OpenSSL CHANGES
_______________
- Changes between 0.9.5a and 0.9.6 [xx XXX 2000]
+ Changes between 0.9.6 and 0.9.7 [xx XXX 2000]
- *) Remove lots of duplicated code from the EVP library. For example *every*
- cipher init() function handles the 'iv' in the same way according to the
- cipher mode. They also all do nothing if the 'key' parameter is NULL and
- for CFB and OFB modes they zero ctx->num.
+ *) Add the following functions:
- Most of the routines have the same form and so can be declared in terms
- of macros.
+ ENGINE_load_cswift()
+ ENGINE_load_chil()
+ ENGINE_load_atalla()
+ ENGINE_load_nuron()
+ ENGINE_load_builtin_engines()
- By shifting this to the top level EVP_CipherInit() it can be removed from
- all individual ciphers. If the cipher wants to handle IVs or keys
- differently it can set the EVP_CIPH_CUSTOM_IV or EVP_CIPH_ALWAYS_CALL_INIT
- flags.
+ That way, an application can itself choose if external engines that
+ are built-in in OpenSSL shall ever be used or not. The benefit is
+ that applications won't have to be linked with libdl or other dso
+ libraries unless it's really needed.
+
+ Changed 'openssl engine' to load all engines on demand.
+ Changed the engine header files to avoid the duplication of some
+ declarations (they differed!).
+ [Richard Levitte]
+
+ *) 'openssl engine' can now list capabilities.
+ [Richard Levitte]
+
+ *) Better error reporting in 'openssl engine'.
+ [Richard Levitte]
+
+ *) Never call load_dh_param(NULL) in s_server.
+ [Bodo Moeller]
+
+ *) Add engine application. It can currently list engines by name and
+ identity, and test if they are actually available.
+ [Richard Levitte]
+
+ *) Add support for shared libraries under Irix.
+ [Albert Chin-A-Young <china@thewrittenword.com>]
+
+ *) Improve RPM specification file by forcing symbolic linking and making
+ sure the installed documentation is also owned by root.root.
+ [Damien Miller <djm@mindrot.org>]
+
+ *) Add configuration option to build on Linux on both big-endian and
+ little-endian MIPS.
+ [Ralf Baechle <ralf@uni-koblenz.de>]
+
+ *) Give the OpenSSL applications more possibilities to make use of
+ keys (public as well as private) handled by engines.
+ [Richard Levitte]
+
+ *) Add OCSP code that comes from CertCo.
+ [Richard Levitte]
+
+ *) Add VMS support for the Rijndael code.
+ [Richard Levitte]
+
+ *) Added untested support for Nuron crypto accelerator.
+ [Ben Laurie]
+
+ *) Add support for external cryptographic devices. This code was
+ previously distributed separately as the "engine" branch.
+ [Geoff Thorpe, Richard Levitte]
+
+ *) Rework the filename-translation in the DSO code. It is now possible to
+ have far greater control over how a "name" is turned into a filename
+ depending on the operating environment and any oddities about the
+ different shared library filenames on each system.
+ [Geoff Thorpe]
+
+ *) Support threads on FreeBSD-elf in Configure.
+ [Richard Levitte]
+
+ *) Add the possibility to create shared libraries on HP-UX
+ [Richard Levitte]
+
+ *) Fix for SHA1 assembly problem with MASM: it produces
+ warnings about corrupt line number information when assembling
+ with debugging information. This is caused by the overlapping
+ of two sections.
+ [Bernd Matthes <mainbug@celocom.de>, Steve Henson]
+
+ *) NCONF changes.
+ NCONF_get_number() has no error checking at all. As a replacement,
+ NCONF_get_number_e() is defined (_e for "error checking") and is
+ promoted strongly. The old NCONF_get_number is kept around for
+ binary backward compatibility.
+ Make it possible for methods to load from something other than a BIO,
+ by providing a function pointer that is given a name instead of a BIO.
+ For example, this could be used to load configuration data from an
+ LDAP server.
+ [Richard Levitte]
+
+ *) Fix typo in get_cert_by_subject() in by_dir.c
+ [Jean-Marc Desperrier <jean-marc.desperrier@certplus.com>]
+
+ *) Rework the system to generate shared libraries:
+
+ - Make note of the expected extension for the shared libraries and
+ if there is a need for symbolic links from for example libcrypto.so.0
+ to libcrypto.so.0.9.7. There is extended info in Configure for
+ that.
