Miva Empresa/Mia/Script Compiler v5.27 Release Notes ---------------------------------------------------- Bugs Fixed ---------- 23175: x509_load and x509_create leak an X509 pointer 23231: Segmentation fault on pkcs7_get_certs after failed pkcs7_load_mem 23260: evp_pkey_derive does not set error when passed an invalid key [index] 23267: pkcs7_get_signer_info does not set error when passed an invalid key [index] 23268: pkcs7_get_certs does not set error when passed an invalid key [index] 23273: x509_get_extensions does not return 0/false on given an invalid certificate [index] 23274: x509_get_issuer_name does not return 0/false on given an invalid certificate [index] 23275: x509_get_pubkey does not set error when passed an invalid key [index] 23277: x509_get_subject_name does not return 0/false on given an invalid certificate [index] 23280: x509_load_mem with a previously loaded certificate index and a bad certificate destroys existing certificate, segfaults 23281: evp_pkey_load_mem with existing certificate, invalid pkey will leave index into invalid pkey array contents. 23282: x509_create is deprecated, but should still work correctly. 23331: rsa internal storage inconsistent with x509, pkcs7, etc. 23428: FunctionParameter name lengths for some parameters incorrect. 23435: Formatting bug for file: builtins/crypto.cpp 23579: ISAPI (IIS 6 and earlier) no longer supported due to PCI concerns 23614: test/t_builtin_crypto: tests on functions using OpenSSL 1.0.X should skip if 0.9.x or 1.1.x 23618: Unsupported OpenSSL routines need graceful [or more graceful] handling 23648: pkcs7_verify returns "not enough data" on Cent48, cent39 23652: Incorrect formatting of "routine is unsupported" error 23661: crypto functions inserting values into an array need to "free" variable being used, crypto_allocate_X needs to null structure pointer consistently. 23664: Memory leak with non-closing mvt:callcontinue 23666: Memory leak in LinkPoint commerce library 23671: MvSMTP attempts to write to a conection after a TLS handshake failure, resulting in SIGPIPE New Builtin Functions --------------------- - x509_load_mem( cert, x509 var ) Loads and parses the text of an x509 certificate, and gives a certificate reference that refers to the certificate in internal storage. Parameters: - cert - Text of the certificate - x509 - Certificate reference. On success, this will be neither zero nor null Return Value: - 1 on success - 0 on failure - x509_get_subject_name( certref var, subjectname var ) Return X509 name information for the certificate referred to by the certificate reference. Parameters: - certref - Certificate reference returned from functions such as x509_load_mem - subjectname - Structure with members named for the entry names (e.g., "commonName", "countryName", etc.) Return Value: - 1 on success - 0 on failure - x509_get_issuer_name( certref var, issuername var ) Return X509 issuer information for the certificate referred to by the certificate reference. Parameters: - certref - Certificate reference returned from functions such as x509_load_mem - issuername - Structure with members named for the entry names (e.g., "commonName", "countryName", etc.) Return Value: - 1 on success - 0 on failure - x509_get_extensions( certref var, extensions var ) Return X509 extension information for the certificate referred to by the certificate reference. Parameters: - certref - Certificate reference returned from functions such as x509_load_mem - extensions - Structure with members named for the entry names (e.g., "data", "oid", etc.) Return Value: - 1 on success - 0 on failure - x509_digest( x509 var, digestname, digest var ) Return the digest of the given certificate referred to by the certificate reference, using the specified hash algorithm. Parameters: - x509 - Certificate reference returned from functions such as x509_load_mem - digestname - Hash algorithm name, such as "md5" or "sha256". Supported digest algorithms will vary between OpenSSL installations - digest - Hash value of the certificate Return Value: - 1 on success - 0 on failure - x509_pubkey_digest( x509 var, digestname, digest var ) Return the digest of the public key portion of the given certificate referred to by the certificate