source: trunk/Packages/synapse/README

Last change on this file was 5, checked in by chronos, 12 years ago
  • Added: Required packages.
File size: 35.7 KB
Line 
1Changes in 3.2.2 release
2========================
3
4The bignum code has been updated to the latest version, which is no less
5ghastly than before but somewhat faster, particularly on x86 systems.
6
7Changes in 3.2.1 release
8========================
9
10The zlib code has exhibited a number of security vulnerabilities, both in the
11rather dated 1998-vintage zlib 1.1.x code and the much newer zlib 1.2.x code.
12In order to avoid exposing cryptlib users to any new technology until it's
13proven itself in the field, cryptlib has stayed with the old zlib code base,
14which has avoided problems arising from the vulnerabilities found in the 1.2.x
15code. However, the 1.2.x code base does have a number of advantages over the
16old 1.1.4 code, including better compression, much faster compression and
17decompression, and significantly less memory consumption, particularly for
18decompression. Another potential problem with 1.1.4 is that there may be as
19yet undiscovered problems in it that no-one's found yet because they're
20concentrating on the newer 1.2.x instead.
21
22Because zlib 1.2.x includes a significant rewrite of a fair portion of the
23code, it's not possible to simply switch from one version of zlib to the other
24at the flip of a compiler switch. Based on user feedback, the preferred
25behaviour is to have cryptlib move from the old 1.1.x to the current 1.2.x
26code base, so cryptlib 3.2.1 uses zlib 1.2.3 (those values are pure
27coincidence). Users concerned about security issues should disable the
28compression code (undefine USE_COMPRESSION in cryptini.h) unless it's actually
29required.
30
31Support of autoproxy configuration (under operating systems that implement
32automatic network proxy discovery) has been added. This includes support for
33SOCKS-style HTTP proxies as well as the originally implemented HTTP-
34application-gateway HTTP proxies.
35
36Several minor portability issues in 3.2 have been fixed, among other things a
37workaround for a problem in gcc 4.0 that prevented the code from compiling.
38
39Changes in 3.2 release
40======================
41
42The version that would have been released as 3.11 has been released as 3.2 to
43avoid version-numbering confusion. Future releases will use a three-digit
44numbering scheme x.y.z, where each of x, y, and z will constitute a single
45digit, to avoid confusion over whether the '11' in '3.11' is 11 or 0.11.
46
47The network timeout handling has been split into distinct read and write
48timeouts to allow more flexible configuration of network data handling,
49typically very small read timeouts to ensure that cryptlib never blocks while
50waiting for data, and slightly larger write timeouts to ensure that all data
51is completely written when requested.
52
53Client authentication for sessions that support this (only the secure data
54sessions, SSH and SSL/TLS, use client authentication) has been changed
55slightly. In previous releases, cryptlib would always allow the client's
56authentication and complete the handshake, leaving it to the caller to shut
57down the session later on if there was a problem. As of this release, server
58sessions will return a CRYPT_ENVELOPE_RESOURCE in the same way that envelopes
59do when you activate them, to indicate that you need to provide further
60information in order to continue. If you receive this status when you try to
61activate a server session, you can read the user details via the
62CRYPT_SESSINFO_USERNAME and CRYPT_SESSINFO_PASSWORD attributes, and either
63comfirm the authentication by setting the CRYPT_SESSINFO_AUTHRESPONSE to true
64or deny it by setting it to false. You then re-activate the session, and
65cryptlib will complete the handshake. This allows you to check the
66authentication details before allowing the handshake to continue. If you'd
67prefer the previous behaviour, just set CRYPT_SESSINFO_AUTHRESPONSE to true
68before you activate the session and cryptlib will handle confirmation of
69authentication itself.
70
71Because the handshake is now controlled by the server rather than the client
72(that is, cryptlib won't sit in a loop reading all data from the client, but
73will return to the caller to await further input), it's possible that the
74client will send further session-control information after the handshake has
75completed. To respond to any additional information that the client may send,
76your server should try and pop client data before it sends any of its own
77data. If the server sends its data first, the client may interpret the
78server's data as an (invalid) response to a request that it has in progress.
79The manual contains more details on the new client authentication and server
80data handling process.
