[thirdparty/openssl.git] / CHANGES


 OpenSSL CHANGES
 _______________

 Changes between 0.9.7 and 0.9.8  [xx XXX 2002]

  *) Add version info to Win32 DLLs.
     [Peter 'Luna' Runestig" <peter@runestig.com>]

  *) Add new 'medium level' PKCS#12 API. Certificates and keys
     can be added using this API to created arbitrary PKCS#12
     files while avoiding the low level API.

     New options to PKCS12_create(), key or cert can be NULL and
     will then be omitted from the output file. The encryption
     algorithm NIDs can be set to -1 for no encryption, the mac
     iteration count can be set to 0 to omit the mac.

     Enhance pkcs12 utility by making the -nokeys and -nocerts
     options work when creating a PKCS#12 file. New option -nomac
     to omit the mac, NONE can be set for an encryption algorithm.
     New code is modified to use the enhanced PKCS12_create()
     instead of the low level API.
     [Steve Henson]

  *) Extend ASN1 encoder to support indefinite length constructed
     encoding. This can output sequences tags and octet strings in
     this form. Modify pk7_asn1.c to support indefinite length
     encoding. This is experimental and needs additional code to
     be useful, such as an ASN1 bio and some enhanced streaming
     PKCS#7 code.

     Extend template encode functionality so that tagging is passed
     down to the template encoder.
     [Steve Henson]

  *) Let 'openssl req' fail if an argument to '-newkey' is not
     recognized instead of using RSA as a default.
     [Bodo Moeller]

  *) Add support for ECC-based ciphersuites from draft-ietf-tls-ecc-01.txt.
     As these are not official, they are not included in "ALL";
     the "ECCdraft" ciphersuite group alias can be used to select them.
     [Vipul Gupta and Sumit Gupta (Sun Microsystems Laboratories)]

  *) Add ECDH engine support.
     [Nils Gura and Douglas Stebila (Sun Microsystems Laboratories)]

  *) Add ECDH in new directory crypto/ecdh/.
TODO: more general interface (return  x  coordinate, not its hash)
TODO: bug: pad  x  with leading zeros if necessary
     [Douglas Stebila (Sun Microsystems Laboratories)]

  *) Let BN_rand_range() abort with an error after 100 iterations
     without success (which indicates a broken PRNG).
     [Bodo Moeller]

  *) Change BN_mod_sqrt() so that it verifies that the input value
     is really the square of the return value.  (Previously,
     BN_mod_sqrt would show GIGO behaviour.)
     [Bodo Moeller]

  *) Add named elliptic curves over binary fields from X9.62, SECG,
     and WAP/WTLS; add OIDs that were still missing.

     [Sheueling Chang Shantz and Douglas Stebila
     (Sun Microsystems Laboratories)]

  *) Extend the EC library for elliptic curves over binary fields
     (new files ec2_smpl.c, ec2_smpt.c, ec2_mult.c in crypto/ec/).
     New EC_METHOD:

          EC_GF2m_simple_method

     New API functions:

          EC_GROUP_new_curve_GF2m
          EC_GROUP_set_curve_GF2m
          EC_GROUP_get_curve_GF2m
          EC_POINT_set_affine_coordinates_GF2m
          EC_POINT_get_affine_coordinates_GF2m
          EC_POINT_set_compressed_coordinates_GF2m

     Point compression for binary fields is disabled by default for
     patent reasons (compile with OPENSSL_EC_BIN_PT_COMP defined to
     enable it).

     As binary polynomials are represented as BIGNUMs, various members
     of the EC_GROUP and EC_POINT data structures can be shared
     between the implementations for prime fields and binary fields;
     the above ..._GF2m functions (except for EX_GROUP_new_curve_GF2m)
     are essentially identical to their ..._GFp counterparts.
     (For simplicity, the '..._GFp' prefix has been dropped from
     various internal method names.)

     An internal 'field_div' method (similar to 'field_mul' and
     'field_sqr') has been added; this is used only for binary fields.

