[thirdparty/openssl.git] / CHANGES


 OpenSSL CHANGES
 _______________

 Changes between 0.9.8b and 0.9.9  [xx XXX xxxx]

  *) Change the array representation of binary polynomials: the list
     of degrees of non-zero coefficients is now terminated with -1.
     Previously it was terminated with 0, which was also part of the
     value; thus, the array representation was not applicable to
     polynomials where t^0 has coefficient zero.  This change makes
     the array representation useful in a more general context.
     [Douglas Stebila]

  *) Various modifications and fixes to SSL/TLS cipher string
     handling.  For ECC, the code now distinguishes between fixed ECDH
     with RSA certificates on the one hand and with ECDSA certificates
     on the other hand, since these are separate ciphersuites.  The
     unused code for Fortezza ciphersuites has been removed.

     For consistency with EDH, ephemeral ECDH is now called "EECDH"
     (not "ECDHE").  For consistency with the code for DH
     certificates, use of ECDH certificates is now considered ECDH
     authentication, not RSA or ECDSA authentication (the latter is
     merely the CA's signing algorithm and not actively used in the
     protocol).

     The temporary ciphersuite alias "ECCdraft" is no longer
     available, and ECC ciphersuites are no longer excluded from "ALL"
     and "DEFAULT".  The following aliases now exist for RFC 4492
     ciphersuites, most of these by analogy with the DH case:

         kECDHr   - ECDH cert, signed with RSA
         kECDHe   - ECDH cert, signed with ECDSA
         kECDH    - ECDH cert (signed with either RSA or ECDSA)
         kEECDH   - ephemeral ECDH
         ECDH     - ECDH cert or ephemeral ECDH

         aECDH    - ECDH cert
         aECDSA   - ECDSA cert
         ECDSA    - ECDSA cert

         AECDH    - anonymous ECDH
         EECDH    - non-anonymous ephemeral ECDH (equivalent to "kEECDH:-AECDH")

     [Bodo Moeller]

  *) Add additional S/MIME capabilities for AES and GOST ciphers if supported.
     Use correct micalg parameters depending on digest(s) in signed message.
     [Steve Henson]

  *) Add engine support for EVP_PKEY_ASN1_METHOD. Add functions to process
     an ENGINE asn1 method. Support ENGINE lookups in the ASN1 code.
     [Steve Henson]

  *) Initial engine support for EVP_PKEY_METHOD. New functions to permit
     an engine to register a method. Add ENGINE lookups for methods and
     functional reference processing.
     [Steve Henson]

  *) New functions EVP_Digest{Sign,Verify)*. These are enchance versions of
     EVP_{Sign,Verify}* which allow an application to customise the signature
     process.
     [Steve Henson]

  *) New -resign option to smime utility. This adds one or more signers
     to an existing PKCS#7 signedData structure. Also -md option to use an
     alternative message digest algorithm for signing.
     [Steve Henson]

  *) Tidy up PKCS#7 routines and add new functions to make it easier to
     create PKCS7 structures containing multiple signers. Update smime
     application to support multiple signers.
     [Steve Henson]

  *) New -macalg option to pkcs12 utility to allow setting of an alternative
     digest MAC.
     [Steve Henson]

  *) Initial support for PKCS#5 v2.0 PRFs other than default SHA1 HMAC.
     Reorganize PBE internals to lookup from a static table using NIDs,
     add support for HMAC PBE OID translation. Add a EVP_CIPHER ctrl:
     EVP_CTRL_PBE_PRF_NID this allows a cipher to specify an alternative
     PRF which will be automatically used with PBES2.
     [Steve Henson]

  *) Replace the algorithm specific calls to generate keys in "req" with the
     new API.
     [Steve Henson]

  *) Update PKCS#7 enveloped data routines to use new API. This is now
     supported by any public key method supporting the encrypt operation. A
     ctrl is added to allow the public key algorithm to examine or modify
     the PKCS#7 RecipientInfo structure if it needs to: for RSA this is
     a no op.
     [Steve Henson]

