[thirdparty/openssl.git] / CHANGES


 OpenSSL CHANGES
 _______________

 Changes between 0.9.7 and 0.9.8  [xx XXX 2002]

  *) Let 'openssl req' fail if an argument to '-newkey' is not
     recognized instead of using RSA as a default.
     [Bodo Moeller]

  *) Add support for ECC-based ciphersuites from draft-ietf-tls-ecc-01.txt.
     As these are not official, they are not included in "ALL";
     the "ECCdraft" ciphersuite group alias can be used to select them.
     [Vipul Gupta and Sumit Gupta (Sun Microsystems Laboratories)]

  *) Add ECDH engine support.
     [Nils Gura and Douglas Stebila (Sun Microsystems Laboratories)]

  *) Add ECDH in new directory crypto/ecdh/.
TODO: more general interface (return  x  coordinate, not its hash)
TODO: bug: pad  x  with leading zeros if necessary
     [Douglas Stebila (Sun Microsystems Laboratories)]

  *) Let BN_rand_range() abort with an error after 100 iterations
     without success (which indicates a broken PRNG).
     [Bodo Moeller]

  *) Change BN_mod_sqrt() so that it verifies that the input value
     is really the square of the return value.  (Previously,
     BN_mod_sqrt would show GIGO behaviour.)
     [Bodo Moeller]

  *) Add named elliptic curves over binary fields from X9.62, SECG,
     and WAP/WTLS; add OIDs that were still missing.

     [Sheueling Chang Shantz and Douglas Stebila
     (Sun Microsystems Laboratories)]

  *) Extend the EC library for elliptic curves over binary fields
     (new files ec2_smpl.c, ec2_smpt.c, ec2_mult.c in crypto/ec/).
     New EC_METHOD:

          EC_GF2m_simple_method

     New API functions:

          EC_GROUP_new_curve_GF2m
          EC_GROUP_set_curve_GF2m
          EC_GROUP_get_curve_GF2m
          EC_POINT_set_affine_coordinates_GF2m
          EC_POINT_get_affine_coordinates_GF2m
          EC_POINT_set_compressed_coordinates_GF2m

     Point compression for binary fields is disabled by default for
     patent reasons (compile with OPENSSL_EC_BIN_PT_COMP defined to
     enable it).

     As binary polynomials are represented as BIGNUMs, various members
     of the EC_GROUP and EC_POINT data structures can be shared
     between the implementations for prime fields and binary fields;
     the above ..._GF2m functions (except for EX_GROUP_new_curve_GF2m)
     are essentially identical to their ..._GFp counterparts.
     (For simplicity, the '..._GFp' prefix has been dropped from
     various internal method names.)

     An internal 'field_div' method (similar to 'field_mul' and
     'field_sqr') has been added; this is used only for binary fields.

     [Sheueling Chang Shantz and Douglas Stebila
     (Sun Microsystems Laboratories)]

  *) Optionally dispatch EC_POINT_mul(), EC_POINT_precompute_mult()
     through methods ('mul', 'precompute_mult').

     The generic implementations (now internally called 'ec_wNAF_mul'
     and 'ec_wNAF_precomputed_mult') remain the default if these
     methods are undefined.

     [Sheueling Chang Shantz and Douglas Stebila
     (Sun Microsystems Laboratories)]

  *) New function EC_GROUP_get_degree, which is defined through
     EC_METHOD.  For curves over prime fields, this returns the bit
     length of the modulus.

     [Sheueling Chang Shantz and Douglas Stebila
     (Sun Microsystems Laboratories)]

  *) New functions EC_GROUP_dup, EC_POINT_dup.
     (These simply call ..._new  and ..._copy).