81
82Starting with releases after 3.2, the attribute cursor manipulation functions
83will be unified so that they work identically for all container objects that
84maintain lists of attributes (most of this interface is already available in
853.2 for forwards-compatibility reasons). This means that the three attribute-
86list mechanisms CRYPT_CERTINFO_CURRENT_EXTENSION,
87CRYPT_CERTINFO_CURRENT_FIELD, and CRYPT_CERTINFO_CURRENT_COMPONENT (for
88certificates), CRYPT_ATTRIBUTE_CURRENT_GROUP (formerly
89CRYPT_ENVINFO_CURRENT_COMPONENT) for envelopes, and the future
90CRYPT_ATTRIBUTE_CURRENT_GROUP for session objects will be folded into the
91single mechanism CRYPT_ATTRIBUTE_CURRENT_GROUP, CRYPT_ATTRIBUTE_CURRENT, and
92CRYPT_ATTRIBUTE_CURRENT_INSTANCE. This provides both a unified, consistent
93interface across the different object types and allows envelope and session
94attributes to be handled in the same way as certificates currently are. For
95example under the older cryptlib 3.1 behaviour envelope signatures were
96implicitly selected by reading the signature attribute, which changed the
97current selection of the signature result and extra signature information
98attributes. From releases after this one envelope signature attributes are
99grouped by signature, so selecting the first signature explicitly selects the
100associated signature key, signature result, and extra signature information
101attributes, selecting the second signature explicitly selects the associated
102information for that, and so on. In addition reading this information under
1033.1 and earlier was something of a hunt-and-peck approach that required
104reading each possible attribute in turn to see whether it was present. The
105attribute cursor interface allows each present attribute to be enumerated
106using the attribute cursor, with cryptlib doing the work of sorting out what's
107present and what isn't. Finally, cryptlib 3.2 allows more session attributes
108to be accessed by the caller, which requires the use of attribute cursors
109since many of them are composite values or multi-valued attributes.
110
111As part of this unification of mechanisms, the CRYPT_ENVINFO_CURRENT_COMPONENT
112attribute has been renamed CRYPT_ATTRIBUTE_CURRENT_GROUP for compatibility
113with future cryptlib releases. For certificates, cryptlib 3.11 supports both
114the legacy CRYPT_CERTINFO_CURRENT_xxx attributes and the new
115CRYPT_ATTRIBUTE_CURRENT_xxx ones, so you can either keep using the
116certificate-specific cursor attributes for now or move to the universal cursor
117attributes for compatibility with future versions. All that's necessary to
118upgrade is a search and replace in your code to rename the attributes. More
119information on the unified attribute cursor mechanism is given in the
120Introduction section of the manual.
121
122The various situation-specific SSH attributes like
123CRYPT_SESSINFO_SSH_SUBSYSTEM and CRYPT_SESSINFO_SSH_PORTFORWARD have been
124replaced with more generic forms for compatibility with future cryptlib
125versions, which allow more complete control over SSH channel types and
126parameters. See the manual for details on creating and controlling SSH
127channels using the new attributes.
128
129The SHA-2 algorithm is now enabled by default (previously it had to be
130explicitly enabled via a compile-time option). Note that this algorithm isn't
131supported by most software and standards, so using it in anything other than
132closed environments will lead to interoperability problems. If you want to
133use SHA-2, you should test it against any other software that you need to
134interoperate with to ensure that it can handle this algorithm.
135
136The Unix randomness slow poll now has an early-out mechanism that avoids the
137full heavyweight slow poll if sufficient entropy is available without it.
138This typically occurs on systems with both built-in randomness sources and
139either a kernel statistics interface or an advanced /proc interface, which
140provide the same data as the full slow poll at a fraction of the overhead.
141
142Changes in 3.11 beta 1
143======================
144
145As noted in the 3.1 release notes, releases after 3.1 update the cryptlib 2.x
146legacy functions cryptImport/ExportKey(Ex), cryptCreate/CheckSignature(Ex),
147and cryptQueryObject to take a length parameter as their second argument.
