Skip to content
CHANGES 164 KiB
Newer Older
 OpenSSL CHANGES
 Changes between 0.9.6 and 0.9.7  [xx XXX 2000]

Bodo Möller's avatar
Bodo Möller committed
  *) Add functionality to apps/openssl.c for detecting locking
     problems: As the program is single-threaded, all we have
     to do is register a locking callback using an array for
     storing which locks are currently held by the program.

     Fix a deadlock in CRYPTO_mem_leaks() that was detected in
     apps/openssl.c.
     [Bodo Moeller]

  *) Use a lock around the call to CRYPTO_get_ex_new_index() in
     SSL_get_ex_data_X509_STORE_idx(), which is used in
     ssl_verify_cert_chain() and thus can be called at any time
     during TLS/SSL handshakes so that thread-safety is essential.
     Unfortunately, the ex_data design is not at all suited
     for multi-threaded use, so it probably should be abolished.
     [Bodo Moeller]

  *) Added Broadcom "ubsec" ENGINE to OpenSSL.
     [Broadcom, tweaked and integrated by Geoff Thorpe]

  *) Move common extension printing code to new function
     X509V3_print_extensions(). Reorganise OCSP print routines and
     implement some needed OCSP ASN1 functions. Add OCSP extensions.
  *) New function X509_signature_print() to remove duplication in some
     print routines.
     [Steve Henson]

  *) Add a special meaning when SET OF and SEQUENCE OF flags are both
     set (this was treated exactly the same as SET OF previously). This
     is used to reorder the STACK representing the structure to match the
     encoding. This will be used to get round a problem where a PKCS7
     structure which was signed could not be verified because the STACK
     order did not reflect the encoded order.
     [Steve Henson]

  *) Reimplement the OCSP ASN1 module using the new code.
     [Steve Henson]

Dr. Stephen Henson's avatar
 
Dr. Stephen Henson committed
  *) Update the X509V3 code to permit the use of an ASN1_ITEM structure
     for its ASN1 operations. The old style function pointers still exist
     for now but they will eventually go away.
     [Steve Henson]

Dr. Stephen Henson's avatar
 
Dr. Stephen Henson committed
  *) Merge in replacement ASN1 code from the ASN1 branch. This almost
     completely replaces the old ASN1 functionality.
     [Steve Henson]

  *) Change BN_mod_exp_recp so that negative moduli are tolerated
     (the sign is ignored).  Similarly, ignore the sign in BN_MONT_CTX_set
     so that BN_mod_exp_mont and BN_mod_exp_mont_word work
     for negative moduli.
     [Bodo Moeller]

  *) Fix BN_uadd and BN_usub: Always return non-negative results instead
     of not touching the result's sign bit.
     [Bodo Moeller]

  *) BN_div bugfix: If the result is 0, the sign (res->neg) must not be
     set.
     [Bodo Moeller]

  *) Changed the LHASH code to use prototypes for callbacks, and created
     macros to declare and implement thin (optionally static) functions
     that provide type-safety and avoid function pointer casting for the
     type-specific callbacks.
     [Geoff Thorpe]

Ulf Möller's avatar
Ulf Möller committed
  *) Use better test patterns in bntest.
     [Ulf Möller]

Bodo Möller's avatar
Bodo Möller committed
  *) Added Kerberos Cipher Suites to be used with TLS, as written in
     RFC 2712.
     [Veers Staats <staatsvr@asc.hpc.mil>,
Ulf Möller's avatar
Ulf Möller committed
      Jeffrey Altman <jaltman@columbia.edu>, via Richard Levitte]
Ulf Möller's avatar
Ulf Möller committed
  *) rand_win.c fix for Borland C.
     [Ulf Möller]
 
  *) BN_rshift bugfix for n == 0.
     [Bodo Moeller]

  *) Reformat the FAQ so the different questions and answers can be divided
Ulf Möller's avatar
Ulf Möller committed
     in sections depending on the subject.
  *) Have the zlib compression code load ZLIB.DLL dynamically under
     Windows.
     [Richard Levitte]

Bodo Möller's avatar
Bodo Möller committed
  *) New function BN_mod_sqrt for computing square roots modulo a prime
     (using the probabilistic Tonelli-Shanks algorithm unless
     p == 3 (mod 4)  or  p == 5 (mod 8),  which are cases that can
     be handled deterministically).
Bodo Möller's avatar
Bodo Möller committed
     [Lenka Fibikova <fibikova@exp-math.uni-essen.de>, Bodo Moeller]

  *) Store verify_result within SSL_SESSION also for client side to
     avoid potential security hole. (Re-used sessions on the client side
     always resulted in verify_result==X509_V_OK, not using the original
     result of the server certificate verification.)
     [Lutz Jaenicke]