     [Sheueling Chang Shantz and Douglas Stebila
     (Sun Microsystems Laboratories)]

  *) Optionally dispatch EC_POINT_mul(), EC_POINT_precompute_mult()
     through methods ('mul', 'precompute_mult').

     The generic implementations (now internally called 'ec_wNAF_mul'
     and 'ec_wNAF_precomputed_mult') remain the default if these
     methods are undefined.

     [Sheueling Chang Shantz and Douglas Stebila
     (Sun Microsystems Laboratories)]

  *) New function EC_GROUP_get_degree, which is defined through
     EC_METHOD.  For curves over prime fields, this returns the bit
     length of the modulus.

     [Sheueling Chang Shantz and Douglas Stebila
     (Sun Microsystems Laboratories)]

  *) New functions EC_GROUP_dup, EC_POINT_dup.
     (These simply call ..._new  and ..._copy).

     [Sheueling Chang Shantz and Douglas Stebila
     (Sun Microsystems Laboratories)]

  *) Add binary polynomial arithmetic software in crypto/bn/bn_gf2m.c.
     Polynomials are represented as BIGNUMs (where the sign bit is not
     used) in the following functions [macros]:  

          BN_GF2m_add
          BN_GF2m_sub             [= BN_GF2m_add]
          BN_GF2m_mod             [wrapper for BN_GF2m_mod_arr]
          BN_GF2m_mod_mul         [wrapper for BN_GF2m_mod_mul_arr]
          BN_GF2m_mod_sqr         [wrapper for BN_GF2m_mod_sqr_arr]
          BN_GF2m_mod_inv
          BN_GF2m_mod_exp         [wrapper for BN_GF2m_mod_exp_arr]
          BN_GF2m_mod_sqrt        [wrapper for BN_GF2m_mod_sqrt_arr]
          BN_GF2m_mod_solve_quad  [wrapper for BN_GF2m_mod_solve_quad_arr]
          BN_GF2m_cmp             [= BN_ucmp]

     (Note that only the 'mod' functions are actually for fields GF(2^m).
     BN_GF2m_add() is misnomer, but this is for the sake of consistency.)

     For some functions, an the irreducible polynomial defining a
     field can be given as an 'unsigned int[]' with strictly
     decreasing elements giving the indices of those bits that are set;
     i.e., p[] represents the polynomial
          f(t) = t^p[0] + t^p[1] + ... + t^p[k]
     where
          p[0] > p[1] > ... > p[k] = 0.
     This applies to the following functions:

          BN_GF2m_mod_arr
          BN_GF2m_mod_mul_arr
          BN_GF2m_mod_sqr_arr
          BN_GF2m_mod_inv_arr        [wrapper for BN_GF2m_mod_inv]
          BN_GF2m_mod_div_arr        [wrapper for BN_GF2m_mod_div]
          BN_GF2m_mod_exp_arr
          BN_GF2m_mod_sqrt_arr
          BN_GF2m_mod_solve_quad_arr
          BN_GF2m_poly2arr
          BN_GF2m_arr2poly

     Conversion can be performed by the following functions:

          BN_GF2m_poly2arr
          BN_GF2m_arr2poly

     bntest.c has additional tests for binary polynomial arithmetic.

     Two implementations for BN_GF2m_mod_div() are available.
     The default algorithm simply uses BN_GF2m_mod_inv() and
     BN_GF2m_mod_mul().  The alternative algorithm is compiled in only
     if OPENSSL_SUN_GF2M_DIV is defined (patent pending; read the
     copyright notice in crypto/bn/bn_gf2m.c before enabling it).