148These functions never took a length parameter in their original form because
149they dealt with encoded signature/key exchange data, for which it's always
150possible to determine the length by parsing it. However, this makes checking
151of user-supplied parameters difficult - cryptlib always knows how much output
152it'll produce, but it can't be sure that the user wants (or expects) that much
153output, particularly if they've forgotten to perform a length check before
154exporting a key or creating a signature. In order to avoid this problem,
155releases after 3.1 make this minor API change, which fixes the last of the old
156cryptlib 2.x functions. Since most people use the higher-level API functions,
157this change shouldn't affect the majority of users.
158
159In addition to the cryptlib 2.x legacy functions, two standard data-returning
160functions cryptExportCert and the rarely-used cryptGetCertExtension now also
161take a length parameter to specify the maximum buffer size. This brings them
162into line with the (updated) legacy functions, and allows cryptlib to perform
163better checking of user-supplied parameters, particularly in the case of
164languages like Visual Basic and Java where the mapping of language-native data
165types to the blocks of memory used by a C-language library can be tricky.
166
167Changes in 3.1 release
168======================
169
170The final release contains mostly minor tweaks based on user feedback from the
1713.1 final betas, with no noticeable external changes. Internally, the HTTP
172engine has been significantly improved, TLS 1.1 is now supported (although at
173release time there were no other known implementations of this to test
174against), the BeOS port has been re-done to handle the current state of the OS
175using GNU development tools instead of the original Be ones (thanks to Simon
176Taylor for providing access to his system to do the work on), and the
177perpetual tweaking of the networking subsystem to handle OS-specific quirks
178has continued.
179
180Changes in 3.1 beta 5
181=====================
182
183This release contains an extensive rewrite of the network-layer code to handle
184various quirks and system-specific peculiarities in sockets implementations.
185For this reason it's strongly recommended that if you're using secure sessions
186or networking, you move to this version as quickly as possible. In addition
187the code is now IPv6-enabled as part of the rewrite. In connection with this,
188it's now possible to specify connect and network timeouts at the per-session
189level rather than only as a cryptlib-wide option. To do this, set the timeout
190value giving a specific session as the target object rather than CRYPT_UNUSED
191for all of cryptlib:
192
193 cryptSetAttribute( cryptSession, CRYPT_OPTION_NET_TIMEOUT, timeout );
194
195All of the session objects now provide extensive text diagnostics of errors
196via the CRYPT_ATTRIBUTE_INT_ERRORMESSAGE attribute. This means that if a
197session encounters a problem in communicating with another system, the
198extended error message will usually provide additional information that goes
199beyond the standard error code.
200
201Support for SSHv2 subsystems such as SFTP has been added via the
202CRYPT_SESSINFO_SSH_SUBSYSTEM attribute, and support for SSL/TLS with shared
203keys (e.g. passwords) has been added. This allows secure SSL with mutual
204authentication of both client and server, without the need for either
205expensive server certificates or the complexity of client certificates. In
206addition the shared-key mechanism is significantly faster than operations
207involving certificates and private keys, and places far less load on both
208client and server.
209
210The CRYPT_OPTION_CERT_OBLIVIOUS option introduced in beta 4 has been changed
211from a simple boolean value to a multivalued option
212CRYPT_OPTION_CERT_COMPLIANCELEVEL, which indicates the level of checking
213applied to certificates. This ranges from CRYPT_COMPLIANCELEVEL_OBLIVIOUS
214(almost no checking except for the signature) through to
215CRYPT_COMPLIANCELEVEL_PKIX_FULL (full compliance with PKIX certificate
216standards). The default is CRYPT_COMPLIANCELEVEL_STANDARD, which provides a
217reduced level of checking for compliance with other certificate software.
218
219The CRYPT_ERROR_BUSY status has been renamed to CRYPT_ERROR_TIMEOUT to make it
220more consistent with conditions like network timeouts, which is where it most
221commonly occurs.
222
223Some of the database keyset types have been renamed to make the names more
224consistent. The three types are now CRYPT_KEYSET_ODBC for databases accessed
225through an ODBC interface, CRYPT_KEYSET_DATABASE for databases with the
226backend-specific interface code compiled into cryptlib, and
227CRYPT_KEYSET_PLUGIN for databases accessed via the cryptlib database plugin
228interface. The CRYPT_KEYSET_DATABASE type can be selected in the usual manner
229at compile time with the USE_xxx compile options, see the manual for more
230details on databases and compile options.