     [Sheueling Chang Shantz and Douglas Stebila
     (Sun Microsystems Laboratories)]

  *) Add binary polynomial arithmetic software in crypto/bn/bn_gf2m.c.
     Polynomials are represented as BIGNUMs (where the sign bit is not
     used) in the following functions [macros]:  

          BN_GF2m_add
          BN_GF2m_sub             [= BN_GF2m_add]
          BN_GF2m_mod             [wrapper for BN_GF2m_mod_arr]
          BN_GF2m_mod_mul         [wrapper for BN_GF2m_mod_mul_arr]
          BN_GF2m_mod_sqr         [wrapper for BN_GF2m_mod_sqr_arr]
          BN_GF2m_mod_inv
          BN_GF2m_mod_exp         [wrapper for BN_GF2m_mod_exp_arr]
          BN_GF2m_mod_sqrt        [wrapper for BN_GF2m_mod_sqrt_arr]
          BN_GF2m_mod_solve_quad  [wrapper for BN_GF2m_mod_solve_quad_arr]
          BN_GF2m_cmp             [= BN_ucmp]

     (Note that only the 'mod' functions are actually for fields GF(2^m).
     BN_GF2m_add() is misnomer, but this is for the sake of consistency.)

     For some functions, an the irreducible polynomial defining a
     field can be given as an 'unsigned int[]' with strictly
     decreasing elements giving the indices of those bits that are set;
     i.e., p[] represents the polynomial
          f(t) = t^p[0] + t^p[1] + ... + t^p[k]
     where
          p[0] > p[1] > ... > p[k] = 0.
     This applies to the following functions:

          BN_GF2m_mod_arr
          BN_GF2m_mod_mul_arr
          BN_GF2m_mod_sqr_arr
          BN_GF2m_mod_inv_arr        [wrapper for BN_GF2m_mod_inv]
          BN_GF2m_mod_div_arr        [wrapper for BN_GF2m_mod_div]
          BN_GF2m_mod_exp_arr
          BN_GF2m_mod_sqrt_arr
          BN_GF2m_mod_solve_quad_arr
          BN_GF2m_poly2arr
          BN_GF2m_arr2poly

     Conversion can be performed by the following functions:

          BN_GF2m_poly2arr
          BN_GF2m_arr2poly

     bntest.c has additional tests for binary polynomial arithmetic.

     Two implementations for BN_GF2m_mod_div() are available.
     The default algorithm simply uses BN_GF2m_mod_inv() and
     BN_GF2m_mod_mul().  The alternative algorithm is compiled in only
     if OPENSSL_SUN_GF2M_DIV is defined (patent pending; read the
     copyright notice in crypto/bn/bn_gf2m.c before enabling it).

     [Sheueling Chang Shantz and Douglas Stebila
     (Sun Microsystems Laboratories)]

  *) Add new error code 'ERR_R_DISABLED' that can be used when some
     functionality is disabled at compile-time.
     [Douglas Stebila <douglas.stebila@sun.com>]

  *) Change default behaviour of 'openssl asn1parse' so that more
     information is visible when viewing, e.g., a certificate:

     Modify asn1_parse2 (crypto/asn1/asn1_par.c) so that in non-'dump'
     mode the content of non-printable OCTET STRINGs is output in a
     style similar to INTEGERs, but with '[HEX DUMP]' prepended to
     avoid the appearance of a printable string.
     [Nils Larsch <nla@trustcenter.de>]

  *) Add 'asn1_flag' and 'asn1_form' member to EC_GROUP with access
     functions
          EC_GROUP_set_asn1_flag()
          EC_GROUP_get_asn1_flag()
          EC_GROUP_set_point_conversion_form()
          EC_GROUP_get_point_conversion_form()
     These control ASN1 encoding details:
     - Curves (i.e., groups) are encoded explicitly unless asn1_flag
       has been set to OPENSSL_EC_NAMED_CURVE.
     - Points are encoded in uncompressed form by default; options for
       asn1_for are as for point2oct, namely
          POINT_CONVERSION_COMPRESSED
          POINT_CONVERSION_UNCOMPRESSED
          POINT_CONVERSION_HYBRID

     Also add 'seed' and 'seed_len' members to EC_GROUP with access
     functions
          EC_GROUP_set_seed()
          EC_GROUP_get0_seed()
          EC_GROUP_get_seed_len()
     This is used only for ASN1 purposes (so far).
     [Nils Larsch <nla@trustcenter.de>]

  *) Add 'field_type' member to EC_METHOD, which holds the NID
     of the appropriate field type OID.  The new function
     EC_METHOD_get_field_type() returns this value.
     [Nils Larsch <nla@trustcenter.de>]