     [Sheueling Chang Shantz and Douglas Stebila
     (Sun Microsystems Laboratories)]

  *) Add new error code 'ERR_R_DISABLED' that can be used when some
     functionality is disabled at compile-time.
     [Douglas Stebila <douglas.stebila@sun.com>]

  *) Change default behaviour of 'openssl asn1parse' so that more
     information is visible when viewing, e.g., a certificate:

     Modify asn1_parse2 (crypto/asn1/asn1_par.c) so that in non-'dump'
     mode the content of non-printable OCTET STRINGs is output in a
     style similar to INTEGERs, but with '[HEX DUMP]' prepended to
     avoid the appearance of a printable string.
     [Nils Larsch <nla@trustcenter.de>]

  *) Add 'asn1_flag' and 'asn1_form' member to EC_GROUP with access
     functions
          EC_GROUP_set_asn1_flag()
          EC_GROUP_get_asn1_flag()
          EC_GROUP_set_point_conversion_form()
          EC_GROUP_get_point_conversion_form()
     These control ASN1 encoding details:
     - Curves (i.e., groups) are encoded explicitly unless asn1_flag
       has been set to OPENSSL_EC_NAMED_CURVE.
     - Points are encoded in uncompressed form by default; options for
       asn1_for are as for point2oct, namely
          POINT_CONVERSION_COMPRESSED
          POINT_CONVERSION_UNCOMPRESSED
          POINT_CONVERSION_HYBRID

     Also add 'seed' and 'seed_len' members to EC_GROUP with access
     functions
          EC_GROUP_set_seed()
          EC_GROUP_get0_seed()
          EC_GROUP_get_seed_len()
     This is used only for ASN1 purposes (so far).
     [Nils Larsch <nla@trustcenter.de>]

  *) Add 'field_type' member to EC_METHOD, which holds the NID
     of the appropriate field type OID.  The new function
     EC_METHOD_get_field_type() returns this value.
     [Nils Larsch <nla@trustcenter.de>]

  *) Add functions 
          EC_POINT_point2bn()
          EC_POINT_bn2point()
          EC_POINT_point2hex()
          EC_POINT_hex2point()
     providing useful interfaces to EC_POINT_point2oct() and
     EC_POINT_oct2point().
     [Nils Larsch <nla@trustcenter.de>]

  *) Change internals of the EC library so that the functions
          EC_GROUP_set_generator()
          EC_GROUP_get_generator()
          EC_GROUP_get_order()
          EC_GROUP_get_cofactor()
     are implemented directly in crypto/ec/ec_lib.c and not dispatched
     to methods, which would lead to unnecessary code duplication when
     adding different types of curves.
     [Nils Larsch <nla@trustcenter.de> with input by Bodo Moeller]

  *) Implement compute_wNAF (crypto/ec/ec_mult.c) without BIGNUM
     arithmetic, and such that modified wNAFs are generated
     (which avoid length expansion in many cases).
     [Bodo Moeller]

  *) Add a function EC_GROUP_check_discriminant() (defined via
     EC_METHOD) that verifies that the curve discriminant is non-zero.

     Add a function EC_GROUP_check() that makes some sanity tests
     on a EC_GROUP, its generator and order.  This includes
     EC_GROUP_check_discriminant().
     [Nils Larsch <nla@trustcenter.de>]

  *) Add ECDSA in new directory crypto/ecdsa/.

     Add applications 'openssl ecparam' and 'openssl ecdsa'
     (these are based on 'openssl dsaparam' and 'openssl dsa').

     ECDSA support is also included in various other files across the
     library.  Most notably,
     - 'openssl req' now has a '-newkey ecdsa:file' option;
     - EVP_PKCS82PKEY (crypto/evp/evp_pkey.c) now can handle ECDSA;
     - X509_PUBKEY_get (crypto/asn1/x_pubkey.c) and
       d2i_PublicKey (crypto/asn1/d2i_pu.c) have been modified to make
       them suitable for ECDSA where domain parameters must be
       extracted before the specific public key;
     - ECDSA engine support has been added.
     [Nils Larsch <nla@trustcenter.de>]

  *) Include some named elliptic curves, and add OIDs from X9.62,
     SECG, and WAP/WTLS.  Each curve can be obtained from the new
     function
          EC_GROUP_new_by_nid(),
     and the list of available named curves can be obtained with
          EC_get_builtin_curves().
     Also add a 'curve_name' member to EC_GROUP objects, which can be
     accessed via
         EC_GROUP_set_nid()
         EC_GROUP_get_nid()
     [Nils Larsch <nla@trustcenter.de, Bodo Moeller]
 
