]>
Commit | Line | Data |
---|---|---|
81a6c781 | 1 | |
f1c236f8 | 2 | OpenSSL CHANGES |
651d0aff RE |
3 | _______________ |
4 | ||
4d94ae00 BM |
5 | Changes between 0.9.7 and 0.9.8 [xx XXX 2002] |
6 | ||
fc6a6a10 DSH |
7 | *) Add version info to Win32 DLLs. |
8 | [Peter 'Luna' Runestig" <peter@runestig.com>] | |
9 | ||
9a48b07e DSH |
10 | *) Add new 'medium level' PKCS#12 API. Certificates and keys |
11 | can be added using this API to created arbitrary PKCS#12 | |
12 | files while avoiding the low level API. | |
13 | ||
14 | New options to PKCS12_create(), key or cert can be NULL and | |
15 | will then be omitted from the output file. The encryption | |
16 | algorithm NIDs can be set to -1 for no encryption, the mac | |
17 | iteration count can be set to 0 to omit the mac. | |
18 | ||
19 | Enhance pkcs12 utility by making the -nokeys and -nocerts | |
20 | options work when creating a PKCS#12 file. New option -nomac | |
21 | to omit the mac, NONE can be set for an encryption algorithm. | |
22 | New code is modified to use the enhanced PKCS12_create() | |
23 | instead of the low level API. | |
24 | [Steve Henson] | |
25 | ||
230fd6b7 DSH |
26 | *) Extend ASN1 encoder to support indefinite length constructed |
27 | encoding. This can output sequences tags and octet strings in | |
28 | this form. Modify pk7_asn1.c to support indefinite length | |
29 | encoding. This is experimental and needs additional code to | |
30 | be useful, such as an ASN1 bio and some enhanced streaming | |
31 | PKCS#7 code. | |
32 | ||
33 | Extend template encode functionality so that tagging is passed | |
34 | down to the template encoder. | |
35 | [Steve Henson] | |
36 | ||
9226e218 BM |
37 | *) Let 'openssl req' fail if an argument to '-newkey' is not |
38 | recognized instead of using RSA as a default. | |
39 | [Bodo Moeller] | |
40 | ||
ea262260 BM |
41 | *) Add support for ECC-based ciphersuites from draft-ietf-tls-ecc-01.txt. |
42 | As these are not official, they are not included in "ALL"; | |
43 | the "ECCdraft" ciphersuite group alias can be used to select them. | |
44 | [Vipul Gupta and Sumit Gupta (Sun Microsystems Laboratories)] | |
45 | ||
e172d60d BM |
46 | *) Add ECDH engine support. |
47 | [Nils Gura and Douglas Stebila (Sun Microsystems Laboratories)] | |
48 | ||
49 | *) Add ECDH in new directory crypto/ecdh/. | |
49a0f778 BM |
50 | TODO: more general interface (return x coordinate, not its hash) |
51 | TODO: bug: pad x with leading zeros if necessary | |
e172d60d BM |
52 | [Douglas Stebila (Sun Microsystems Laboratories)] |
53 | ||
95ecacf8 BM |
54 | *) Let BN_rand_range() abort with an error after 100 iterations |
55 | without success (which indicates a broken PRNG). | |
56 | [Bodo Moeller] | |
57 | ||
6fb60a84 BM |
58 | *) Change BN_mod_sqrt() so that it verifies that the input value |
59 | is really the square of the return value. (Previously, | |
60 | BN_mod_sqrt would show GIGO behaviour.) | |
61 | [Bodo Moeller] | |
62 | ||
7793f30e BM |
63 | *) Add named elliptic curves over binary fields from X9.62, SECG, |
64 | and WAP/WTLS; add OIDs that were still missing. | |
65 | ||
66 | [Sheueling Chang Shantz and Douglas Stebila | |