  *) Add functions 
          EC_POINT_point2bn()
          EC_POINT_bn2point()
          EC_POINT_point2hex()
          EC_POINT_hex2point()
     providing useful interfaces to EC_POINT_point2oct() and
     EC_POINT_oct2point().
     [Nils Larsch <nla@trustcenter.de>]

  *) Change internals of the EC library so that the functions
          EC_GROUP_set_generator()
          EC_GROUP_get_generator()
          EC_GROUP_get_order()
          EC_GROUP_get_cofactor()
     are implemented directly in crypto/ec/ec_lib.c and not dispatched
     to methods, which would lead to unnecessary code duplication when
     adding different types of curves.
     [Nils Larsch <nla@trustcenter.de> with input by Bodo Moeller]

  *) Implement compute_wNAF (crypto/ec/ec_mult.c) without BIGNUM
     arithmetic, and such that modified wNAFs are generated
     (which avoid length expansion in many cases).
     [Bodo Moeller]

  *) Add a function EC_GROUP_check_discriminant() (defined via
     EC_METHOD) that verifies that the curve discriminant is non-zero.

     Add a function EC_GROUP_check() that makes some sanity tests
     on a EC_GROUP, its generator and order.  This includes
     EC_GROUP_check_discriminant().
     [Nils Larsch <nla@trustcenter.de>]

  *) Add ECDSA in new directory crypto/ecdsa/.

     Add applications 'openssl ecparam' and 'openssl ecdsa'
     (these are based on 'openssl dsaparam' and 'openssl dsa').

     ECDSA support is also included in various other files across the
     library.  Most notably,
     - 'openssl req' now has a '-newkey ecdsa:file' option;
     - EVP_PKCS82PKEY (crypto/evp/evp_pkey.c) now can handle ECDSA;
     - X509_PUBKEY_get (crypto/asn1/x_pubkey.c) and
       d2i_PublicKey (crypto/asn1/d2i_pu.c) have been modified to make
       them suitable for ECDSA where domain parameters must be
       extracted before the specific public key;
     - ECDSA engine support has been added.
     [Nils Larsch <nla@trustcenter.de>]

  *) Include some named elliptic curves, and add OIDs from X9.62,
     SECG, and WAP/WTLS.  Each curve can be obtained from the new
     function
          EC_GROUP_new_by_nid(),
     and the list of available named curves can be obtained with
          EC_get_builtin_curves().
     Also add a 'curve_name' member to EC_GROUP objects, which can be
     accessed via
         EC_GROUP_set_nid()
         EC_GROUP_get_nid()
     [Nils Larsch <nla@trustcenter.de, Bodo Moeller]
 
 Changes between 0.9.6g and 0.9.7  [XX xxx 2002]

  *) Make -nameopt work fully for req and add -reqopt switch.
     [Michael Bell <michael.bell@rz.hu-berlin.de>, Steve Henson]

  *) The "block size" for block ciphers in CFB and OFB mode should be 1.
     [Steve Henson, reported by Yngve Nysaeter Pettersen <yngve@opera.com>]

  *) The "block size" for block ciphers in CFB and OFB mode should be 1.
     [Steve Henson]

  *) Make sure tests can be performed even if the corresponding algorithms
     have been removed entirely.  This was also the last step to make
     OpenSSL compilable with DJGPP under all reasonable conditions.
     [Richard Levitte, Doug Kaufman <dkaufman@rahul.net>]

  *) Add cipher selection rules COMPLEMENTOFALL and COMPLEMENTOFDEFAULT
     to allow version independent disabling of normally unselected ciphers,
     which may be activated as a side-effect of selecting a single cipher.

     (E.g., cipher list string "RSA" enables ciphersuites that are left
     out of "ALL" because they do not provide symmetric encryption.
     "RSA:!COMPLEMEMENTOFALL" avoids these unsafe ciphersuites.)
     [Lutz Jaenicke, Bodo Moeller]

  *) Add appropriate support for separate platform-dependent build
     directories.  The recommended way to make a platform-dependent
     build directory is the following (tested on Linux), maybe with
     some local tweaks:

	# Place yourself outside of the OpenSSL source tree.  In
	# this example, the environment variable OPENSSL_SOURCE
	# is assumed to contain the absolute OpenSSL source directory.
	mkdir -p objtree/`uname -s`-`uname -r`-`uname -m`
	cd objtree/`uname -s`-`uname -r`-`uname -m`
	(cd $OPENSSL_SOURCE; find . -type f -o -type l) | while read F; do
		mkdir -p `dirname $F`
		ln -s $OPENSSL_SOURCE/$F $F
	done