+
+ - Make as few rebuilds of the shared libraries as possible.
+
+ - Still avoid linking the OpenSSL programs with the shared libraries.
+
+ - When installing, install the shared libraries separately from the
+ static ones.
+ [Richard Levitte]
+
+ *) Fix for non blocking accept BIOs. Added new I/O special reason
+ BIO_RR_ACCEPT to cover this case. Previously use of accept BIOs
+ with non blocking I/O was not possible because no retry code was
+ implemented. Also added new SSL code SSL_WANT_ACCEPT to cover
+ this case.
[Steve Henson]
+ *) Added the beginnings of Rijndael support.
+ [Ben Laurie]
+
+ *) Fix for bug in DirectoryString mask setting. Add support for
+ X509_NAME_print_ex() in 'req' and X509_print_ex() function
+ to allow certificate printing to more controllable, additional
+ 'certopt' option to 'x509' to allow new printing options to be
+ set.
+ [Steve Henson]
+
+ *) Clean old EAY MD5 hack from e_os.h.
+ [Richard Levitte]
+
+ *) Fix SSL_CTX_set_read_ahead macro to actually use its argument.
+
+ Copy SSL_CTX's read_ahead flag to SSL object directly in SSL_new
+ and not in SSL_clear because the latter is also used by the
+ accept/connect functions; previously, the settings made by
+ SSL_set_read_ahead would be lost during the handshake.
+ [Bodo Moeller; problems reported by Anders Gertz <gertz@epact.se>]
+
+ *) Correct util/mkdef.pl to be selective about disabled algorithms.
+ Previously, it would create entries for disableed algorithms no
+ matter what.
+ [Richard Levitte]
+
+ Changes between 0.9.5a and 0.9.6 [24 Sep 2000]
+
+ *) In ssl23_get_client_hello, generate an error message when faced
+ with an initial SSL 3.0/TLS record that is too small to contain the
+ first two bytes of the ClientHello message, i.e. client_version.
+ (Note that this is a pathologic case that probably has never happened
+ in real life.) The previous approach was to use the version number
+ from the record header as a substitute; but our protocol choice
+ should not depend on that one because it is not authenticated
+ by the Finished messages.
+ [Bodo Moeller]
+
+ *) More robust randomness gathering functions for Windows.
+ [Jeffrey Altman <jaltman@columbia.edu>]
+
+ *) For compatibility reasons if the flag X509_V_FLAG_ISSUER_CHECK is
+ not set then we don't setup the error code for issuer check errors
+ to avoid possibly overwriting other errors which the callback does
+ handle. If an application does set the flag then we assume it knows
+ what it is doing and can handle the new informational codes
+ appropriately.
+ [Steve Henson]
+
+ *) Fix for a nasty bug in ASN1_TYPE handling. ASN1_TYPE is used for
+ a general "ANY" type, as such it should be able to decode anything
+ including tagged types. However it didn't check the class so it would
+ wrongly interpret tagged types in the same way as their universal
+ counterpart and unknown types were just rejected. Changed so that the
+ tagged and unknown types are handled in the same way as a SEQUENCE:
+ that is the encoding is stored intact. There is also a new type
+ "V_ASN1_OTHER" which is used when the class is not universal, in this
+ case we have no idea what the actual type is so we just lump them all
+ together.
+ [Steve Henson]
+
+ *) On VMS, stdout may very well lead to a file that is written to
+ in a record-oriented fashion. That means that every write() will
+ write a separate record, which will be read separately by the
+ programs trying to read from it. This can be very confusing.
+
+ The solution is to put a BIO filter in the way that will buffer
+ text until a linefeed is reached, and then write everything a
+ line at a time, so every record written will be an actual line,
+ not chunks of lines and not (usually doesn't happen, but I've
+ seen it once) several lines in one record. BIO_f_linebuffer() is
+ the answer.
+
+ Currently, it's a VMS-only method, because that's where it has
+ been tested well enough.
+ [Richard Levitte]
+
+ *) Remove 'optimized' squaring variant in BN_mod_mul_montgomery,
+ it can return incorrect results.
+ (Note: The buggy variant was not enabled in OpenSSL 0.9.5a,
+ but it was in 0.9.6-beta[12].)