  *) Make BN_mod_inverse faster by explicitly handling small quotients
     in the Euclid loop. (Speed gain about 20% for small moduli [256 or
     512 bits], about 30% for larger ones [1024 or 2048 bits].)
     [Bodo Moeller]

  *) Disable ssl2_peek and ssl3_peek (i.e., both implementations
     of SSL_peek) because they both are completely broken.
     For fixing this, the internal read functions now have an additional
     'peek' parameter, but the actual peek functionality has not
     yet been implemented.
Bodo Möller's avatar
Bodo Möller committed
  *) New function BN_kronecker.
     [Bodo Moeller]

  *) Fix BN_gcd so that it works on negative inputs; the result is
     positive unless both parameters are zero.
     Previously something reasonably close to an infinite loop was
     possible because numbers could be growing instead of shrinking
     in the implementation of Euclid's algorithm.
     [Bodo Moeller]

  *) Fix BN_is_word() and BN_is_one() macros to take into account the
     sign of the number in question.

     Fix BN_is_word(a,w) to work correctly for w == 0.

     The old BN_is_word(a,w) macro is now called BN_abs_is_word(a,w)
     because its test if the absolute value of 'a' equals 'w'.
     Note that BN_abs_is_word does *not* handle w == 0 reliably;
     it exists mostly for use in the implementations of BN_is_zero(),
     BN_is_one(), and BN_is_word().
     [Bodo Moeller]

  *) Initialise "ex_data" member of RSA/DSA/DH structures prior to calling
     the method-specific "init()" handler. Also clean up ex_data after
     calling the method-specific "finish()" handler. Previously, this was
     happening the other way round.
Bodo Möller's avatar
Bodo Möller committed
  *) New function BN_swap.
     [Bodo Moeller]

  *) Use BN_nnmod instead of BN_mod in crypto/bn/bn_exp.c so that
     the exponentiation functions are more likely to produce reasonable
     results on negative inputs.
     [Bodo Moeller]

  *) Change BN_mod_mul so that the result is always non-negative.
     Previously, it could be negative if one of the factors was negative;
     I don't think anyone really wanted that behaviour.
     [Bodo Moeller]

  *) Move BN_mod_... functions into new file crypto/bn/bn_mod.c
Ulf Möller's avatar
Ulf Möller committed
     (except for exponentiation, which stays in crypto/bn/bn_exp.c,
Bodo Möller's avatar
Bodo Möller committed
     and BN_mod_mul_reciprocal, which stays in crypto/bn/bn_recp.c)
     and add new functions:
Bodo Möller's avatar
Bodo Möller committed
          BN_nnmod
          BN_mod_sqr
          BN_mod_add
Bodo Möller's avatar
Bodo Möller committed
          BN_mod_add_quick
Bodo Möller's avatar
Bodo Möller committed
          BN_mod_sub
Bodo Möller's avatar
Bodo Möller committed
          BN_mod_sub_quick
          BN_mod_lshift1
          BN_mod_lshift1_quick
          BN_mod_lshift
          BN_mod_lshift_quick

Bodo Möller's avatar
Bodo Möller committed
     These functions always generate non-negative results.
Bodo Möller's avatar
Bodo Möller committed
     BN_nnmod otherwise is like BN_mod (if BN_mod computes a remainder  r
     such that  |m| < r < 0,  BN_nnmod will output  rem + |m|  instead).
Bodo Möller's avatar
Bodo Möller committed

     BN_mod_XXX_quick(r, a, [b,] m) generates the same result as
     BN_mod_XXX(r, a, [b,] m, ctx), but requires that  a  [and  b]
     be reduced modulo  m.
Bodo Möller's avatar
Bodo Möller committed
     [Lenka Fibikova <fibikova@exp-math.uni-essen.de>, Bodo Moeller]

  *) Remove a few calls to bn_wexpand() in BN_sqr() (the one in there
     was actually never needed) and in BN_mul().  The removal in BN_mul()
     required a small change in bn_mul_part_recursive() and the addition
Ulf Möller's avatar
Ulf Möller committed
     of the functions bn_cmp_part_words(), bn_sub_part_words() and
     bn_add_part_words(), which do the same thing as bn_cmp_words(),
     bn_sub_words() and bn_add_words() except they take arrays with
     differing sizes.
     [Richard Levitte]

  *) In 'openssl passwd', verify passwords read from the terminal
     unless the '-salt' option is used (which usually means that
     verification would just waste user's time since the resulting
     hash is going to be compared with some given password hash)
Loading full blame...