 Changes between 0.9.6g and 0.9.7  [XX xxx 2002]

  *) Change the SSL kerb5 codes to match RFC 2712.
     [Richard Levitte]

  *) Make -nameopt work fully for req and add -reqopt switch.
     [Michael Bell <michael.bell@rz.hu-berlin.de>, Steve Henson]

  *) The "block size" for block ciphers in CFB and OFB mode should be 1.
     [Steve Henson, reported by Yngve Nysaeter Pettersen <yngve@opera.com>]

  *) The "block size" for block ciphers in CFB and OFB mode should be 1.
     [Steve Henson]

  *) Make sure tests can be performed even if the corresponding algorithms
     have been removed entirely.  This was also the last step to make
     OpenSSL compilable with DJGPP under all reasonable conditions.
     [Richard Levitte, Doug Kaufman <dkaufman@rahul.net>]

  *) Add cipher selection rules COMPLEMENTOFALL and COMPLEMENTOFDEFAULT
     to allow version independent disabling of normally unselected ciphers,
     which may be activated as a side-effect of selecting a single cipher.

     (E.g., cipher list string "RSA" enables ciphersuites that are left
     out of "ALL" because they do not provide symmetric encryption.
     "RSA:!COMPLEMEMENTOFALL" avoids these unsafe ciphersuites.)
     [Lutz Jaenicke, Bodo Moeller]

  *) Add appropriate support for separate platform-dependent build
     directories.  The recommended way to make a platform-dependent
     build directory is the following (tested on Linux), maybe with
     some local tweaks:

	# Place yourself outside of the OpenSSL source tree.  In
	# this example, the environment variable OPENSSL_SOURCE
	# is assumed to contain the absolute OpenSSL source directory.
	mkdir -p objtree/`uname -s`-`uname -r`-`uname -m`
	cd objtree/`uname -s`-`uname -r`-`uname -m`
	(cd $OPENSSL_SOURCE; find . -type f -o -type l) | while read F; do
		mkdir -p `dirname $F`
		ln -s $OPENSSL_SOURCE/$F $F
	done

     To be absolutely sure not to disturb the source tree, a "make clean"
     is a good thing.  If it isn't successfull, don't worry about it,
     it probably means the source directory is very clean.
     [Richard Levitte]