67 | (Sun Microsystems Laboratories)] | |
68 | ||
69 | *) Extend the EC library for elliptic curves over binary fields | |
70 | (new files ec2_smpl.c, ec2_smpt.c, ec2_mult.c in crypto/ec/). | |
71 | New EC_METHOD: | |
72 | ||
73 | EC_GF2m_simple_method | |
74 | ||
75 | New API functions: | |
76 | ||
77 | EC_GROUP_new_curve_GF2m | |
78 | EC_GROUP_set_curve_GF2m | |
79 | EC_GROUP_get_curve_GF2m | |
7793f30e BM |
80 | EC_POINT_set_affine_coordinates_GF2m |
81 | EC_POINT_get_affine_coordinates_GF2m | |
82 | EC_POINT_set_compressed_coordinates_GF2m | |
83 | ||
84 | Point compression for binary fields is disabled by default for | |
85 | patent reasons (compile with OPENSSL_EC_BIN_PT_COMP defined to | |
86 | enable it). | |
87 | ||
88 | As binary polynomials are represented as BIGNUMs, various members | |
89 | of the EC_GROUP and EC_POINT data structures can be shared | |
90 | between the implementations for prime fields and binary fields; | |
91 | the above ..._GF2m functions (except for EX_GROUP_new_curve_GF2m) | |
92 | are essentially identical to their ..._GFp counterparts. | |
9e4f9b36 BM |
93 | (For simplicity, the '..._GFp' prefix has been dropped from |
94 | various internal method names.) | |
7793f30e BM |
95 | |
96 | An internal 'field_div' method (similar to 'field_mul' and | |
97 | 'field_sqr') has been added; this is used only for binary fields. | |
98 | ||
99 | [Sheueling Chang Shantz and Douglas Stebila | |
100 | (Sun Microsystems Laboratories)] | |
101 | ||
9e4f9b36 | 102 | *) Optionally dispatch EC_POINT_mul(), EC_POINT_precompute_mult() |
7793f30e BM |
103 | through methods ('mul', 'precompute_mult'). |
104 | ||
105 | The generic implementations (now internally called 'ec_wNAF_mul' | |
106 | and 'ec_wNAF_precomputed_mult') remain the default if these | |
107 | methods are undefined. | |
108 | ||
109 | [Sheueling Chang Shantz and Douglas Stebila | |
110 | (Sun Microsystems Laboratories)] | |
111 | ||
112 | *) New function EC_GROUP_get_degree, which is defined through | |
113 | EC_METHOD. For curves over prime fields, this returns the bit | |
114 | length of the modulus. | |
115 | ||
116 | [Sheueling Chang Shantz and Douglas Stebila | |
117 | (Sun Microsystems Laboratories)] | |
118 | ||
119 | *) New functions EC_GROUP_dup, EC_POINT_dup. | |
120 | (These simply call ..._new and ..._copy). | |
121 | ||
122 | [Sheueling Chang Shantz and Douglas Stebila | |
123 | (Sun Microsystems Laboratories)] | |
124 | ||
1dc920c8 BM |
125 | *) Add binary polynomial arithmetic software in crypto/bn/bn_gf2m.c. |
126 | Polynomials are represented as BIGNUMs (where the sign bit is not | |
127 | used) in the following functions [macros]: | |
128 | ||
129 | BN_GF2m_add | |
130 | BN_GF2m_sub [= BN_GF2m_add] | |
131 | BN_GF2m_mod [wrapper for BN_GF2m_mod_arr] | |
132 | BN_GF2m_mod_mul [wrapper for BN_GF2m_mod_mul_arr] | |
133 | BN_GF2m_mod_sqr [wrapper for BN_GF2m_mod_sqr_arr] | |
134 | BN_GF2m_mod_inv | |
135 | BN_GF2m_mod_exp [wrapper for BN_GF2m_mod_exp_arr] | |
136 | BN_GF2m_mod_sqrt [wrapper for BN_GF2m_mod_sqrt_arr] | |
137 | BN_GF2m_mod_solve_quad [wrapper for BN_GF2m_mod_solve_quad_arr] | |