+ [Bodo Moeller]
+
+ *) Disable the check for content being present when verifying detached
+ signatures in pk7_smime.c. Some versions of Netscape (wrongly)
+ include zero length content when signing messages.
+ [Steve Henson]
+
+ *) New BIO_shutdown_wr macro, which invokes the BIO_C_SHUTDOWN_WR
+ BIO_ctrl (for BIO pairs).
+ [Bodo Möller]
+
+ *) Add DSO method for VMS.
+ [Richard Levitte]
+
+ *) Bug fix: Montgomery multiplication could produce results with the
+ wrong sign.
+ [Ulf Möller]
+
+ *) Add RPM specification openssl.spec and modify it to build three
+ packages. The default package contains applications, application
+ documentation and run-time libraries. The devel package contains
+ include files, static libraries and function documentation. The
+ doc package contains the contents of the doc directory. The original
+ openssl.spec was provided by Damien Miller <djm@mindrot.org>.
+ [Richard Levitte]
+
+ *) Add a large number of documentation files for many SSL routines.
+ [Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>]
+
+ *) Add a configuration entry for Sony News 4.
+ [NAKAJI Hiroyuki <nakaji@tutrp.tut.ac.jp>]
+
+ *) Don't set the two most significant bits to one when generating a
+ random number < q in the DSA library.
+ [Ulf Möller]
+
+ *) New SSL API mode 'SSL_MODE_AUTO_RETRY'. This disables the default
+ behaviour that SSL_read may result in SSL_ERROR_WANT_READ (even if
+ the underlying transport is blocking) if a handshake took place.
+ (The default behaviour is needed by applications such as s_client
+ and s_server that use select() to determine when to use SSL_read;
+ but for applications that know in advance when to expect data, it
+ just makes things more complicated.)
+ [Bodo Moeller]
+
+ *) Add RAND_egd_bytes(), which gives control over the number of bytes read
+ from EGD.
+ [Ben Laurie]
+
+ *) Add a few more EBCDIC conditionals that make `req' and `x509'
+ work better on such systems.
+ [Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>]
+
+ *) Add two demo programs for PKCS12_parse() and PKCS12_create().
+ Update PKCS12_parse() so it copies the friendlyName and the
+ keyid to the certificates aux info.
+ [Steve Henson]
+
+ *) Fix bug in PKCS7_verify() which caused an infinite loop
+ if there was more than one signature.
+ [Sven Uszpelkat <su@celocom.de>]
+
+ *) Major change in util/mkdef.pl to include extra information
+ about each symbol, as well as presentig variables as well
+ as functions. This change means that there's n more need
+ to rebuild the .num files when some algorithms are excluded.
+ [Richard Levitte]
+
+ *) Allow the verify time to be set by an application,
+ rather than always using the current time.
+ [Steve Henson]
+
+ *) Phase 2 verify code reorganisation. The certificate
+ verify code now looks up an issuer certificate by a
+ number of criteria: subject name, authority key id
+ and key usage. It also verifies self signed certificates
+ by the same criteria. The main comparison function is
+ X509_check_issued() which performs these checks.
+
+ Lot of changes were necessary in order to support this
+ without completely rewriting the lookup code.
+
+ Authority and subject key identifier are now cached.
+
+ The LHASH 'certs' is X509_STORE has now been replaced
+ by a STACK_OF(X509_OBJECT). This is mainly because an
+ LHASH can't store or retrieve multiple objects with
+ the same hash value.
+
+ As a result various functions (which were all internal
+ use only) have changed to handle the new X509_STORE
+ structure. This will break anything that messed round
+ with X509_STORE internally.
+
+ The functions X509_STORE_add_cert() now checks for an
+ exact match, rather than just subject name.
+
+ The X509_STORE API doesn't directly support the retrieval
+ of multiple certificates matching a given criteria, however
+ this can be worked round by performing a lookup first
+ (which will fill the cache with candidate certificates)
+ and then examining the cache for matches. This is probably
+ the best we can do without throwing out X509_LOOKUP
+ entirely (maybe later...).
+
+ The X509_VERIFY_CTX structure has been enhanced considerably.
+
+ All certificate lookup operations now go via a get_issuer()
+ callback. Although this currently uses an X509_STORE it
+ can be replaced by custom lookups. This is a simple way
+ to bypass the X509_STORE hackery necessary to make this
+ work and makes it possible to use more efficient techniques
+ in future. A very simple version which uses a simple
+ STACK for its trusted certificate store is also provided
+ using X509_STORE_CTX_trusted_stack().