  *) Add a ctrl to asn1 method to allow a public key algorithm to express
     a default digest type to use. In most cases this will be SHA1 but some
     algorithms (such as GOST) need to specify an alternative digest. The
     return value indicates how strong the prefernce is 1 means optional and
     2 is mandatory (that is it is the only supported type). Modify
     ASN1_item_sign() to accept a NULL digest argument to indicate it should
     use the default md. Update openssl utilities to use the default digest
     type for signing if it is not explicitly indicated.
     [Steve Henson]

  *) Use OID cross reference table in ASN1_sign() and ASN1_verify(). New 
     EVP_MD flag EVP_MD_FLAG_PKEY_METHOD_SIGNATURE. This uses the relevant
     signing method from the key type. This effectively removes the link
     between digests and public key types.
     [Steve Henson]

  *) Add an OID cross reference table and utility functions. Its purpose is to
     translate between signature OIDs such as SHA1WithrsaEncryption and SHA1,
     rsaEncryption. This will allow some of the algorithm specific hackery
     needed to use the correct OID to be removed. 
     [Steve Henson]

  *) Remove algorithm specific dependencies when setting PKCS7_SIGNER_INFO
     structures for PKCS7_sign(). They are now set up by the relevant public
     key ASN1 method.
     [Steve Henson]

  *) Add provisional EC pkey method with support for ECDSA and ECDH.
     [Steve Henson]

  *) Add support for key derivation (agreement) in the API, DH method and
     pkeyutl.
     [Steve Henson]

  *) Add DSA pkey method and DH pkey methods, extend DH ASN1 method to support
     public and private key formats. As a side effect these add additional 
     command line functionality not previously available: DSA signatures can be
     generated and verified using pkeyutl and DH key support and generation in
     pkey, genpkey.
     [Steve Henson]

  *) BeOS support.
     [Oliver Tappe <zooey@hirschkaefer.de>]

  *) New make target "install_html_docs" installs HTML renditions of the
     manual pages.
     [Oliver Tappe <zooey@hirschkaefer.de>]

  *) New utility "genpkey" this is analagous to "genrsa" etc except it can
     generate keys for any algorithm. Extend and update EVP_PKEY_METHOD to
     support key and parameter generation and add initial key generation
     functionality for RSA.
     [Steve Henson]

  *) Add functions for main EVP_PKEY_method operations. The undocumented
     functions EVP_PKEY_{encrypt,decrypt} have been renamed to
     EVP_PKEY_{encrypt,decrypt}_old. 
     [Steve Henson]

  *) Initial definitions for EVP_PKEY_METHOD. This will be a high level public
     key API, doesn't do much yet.
     [Steve Henson]

  *) New function EVP_PKEY_asn1_get0_info() to retrieve information about
     public key algorithms. New option to openssl utility:
     "list-public-key-algorithms" to print out info.
     [Steve Henson]

  *) Implement the Supported Elliptic Curves Extension for
     ECC ciphersuites from draft-ietf-tls-ecc-12.txt.
     [Douglas Stebila]

  *) Don't free up OIDs in OBJ_cleanup() if they are in use by EVP_MD or
     EVP_CIPHER structures to avoid later problems in EVP_cleanup().
     [Steve Henson]

  *) New utilities pkey and pkeyparam. These are similar to algorithm specific
     utilities such as rsa, dsa, dsaparam etc except they process any key
     type.
     [Steve Henson]

  *) Transfer public key printing routines to EVP_PKEY_ASN1_METHOD. New 
     functions EVP_PKEY_print_public(), EVP_PKEY_print_private(),
     EVP_PKEY_print_param() to print public key data from an EVP_PKEY
     structure.
     [Steve Henson]

  *) Initial support for pluggable public key ASN1.
     De-spaghettify the public key ASN1 handling. Move public and private
     key ASN1 handling to a new EVP_PKEY_ASN1_METHOD structure. Relocate
     algorithm specific handling to a single module within the relevant
     algorithm directory. Add functions to allow (near) opaque processing
     of public and private key structures.
     [Steve Henson]

  *) Implement the Supported Point Formats Extension for
     ECC ciphersuites from draft-ietf-tls-ecc-12.txt.
     [Douglas Stebila]

  *) Add initial support for RFC 4279 PSK TLS ciphersuites. Add members
     for the psk identity [hint] and the psk callback functions to the
     SSL_SESSION, SSL and SSL_CTX structure.
     