  *) Make sure any ENGINE control commands make local copies of string
     pointers passed to them whenever necessary. Otherwise it is possible
     the caller may have overwritten (or deallocated) the original string
     data when a later ENGINE operation tries to use the stored values.
Commit	Line	Data
81a6c781	1
f1c236f8	2	OpenSSL CHANGES
651d0aff RE	3	_______________
651d0aff RE	4
4d94ae00 BM	5	Changes between 0.9.7 and 0.9.8 [xx XXX 2002]
4d94ae00 BM	6
fc6a6a10 DSH	7	*) Add version info to Win32 DLLs.
	8	[Peter 'Luna' Runestig" <peter@runestig.com>]
	9
9a48b07e DSH	10	*) Add new 'medium level' PKCS#12 API. Certificates and keys
	11	can be added using this API to created arbitrary PKCS#12
	12	files while avoiding the low level API.
	13
	14	New options to PKCS12_create(), key or cert can be NULL and
	15	will then be omitted from the output file. The encryption
	16	algorithm NIDs can be set to -1 for no encryption, the mac
	17	iteration count can be set to 0 to omit the mac.
	18
	19	Enhance pkcs12 utility by making the -nokeys and -nocerts
	20	options work when creating a PKCS#12 file. New option -nomac
	21	to omit the mac, NONE can be set for an encryption algorithm.
	22	New code is modified to use the enhanced PKCS12_create()
	23	instead of the low level API.
	24	[Steve Henson]
	25
230fd6b7 DSH	26	*) Extend ASN1 encoder to support indefinite length constructed
	27	encoding. This can output sequences tags and octet strings in
	28	this form. Modify pk7_asn1.c to support indefinite length
	29	encoding. This is experimental and needs additional code to
	30	be useful, such as an ASN1 bio and some enhanced streaming
	31	PKCS#7 code.
	32
	33	Extend template encode functionality so that tagging is passed
	34	down to the template encoder.
	35	[Steve Henson]
	36
9226e218 BM	37	*) Let 'openssl req' fail if an argument to '-newkey' is not
	38	recognized instead of using RSA as a default.
	39	[Bodo Moeller]
	40
ea262260 BM	41	*) Add support for ECC-based ciphersuites from draft-ietf-tls-ecc-01.txt.
	42	As these are not official, they are not included in "ALL";
	43	the "ECCdraft" ciphersuite group alias can be used to select them.
	44	[Vipul Gupta and Sumit Gupta (Sun Microsystems Laboratories)]
	45
e172d60d BM	46	*) Add ECDH engine support.
	47	[Nils Gura and Douglas Stebila (Sun Microsystems Laboratories)]
	48
	49	*) Add ECDH in new directory crypto/ecdh/.
49a0f778 BM	50	TODO: more general interface (return x coordinate, not its hash)
49a0f778 BM	51	TODO: bug: pad x with leading zeros if necessary
e172d60d BM	52	[Douglas Stebila (Sun Microsystems Laboratories)]
e172d60d BM	53
95ecacf8 BM	54	*) Let BN_rand_range() abort with an error after 100 iterations
	55	without success (which indicates a broken PRNG).
	56	[Bodo Moeller]
	57
6fb60a84 BM	58	*) Change BN_mod_sqrt() so that it verifies that the input value
	59	is really the square of the return value. (Previously,
	60	BN_mod_sqrt would show GIGO behaviour.)
	61	[Bodo Moeller]
	62
7793f30e BM	63	*) Add named elliptic curves over binary fields from X9.62, SECG,
	64	and WAP/WTLS; add OIDs that were still missing.
	65
	66	[Sheueling Chang Shantz and Douglas Stebila
	67	(Sun Microsystems Laboratories)]
	68
	69	*) Extend the EC library for elliptic curves over binary fields
	70	(new files ec2_smpl.c, ec2_smpt.c, ec2_mult.c in crypto/ec/).
	71	New EC_METHOD:
	72
	73	EC_GF2m_simple_method
	74
	75	New API functions:
	76
	77	EC_GROUP_new_curve_GF2m
	78	EC_GROUP_set_curve_GF2m
	79	EC_GROUP_get_curve_GF2m
7793f30e BM	80	EC_POINT_set_affine_coordinates_GF2m
	81	EC_POINT_get_affine_coordinates_GF2m
	82	EC_POINT_set_compressed_coordinates_GF2m