138 | BN_GF2m_cmp [= BN_ucmp] | |
139 | ||
140 | (Note that only the 'mod' functions are actually for fields GF(2^m). | |
141 | BN_GF2m_add() is misnomer, but this is for the sake of consistency.) | |
142 | ||
143 | For some functions, an the irreducible polynomial defining a | |
144 | field can be given as an 'unsigned int[]' with strictly | |
145 | decreasing elements giving the indices of those bits that are set; | |
146 | i.e., p[] represents the polynomial | |
147 | f(t) = t^p[0] + t^p[1] + ... + t^p[k] | |
148 | where | |
149 | p[0] > p[1] > ... > p[k] = 0. | |
150 | This applies to the following functions: | |
151 | ||
152 | BN_GF2m_mod_arr | |
153 | BN_GF2m_mod_mul_arr | |
154 | BN_GF2m_mod_sqr_arr | |
155 | BN_GF2m_mod_inv_arr [wrapper for BN_GF2m_mod_inv] | |
156 | BN_GF2m_mod_div_arr [wrapper for BN_GF2m_mod_div] | |
157 | BN_GF2m_mod_exp_arr | |
158 | BN_GF2m_mod_sqrt_arr | |
159 | BN_GF2m_mod_solve_quad_arr | |
160 | BN_GF2m_poly2arr | |
161 | BN_GF2m_arr2poly | |
162 | ||
163 | Conversion can be performed by the following functions: | |
164 | ||
165 | BN_GF2m_poly2arr | |
166 | BN_GF2m_arr2poly | |
167 | ||
168 | bntest.c has additional tests for binary polynomial arithmetic. | |
169 | ||
909abce8 BM |
170 | Two implementations for BN_GF2m_mod_div() are available. |
171 | The default algorithm simply uses BN_GF2m_mod_inv() and | |
172 | BN_GF2m_mod_mul(). The alternative algorithm is compiled in only | |
173 | if OPENSSL_SUN_GF2M_DIV is defined (patent pending; read the | |
174 | copyright notice in crypto/bn/bn_gf2m.c before enabling it). | |
1dc920c8 BM |
175 | |
176 | [Sheueling Chang Shantz and Douglas Stebila | |
177 | (Sun Microsystems Laboratories)] | |
178 | ||
16dc1cfb BM |
179 | *) Add new error code 'ERR_R_DISABLED' that can be used when some |
180 | functionality is disabled at compile-time. | |
181 | [Douglas Stebila <douglas.stebila@sun.com>] | |
182 | ||
ea4f109c BM |
183 | *) Change default behaviour of 'openssl asn1parse' so that more |
184 | information is visible when viewing, e.g., a certificate: | |
185 | ||
186 | Modify asn1_parse2 (crypto/asn1/asn1_par.c) so that in non-'dump' | |
187 | mode the content of non-printable OCTET STRINGs is output in a | |
188 | style similar to INTEGERs, but with '[HEX DUMP]' prepended to | |
189 | avoid the appearance of a printable string. | |
190 | [Nils Larsch <nla@trustcenter.de>] | |
191 | ||
254ef80d BM |
192 | *) Add 'asn1_flag' and 'asn1_form' member to EC_GROUP with access |
193 | functions | |
194 | EC_GROUP_set_asn1_flag() | |
195 | EC_GROUP_get_asn1_flag() | |
196 | EC_GROUP_set_point_conversion_form() | |
197 | EC_GROUP_get_point_conversion_form() | |
198 | These control ASN1 encoding details: | |
b8e0e123 BM |
199 | - Curves (i.e., groups) are encoded explicitly unless asn1_flag |
200 | has been set to OPENSSL_EC_NAMED_CURVE. | |
5f3d6f70 | 201 | - Points are encoded in uncompressed form by default; options for |
254ef80d BM |
202 | asn1_for are as for point2oct, namely |
203 | POINT_CONVERSION_COMPRESSED | |
204 | POINT_CONVERSION_UNCOMPRESSED | |
205 | POINT_CONVERSION_HYBRID | |
5f3d6f70 BM |
206 | |