reference, using the specified hash algorithm. Parameters: - x509 - Certificate reference returned from functions such as x509_load_mem - digestname - Hash algorithm name, such as "md5" or "sha256". Supported digest algorithms will vary between OpenSSL installations - digest - Hash value of the public key of the certificate Return Value: - 1 on success - 0 on failure - crypto_evp_encrypt_auth( ciphername, key, iv, aad, plaintext, encrypted var, tag var ) Encrypt the data in "plaintext" using the ciphername, key, and initial vector, returning the encrypted data in "encrypted" and a tag value in "tag" to be used to ensure that the ciphertext and AAD are not tampered with in transit. Parameters: - ciphername - Name of cipher to use. An example is "aes-256-gcm" - key - Key value - iv - Initial vector - aad - Additional authenticated data - plaintext - Plaintext to encrypt - encrypted - Resulting encrypted value - tag - tag value Return Value: - 1 on success - 0 on failure - pkcs7_load_mem( cert, format, pkcs7 var ) Load a list of PKCS7 structures in the specified format into memory, and return a structure reference that refers to the structure(s) in internal storage. Parameters: - cert - Text of a list of pkcs7 structures - format - Format of the structure(s) passed in. Valid values are "der", "pem", or "pkcs12", with "der" used if the format is missing or any other values are passed - pkcs7 - Structure array reference. On success, this will be neither zero nor null Return Value: - 1 on success - 0 on failure - pkcs7_get_certs( pkcs7 var, x509s var ) Given a structure reference such as returned from pkcs7_load_mem, return certificate references for the x509 certificates that are embedded therein. Parameters: - pkcs7 - Structure reference - x509s - Array of x509 certificate references Return Value: - Count of x509 certificate references returned - -1 on failure - pkcs7_get_signer_info( pkcs7 var, output var ) Given a structure reference such as returned from pkcs7_load_mem, return an array of structures containing signer info. Parameters: - pkcs7 - Structure reference - output - Array of structures containing signing information. Each structure will contain members named "version", "issuer", "issuerSerial", "messageDigest" and "signingTime" Return Value: - Count of array elements returned - -1 on failure - pkcs7_verify( pkcs7 var, root_x509 var, content ) Given a pkcs7 structure reference and root x509 certificate reference, verify the pkcs7 structure and the signed content (if provided). Parameters: - pkcs7 - PKCS7 structure reference - root_x509 - Root x509 certificate reference - content - Optional content if not present in the PKCS structure Return Value: - 1 on success - 0 on failure - pkcs7_free( pkcs7 var ) Remove a pkcs7 structure from internal memory. The passed pkcs7 structure reference is unchanged on failure (invalid reference) or set to 0 on success. Parameters: - pkcs7 - PKCS7 structure reference Return Value: - 1 on success - 0 on failure - evp_pkey_load_mem( data, format, passphrase, pkey var ) Given a EVP PKEY structure in the given format and a passphrase, verifies the PKEY structure and stores it in internal storage, and returns a reference to the internal storage. Parameters: - data - EVP PKEY structure text - format - Format of the PKEY structure text. Only "pkcs12" is supported - passphrase - Passphrase for the PKEY structure - pkey - Structure reference Return Value: - 1 on success - 0 on failure - evp_pkey_load_pubkey_mem( data, format, pkey var ) Given EVP PKEY information in the given format, parse and load the public key from it and return a reference to the internal storage. Parameters: - data - EVP PKEY text - format - Format of the EVP PKEY text. Valid values are "pem" and "der" - pkey - Structure reference to internal storage Return Value: - 1 on success - 0 on failure - evp_pkey_derive( privkey var, peer var, key var ) Given structure references to a EVP PKEY structure with a secret key and a peer public key, derive a shared secret key and return the text in "key". Parameters: - privkey - EVP PKEY structure reference - peer - EVP PKEY structure reference - key - Returned text of shared secret key Return Value: - 1 on success - 0 on failure