     New ciphersuites:
         PSK-RC4-SHA, PSK-3DES-EDE-CBC-SHA, PSK-AES128-CBC-SHA,
         PSK-AES256-CBC-SHA
 
     New functions:
         SSL_CTX_use_psk_identity_hint
         SSL_get_psk_identity_hint
         SSL_get_psk_identity
         SSL_use_psk_identity_hint

     [Mika Kousa and Pasi Eronen of Nokia Corporation]

  *) Add RFC 3161 compliant time stamp request creation, response generation
     and response verification functionality.
Commit	Line	Data
81a6c781	1
f1c236f8	2	OpenSSL CHANGES
651d0aff RE	3	_______________
651d0aff RE	4
399a6f0b DSH	5	Changes between 0.9.8b and 0.9.9 [xx XXX xxxx]
399a6f0b DSH	6
c4e7870a BM	7	*) Change the array representation of binary polynomials: the list
	8	of degrees of non-zero coefficients is now terminated with -1.
	9	Previously it was terminated with 0, which was also part of the
	10	value; thus, the array representation was not applicable to
	11	polynomials where t^0 has coefficient zero. This change makes
	12	the array representation useful in a more general context.
	13	[Douglas Stebila]
	14
89bbe14c BM	15	*) Various modifications and fixes to SSL/TLS cipher string
	16	handling. For ECC, the code now distinguishes between fixed ECDH
	17	with RSA certificates on the one hand and with ECDSA certificates
	18	on the other hand, since these are separate ciphersuites. The
	19	unused code for Fortezza ciphersuites has been removed.
	20
	21	For consistency with EDH, ephemeral ECDH is now called "EECDH"
	22	(not "ECDHE"). For consistency with the code for DH
	23	certificates, use of ECDH certificates is now considered ECDH
	24	authentication, not RSA or ECDSA authentication (the latter is
	25	merely the CA's signing algorithm and not actively used in the
	26	protocol).
	27
	28	The temporary ciphersuite alias "ECCdraft" is no longer
	29	available, and ECC ciphersuites are no longer excluded from "ALL"
	30	and "DEFAULT". The following aliases now exist for RFC 4492
	31	ciphersuites, most of these by analogy with the DH case:
	32
	33	kECDHr - ECDH cert, signed with RSA
	34	kECDHe - ECDH cert, signed with ECDSA
	35	kECDH - ECDH cert (signed with either RSA or ECDSA)
	36	kEECDH - ephemeral ECDH
	37	ECDH - ECDH cert or ephemeral ECDH
	38
	39	aECDH - ECDH cert
	40	aECDSA - ECDSA cert
	41	ECDSA - ECDSA cert
	42
	43	AECDH - anonymous ECDH
	44	EECDH - non-anonymous ephemeral ECDH (equivalent to "kEECDH:-AECDH")
	45
	46	[Bodo Moeller]
	47
fb7b3932 DSH	48	*) Add additional S/MIME capabilities for AES and GOST ciphers if supported.
	49	Use correct micalg parameters depending on digest(s) in signed message.
	50	[Steve Henson]
	51
01b8b3c7 DSH	52	*) Add engine support for EVP_PKEY_ASN1_METHOD. Add functions to process
	53	an ENGINE asn1 method. Support ENGINE lookups in the ASN1 code.
	54	[Steve Henson]
de9fcfe3	55
58aa573a	56	*) Initial engine support for EVP_PKEY_METHOD. New functions to permit
c9777d26 DSH	57	an engine to register a method. Add ENGINE lookups for methods and
c9777d26 DSH	58	functional reference processing.
58aa573a DSH	59	[Steve Henson]
58aa573a DSH	60
91c9e621 DSH	61	) New functions EVP_Digest{Sign,Verify). These are enchance versions of
	62	EVP_{Sign,Verify}* which allow an application to customise the signature
	63	process.
	64	[Steve Henson]
	65
55311921 DSH	66	*) New -resign option to smime utility. This adds one or more signers