+
+ The verify_cb() and verify() callbacks now have equivalents
+ in the X509_STORE_CTX structure.
+
+ X509_STORE_CTX also has a 'flags' field which can be used
+ to customise the verify behaviour.
+ [Steve Henson]
+
+ *) Add new PKCS#7 signing option PKCS7_NOSMIMECAP which
+ excludes S/MIME capabilities.
+ [Steve Henson]
+
+ *) When a certificate request is read in keep a copy of the
+ original encoding of the signed data and use it when outputing
+ again. Signatures then use the original encoding rather than
+ a decoded, encoded version which may cause problems if the
+ request is improperly encoded.
+ [Steve Henson]
+
+ *) For consistency with other BIO_puts implementations, call
+ buffer_write(b, ...) directly in buffer_puts instead of calling
+ BIO_write(b, ...).
+
+ In BIO_puts, increment b->num_write as in BIO_write.
+ [Peter.Sylvester@EdelWeb.fr]
+
+ *) Fix BN_mul_word for the case where the word is 0. (We have to use
+ BN_zero, we may not return a BIGNUM with an array consisting of
+ words set to zero.)
+ [Bodo Moeller]
+
+ *) Avoid calling abort() from within the library when problems are
+ detected, except if preprocessor symbols have been defined
+ (such as REF_CHECK, BN_DEBUG etc.).
+ [Bodo Moeller]
+
+ *) New openssl application 'rsautl'. This utility can be
+ used for low level RSA operations. DER public key
+ BIO/fp routines also added.
+ [Steve Henson]
+
+ *) New Configure entry and patches for compiling on QNX 4.
+ [Andreas Schneider <andreas@ds3.etech.fh-hamburg.de>]
+
+ *) A demo state-machine implementation was sponsored by
+ Nuron (http://www.nuron.com/) and is now available in
+ demos/state_machine.
+ [Ben Laurie]
+
+ *) New options added to the 'dgst' utility for signature
+ generation and verification.
+ [Steve Henson]
+
+ *) Unrecognized PKCS#7 content types are now handled via a
+ catch all ASN1_TYPE structure. This allows unsupported
+ types to be stored as a "blob" and an application can
+ encode and decode it manually.
+ [Steve Henson]
+
+ *) Fix various signed/unsigned issues to make a_strex.c
+ compile under VC++.
+ [Oscar Jacobsson <oscar.jacobsson@celocom.com>]
+
+ *) ASN1 fixes. i2d_ASN1_OBJECT was not returning the correct
+ length if passed a buffer. ASN1_INTEGER_to_BN failed
+ if passed a NULL BN and its argument was negative.
+ [Steve Henson, pointed out by Sven Heiberg <sven@tartu.cyber.ee>]
+
+ *) Modification to PKCS#7 encoding routines to output definite
+ length encoding. Since currently the whole structures are in
+ memory there's not real point in using indefinite length
+ constructed encoding. However if OpenSSL is compiled with
+ the flag PKCS7_INDEFINITE_ENCODING the old form is used.
+ [Steve Henson]
+
+ *) Added BIO_vprintf() and BIO_vsnprintf().
+ [Richard Levitte]
+
+ *) Added more prefixes to parse for in the the strings written
+ through a logging bio, to cover all the levels that are available
+ through syslog. The prefixes are now:
+
+ PANIC, EMERG, EMR => LOG_EMERG
+ ALERT, ALR => LOG_ALERT
+ CRIT, CRI => LOG_CRIT
+ ERROR, ERR => LOG_ERR
+ WARNING, WARN, WAR => LOG_WARNING
+ NOTICE, NOTE, NOT => LOG_NOTICE
+ INFO, INF => LOG_INFO
+ DEBUG, DBG => LOG_DEBUG
+
+ and as before, if none of those prefixes are present at the
+ beginning of the string, LOG_ERR is chosen.
+
+ On Win32, the LOG_* levels are mapped according to this:
+
+ LOG_EMERG, LOG_ALERT, LOG_CRIT, LOG_ERR => EVENTLOG_ERROR_TYPE
+ LOG_WARNING => EVENTLOG_WARNING_TYPE
+ LOG_NOTICE, LOG_INFO, LOG_DEBUG => EVENTLOG_INFORMATION_TYPE
+
+ [Richard Levitte]
+
+ *) Made it possible to reconfigure with just the configuration
+ argument "reconf" or "reconfigure". The command line arguments
+ are stored in Makefile.ssl in the variable CONFIGURE_ARGS,
+ and are retrieved from there when reconfiguring.