     To be absolutely sure not to disturb the source tree, a "make clean"
     is a good thing.  If it isn't successfull, don't worry about it,
     it probably means the source directory is very clean.
     [Richard Levitte]

  *) Make sure any ENGINE control commands make local copies of string
     pointers passed to them whenever necessary. Otherwise it is possible
     the caller may have overwritten (or deallocated) the original string
     data when a later ENGINE operation tries to use the stored values.
Commit	Line	Data
81a6c781	1
f1c236f8	2	OpenSSL CHANGES
651d0aff RE	3	_______________
651d0aff RE	4
4d94ae00 BM	5	Changes between 0.9.7 and 0.9.8 [xx XXX 2002]
4d94ae00 BM	6
9226e218 BM	7	*) Let 'openssl req' fail if an argument to '-newkey' is not
	8	recognized instead of using RSA as a default.
	9	[Bodo Moeller]
	10
ea262260 BM	11	*) Add support for ECC-based ciphersuites from draft-ietf-tls-ecc-01.txt.
	12	As these are not official, they are not included in "ALL";
	13	the "ECCdraft" ciphersuite group alias can be used to select them.
	14	[Vipul Gupta and Sumit Gupta (Sun Microsystems Laboratories)]
	15
e172d60d BM	16	*) Add ECDH engine support.
	17	[Nils Gura and Douglas Stebila (Sun Microsystems Laboratories)]
	18
	19	*) Add ECDH in new directory crypto/ecdh/.
49a0f778 BM	20	TODO: more general interface (return x coordinate, not its hash)
49a0f778 BM	21	TODO: bug: pad x with leading zeros if necessary
e172d60d BM	22	[Douglas Stebila (Sun Microsystems Laboratories)]
e172d60d BM	23
95ecacf8 BM	24	*) Let BN_rand_range() abort with an error after 100 iterations
	25	without success (which indicates a broken PRNG).
	26	[Bodo Moeller]
	27
6fb60a84 BM	28	*) Change BN_mod_sqrt() so that it verifies that the input value
	29	is really the square of the return value. (Previously,
	30	BN_mod_sqrt would show GIGO behaviour.)
	31	[Bodo Moeller]
	32
7793f30e BM	33	*) Add named elliptic curves over binary fields from X9.62, SECG,
	34	and WAP/WTLS; add OIDs that were still missing.
	35
	36	[Sheueling Chang Shantz and Douglas Stebila
	37	(Sun Microsystems Laboratories)]
	38
	39	*) Extend the EC library for elliptic curves over binary fields
	40	(new files ec2_smpl.c, ec2_smpt.c, ec2_mult.c in crypto/ec/).
	41	New EC_METHOD:
	42
	43	EC_GF2m_simple_method
	44
	45	New API functions:
	46
	47	EC_GROUP_new_curve_GF2m
	48	EC_GROUP_set_curve_GF2m
	49	EC_GROUP_get_curve_GF2m
7793f30e BM	50	EC_POINT_set_affine_coordinates_GF2m
	51	EC_POINT_get_affine_coordinates_GF2m
	52	EC_POINT_set_compressed_coordinates_GF2m
	53
	54	Point compression for binary fields is disabled by default for
	55	patent reasons (compile with OPENSSL_EC_BIN_PT_COMP defined to
	56	enable it).
	57
	58	As binary polynomials are represented as BIGNUMs, various members
	59	of the EC_GROUP and EC_POINT data structures can be shared
	60	between the implementations for prime fields and binary fields;
	61	the above ..._GF2m functions (except for EX_GROUP_new_curve_GF2m)
	62	are essentially identical to their ..._GFp counterparts.
9e4f9b36 BM	63	(For simplicity, the '..._GFp' prefix has been dropped from
9e4f9b36 BM	64	various internal method names.)
7793f30e BM	65
	66	An internal 'field_div' method (similar to 'field_mul' and
	67	'field_sqr') has been added; this is used only for binary fields.
	68
	69	[Sheueling Chang Shantz and Douglas Stebila