	67	to an existing PKCS#7 signedData structure. Also -md option to use an
	68	alternative message digest algorithm for signing.
	69	[Steve Henson]
	70
a6e7fcd1 DSH	71	*) Tidy up PKCS#7 routines and add new functions to make it easier to
	72	create PKCS7 structures containing multiple signers. Update smime
	73	application to support multiple signers.
	74	[Steve Henson]
	75
121dd39f DSH	76	*) New -macalg option to pkcs12 utility to allow setting of an alternative
	77	digest MAC.
	78	[Steve Henson]
	79
856640b5	80	*) Initial support for PKCS#5 v2.0 PRFs other than default SHA1 HMAC.
b8f702a0	81	Reorganize PBE internals to lookup from a static table using NIDs,
6d3a1eac DSH	82	add support for HMAC PBE OID translation. Add a EVP_CIPHER ctrl:
	83	EVP_CTRL_PBE_PRF_NID this allows a cipher to specify an alternative
	84	PRF which will be automatically used with PBES2.
856640b5 DSH	85	[Steve Henson]
856640b5 DSH	86
34b3c72e	87	*) Replace the algorithm specific calls to generate keys in "req" with the
959e8dfe DSH	88	new API.
	89	[Steve Henson]
	90
399a6f0b DSH	91	*) Update PKCS#7 enveloped data routines to use new API. This is now
	92	supported by any public key method supporting the encrypt operation. A
	93	ctrl is added to allow the public key algorithm to examine or modify
	94	the PKCS#7 RecipientInfo structure if it needs to: for RSA this is
	95	a no op.
	96	[Steve Henson]
28e4fe34	97
03919683 DSH	98	*) Add a ctrl to asn1 method to allow a public key algorithm to express
	99	a default digest type to use. In most cases this will be SHA1 but some
	100	algorithms (such as GOST) need to specify an alternative digest. The
	101	return value indicates how strong the prefernce is 1 means optional and
	102	2 is mandatory (that is it is the only supported type). Modify
	103	ASN1_item_sign() to accept a NULL digest argument to indicate it should
	104	use the default md. Update openssl utilities to use the default digest
	105	type for signing if it is not explicitly indicated.
	106	[Steve Henson]
	107
ee1d9ec0 DSH	108	*) Use OID cross reference table in ASN1_sign() and ASN1_verify(). New
	109	EVP_MD flag EVP_MD_FLAG_PKEY_METHOD_SIGNATURE. This uses the relevant
	110	signing method from the key type. This effectively removes the link
	111	between digests and public key types.
	112	[Steve Henson]
	113
d2027098 DSH	114	*) Add an OID cross reference table and utility functions. Its purpose is to
	115	translate between signature OIDs such as SHA1WithrsaEncryption and SHA1,
	116	rsaEncryption. This will allow some of the algorithm specific hackery
	117	needed to use the correct OID to be removed.
	118	[Steve Henson]
	119
492a9e24 DSH	120	*) Remove algorithm specific dependencies when setting PKCS7_SIGNER_INFO
	121	structures for PKCS7_sign(). They are now set up by the relevant public
	122	key ASN1 method.
	123	[Steve Henson]
	124
9ca7047d DSH	125	*) Add provisional EC pkey method with support for ECDSA and ECDH.
	126	[Steve Henson]
	127
ffb1ac67 DSH	128	*) Add support for key derivation (agreement) in the API, DH method and
	129	pkeyutl.
	130	[Steve Henson]
	131
3ba0885a DSH	132	*) Add DSA pkey method and DH pkey methods, extend DH ASN1 method to support
	133	public and private key formats. As a side effect these add additional
	134	command line functionality not previously available: DSA signatures can be