+ [Richard Levitte]
+
+ *) MD4 implemented.
+ [Assar Westerlund <assar@sics.se>, Richard Levitte]
+
+ *) Add the arguments -CAfile and -CApath to the pkcs12 utility.
+ [Richard Levitte]
+
+ *) The obj_dat.pl script was messing up the sorting of object
+ names. The reason was that it compared the quoted version
+ of strings as a result "OCSP" > "OCSP Signing" because
+ " > SPACE. Changed script to store unquoted versions of
+ names and add quotes on output. It was also omitting some
+ names from the lookup table if they were given a default
+ value (that is if SN is missing it is given the same
+ value as LN and vice versa), these are now added on the
+ grounds that if an object has a name we should be able to
+ look it up. Finally added warning output when duplicate
+ short or long names are found.
+ [Steve Henson]
+
+ *) Changes needed for Tandem NSK.
+ [Scott Uroff <scott@xypro.com>]
+
+ *) Fix SSL 2.0 rollback checking: Due to an off-by-one error in
+ RSA_padding_check_SSLv23(), special padding was never detected
+ and thus the SSL 3.0/TLS 1.0 countermeasure against protocol
+ version rollback attacks was not effective.
+
+ In s23_clnt.c, don't use special rollback-attack detection padding
+ (RSA_SSLV23_PADDING) if SSL 2.0 is the only protocol enabled in the
+ client; similarly, in s23_srvr.c, don't do the rollback check if
+ SSL 2.0 is the only protocol enabled in the server.
+ [Bodo Moeller]
+
+ *) Make it possible to get hexdumps of unprintable data with 'openssl
+ asn1parse'. By implication, the functions ASN1_parse_dump() and
+ BIO_dump_indent() are added.
+ [Richard Levitte]
+
+ *) New functions ASN1_STRING_print_ex() and X509_NAME_print_ex()
+ these print out strings and name structures based on various
+ flags including RFC2253 support and proper handling of
+ multibyte characters. Added options to the 'x509' utility
+ to allow the various flags to be set.
+ [Steve Henson]
+
+ *) Various fixes to use ASN1_TIME instead of ASN1_UTCTIME.
+ Also change the functions X509_cmp_current_time() and
+ X509_gmtime_adj() work with an ASN1_TIME structure,
+ this will enable certificates using GeneralizedTime in validity
+ dates to be checked.
+ [Steve Henson]
+
+ *) Make the NEG_PUBKEY_BUG code (which tolerates invalid
+ negative public key encodings) on by default,
+ NO_NEG_PUBKEY_BUG can be set to disable it.
+ [Steve Henson]
+
+ *) New function c2i_ASN1_OBJECT() which acts on ASN1_OBJECT
+ content octets. An i2c_ASN1_OBJECT is unnecessary because
+ the encoding can be trivially obtained from the structure.
+ [Steve Henson]
+
+ *) crypto/err.c locking bugfix: Use write locks (CRYPTO_w_[un]lock),
+ not read locks (CRYPTO_r_[un]lock).
+ [Bodo Moeller]
+
+ *) A first attempt at creating official support for shared
+ libraries through configuration. I've kept it so the
+ default is static libraries only, and the OpenSSL programs
+ are always statically linked for now, but there are
+ preparations for dynamic linking in place.
+ This has been tested on Linux and True64.
+ [Richard Levitte]
+
+ *) Randomness polling function for Win9x, as described in:
+ Peter Gutmann, Software Generation of Practically Strong
+ Random Numbers.
+ [Ulf Möller]
+
+ *) Fix so PRNG is seeded in req if using an already existing
+ DSA key.
+ [Steve Henson]
+
+ *) New options to smime application. -inform and -outform
+ allow alternative formats for the S/MIME message including
+ PEM and DER. The -content option allows the content to be
+ specified separately. This should allow things like Netscape
+ form signing output easier to verify.
+ [Steve Henson]
+
+ *) Fix the ASN1 encoding of tags using the 'long form'.