207 | Also add 'seed' and 'seed_len' members to EC_GROUP with access | |
208 | functions | |
209 | EC_GROUP_set_seed() | |
210 | EC_GROUP_get0_seed() | |
211 | EC_GROUP_get_seed_len() | |
212 | This is used only for ASN1 purposes (so far). | |
458c2917 BM |
213 | [Nils Larsch <nla@trustcenter.de>] |
214 | ||
215 | *) Add 'field_type' member to EC_METHOD, which holds the NID | |
216 | of the appropriate field type OID. The new function | |
217 | EC_METHOD_get_field_type() returns this value. | |
218 | [Nils Larsch <nla@trustcenter.de>] | |
219 | ||
6cbe6382 BM |
220 | *) Add functions |
221 | EC_POINT_point2bn() | |
222 | EC_POINT_bn2point() | |
223 | EC_POINT_point2hex() | |
224 | EC_POINT_hex2point() | |
225 | providing useful interfaces to EC_POINT_point2oct() and | |
226 | EC_POINT_oct2point(). | |
227 | [Nils Larsch <nla@trustcenter.de>] | |
228 | ||
b6db386f BM |
229 | *) Change internals of the EC library so that the functions |
230 | EC_GROUP_set_generator() | |
231 | EC_GROUP_get_generator() | |
232 | EC_GROUP_get_order() | |
233 | EC_GROUP_get_cofactor() | |
234 | are implemented directly in crypto/ec/ec_lib.c and not dispatched | |
235 | to methods, which would lead to unnecessary code duplication when | |
236 | adding different types of curves. | |
6cbe6382 | 237 | [Nils Larsch <nla@trustcenter.de> with input by Bodo Moeller] |
b6db386f | 238 | |
47234cd3 BM |
239 | *) Implement compute_wNAF (crypto/ec/ec_mult.c) without BIGNUM |
240 | arithmetic, and such that modified wNAFs are generated | |
241 | (which avoid length expansion in many cases). | |
242 | [Bodo Moeller] | |
243 | ||
82652aaf BM |
244 | *) Add a function EC_GROUP_check_discriminant() (defined via |
245 | EC_METHOD) that verifies that the curve discriminant is non-zero. | |
246 | ||
247 | Add a function EC_GROUP_check() that makes some sanity tests | |
248 | on a EC_GROUP, its generator and order. This includes | |
249 | EC_GROUP_check_discriminant(). | |
250 | [Nils Larsch <nla@trustcenter.de>] | |
251 | ||
4d94ae00 BM |
252 | *) Add ECDSA in new directory crypto/ecdsa/. |
253 | ||
5dbd3efc BM |
254 | Add applications 'openssl ecparam' and 'openssl ecdsa' |
255 | (these are based on 'openssl dsaparam' and 'openssl dsa'). | |
4d94ae00 BM |
256 | |
257 | ECDSA support is also included in various other files across the | |
258 | library. Most notably, | |
259 | - 'openssl req' now has a '-newkey ecdsa:file' option; | |
260 | - EVP_PKCS82PKEY (crypto/evp/evp_pkey.c) now can handle ECDSA; | |
261 | - X509_PUBKEY_get (crypto/asn1/x_pubkey.c) and | |
262 | d2i_PublicKey (crypto/asn1/d2i_pu.c) have been modified to make | |
263 | them suitable for ECDSA where domain parameters must be | |
e172d60d BM |
264 | extracted before the specific public key; |
265 | - ECDSA engine support has been added. | |
f8e21776 | 266 | [Nils Larsch <nla@trustcenter.de>] |
4d94ae00 | 267 | |
af28dd6c | 268 | *) Include some named elliptic curves, and add OIDs from X9.62, |
ed5e37c3 | 269 | SECG, and WAP/WTLS. Each curve can be obtained from the new |
7eb18f12 | 270 | function |
ed5e37c3 BM |
271 | EC_GROUP_new_by_nid(), |
272 | and the list of available named curves can be obtained with | |