	83
	84	Point compression for binary fields is disabled by default for
	85	patent reasons (compile with OPENSSL_EC_BIN_PT_COMP defined to
	86	enable it).
	87
	88	As binary polynomials are represented as BIGNUMs, various members
	89	of the EC_GROUP and EC_POINT data structures can be shared
	90	between the implementations for prime fields and binary fields;
	91	the above ..._GF2m functions (except for EX_GROUP_new_curve_GF2m)
	92	are essentially identical to their ..._GFp counterparts.
9e4f9b36 BM	93	(For simplicity, the '..._GFp' prefix has been dropped from
9e4f9b36 BM	94	various internal method names.)
7793f30e BM	95
	96	An internal 'field_div' method (similar to 'field_mul' and
	97	'field_sqr') has been added; this is used only for binary fields.
	98
	99	[Sheueling Chang Shantz and Douglas Stebila
	100	(Sun Microsystems Laboratories)]
	101
9e4f9b36	102	*) Optionally dispatch EC_POINT_mul(), EC_POINT_precompute_mult()
7793f30e BM	103	through methods ('mul', 'precompute_mult').
	104
	105	The generic implementations (now internally called 'ec_wNAF_mul'
	106	and 'ec_wNAF_precomputed_mult') remain the default if these
	107	methods are undefined.
	108
	109	[Sheueling Chang Shantz and Douglas Stebila
	110	(Sun Microsystems Laboratories)]
	111
	112	*) New function EC_GROUP_get_degree, which is defined through
	113	EC_METHOD. For curves over prime fields, this returns the bit
	114	length of the modulus.
	115
	116	[Sheueling Chang Shantz and Douglas Stebila
	117	(Sun Microsystems Laboratories)]
	118
	119	*) New functions EC_GROUP_dup, EC_POINT_dup.
	120	(These simply call ..._new and ..._copy).
	121
	122	[Sheueling Chang Shantz and Douglas Stebila
	123	(Sun Microsystems Laboratories)]
	124
1dc920c8 BM	125	*) Add binary polynomial arithmetic software in crypto/bn/bn_gf2m.c.
	126	Polynomials are represented as BIGNUMs (where the sign bit is not
	127	used) in the following functions [macros]:
	128
	129	BN_GF2m_add
	130	BN_GF2m_sub [= BN_GF2m_add]
	131	BN_GF2m_mod [wrapper for BN_GF2m_mod_arr]
	132	BN_GF2m_mod_mul [wrapper for BN_GF2m_mod_mul_arr]
	133	BN_GF2m_mod_sqr [wrapper for BN_GF2m_mod_sqr_arr]
	134	BN_GF2m_mod_inv
	135	BN_GF2m_mod_exp [wrapper for BN_GF2m_mod_exp_arr]
	136	BN_GF2m_mod_sqrt [wrapper for BN_GF2m_mod_sqrt_arr]
	137	BN_GF2m_mod_solve_quad [wrapper for BN_GF2m_mod_solve_quad_arr]
	138	BN_GF2m_cmp [= BN_ucmp]
	139
	140	(Note that only the 'mod' functions are actually for fields GF(2^m).
	141	BN_GF2m_add() is misnomer, but this is for the sake of consistency.)
	142
	143	For some functions, an the irreducible polynomial defining a
	144	field can be given as an 'unsigned int[]' with strictly
	145	decreasing elements giving the indices of those bits that are set;
	146	i.e., p[] represents the polynomial
	147	f(t) = t^p[0] + t^p[1] + ... + t^p[k]
	148	where
	149	p[0] > p[1] > ... > p[k] = 0.
	150	This applies to the following functions:
	151
	152	BN_GF2m_mod_arr
	153	BN_GF2m_mod_mul_arr
	154	BN_GF2m_mod_sqr_arr
	155	BN_GF2m_mod_inv_arr [wrapper for BN_GF2m_mod_inv]
	156	BN_GF2m_mod_div_arr [wrapper for BN_GF2m_mod_div]
	157	BN_GF2m_mod_exp_arr
	158	BN_GF2m_mod_sqrt_arr
	159	BN_GF2m_mod_solve_quad_arr
	160	BN_GF2m_poly2arr
	161	BN_GF2m_arr2poly
	162
	163	Conversion can be performed by the following functions:
	164
	165	BN_GF2m_poly2arr
	166	BN_GF2m_arr2poly
	167
	168	bntest.c has additional tests for binary polynomial arithmetic.
	169
909abce8 BM	170	Two implementations for BN_GF2m_mod_div() are available.
	171	The default algorithm simply uses BN_GF2m_mod_inv() and
	172	BN_GF2m_mod_mul(). The alternative algorithm is compiled in only
	173	if OPENSSL_SUN_GF2M_DIV is defined (patent pending; read the