231
232Changes in 3.1 beta 4
233=====================
234
235The changes in this release are mostly to fix a variety of minor problems that
236cropped up in beta 3 related to portability across different systems. One
237notable change is the inclusion of the CRYPT_OPTION_CERT_OBLIVIOUS
238configuration option. This option is present in order to allow cryptlib to
239handle the large number of broken certificates in use. Enabling this option
240(setting it to TRUE) will cause cryptlib to ignore all certificate extensions
241except key usage and the CA flag, making it compatible with other PKI
242software. A future version of cryptlib will replace this option with a
243multivalue selection allowing a choice of checking ranging from very little
244(in order to be compatible with existing software and to process existing
245certificates) through to full PKIX compliance (which will, however, reject a
246large number of certificates in use today).
247
248Changes in 3.1 beta 3
249=====================
250
251The way in which GeneralNames and DNs in GeneralNames are selected has
252changed. Until now GeneralNames were selected with:
253
254 cryptSetAttribute( cryptCert, attributeID, CRYPT_UNUSED );
255
256which selected the GeneralName with the given attributeID and also updated the
257attribute cursor. Selecting the DN within the GeneralName required a second
258selection to specify the DN. This special-case behaviour was inconsistent
259with the way other attributes were handled, and caused some confusion for
260users, as well as obscuring the fact that the attribute cursor was being
261updated as it would be for an explicit attribute selection. Beta 3 changes
262the selection mechanism so that it matches that used for all other attributes:
263
264 cryptSetAttribute( cryptCert, CRYPT_CERTINFO_CURRENT_EXTENSION,
265 attributeID );
266
267(or whatever alternative attribute cursor mechanism is preferred). In
268addition, it's no longer necessary to perform a two-stage select for DNs in
269GeneralNames, since these are now implicitly selected by selecting the
270GeneralName that contains them. This means that handling of GeneralName
271attributes is now consistent with all other attribute types.
272
273Because GeneralNames are now automatically selected, you need to be careful
274when working with a DN such as the certificate subject name after selecting a
275GeneralName, since a GeneralName contains its own DN which will be the one
276that's accessed after selecting the GeneralName. For example if you set an
277email address (which is part of the GeneralName), this will select the
278GeneralName, and any subsequent DN accesses will refer to the DN inside the
279GeneralName rather than the subject name DN. It's good practice to move back
280to the subject name with:
281
282 cryptSetAttribute( cryptCert, CRYPT_CERTINFO_SUBJECTNAME,
283 CRYPT_UNUSED );
284
285after working with a GeneralName to make sure that you're referring to the
286correct DN.
287
288Microsoft broke the Jet (MS Access) database engine at around SP4 (opinions on
289the exact time vary). This version, or newer versions, may be installed
290automatically when applying service packs or installing other software
291(different broken versions of Jet are installed in Win2K SP2 and SP3, for
292example, and it's built into Windows XP). The symptoms are that when running
293the self-test you'll get an error message "Cannot open any more tables" even
294though no tables are open, or more seriously a deadlock inside the VC++
295runtime file access routines. The details of this problem are discussed in
296Microsoft Knowledge Base Article 304536, Microsoft Knowledge Base Article
297282010, and Microsoft Knowledge Base Article 239114.
298
299The Microsoft-recommended fix is to upgrade to Jet SP6. This typically
300requires downloading and installing the SP6 upgrade from the Microsoft
301Download Centre, simply installing recent MDAC components won't work since
302there were no Jet components included after MDAC 2.5 SP2, and installing
303Office XP or Access 2002 may not work either since the setup programs only
304update system files in certain situations and to a certain level. On the
305other hand Jet SP6 may not install unless it detects an appropriate service
306pack level on the system.
307
308Non-Microsoft advice is to downgrade to a version of Jet at SP3 or earlier by
309replacing msjetoledb40.dll and msjet40.dll with files from JET OLE DB SP3,
310since even the latest version (SP6) still appears to exhibit these problems.
311A better solution is to avoid the use of Jet entirely, and in particular you
312should *never* use Jet in a production environment since it's far too buggy
313and unstable to trust live data to (it was probably named Jet because it both
314sucks and blows).