273 | EC_get_builtin_curves(). | |
254ef80d BM |
274 | Also add a 'curve_name' member to EC_GROUP objects, which can be |
275 | accessed via | |
4d94ae00 BM |
276 | EC_GROUP_set_nid() |
277 | EC_GROUP_get_nid() | |
278 | [Nils Larsch <nla@trustcenter.de, Bodo Moeller] | |
279 | ||
fbe792f0 | 280 | Changes between 0.9.6g and 0.9.7 [XX xxx 2002] |
dc014d43 | 281 | |
7ba3a4c3 RL |
282 | *) Change the SSL kerb5 codes to match RFC 2712. |
283 | [Richard Levitte] | |
284 | ||
ba111217 BM |
285 | *) Make -nameopt work fully for req and add -reqopt switch. |
286 | [Michael Bell <michael.bell@rz.hu-berlin.de>, Steve Henson] | |
287 | ||
3f6db7f5 DSH |
288 | *) The "block size" for block ciphers in CFB and OFB mode should be 1. |
289 | [Steve Henson, reported by Yngve Nysaeter Pettersen <yngve@opera.com>] | |
290 | ||
291 | *) The "block size" for block ciphers in CFB and OFB mode should be 1. | |
292 | [Steve Henson] | |
293 | ||
f013c7f2 RL |
294 | *) Make sure tests can be performed even if the corresponding algorithms |
295 | have been removed entirely. This was also the last step to make | |
296 | OpenSSL compilable with DJGPP under all reasonable conditions. | |
297 | [Richard Levitte, Doug Kaufman <dkaufman@rahul.net>] | |
298 | ||
648765ba | 299 | *) Add cipher selection rules COMPLEMENTOFALL and COMPLEMENTOFDEFAULT |
c6ccf055 LJ |
300 | to allow version independent disabling of normally unselected ciphers, |
301 | which may be activated as a side-effect of selecting a single cipher. | |
648765ba BM |
302 | |
303 | (E.g., cipher list string "RSA" enables ciphersuites that are left | |
304 | out of "ALL" because they do not provide symmetric encryption. | |
305 | "RSA:!COMPLEMEMENTOFALL" avoids these unsafe ciphersuites.) | |
c6ccf055 LJ |
306 | [Lutz Jaenicke, Bodo Moeller] |
307 | ||
041843e4 RL |
308 | *) Add appropriate support for separate platform-dependent build |
309 | directories. The recommended way to make a platform-dependent | |
310 | build directory is the following (tested on Linux), maybe with | |
311 | some local tweaks: | |
312 | ||
313 | # Place yourself outside of the OpenSSL source tree. In | |
314 | # this example, the environment variable OPENSSL_SOURCE | |
315 | # is assumed to contain the absolute OpenSSL source directory. | |
316 | mkdir -p objtree/`uname -s`-`uname -r`-`uname -m` | |
317 | cd objtree/`uname -s`-`uname -r`-`uname -m` | |
318 | (cd $OPENSSL_SOURCE; find . -type f -o -type l) | while read F; do | |
319 | mkdir -p `dirname $F` | |
320 | ln -s $OPENSSL_SOURCE/$F $F | |
321 | done | |
322 | ||
323 | To be absolutely sure not to disturb the source tree, a "make clean" | |
324 | is a good thing. If it isn't successfull, don't worry about it, | |
325 | it probably means the source directory is very clean. | |
326 | [Richard Levitte] | |
327 | ||
a6c6874a GT |
328 | *) Make sure any ENGINE control commands make local copies of string |
329 | pointers passed to them whenever necessary. Otherwise it is possible | |
330 | the caller may have overwritten (or deallocated) the original string | |
331 | data when a later ENGINE operation tries to use the stored values. | |
332 |