	70	(Sun Microsystems Laboratories)]
	71
9e4f9b36	72	*) Optionally dispatch EC_POINT_mul(), EC_POINT_precompute_mult()
7793f30e BM	73	through methods ('mul', 'precompute_mult').
	74
	75	The generic implementations (now internally called 'ec_wNAF_mul'
	76	and 'ec_wNAF_precomputed_mult') remain the default if these
	77	methods are undefined.
	78
	79	[Sheueling Chang Shantz and Douglas Stebila
	80	(Sun Microsystems Laboratories)]
	81
	82	*) New function EC_GROUP_get_degree, which is defined through
	83	EC_METHOD. For curves over prime fields, this returns the bit
	84	length of the modulus.
	85
	86	[Sheueling Chang Shantz and Douglas Stebila
	87	(Sun Microsystems Laboratories)]
	88
	89	*) New functions EC_GROUP_dup, EC_POINT_dup.
	90	(These simply call ..._new and ..._copy).
	91
	92	[Sheueling Chang Shantz and Douglas Stebila
	93	(Sun Microsystems Laboratories)]
	94
1dc920c8 BM	95	*) Add binary polynomial arithmetic software in crypto/bn/bn_gf2m.c.
	96	Polynomials are represented as BIGNUMs (where the sign bit is not
	97	used) in the following functions [macros]:
	98
	99	BN_GF2m_add
	100	BN_GF2m_sub [= BN_GF2m_add]
	101	BN_GF2m_mod [wrapper for BN_GF2m_mod_arr]
	102	BN_GF2m_mod_mul [wrapper for BN_GF2m_mod_mul_arr]
	103	BN_GF2m_mod_sqr [wrapper for BN_GF2m_mod_sqr_arr]
	104	BN_GF2m_mod_inv
	105	BN_GF2m_mod_exp [wrapper for BN_GF2m_mod_exp_arr]
	106	BN_GF2m_mod_sqrt [wrapper for BN_GF2m_mod_sqrt_arr]
	107	BN_GF2m_mod_solve_quad [wrapper for BN_GF2m_mod_solve_quad_arr]
	108	BN_GF2m_cmp [= BN_ucmp]
	109
	110	(Note that only the 'mod' functions are actually for fields GF(2^m).
	111	BN_GF2m_add() is misnomer, but this is for the sake of consistency.)
	112
	113	For some functions, an the irreducible polynomial defining a
	114	field can be given as an 'unsigned int[]' with strictly
	115	decreasing elements giving the indices of those bits that are set;
	116	i.e., p[] represents the polynomial
	117	f(t) = t^p[0] + t^p[1] + ... + t^p[k]
	118	where
	119	p[0] > p[1] > ... > p[k] = 0.
	120	This applies to the following functions:
	121
	122	BN_GF2m_mod_arr
	123	BN_GF2m_mod_mul_arr
	124	BN_GF2m_mod_sqr_arr
	125	BN_GF2m_mod_inv_arr [wrapper for BN_GF2m_mod_inv]
	126	BN_GF2m_mod_div_arr [wrapper for BN_GF2m_mod_div]
	127	BN_GF2m_mod_exp_arr
	128	BN_GF2m_mod_sqrt_arr
	129	BN_GF2m_mod_solve_quad_arr
	130	BN_GF2m_poly2arr
	131	BN_GF2m_arr2poly
	132
	133	Conversion can be performed by the following functions:
	134
	135	BN_GF2m_poly2arr
	136	BN_GF2m_arr2poly
	137
	138	bntest.c has additional tests for binary polynomial arithmetic.
	139
909abce8 BM	140	Two implementations for BN_GF2m_mod_div() are available.
	141	The default algorithm simply uses BN_GF2m_mod_inv() and
	142	BN_GF2m_mod_mul(). The alternative algorithm is compiled in only
	143	if OPENSSL_SUN_GF2M_DIV is defined (patent pending; read the
	144	copyright notice in crypto/bn/bn_gf2m.c before enabling it).
1dc920c8 BM	145
	146	[Sheueling Chang Shantz and Douglas Stebila
	147	(Sun Microsystems Laboratories)]
	148
16dc1cfb BM	149	*) Add new error code 'ERR_R_DISABLED' that can be used when some
	150	functionality is disabled at compile-time.
	151	[Douglas Stebila <douglas.stebila@sun.com>]
	152
ea4f109c BM	153	*) Change default behaviour of 'openssl asn1parse' so that more
	154	information is visible when viewing, e.g., a certificate:
	155
	156	Modify asn1_parse2 (crypto/asn1/asn1_par.c) so that in non-'dump'
	157	mode the content of non-printable OCTET STRINGs is output in a
	158	style similar to INTEGERs, but with '[HEX DUMP]' prepended to
	159	avoid the appearance of a printable string.
	160	[Nils Larsch <nla@trustcenter.de>]
	161
254ef80d BM	162	*) Add 'asn1_flag' and 'asn1_form' member to EC_GROUP with access
	163	functions
	164	EC_GROUP_set_asn1_flag()
	165	EC_GROUP_get_asn1_flag()
	166	EC_GROUP_set_point_conversion_form()
	167	EC_GROUP_get_point_conversion_form()
	168	These control ASN1 encoding details:
b8e0e123 BM	169	- Curves (i.e., groups) are encoded explicitly unless asn1_flag
b8e0e123 BM	170	has been set to OPENSSL_EC_NAMED_CURVE.
5f3d6f70	171	- Points are encoded in uncompressed form by default; options for
254ef80d BM	172	asn1_for are as for point2oct, namely
	173	POINT_CONVERSION_COMPRESSED
	174	POINT_CONVERSION_UNCOMPRESSED
	175	POINT_CONVERSION_HYBRID
5f3d6f70 BM	176
	177	Also add 'seed' and 'seed_len' members to EC_GROUP with access
	178	functions
	179	EC_GROUP_set_seed()
	180	EC_GROUP_get0_seed()
	181	EC_GROUP_get_seed_len()
	182	This is used only for ASN1 purposes (so far).
458c2917 BM	183	[Nils Larsch <nla@trustcenter.de>]
	184
	185	*) Add 'field_type' member to EC_METHOD, which holds the NID
	186	of the appropriate field type OID. The new function
	187	EC_METHOD_get_field_type() returns this value.
	188	[Nils Larsch <nla@trustcenter.de>]
	189
6cbe6382 BM	190	*) Add functions
	191	EC_POINT_point2bn()
	192	EC_POINT_bn2point()
	193	EC_POINT_point2hex()
	194	EC_POINT_hex2point()
	195	providing useful interfaces to EC_POINT_point2oct() and
	196	EC_POINT_oct2point().
	197	[Nils Larsch <nla@trustcenter.de>]
	198
b6db386f BM	199	*) Change internals of the EC library so that the functions
	200	EC_GROUP_set_generator()
	201	EC_GROUP_get_generator()
	202	EC_GROUP_get_order()
	203	EC_GROUP_get_cofactor()
	204	are implemented directly in crypto/ec/ec_lib.c and not dispatched
	205	to methods, which would lead to unnecessary code duplication when
	206	adding different types of curves.
6cbe6382	207	[Nils Larsch <nla@trustcenter.de> with input by Bodo Moeller]
b6db386f	208
47234cd3 BM	209	*) Implement compute_wNAF (crypto/ec/ec_mult.c) without BIGNUM
	210	arithmetic, and such that modified wNAFs are generated
	211	(which avoid length expansion in many cases).
	212	[Bodo Moeller]
	213
82652aaf BM	214	*) Add a function EC_GROUP_check_discriminant() (defined via
	215	EC_METHOD) that verifies that the curve discriminant is non-zero.
	216
	217	Add a function EC_GROUP_check() that makes some sanity tests
	218	on a EC_GROUP, its generator and order. This includes
	219	EC_GROUP_check_discriminant().
	220	[Nils Larsch <nla@trustcenter.de>]
	221
4d94ae00 BM	222	*) Add ECDSA in new directory crypto/ecdsa/.
4d94ae00 BM	223
5dbd3efc BM	224	Add applications 'openssl ecparam' and 'openssl ecdsa'
5dbd3efc BM	225	(these are based on 'openssl dsaparam' and 'openssl dsa').
4d94ae00 BM	226
	227	ECDSA support is also included in various other files across the
	228	library. Most notably,
	229	- 'openssl req' now has a '-newkey ecdsa:file' option;
	230	- EVP_PKCS82PKEY (crypto/evp/evp_pkey.c) now can handle ECDSA;
	231	- X509_PUBKEY_get (crypto/asn1/x_pubkey.c) and
	232	d2i_PublicKey (crypto/asn1/d2i_pu.c) have been modified to make