	174	copyright notice in crypto/bn/bn_gf2m.c before enabling it).
1dc920c8 BM	175
	176	[Sheueling Chang Shantz and Douglas Stebila
	177	(Sun Microsystems Laboratories)]
	178
16dc1cfb BM	179	*) Add new error code 'ERR_R_DISABLED' that can be used when some
	180	functionality is disabled at compile-time.
	181	[Douglas Stebila <douglas.stebila@sun.com>]
	182
ea4f109c BM	183	*) Change default behaviour of 'openssl asn1parse' so that more
	184	information is visible when viewing, e.g., a certificate:
	185
	186	Modify asn1_parse2 (crypto/asn1/asn1_par.c) so that in non-'dump'
	187	mode the content of non-printable OCTET STRINGs is output in a
	188	style similar to INTEGERs, but with '[HEX DUMP]' prepended to
	189	avoid the appearance of a printable string.
	190	[Nils Larsch <nla@trustcenter.de>]
	191
254ef80d BM	192	*) Add 'asn1_flag' and 'asn1_form' member to EC_GROUP with access
	193	functions
	194	EC_GROUP_set_asn1_flag()
	195	EC_GROUP_get_asn1_flag()
	196	EC_GROUP_set_point_conversion_form()
	197	EC_GROUP_get_point_conversion_form()
	198	These control ASN1 encoding details:
b8e0e123 BM	199	- Curves (i.e., groups) are encoded explicitly unless asn1_flag
b8e0e123 BM	200	has been set to OPENSSL_EC_NAMED_CURVE.
5f3d6f70	201	- Points are encoded in uncompressed form by default; options for
254ef80d BM	202	asn1_for are as for point2oct, namely
	203	POINT_CONVERSION_COMPRESSED
	204	POINT_CONVERSION_UNCOMPRESSED
	205	POINT_CONVERSION_HYBRID
5f3d6f70 BM	206
	207	Also add 'seed' and 'seed_len' members to EC_GROUP with access
	208	functions
	209	EC_GROUP_set_seed()
	210	EC_GROUP_get0_seed()
	211	EC_GROUP_get_seed_len()
	212	This is used only for ASN1 purposes (so far).
458c2917 BM	213	[Nils Larsch <nla@trustcenter.de>]
	214
	215	*) Add 'field_type' member to EC_METHOD, which holds the NID
	216	of the appropriate field type OID. The new function
	217	EC_METHOD_get_field_type() returns this value.
	218	[Nils Larsch <nla@trustcenter.de>]
	219
6cbe6382 BM	220	*) Add functions
	221	EC_POINT_point2bn()
	222	EC_POINT_bn2point()
	223	EC_POINT_point2hex()
	224	EC_POINT_hex2point()
	225	providing useful interfaces to EC_POINT_point2oct() and
	226	EC_POINT_oct2point().
	227	[Nils Larsch <nla@trustcenter.de>]
	228
b6db386f BM	229	*) Change internals of the EC library so that the functions
	230	EC_GROUP_set_generator()
	231	EC_GROUP_get_generator()
	232	EC_GROUP_get_order()
	233	EC_GROUP_get_cofactor()
	234	are implemented directly in crypto/ec/ec_lib.c and not dispatched
	235	to methods, which would lead to unnecessary code duplication when
	236	adding different types of curves.
6cbe6382	237	[Nils Larsch <nla@trustcenter.de> with input by Bodo Moeller]
b6db386f	238
47234cd3 BM	239	*) Implement compute_wNAF (crypto/ec/ec_mult.c) without BIGNUM
	240	arithmetic, and such that modified wNAFs are generated
	241	(which avoid length expansion in many cases).
	242	[Bodo Moeller]
	243
82652aaf BM	244	*) Add a function EC_GROUP_check_discriminant() (defined via
	245	EC_METHOD) that verifies that the curve discriminant is non-zero.
	246
	247	Add a function EC_GROUP_check() that makes some sanity tests
	248	on a EC_GROUP, its generator and order. This includes
	249	EC_GROUP_check_discriminant().
	250	[Nils Larsch <nla@trustcenter.de>]
	251
4d94ae00 BM	252	*) Add ECDSA in new directory crypto/ecdsa/.
4d94ae00 BM	253
5dbd3efc BM	254	Add applications 'openssl ecparam' and 'openssl ecdsa'
5dbd3efc BM	255	(these are based on 'openssl dsaparam' and 'openssl dsa').
4d94ae00 BM	256
	257	ECDSA support is also included in various other files across the
	258	library. Most notably,