315
316Changes in 3.1 beta 2
317=====================
318
319The last two type names that didn't follow the pattern xxx_TYPE, CRYPT_ALGO
320and CRYPT_MODE, have now been brought into line with the other names, so you
321need to change the type names to CRYPT_ALGO_TYPE and CRYPT_MODE_TYPE if you're
322using them in your code.
323
324SSHv2 server support is now present.
325
326PKCS #11 devices can now be auto-detected by specifying the device name as
327"[Autodetect]" if the device name isn't known.
328
329Pre-connected network sockets can be supplied to sessions as the
330CRYPT_SESSINFO_NETWORKSOCKET attribute, rather than having cryptlib
331connect/disconnect the socket itself.
332
333The PKCS #15 format has had various features added to it over time (see the
334note for 3.0 beta 1), cryptlib has supported these in a read-only manner,
335meaning that it creates keysets that are as backwards-compatible as possible
336with old versions of the code that used earlier versions of PKCS #15. In
337order to make some features like certificate update in a keyset possible, it's
338necessary to write keyset fields from newer versions of PKCS #15. All betas
339after this one will write these newer fields in order to enable advanced
340features of PKCS #15. Anyone still using very old betas should upgrade to a
341current version in order to take advantage of the advanced features supported
342by newer-format PKCS #15 keysets.
343
344Changes in 3.1 beta 1
345=====================
346
347Beta 1 includes support for PGP and OpenPGP, which is handled in standard
348envelope fashion with a data format of CRYPT_FORMAT_PGP. Note that there are
349a number of incompatible and semi-compatible variants of PGP in existence,
350with the major types being PGP 2.x, PGP 5.x, NAI PGP, GPG, and the ckt PGP
351builds, and many interesting lesser variations such as the disastry builds
352that take PGP 2.x and update it to support OpenPGP ciphers without actually
353being OpenPGP. An overview of different PGP versions can be found at
354http://rmarq.pair.com/pgp/, and detailed information on incompatibilities can
355be found at http://home.arcor.de/kraven/pgp/pgpindex.html. cryptlib has been
356tested against most normal versions of PGP, but there will certainly be
357versions out there that produce data that cryptlib can't read (one example
358being a version that uses random key IDs in encrypted data in order to obscure
359who the data is encrypted for, which also makes it impossible to decrypt with
360any normal PGP version). If you run into something produced by one of these
361oddball versions, please send me a copy so that I can determine whether it's
362worth adding custom code to support it.
363
364The PGP data format imposes a number of restrictions on the standard
365enveloping process, which include:
366
367 - Use of nested signed data is discouraged unless you add an intermediate
368 layer of encryption, since PGP doesn't directly handle nested signatures.
369 - When signing data, the nested content type can only be the default (data)
370 for the reason given above.
371 - It's not possible to mix password and public-key key exchange actions in
372 the same message. Similarly, it's not possible to have more than one
373 password key exchange action in one message.
374 - Handling of separate hashing for detached signatures is somewhat peculiar
375 and requires special care.
376
377Changes in 3.0 release
378======================
379
380cryptlib 3.1 will introduce a new function cryptFlushData() to replace the
381current practice of calling cryptPushData() will all-null parameters, a change
382required for languages like Delphi and VB that don't handle C null pointers
383too well. This function is already present in 3.0 for forwards-compatibility
384purposes, it's recommended that you update your code to call cryptFlushData()
385in place of cryptPushData() with null parameters (although the existing
386cryptPushData() mechanism will still work).
387
388The Unix randomness-gathering code will now check for and use EGD/PRNGD if
389they're available.
390
391The requirement that cryptlib be built via a network share under Windows has
392been removed.
393
394HTTP keyset access (CRYPT_KEYSET_HTTP) formerly required that the keyset be
395opened without a name being given, with the full URL being specified as the
396key ID to retrieve keys. This was both somewhat inconsistent with the other
397keyset types, and didn't work well with persistent connections, for example
398where multiple certificates were being read from a single server. This has
399been changed so that the server URL is given when the keyset is opened as it
400is for other keyset types, and a key ID is given when reading individual keys.