	135	generated and verified using pkeyutl and DH key support and generation in
	136	pkey, genpkey.
	137	[Steve Henson]
	138
4700aea9 UM	139	*) BeOS support.
	140	[Oliver Tappe <zooey@hirschkaefer.de>]
	141
	142	*) New make target "install_html_docs" installs HTML renditions of the
	143	manual pages.
	144	[Oliver Tappe <zooey@hirschkaefer.de>]
	145
f5cda4cb DSH	146	*) New utility "genpkey" this is analagous to "genrsa" etc except it can
	147	generate keys for any algorithm. Extend and update EVP_PKEY_METHOD to
	148	support key and parameter generation and add initial key generation
	149	functionality for RSA.
	150	[Steve Henson]
	151
f733a5ef DSH	152	*) Add functions for main EVP_PKEY_method operations. The undocumented
	153	functions EVP_PKEY_{encrypt,decrypt} have been renamed to
	154	EVP_PKEY_{encrypt,decrypt}_old.
	155	[Steve Henson]
	156
0b6f3c66 DSH	157	*) Initial definitions for EVP_PKEY_METHOD. This will be a high level public
	158	key API, doesn't do much yet.
	159	[Steve Henson]
	160
0b33dac3 DSH	161	*) New function EVP_PKEY_asn1_get0_info() to retrieve information about
	162	public key algorithms. New option to openssl utility:
	163	"list-public-key-algorithms" to print out info.
	164	[Steve Henson]
	165
33273721 BM	166	*) Implement the Supported Elliptic Curves Extension for
	167	ECC ciphersuites from draft-ietf-tls-ecc-12.txt.
	168	[Douglas Stebila]
	169
246e0931 DSH	170	*) Don't free up OIDs in OBJ_cleanup() if they are in use by EVP_MD or
	171	EVP_CIPHER structures to avoid later problems in EVP_cleanup().
	172	[Steve Henson]
	173
3e4585c8	174	*) New utilities pkey and pkeyparam. These are similar to algorithm specific
f5cda4cb	175	utilities such as rsa, dsa, dsaparam etc except they process any key
3e4585c8	176	type.
3e84b6e1 DSH	177	[Steve Henson]
3e84b6e1 DSH	178
35208f36 DSH	179	*) Transfer public key printing routines to EVP_PKEY_ASN1_METHOD. New
	180	functions EVP_PKEY_print_public(), EVP_PKEY_print_private(),
	181	EVP_PKEY_print_param() to print public key data from an EVP_PKEY
	182	structure.
	183	[Steve Henson]
	184
448be743 DSH	185	*) Initial support for pluggable public key ASN1.
	186	De-spaghettify the public key ASN1 handling. Move public and private
	187	key ASN1 handling to a new EVP_PKEY_ASN1_METHOD structure. Relocate
	188	algorithm specific handling to a single module within the relevant
	189	algorithm directory. Add functions to allow (near) opaque processing
	190	of public and private key structures.
	191	[Steve Henson]
	192
36ca4ba6 BM	193	*) Implement the Supported Point Formats Extension for
	194	ECC ciphersuites from draft-ietf-tls-ecc-12.txt.
	195	[Douglas Stebila]
	196
ddac1974 NL	197	*) Add initial support for RFC 4279 PSK TLS ciphersuites. Add members
	198	for the psk identity [hint] and the psk callback functions to the
	199	SSL_SESSION, SSL and SSL_CTX structure.
	200
	201	New ciphersuites:
	202	PSK-RC4-SHA, PSK-3DES-EDE-CBC-SHA, PSK-AES128-CBC-SHA,
	203	PSK-AES256-CBC-SHA
	204
	205	New functions:
	206	SSL_CTX_use_psk_identity_hint
	207	SSL_get_psk_identity_hint
	208	SSL_get_psk_identity
	209	SSL_use_psk_identity_hint
	210
	211	[Mika Kousa and Pasi Eronen of Nokia Corporation]
	212
c7235be6 UM	213	*) Add RFC 3161 compliant time stamp request creation, response generation
	214	and response verification functionality.
	215