller's avatar
Bodo Möller committed
     [Bodo Moeller]

  +) Function EC_POINTs_mul for simultaneous scalar multiplication
     of an arbitrary number of elliptic curve points, optionally
     including the generator defined for the EC_GROUP.
     EC_POINT_mul is a simple wrapper function for the typical case
     that the point list has just one item (besides the optional
     generator).
  +) First EC_METHODs for curves over GF(p):

     EC_GFp_simple_method() uses the basic BN_mod_mul and BN_mod_sqr
     operations and provides various method functions that can also
     operate with faster implementations of modular arithmetic.     

     EC_GFp_mont_method() reuses most functions that are part of
     EC_GFp_simple_method, but uses Montgomery arithmetic.

     [Bodo Moeller; point addition and point doubling
     implementation directly derived from source code provided by
     Lenka Fibikova <fibikova@exp-math.uni-essen.de>]

  +) Framework for elliptic curves (crypto/ec/ec.h, crypto/ec/ec_lcl.h,
     Curves are EC_GROUP objects (with an optional group generator)
     based on EC_METHODs that are built into the library.

     Points are EC_POINT objects based on EC_GROUP objects.

     Most of the framework would be able to handle curves over arbitrary
     finite fields, but as there are no obvious types for fields other
     than GF(p), some functions are limited to that for now.
  +) Add the -HTTP option to s_server.  It is similar to -WWW, but requires
     that the file contains a complete HTTP response.
     [Richard Levitte]

  +) Add the ec directory to mkdef.pl and mkfiles.pl. In mkdef.pl
Dr. Stephen Henson's avatar
 
Dr. Stephen Henson committed
     change the def and num file printf format specifier from "%-40sXXX"
     to "%-39s XXX". The latter will always guarantee a space after the
     field while the former will cause them to run together if the field
     is 40 of more characters long.
     [Steve Henson]

  +) Constify the cipher and digest 'method' functions and structures
Dr. Stephen Henson's avatar
 
Dr. Stephen Henson committed
     and modify related functions to take constant EVP_MD and EVP_CIPHER
     pointers.
     [Steve Henson]

Bodo Möller's avatar
Bodo Möller committed
  *) Implement ssl23_peek (analogous to ssl23_read), which previously
     did not exist.
     [Bodo Moeller]

  *) Replace rdtsc with _emit statements for VC++ version 5.
     [Jeremy Cooper <jeremy@baymoo.org>]
  +) Hide BN_CTX structure details in bn_lcl.h instead of publishing them
     in <openssl/bn.h>.  Also further increase BN_CTX_NUM to 32.
     [Bodo Moeller]

  +) Modify EVP_Digest*() routines so they now return values. Although the
Dr. Stephen Henson's avatar
 
Dr. Stephen Henson committed
     internal software routines can never fail additional hardware versions
     might.
     [Steve Henson]

  +) Clean up crypto/err/err.h and change some error codes to avoid conflicts:
Bodo Möller's avatar
Bodo Möller committed

     Previously ERR_R_FATAL was too small and coincided with ERR_LIB_PKCS7
     (= ERR_R_PKCS7_LIB); it is now 64 instead of 32.

     ASN1 error codes
          ERR_R_NESTED_ASN1_ERROR
          ...
          ERR_R_MISSING_ASN1_EOS
     were 4 .. 9, conflicting with
          ERR_LIB_RSA (= ERR_R_RSA_LIB)
          ...
          ERR_LIB_PEM (= ERR_R_PEM_LIB).
     They are now 58 .. 63 (i.e., just below ERR_R_FATAL).

     Add new error code 'ERR_R_INTERNAL_ERROR'.
     [Bodo Moeller]
Loading full blame...