	233	them suitable for ECDSA where domain parameters must be
e172d60d BM	234	extracted before the specific public key;
e172d60d BM	235	- ECDSA engine support has been added.
f8e21776	236	[Nils Larsch <nla@trustcenter.de>]
4d94ae00	237
af28dd6c	238	*) Include some named elliptic curves, and add OIDs from X9.62,
ed5e37c3	239	SECG, and WAP/WTLS. Each curve can be obtained from the new
7eb18f12	240	function
ed5e37c3 BM	241	EC_GROUP_new_by_nid(),
	242	and the list of available named curves can be obtained with
	243	EC_get_builtin_curves().
254ef80d BM	244	Also add a 'curve_name' member to EC_GROUP objects, which can be
254ef80d BM	245	accessed via
4d94ae00 BM	246	EC_GROUP_set_nid()
	247	EC_GROUP_get_nid()
	248	[Nils Larsch <nla@trustcenter.de, Bodo Moeller]
	249
fbe792f0	250	Changes between 0.9.6g and 0.9.7 [XX xxx 2002]
dc014d43	251
ba111217 BM	252	*) Make -nameopt work fully for req and add -reqopt switch.
	253	[Michael Bell <michael.bell@rz.hu-berlin.de>, Steve Henson]
	254
3f6db7f5 DSH	255	*) The "block size" for block ciphers in CFB and OFB mode should be 1.
	256	[Steve Henson, reported by Yngve Nysaeter Pettersen <yngve@opera.com>]
	257
	258	*) The "block size" for block ciphers in CFB and OFB mode should be 1.
	259	[Steve Henson]
	260
f013c7f2 RL	261	*) Make sure tests can be performed even if the corresponding algorithms
	262	have been removed entirely. This was also the last step to make
	263	OpenSSL compilable with DJGPP under all reasonable conditions.
	264	[Richard Levitte, Doug Kaufman <dkaufman@rahul.net>]
	265
648765ba	266	*) Add cipher selection rules COMPLEMENTOFALL and COMPLEMENTOFDEFAULT
c6ccf055 LJ	267	to allow version independent disabling of normally unselected ciphers,
c6ccf055 LJ	268	which may be activated as a side-effect of selecting a single cipher.
648765ba BM	269
	270	(E.g., cipher list string "RSA" enables ciphersuites that are left
	271	out of "ALL" because they do not provide symmetric encryption.
	272	"RSA:!COMPLEMEMENTOFALL" avoids these unsafe ciphersuites.)
c6ccf055 LJ	273	[Lutz Jaenicke, Bodo Moeller]
c6ccf055 LJ	274
041843e4 RL	275	*) Add appropriate support for separate platform-dependent build
	276	directories. The recommended way to make a platform-dependent
	277	build directory is the following (tested on Linux), maybe with
	278	some local tweaks:
	279
	280	# Place yourself outside of the OpenSSL source tree. In
	281	# this example, the environment variable OPENSSL_SOURCE
	282	# is assumed to contain the absolute OpenSSL source directory.
	283	mkdir -p objtree/`uname -s`-`uname -r`-`uname -m`
	284	cd objtree/`uname -s`-`uname -r`-`uname -m`
	285	(cd $OPENSSL_SOURCE; find . -type f -o -type l) \| while read F; do
	286	mkdir -p `dirname $F`
	287	ln -s $OPENSSL_SOURCE/$F $F
	288	done
	289
	290	To be absolutely sure not to disturb the source tree, a "make clean"
	291	is a good thing. If it isn't successfull, don't worry about it,
	292	it probably means the source directory is very clean.
	293	[Richard Levitte]
	294
a6c6874a GT	295	*) Make sure any ENGINE control commands make local copies of string
	296	pointers passed to them whenever necessary. Otherwise it is possible
	297	the caller may have overwritten (or deallocated) the original string
	298	data when a later ENGINE operation tries to use the stored values.
	299