401When reading keys with a fixed URL (with no per-key ID), the special ID
402"[none]" can be used to indicate that the server URL points directly at the
403certificate. In the simplest case the previous usage:
404
405 cryptKeysetOpen( &cryptKeyset, CRYPT_UNUSED, CRYPT_KEYSET_HTTP, NULL,
406 CRYPT_KEYOPT_READONLY );
407 cryptGetPublicKey( cryptKeyset, &cryptCert, CRYPT_KEYID_NAME,
408 "http://www.server.com/cert.der" );
409
410now becomes:
411
412 cryptKeysetOpen( &cryptKeyset, CRYPT_UNUSED, CRYPT_KEYSET_HTTP,
413 "http://www.server.com/cert.der", CRYPT_KEYOPT_READONLY );
414 cryptGetPublicKey( cryptKeyset, &cryptCert, CRYPT_KEYID_NAME,
415 "[none]" );
416
417Reading multiple certificates, for example via a CGI interface on the server,
418is done with:
419
420 cryptKeysetOpen( &cryptKeyset, CRYPT_UNUSED, CRYPT_KEYSET_HTTP,
421 "http://www.server.com/certstore.cgi",
422 CRYPT_KEYOPT_READONLY );
423 cryptGetPublicKey( cryptKeyset, &cryptCert, CRYPT_KEYID_NAME,
424 "user1" );
425 cryptGetPublicKey( cryptKeyset, &cryptCert, CRYPT_KEYID_NAME,
426 "user2" );
427 cryptGetPublicKey( cryptKeyset, &cryptCert, CRYPT_KEYID_NAME,
428 "user3" );
429
430Changes in 3.0 final beta
431=========================
432
433The cryptlib 3.0 final release divides the network timeout parameter into two
434parts, a CRYPT_OPTION_NET_CONNECTTIMEOUT which is applied during the
435connection setup process and a CRYPT_OPTION_NET_TIMEOUT which is applied
436during reads and writes (although in practice writes are almost always
437instantaneous). This means that it's now possible to avoid nonblocking I/O if
438required.
439
440Use of SSL/TLS client certificates is now enabled.
441
442The final version of the S/MIME PasswordRecipientInfo (PWRI) RFC contained a
443change in the way the key wrap algorithm is identified. The cryptlib final
444release produces a PWRI that follows the final RFC, but will also read the
445older format produced by earlier versions of cryptlib. If it's necessary to
446generate PWRI data in the old format, you can change the "#if 1" in
447keymgmt/asn1objs.c to "#if 0" to produce the older format.
448
449Support for extended CMP user configurability via PKIUser objects has been
450added, this allows user details to be pre-configured at the CA rather than
451requiring the user to know them.
452
453Changes in 3.0 beta 6
454=====================
455
456Beta 6 reduces the plethora of key generation functions by allowing the
457keysize to be specified in the more standard way of setting the corresponding
458attribute rather than having extraneous ...Ex() versions of the function that
459parallel the standard form. If you were previously using the standard or
460asynchronous ...Ex() functions:
461
462 cryptGenerateKeyEx( cryptContext, keySize );
463
464you can change to the newer form with a simple cut and paste:
465
466 cryptSetAttribute( cryptContext, CRYPT_CTXINFO_KEYSIZE, keySize );
467 cryptGenerateKey( cryptContext );
468
469The table format for certificate stores has changed slightly to accomodate the
470requirements of CMP servers (specifically the fact that they can cause things
471to fail at inopportune moments), in order to handle this you need to recreate
472the cert store (drop the previous table and create a new one with
473CRYPT_KEYOPT_CREATE), if you need to move information across then create a new
474table and insert into <newTable> select * from <oldTable> to copy the existing
475certificates across. The newly-created table will support the storing of
476extra information needed to handle restarts during CMP operations.
477
478Support for the proposed AES algorithm is now included. Since this hasn't
479been finalised by NIST yet, it is strongly recommended that you not use it
480until the AES FIPS has been published. cryptlib will implement the form
481presented in the final FIPS, which may be incompatible with the current
482version.
483
484SSL and TLS support (both client and server) is now enabled, thanks to
485endergone Zwiebeltuete for his help in getting this going.
486
487Changes in 3.0 beta 5
488=====================
489
490Beta 5 removes the configuration options CRYPT_OPTION_FIXSTRINGS and
491CRYPT_OPTION_CHECKENCODING since they shouldn't be needed any more as the
492ASN.1 code has been modified to handle all but the most broken certificates
493out there.