	259	- 'openssl req' now has a '-newkey ecdsa:file' option;
	260	- EVP_PKCS82PKEY (crypto/evp/evp_pkey.c) now can handle ECDSA;
	261	- X509_PUBKEY_get (crypto/asn1/x_pubkey.c) and
	262	d2i_PublicKey (crypto/asn1/d2i_pu.c) have been modified to make
	263	them suitable for ECDSA where domain parameters must be
e172d60d BM	264	extracted before the specific public key;
e172d60d BM	265	- ECDSA engine support has been added.
f8e21776	266	[Nils Larsch <nla@trustcenter.de>]
4d94ae00	267
af28dd6c	268	*) Include some named elliptic curves, and add OIDs from X9.62,
ed5e37c3	269	SECG, and WAP/WTLS. Each curve can be obtained from the new
7eb18f12	270	function
ed5e37c3 BM	271	EC_GROUP_new_by_nid(),
	272	and the list of available named curves can be obtained with
	273	EC_get_builtin_curves().
254ef80d BM	274	Also add a 'curve_name' member to EC_GROUP objects, which can be
254ef80d BM	275	accessed via
4d94ae00 BM	276	EC_GROUP_set_nid()
	277	EC_GROUP_get_nid()
	278	[Nils Larsch <nla@trustcenter.de, Bodo Moeller]
	279
fbe792f0	280	Changes between 0.9.6g and 0.9.7 [XX xxx 2002]
dc014d43	281
7ba3a4c3 RL	282	*) Change the SSL kerb5 codes to match RFC 2712.
	283	[Richard Levitte]
	284
ba111217 BM	285	*) Make -nameopt work fully for req and add -reqopt switch.
	286	[Michael Bell <michael.bell@rz.hu-berlin.de>, Steve Henson]
	287
3f6db7f5 DSH	288	*) The "block size" for block ciphers in CFB and OFB mode should be 1.
	289	[Steve Henson, reported by Yngve Nysaeter Pettersen <yngve@opera.com>]
	290
	291	*) The "block size" for block ciphers in CFB and OFB mode should be 1.
	292	[Steve Henson]
	293
f013c7f2 RL	294	*) Make sure tests can be performed even if the corresponding algorithms
	295	have been removed entirely. This was also the last step to make
	296	OpenSSL compilable with DJGPP under all reasonable conditions.
	297	[Richard Levitte, Doug Kaufman <dkaufman@rahul.net>]
	298
648765ba	299	*) Add cipher selection rules COMPLEMENTOFALL and COMPLEMENTOFDEFAULT
c6ccf055 LJ	300	to allow version independent disabling of normally unselected ciphers,
c6ccf055 LJ	301	which may be activated as a side-effect of selecting a single cipher.
648765ba BM	302
	303	(E.g., cipher list string "RSA" enables ciphersuites that are left
	304	out of "ALL" because they do not provide symmetric encryption.
	305	"RSA:!COMPLEMEMENTOFALL" avoids these unsafe ciphersuites.)
c6ccf055 LJ	306	[Lutz Jaenicke, Bodo Moeller]
c6ccf055 LJ	307
041843e4 RL	308	*) Add appropriate support for separate platform-dependent build
	309	directories. The recommended way to make a platform-dependent
	310	build directory is the following (tested on Linux), maybe with
	311	some local tweaks:
	312
	313	# Place yourself outside of the OpenSSL source tree. In
	314	# this example, the environment variable OPENSSL_SOURCE
	315	# is assumed to contain the absolute OpenSSL source directory.
	316	mkdir -p objtree/`uname -s`-`uname -r`-`uname -m`
	317	cd objtree/`uname -s`-`uname -r`-`uname -m`
	318	(cd $OPENSSL_SOURCE; find . -type f -o -type l) \| while read F; do
	319	mkdir -p `dirname $F`
	320	ln -s $OPENSSL_SOURCE/$F $F
	321	done
	322
	323	To be absolutely sure not to disturb the source tree, a "make clean"
	324	is a good thing. If it isn't successfull, don't worry about it,
	325	it probably means the source directory is very clean.
	326	[Richard Levitte]
	327
a6c6874a GT	328	*) Make sure any ENGINE control commands make local copies of string
	329	pointers passed to them whenever necessary. Otherwise it is possible
	330	the caller may have overwritten (or deallocated) the original string
	331	data when a later ENGINE operation tries to use the stored values.
	332