Skip to content
CHANGES 183 KiB
Newer Older
 OpenSSL CHANGES
 Changes between 0.9.6 and 0.9.7  [xx XXX 2000]
  *) New nonce behavior. The return value of OCSP_check_nonce() now 
     reflects the various checks performed. Applications can decide
     whether to tolerate certain situations such as an absent nonce
     in a response when one was present in a request: the ocsp application
     just prints out a warning. New function OCSP_add1_basic_nonce()
     this is to allow responders to include a nonce in a response even if
     the request is nonce-less.
     [Steve Henson]

  *) Use the cached encoding of an X509_NAME structure rather than
     copying it. This is apparently the reason for the libsafe "errors"
     but the code is actually correct.
     [Steve Henson]

  *) Disable stdin buffering in load_cert (apps/apps.c) so that no certs are
     skipped when using openssl x509 multiple times on a single input file,
     e.g. "(openssl x509 -out cert1; openssl x509 -out cert2) <certs".
     [Bodo Moeller]

Dr. Stephen Henson's avatar
 
Dr. Stephen Henson committed
  *) Make ASN1_UTCTIME_set_string() and ASN1_GENERALIZEDTIME_set_string()
     set string type: to handle setting ASN1_TIME structures. Fix ca
     utility to correctly initialize revocation date of CRLs.
     [Steve Henson]

  *) New option SSL_OP_CIPHER_SERVER_PREFERENCE allows the server to override
     the clients preferred ciphersuites and rather use its own preferences.
     Should help to work around M$ SGC (Server Gated Cryptography) bug in
     Internet Explorer by ensuring unchanged hash method during stepup.
     [Lutz Jaenicke]

  *) Make mkdef.pl recognise all DECLARE_ASN1 macros, change rijndael
     to aes and add a new 'exist' option to print out symbols that don't
     appear to exist.
     [Steve Henson]

  *) Additional options to ocsp utility to allow flags to be set and
     additional certificates supplied.
     [Steve Henson]

  *) Add the option -VAfile to 'openssl ocsp', so the user can give the
     OCSP client a number of certificate to only verify the response
     signature against.
     [Richard Levitte]

Ulf Möller's avatar
Ulf Möller committed
  *) Add new function BN_rand_range(), and fix DSA_sign_setup() to prevent
     Bleichenbacher's DSA attack.
     [Ulf Moeller, Bodo Moeller]
Dr. Stephen Henson's avatar
 
Dr. Stephen Henson committed
  *) Update Rijndael code to version 3.0 and change EVP AES ciphers to
     handle the new API. Currently only ECB, CBC modes supported. Add new
     AES OIDs. Add TLS AES ciphersuites as described in the "AES Ciphersuites
     for TLS" draft-ietf-tls-ciphersuite-03.txt.
     [Ben Laurie, Steve Henson]

  *) In the NCONF_...-based implementations for CONF_... queries
     (crypto/conf/conf_lib.c), if the input LHASH is NULL, avoid using
     a temporary CONF structure with the data component set to NULL
     (which gives segmentation faults in lh_retrieve).
     Instead, use NULL for the CONF pointer in CONF_get_string and
     CONF_get_number (which may use environment variables) and directly
     return NULL from CONF_get_section.
     [Bodo Moeller]

  *) Fix potential buffer overrun for EBCDIC.
     [Ulf Moeller]

  *) New function OCSP_copy_nonce() to copy nonce value (if present) from
     request to response.
     [Steve Henson]

Dr. Stephen Henson's avatar
 
Dr. Stephen Henson committed
  *) Functions for OCSP responders. OCSP_request_onereq_count(),
     OCSP_request_onereq_get0(), OCSP_onereq_get0_id() and OCSP_id_get0_info()
     extract information from a certificate request. OCSP_response_create()
     creates a response and optionally adds a basic response structure.
     OCSP_basic_add1_status() adds a complete single response to a basic
     reponse and returns the OCSP_SINGLERESP structure just added (to allow
     extensions to be included for example). OCSP_basic_add1_cert() adds a
     certificate to a basic response and OCSP_basic_sign() signs a basic
     response with various flags. New helper functions ASN1_TIME_check()
     (checks validity of ASN1_TIME structure) and ASN1_TIME_to_generalizedtime()
     (converts ASN1_TIME to GeneralizedTime).
     [Steve Henson]

  *) Various new functions. EVP_Digest() combines EVP_Digest{Init,Update,Final}()
     in a single operation. X509_get0_pubkey_bitstr() extracts the public_key
     structure from a certificate. X509_pubkey_digest() digests tha public_key
     contents: this is used in various key identifiers. 
     [Steve Henson]

  *) Tolerate nonRepudiation as being valid for S/MIME signing and certSign
     keyUsage if basicConstraints absent for a CA.
     [Steve Henson]