+ [Steve Henson]
+
+ *) New ASN1 functions, i2c_* and c2i_* for INTEGER and BIT
+ STRING types. These convert content octets to and from the
+ underlying type. The actual tag and length octets are
+ already assumed to have been read in and checked. These
+ are needed because all other string types have virtually
+ identical handling apart from the tag. By having versions
+ of the ASN1 functions that just operate on content octets
+ IMPLICIT tagging can be handled properly. It also allows
+ the ASN1_ENUMERATED code to be cut down because ASN1_ENUMERATED
+ and ASN1_INTEGER are identical apart from the tag.
+ [Steve Henson]
+
+ *) Change the handling of OID objects as follows:
+
+ - New object identifiers are inserted in objects.txt, following
+ the syntax given in objects.README.
+ - objects.pl is used to process obj_mac.num and create a new
+ obj_mac.h.
+ - obj_dat.pl is used to create a new obj_dat.h, using the data in
+ obj_mac.h.
+
+ This is currently kind of a hack, and the perl code in objects.pl
+ isn't very elegant, but it works as I intended. The simplest way
+ to check that it worked correctly is to look in obj_dat.h and
+ check the array nid_objs and make sure the objects haven't moved
+ around (this is important!). Additions are OK, as well as
+ consistent name changes.
+ [Richard Levitte]
+
+ *) Add BSD-style MD5-based passwords to 'openssl passwd' (option '-1').
+ [Bodo Moeller]
+
+ *) Addition of the command line parameter '-rand file' to 'openssl req'.
+ The given file adds to whatever has already been seeded into the
+ random pool through the RANDFILE configuration file option or
+ environment variable, or the default random state file.
+ [Richard Levitte]
+
+ *) mkstack.pl now sorts each macro group into lexical order.
+ Previously the output order depended on the order the files
+ appeared in the directory, resulting in needless rewriting
+ of safestack.h .
+ [Steve Henson]
+
+ *) Patches to make OpenSSL compile under Win32 again. Mostly
+ work arounds for the VC++ problem that it treats func() as
+ func(void). Also stripped out the parts of mkdef.pl that
+ added extra typesafe functions: these no longer exist.
+ [Steve Henson]
+
+ *) Reorganisation of the stack code. The macros are now all
+ collected in safestack.h . Each macro is defined in terms of
+ a "stack macro" of the form SKM_<name>(type, a, b). The
+ DEBUG_SAFESTACK is now handled in terms of function casts,
+ this has the advantage of retaining type safety without the
+ use of additional functions. If DEBUG_SAFESTACK is not defined
+ then the non typesafe macros are used instead. Also modified the
+ mkstack.pl script to handle the new form. Needs testing to see
+ if which (if any) compilers it chokes and maybe make DEBUG_SAFESTACK
+ the default if no major problems. Similar behaviour for ASN1_SET_OF
+ and PKCS12_STACK_OF.
+ [Steve Henson]
+
+ *) When some versions of IIS use the 'NET' form of private key the
+ key derivation algorithm is different. Normally MD5(password) is
+ used as a 128 bit RC4 key. In the modified case
+ MD5(MD5(password) + "SGCKEYSALT") is used insted. Added some
+ new functions i2d_RSA_NET(), d2i_RSA_NET() etc which are the same
+ as the old Netscape_RSA functions except they have an additional
+ 'sgckey' parameter which uses the modified algorithm. Also added
+ an -sgckey command line option to the rsa utility. Thanks to
+ Adrian Peck <bertie@ncipher.com> for posting details of the modified
+ algorithm to openssl-dev.
+ [Steve Henson]
+
+ *) The evp_local.h macros were using 'c.##kname' which resulted in
+ invalid expansion on some systems (SCO 5.0.5 for example).
+ Corrected to 'c.kname'.
+ [Phillip Porch <root@theporch.com>]
+
+ *) New X509_get1_email() and X509_REQ_get1_email() functions that return
+ a STACK of email addresses from a certificate or request, these look
+ in the subject name and the subject alternative name extensions and
+ omit any duplicate addresses.
+ [Steve Henson]
+
+ *) Re-implement BN_mod_exp2_mont using independent (and larger) windows.
+ This makes DSA verification about 2 % faster.
+ [Bodo Moeller]
+
+ *) Increase maximum window size in BN_mod_exp_... to 6 bits instead of 5
+ (meaning that now 2^5 values will be precomputed, which is only 4 KB
+ plus overhead for 1024 bit moduli).