494
495Under Unix the library is now called libcl rather than libcrypt to reduce
496problems with naming conflicts on some systems.
497
498Support for the creation of one-step certificates that automatically work for
499any purpose has been added and is enabled by setting the certificate's
500CRYPT_CERTINFO_XYZZY attribute, more details are given in the manual.
501
502OCSP, TSP, and SSH server support is now enabled (this complements the OCSP,
503TSP, and SSH client support added in beta 3 and beta 4).
504
505Changes in 3.0 beta 4
506=====================
507
508Beta 4 removes the need to use the TCP4U library for the network interface and
509should now have networking enabled automatically on Unix and Windows systems.
510With the enhanced networking support comes support for SSH secure sessions and
511CMP (Certificate Mismanagement Protocol).
512
513The creation of arbitrary-format DN's containing any sort of component in any
514order or combination is now supported via the CRYPT_CERTINFO_DN attribute.
515
516Changes in 3.0 beta 3
517=====================
518
519Beta 3 required one unfortunate change to the object creation functions which
520involves the addition of a parameter that specifies the user who is to own the
521object. For cryptlib 3.0 this means that as the second parameter for the
522object creation functions (cryptCreateContext, cryptKeysetOpen,
523cryptCreateEnvelope, etc etc) you should specify CRYPT_UNUSED for forwards
524compatibility with cryptlib 3.1 and later releases. The user parameter has
525existed since the first 3.0 releases but until now has been hidden beneath the
526cryptlib API, unfortunately it's necessary to un-hide this parameter, which is
527required by certain 3.1 features such as the CA management functionality.
528
529The use of multiple certificates with the same DN/email address but different
530key usage types is now supported (previous versions treated the appearance of
531multiple certs issued to the same person as a duplicate cert problem, either
532interpretation is valid but popular opinion seems to be that the beta 3
533behaviour is better). In order to support this in public key keysets you need
534to recreate them (drop the previous table and create a new one with
535CRYPT_KEYOPT_CREATE), if you need to move certificates across then create a
536new table and insert into <newTable> select * from <oldTable> to copy the
537existing certificates across. The newly-created table will support the
538storing of multiple identical certificates.
539
540In order to take advantage of this capability with encrypted enveloping, you
541need to add the recipient's public key with the CRYPT_ENVINFO_RECIPIENT option
542that will allow cryptlib to automatically select the most appropriate
543certificate. The selection of an appropriate signature checking certificate
544is handled automatically.
545
546Handling of detached signatures with externally-supplied hash values is now
547supported, see the manual for details. This allows signature checking for
548arbitrary data without it having to be hashed via the envelope.
549
550Certificate revocation checking via OCSP is now supported if you can manage to
551find an OCSP responder anywhere. Timestamping of signatures is also
552supported, although you'll have even less chance of locating a TSA than an
553OCSP responder.
554
555Support for mSQL has been dropped since MySQL is now GPL'd and provides far
556more functionality than mSQL (even cryptlib 2.x was pushing the limits of
557mSQL, with cryptlib 3.x it's not really sufficient any more).
558
559Changes in 3.0 beta 2
560=====================
561
562Beta 2 has three minor API changes over beta 1 that are intended to clarify
563areas that have caused problems for users in the past.
564
565The first change is that the third, usually unnecessary, parameter for
566cryptCreateContext() has been eliminated:
567
568 cryptCreateContext( &cryptContext, cryptAlgo );
569
570Only the conventional-encryption algorithms required the encryption mode
571parameter, the default is CBC but if another value is required you can specify
572it using the CRYPT_CTXINFO_MODE attribute:
573
574 cryptSetAttribute( cryptContext, CRYPT_CTXINFO_MODE, cryptMode );
575
576This attribute isn't required for anything except conventional encryption
577algorithms, and even then it's only required for the use of encryption modes
578other than the default mode of CBC. This change simplifies the creation of
579contexts, since there's no longer any need to juggle CRYPT_USE_DEFAULT,
580CRYPT_MODE_PKC, CRYPT_MODE_NONE, or any of the other special cases that were
581used for algorithms that don't have different encryption modes.