Richard Levitte's avatar
Richard Levitte committed
  *) Make SMIME_write_PKCS7() write mail header values with a format that
     is more generally accepted (no spaces before the semicolon), since
     some programs can't parse those values properly otherwise.  Also make
     sure BIO's that break lines after each write do not create invalid
     headers.
     [Richard Levitte]

  *) Make sk_sort() tolerate a NULL argument.
     [Steve Henson reported by Massimiliano Pala <madwolf@comune.modena.it>]

  *) New OCSP verify flag OCSP_TRUSTOTHER. When set the "other" certificates
     passed by the function are trusted implicitly. If any of them signed the
     reponse then it is assumed to be valid and is not verified.
     [Steve Henson]

  *) Zero the premaster secret after deriving the master secret in
     DH ciphersuites.
     [Steve Henson]

  *) In PKCS7_set_type() initialise content_type in PKCS7_ENC_CONTENT
     to data. This was previously part of the PKCS7 ASN1 code. This
     was causing problems with OpenSSL created PKCS#12 and PKCS#7 structures.
     [Steve Henson, reported by Kenneth R. Robinette
				<support@securenetterm.com>]

  *) Add CRYPTO_push_info() and CRYPTO_pop_info() calls to new ASN1
     routines: without these tracing memory leaks is very painful.
     Fix leaks in PKCS12 and PKCS7 routines.
     [Steve Henson]

  *) Fix for Irix with NO_ASM.
     ["Bruce W. Forsberg" <bruce.forsberg@baesystems.com>]

  *) Add some EVP_add_digest_alias registrations (as found in
     OpenSSL_add_all_digests()), to SSL_library_init()
     aka OpenSSL_add_ssl_algorithms().  This provides improved
     compatibility with peers using X.509 certificates
     with unconventional AlgorithmIdentifier OIDs.
     [Bodo Moeller]

  *) ./config script fixes.
     [Ulf Moeller, Richard Levitte]

  *) Make X509_time_adj() cope with the new behaviour of ASN1_TIME_new().
     Previously it initialised the 'type' argument to V_ASN1_UTCTIME which
     effectively meant GeneralizedTime would never be used. Now it
     is initialised to -1 but X509_time_adj() now has to check the value
     and use ASN1_TIME_set() if the value is not V_ASN1_UTCTIME or
     V_ASN1_GENERALIZEDTIME, without this it always uses GeneralizedTime.
     [Steve Henson, reported by Kenneth R. Robinette
				<support@securenetterm.com>]

  *) Fixes to BN_to_ASN1_INTEGER when bn is zero. This would previously
     result in a zero length in the ASN1_INTEGER structure which was
     not consistent with the structure when d2i_ASN1_INTEGER() was used
     and would cause ASN1_INTEGER_cmp() to fail. Enhance s2i_ASN1_INTEGER()
     to cope with hex and negative integers. Fix bug in i2a_ASN1_INTEGER()
     where it did not print out a minus for negative ASN1_INTEGER.
     [Steve Henson]

Bodo Möller's avatar
Bodo Möller committed
  *) Fix 'openssl passwd -1'.
     [Bodo Moeller]

  *) Add summary printout to ocsp utility. The various functions which
     convert status values to strings have been renamed to:
     OCSP_response_status_str(), OCSP_cert_status_str() and
     OCSP_crl_reason_str() and are no longer static. New options
     to verify nonce values and to disable verification. OCSP response
     printout format cleaned up.
     [Steve Henson]

  *) Add additional OCSP certificate checks. These are those specified
     in RFC2560. This consists of two separate checks: the CA of the
     certificate being checked must either be the OCSP signer certificate
     or the issuer of the OCSP signer certificate. In the latter case the
     OCSP signer certificate must contain the OCSP signing extended key
     usage. This check is performed by attempting to match the OCSP
     signer or the OCSP signer CA to the issuerNameHash and issuerKeyHash
     in the OCSP_CERTID structures of the response.
     [Steve Henson]

Dr. Stephen Henson's avatar
 
Dr. Stephen Henson committed
  *) Initial OCSP certificate verification added to OCSP_basic_verify()
     and related routines. This uses the standard OpenSSL certificate
     verify routines to perform initial checks (just CA validity) and
     to obtain the certificate chain. Then additional checks will be
     performed on the chain. Currently the root CA is checked to see
     if it is explicitly trusted for OCSP signing. This is used to set
     a root CA as a global signing root: that is any certificate that
     chains to that CA is an acceptable OCSP signing certificate.
     [Steve Henson]

  *) New '-extfile ...' option to 'openssl ca' for reading X.509v3
     extensions from a separate configuration file.
     As when reading extensions from the main configuration file,
     the '-extensions ...' option may be used for specifying the
     section to use.
     [Massimiliano Pala <madwolf@comune.modena.it>]

  *) Change PKCS12_key_gen_asc() so it can cope with non null
     terminated strings whose length is passed in the passlen
     parameter, for example from PEM callbacks. This was done
     by adding an extra length parameter to asc2uni().
Loading full blame...