+ This makes exponentiations about 0.5 % faster for 1024 bit
+ exponents (as measured by "openssl speed rsa2048").
+ [Bodo Moeller]
+
+ *) Rename memory handling macros to avoid conflicts with other
+ software:
+ Malloc => OPENSSL_malloc
+ Malloc_locked => OPENSSL_malloc_locked
+ Realloc => OPENSSL_realloc
+ Free => OPENSSL_free
+ [Richard Levitte]
+
+ *) New function BN_mod_exp_mont_word for small bases (roughly 15%
+ faster than BN_mod_exp_mont, i.e. 7% for a full DH exchange).
+ [Bodo Moeller]
+
+ *) CygWin32 support.
+ [John Jarvie <jjarvie@newsguy.com>]
+
+ *) The type-safe stack code has been rejigged. It is now only compiled
+ in when OpenSSL is configured with the DEBUG_SAFESTACK option and
+ by default all type-specific stack functions are "#define"d back to
+ standard stack functions. This results in more streamlined output
+ but retains the type-safety checking possibilities of the original
+ approach.
+ [Geoff Thorpe]
+
+ *) The STACK code has been cleaned up, and certain type declarations
+ that didn't make a lot of sense have been brought in line. This has
+ also involved a cleanup of sorts in safestack.h to more correctly
+ map type-safe stack functions onto their plain stack counterparts.
+ This work has also resulted in a variety of "const"ifications of
+ lots of the code, especially "_cmp" operations which should normally
+ be prototyped with "const" parameters anyway.
+ [Geoff Thorpe]
+
+ *) When generating bytes for the first time in md_rand.c, 'stir the pool'
+ by seeding with STATE_SIZE dummy bytes (with zero entropy count).
+ (The PRNG state consists of two parts, the large pool 'state' and 'md',
+ where all of 'md' is used each time the PRNG is used, but 'state'
+ is used only indexed by a cyclic counter. As entropy may not be
+ well distributed from the beginning, 'md' is important as a
+ chaining variable. However, the output function chains only half
+ of 'md', i.e. 80 bits. ssleay_rand_add, on the other hand, chains
+ all of 'md', and seeding with STATE_SIZE dummy bytes will result
+ in all of 'state' being rewritten, with the new values depending
+ on virtually all of 'md'. This overcomes the 80 bit limitation.)
+ [Bodo Moeller]
+
*) In ssl/s2_clnt.c and ssl/s3_clnt.c, call ERR_clear_error() when
the handshake is continued after ssl_verify_cert_chain();
otherwise, if SSL_VERIFY_NONE is set, remaining error codes
can lead to 'unexplainable' connection aborts later.
[Bodo Moeller; problem tracked down by Lutz Jaenicke]
- *) EVP cipher enhancement. Add hooks for extra EVP features. This will allow
- various cipher parameters to be set in the EVP interface. Initially
- support added for variable key length ciphers via the
- EVP_CIPHER_CTX_set_key_length() function. Other cipher specific
- parameters will be added later via the new catchall 'ctrl' function.
+ *) Major EVP API cipher revision.
+ Add hooks for extra EVP features. This allows various cipher
+ parameters to be set in the EVP interface. Support added for variable
+ key length ciphers via the EVP_CIPHER_CTX_set_key_length() function and
+ setting of RC2 and RC5 parameters.
+
+ Modify EVP_OpenInit() and EVP_SealInit() to cope with variable key length
+ ciphers.
+
+ Remove lots of duplicated code from the EVP library. For example *every*
+ cipher init() function handles the 'iv' in the same way according to the
+ cipher mode. They also all do nothing if the 'key' parameter is NULL and
+ for CFB and OFB modes they zero ctx->num.
+
New functionality allows removal of S/MIME code RC2 hack.
- Still needs support in other library functions, and allow parameter
- setting for algorithms like RC2, RC5.
+ Most of the routines have the same form and so can be declared in terms
+ of macros.
+
+ By shifting this to the top level EVP_CipherInit() it can be removed from
+ all individual ciphers. If the cipher wants to handle IVs or keys
+ differently it can set the EVP_CIPH_CUSTOM_IV or EVP_CIPH_ALWAYS_CALL_INIT
+ flags.
Change lots of functions like EVP_EncryptUpdate() to now return a
value: although software versions of the algorithms cannot fail