582
583The second change (which probably won't affect most users since it's rather
584obscure) is that previously when loading raw public keys with the
585CRYPT_PKCINFO_RSA or CRYPT_PKCINFO_DLP structure the attribute used was
586CRYPT_CTXINFO_KEY and the length was given as CRYPT_UNUSED. This required a
587number of special-case checks in the code and made error-checking of user-
588supplied data impossible because it wasn't possible to determine how much data
589was being passed in.
590
591In beta 2 this attribute now follows the pattern for every other attribute in
592that it's necessary to give the structure size (i.e. sizeof(
593CRYPT_PKCINFO_xxx)) as the length parameter rather than CRYPT_UNUSED. In
594addition the attribute for key components is now CRYPT_CTXINFO_KEY_COMPONENTS
595to make explicit the fact that what's being loaded is a composite structure
596containing multiple components and not just a single byte string as with
597CRYPT_CTXINFO_KEY.
598
599Similarly, the length parameter when using cryptEncrypt()/cryptDecrypt() for
600public-key encryption is now the key/data length in bytes rather than
601CRYPT_UNUSED, following the standard pattern of requiring an actual length
602rather than using magic values.
603
604The third change is that the functionality of cryptCreateEnvelopeEx() has been
605folded into cryptCreateEnvelope(), which now takes a second parameter
606specifying the type of envelope to create
607
608 cryptCreateEnvelope( &cryptEnvelope, formatType );
609
610The envelope buffer size can optionally be specified with the
611CRYPT_ATTRIBUTE_BUFFERSIZE attribute once the envelope has been created:
612
613 cryptSetAttribute( cryptEnvelope, CRYPT_ATTRIBUTE_BUFFERSIZE, size );
614
615although this should only be necessary in special cases when enveloping
616larger-than-usual data quantities. This change both simplifies the interface
617and makes it easier for cryptlib to efficiently handle resources, since it can
618allocate a small envelope buffer when enveloping begins rather than having to
619create a one-size-fits-all one on envelope creation.
620
621In addition to these changes, beta 2 includes the ability to read the label
622for the private key which is required for de-enveloping data, so you can use
623the key name in prompts when asking the user for a password. You can do this
624with:
625
626 char label[ CRYPT_MAX_TEXTSIZE + 1 ];
627 int labelLength;
628
629 cryptGetAttributeString( cryptEnvelope, CRYPT_ENVINFO_PRIVATEKEY_LABEL,
630 label, &labelLength );
631 label[ labelLength ] = '\0';
632
633See the manual for more information on this.
634
635Changes in 3.0 beta 1
636=====================
637
638cryptlib 3.0 features a large number of improvements over 2.1, the most
639visible one being that there is now a unified object model that applies to all
640cryptlib objects, so that the old object-type-specific functions like
641cryptGetCertComponentString() and cryptSetEnvelopeComponentNumeric() have been
642replaced by cryptSetAttribute(), which works across all object types. This
643means that cryptlib 3.0 has a much simpler interface than 2.1 did (even with
644all the features added in 3.0, the manual is 25 pages shorter than the 2.1
645manual).
646
647Backwards compatibility with 2.1 is maintained through the use of the 2.1
648include file capi.h, which contains macros that map the 3.0 functions and
649attributes back to 2.1 versions. Three of the more obscure functions don't
650translate cleanly, these are documented at the start of capi.h. If you've got
651existing 2.1 code then it should work with 3.0 with a recompile.
652
653This is a beta release of the code, some sections are still subject to change
654because the standards they are based on haven't been finalised yet. The most
655obvious one is the PKCS #15 keyset format, when the cryptlib code was frozen
656the PKCS #15 file format existed only in an informal manner so that some of
657the data formatting used by cryptlib is speculative and will probably change
658when the standard stabilises. What this means in practice is that you
659shouldn't store any long-term keys in file keysets since the format will have
660to change in the future to track changes in the standard.
661
662To a lesser extent, the compressed-data and password-protected-data formats
663are based on S/MIME drafts that may also be changed at some point.
664
665Finally, the AS/400, MVS, and VM/CMS versions have somewhat specialised
666requirements (some of this is covered in the manual), please contact me before
667trying to do anything with these versions.
Note: See TracBrowser for help on using the repository browser.